True Hospitality for Good Website Privacy Statement
Thank you for engaging with True Hospitality for Good. The privacy and security of your information is very important to us. When you use IHG’s True Hospitality for Good website we want you to trust that the information that you have provided to us, through the True Hospitality for Good programme, is being properly managed and protected.
- The purpose of this Privacy Statement
- Changes to this Privacy Statement and your duty to inform us of changes
- Information we collect and how we use it
- How is your personal data collected
- How we use your personal data
- Disclosures of your personal data
- International Transfers
- How we use your information
- Retaining your information in our systems
- Cookies and other tracking technologies
- Your legal rights
1. The Purpose of this Privacy Statement
This Privacy Statement is issued by the InterContinental Hotels Group of Companies (collectively referred to as "IHG”, "we”, "us” or "our” in this Privacy Statement), which includes the direct and indirect subsidiaries of InterContinental Hotels Group PLC and covers information collected and used by us in the course of providing the True Hospitality for Good programme as controller of that data.
This privacy statement aims to give you information on how IHG collects and processes your personal data through your use of this website, including any data you may provide through this website when you submit your action taken for True Hospitality for Good.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy statement. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact the DPO OR data privacy manager at PrivacyOffice@ihg.com.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
2. Changes to this Privacy Statement and your duty to inform us of changes
We keep our privacy statement under review. This version was created in July 2018.
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.
3. Information we collect and how we use it
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data through your Merlin single sign on we collect your Merlin profile data including first name, middle name, last name, username, place of work, job title, manager and Merlin ID;
- Contact details including your IHG or hotel email address;
- Technical data this may include including internet protocol address, your login data, browser type, time zone setting and location, browser plug-in types and version, operating system and platform, and other technology on the devices you use to access this website.
- Usage data how you interact with the site and the information you provide on your activities when you get involved in for True Hospitality for Good® and submit your activities on the website.
We also collect, use and share Aggregated Data such as statistical or demographic data for reporting purposes. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate and report on the number of IHG employees, or IHG branded hotel employees, who get involved in True Hospitality for Good.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
4. How is your personal data collected
We use different methods to collect data from and about you including through:
Direct Interactions. When you log into the site using your Merlin single sign on, we collect your personal data such as name, job title as set out in clause 1 above. We also collect any personal data you provide directly when you submit details of the type of activity undertaken by you, or your colleague, to contribute towards True Hospitality for Good; and
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie information for further details.
5. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data for reporting purposes such as the level of interaction and good deeds carried out in pursuit of True Hospitality for Good by employees of IHG, and employees of IHG branded hotels in the True Hospitality for Good programme.
We also use the personal data collected to assess the amount to be donated to charity as a result of IHG employees, and employees of IHG branded hotels, participation in True Hospitality for Good;
- where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;
- where we need to comply with a legal obligation.
Purposes for Which We Will Use your Personal Data
We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this.
We will use the Personal Data provided by you as set out above and believe our use of your information is in our legitimate interest as an organisation, to process the activities carried out as part of IHG’s True Hospitality for Good which will result in a donation to IHG charity partners on your behalf should you chose to participate. In this case we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the Your Legal Rights section.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Disclosures of your personal data
We may share your personal data with the parties set out below for the purposes set out in the table to ensure the appropriate donation is made to your chosen IHG charity partner and for reporting purposes as set out above.
- Internal Parties – we share this information within the IHG Group for reporting purposes;
- With our third-party website, analytics and video tool providers.
Our third-party website provider will respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. International Transfers
We share your personal data within the IHG Group. This will involve transferring your data outside the European Economic Area (EEA). Transfers within the IHG Group will be covered by an agreement entered into by members of the IHG Group (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within the IHG Group
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8. How we secure your information
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organisational security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.
9. Retaining your information in our systems
We maintain a data retention policy which we apply to the records we hold.
10. Cookies and other tracking technologies
What is a cookie? A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember as well as obtain information about that party. You might be assigned a cookie when visiting our websites or when using our mobile applications. In some instances, where permitted under the applicable law, cookies may also be used for the purposes of certain email campaigns.
What types of cookies we use and how we use them: We use two primary types of cookies, which include:
- Functional Cookies - these cookies support the use of the website and applications and enable certain features to enhance your experience. For example, we use functional cookies to facilitate the video content displayed on some pages. We also use functional cookies for remembering things like your sign-in information to avoid you having to re-enter it.
- Performance Cookies - these cookies collect information needed to support the website and our applications and allow us to improve our website and identify any problems that you faced while visiting us. For example, performance cookies may provide us with information about how you came to our website and how you navigated around our website during your visit. We also use these cookies to provide us with certain statistical and analytics information, such as how many visitors came to our website.
11. Your legal rights
You have legal rights under EU data protection laws in relation to your personal information. Click on the links below to learn more about each right you may have. To exercise any of your rights please contact our Data Protection Officer by emailing email@example.com.
To access personal information
You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
To correct / erase personal information
You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.
You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
To restrict how we use personal information
You can ask us to restrict our use of your information in certain circumstances, for example:
- where you think the information is inaccurate and we need to verify it;
- where our use of your information is not lawful but you do not want us to erase it;
- where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
- where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
We can continue to use your information following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
To object to how we use your information
You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
You can also require us to stop using your data for direct marketing purposes.
To ask us to transfer your information to another organisation
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
Right to obtain a copy of personal information and safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.