At Astoria Hotels and Resorts, we value your interests as guests and recognize that privacy is important to you. We want you to be familiar with how we collect, use and disclose data.
This Privacy Statement describes the privacy practices of AHR for data that we collect:
- Through our company websites, software, mobile applications, social media, call center hotlines, and emails made available to use through computers and mobile devices (collectively, Online Services).
- When you visit or interact with us at our hotels and resorts, events, exhibits, sales venues, dining and banquet functions, and fitness and recreation facilities as a guest (collectively, Offline Services).
- Via personal data from other sources, such as public databases, joint marketing partners, and other third parties.
The personal data we collect is information that identifies you as the Data Subject, and throughout your guest journey, we collect Personal Data in accordance with the law, such as:
Personal Information – refers to any information or set of information in any form that would directly identify you. These may include your name, contact number, address, and email address, among others.
Sensitive Personal Information – refers to personal information which may include your nationality, marital status, age, gender, education, passport or other government identification, license number, credit card and debit card number, among others.
Privileged Information – refers to data which is considered as privileged communication under the law. This may include any information between you and your doctor, your lawyer, or your spouse.
In more limited circumstances, we may also collect:
- Guest preferences, enquiries, comments and any other personalized data such as interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit
- Data about family members and companions, such as names and ages of children
- Electronic data such as photos or digital images, biometrics, IP address and Device ID, Geolocation information, Internet click activities in our website
- Photo, video, and audio data via: (a) security cameras located in public areas, such as hallways and lobbies of our properties and (b) your mobile phone or camera submitted by you on our social media pages and email
- BROWSING – We collect general information about you or your activities through which you cannot be identified. When you use the Internet, your web browser or client software may transmit certain kinds of information to the servers that host the websites you visit. The information may include the IP address or unique numbers assigned to your server or Internet connection, the capabilities and features of your computer, your geographic location, and your movement within and interaction with the website, including what pages you look at and what information you download. When you visit AHR’s websites, its servers collect such general information. AHR uses this general information to generate aggregate statistics about its website’s visitors. In situations where it is possible to do so, general information may be linked to personal information.
- COOKIES – AHR’s website uses cookie technology. Cookies identify pieces of information transferred to your computer hard drive by our website. Cookies help identify you when you access its website. Cookies do not allow AHR to access any personal information about you, but they do allow it to understand your use of our websites better so that it may help AHR improve its website services. AHR’s website uses cookies to provide a unique identifier to your computer so that it can generate statistics about the usage of its websites, such as the percentage of repeat visitors and other general statistics. The unique identifiers are not matched with any personal information. Cookies do not store any personal information about you. You can configure your browser to allow you to browse the Internet and AHR’s website without cookies or to notify you when each cookie is offered so that you can accept or reject each cookie. Please be informed that you may not be able to use some services on our website if you prevent your browser from accepting cookies.
- PHISHING AND MALWARE – AHR strives to maintain the highest standards of decency, fairness, and integrity in all its operations. Likewise, it is dedicated to protecting its customers’ and online visitors’ privacy on its website. Browsing AHR’s website will not result in your computer getting infected by spyware, adware, viruses, or other forms of hostile or intrusive software. We do not phish, harm, or participate in any illicit or identity theft activities.
- GOOGLE ANALYTICS – We use Google Analytics to help us get a better understanding of how visitors use our website and to facilitate interest-based advertising associated with your Google Account and other devices you use. The information generated by the Google Analytics cookie about your use of our website is transmitted to and stored by Google.
- MOBILE DEVICES – When you use or access our Services from a mobile device, we may collect information such as your unique device ID and your location. If you download and use an app, we and our service providers may track and collect app usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number, as well as any other personal information specified by the app in its terms or notices.
We are not responsible for the privacy policies and procedures of third-party sites that may link to our websites, or we may link to as part of past or present business relationships or initiatives. Please review the privacy policies of any linked sites you visit before using or providing information to any of those sites.
We may use the collected information when we enter into a contract with the guest for, but not limited to:
- Marketing purposes to notify you of special promotions
- Facilitating social sharing functionalities
- Conducting offers and events
- Enabling it to contact you for confirmation or customer service questions, or after you sign up for or participate in certain activities
- Responding to inquiries, complaints, and other communications
- Profiling demographics of the website’s visitors
We may also use this information to understand your needs and provide you with better services, particularly to improve our products and services, conduct market research, create surveys, and organize special promotions and events.
We may contact you by email, phone, or chat via social media, and respond to your inquiries or complaints. We may also use the information to customize our website according to your interests. We may also use it to comply with legal processes under the applicable laws, respond to requests from public and government authorities, and enforce our terms and conditions.
- Affiliates and Resorts Partners: We may share Personal Information with our affiliated resort owners and operators in order to provide you with services, facilitate a booking you requested, to respond to your inquiry for further information about accommodation, tours, transfers, etc.
- Service Providers and Vendors: We may disclose your personal information to service providers and vendors we retain in connection with our business such as: travel services companies, property owners’ associations, data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, credit card processing, tax and financial advisers, legal advisers, accountants, auditing services or others.
- Sponsors, Business Partners and other Third Parties: We may disclose your Personal Information to Sponsors and co-sponsors of promotions, business partners and other third parties in order to provide you with services that may interest you. Furthermore, we may share your Personal Information with third party providers located on-site at hotels or resorts, such as spas, golf clubs, concierge services, and dining providers. If you provide additional information to any of these third parties, such information will be subject to such third parties’ privacy practices.
- Message Boards: We may make reviews, message boards, blogs, and other such user-generated content facilities available to users. Any information disclosed in these areas becomes public information and you should always be careful when deciding to disclose your Personal Information. We are not responsible for privacy practices of other users including website operators to whom you provide information.
- Disclosure Permitted by Law as follows:
- to comply with a court order, subpoena, search warrant or other legal process
- to comply with legal, regulatory or administrative requirements of any governmental authorities
- to protect and defend the company, its parent, subsidiaries and affiliates, and all their officers, directors, employees, attorneys, agents, contractors, and partners, in connection with any legal action, claim, or dispute
- to enforce the terms of our website
- to prevent imminent physical harm to businesses that we may use for purposes of performing its functions in connection with the sale, assignment, or transfer of any subsidiary or affiliate hotel and resorts or website.
- Except as outlined in this Privacy Policy, we will not sell or trade to third parties any personal information obtained through its website without your consent.
Providing personal information is required through the AHR website to be able to provide you with our products and services we offer. You may opt not to provide any personal information. However, we cannot guarantee the limits of services offered through our website.
If you submit any personal information on behalf of another person, you represent that you have the authority to provide such information and to permit us to use said personal information in accordance with this Privacy Notice.
Personal information collected by the website is stored on secure on-premises servers. The secure servers are protected by firewalls and other standard security procedures. The secure servers are not generally accessible by unauthorized third parties but could become accessible in the event of a security breach. Unfortunately, no security system is 100% secure, thus we cannot ensure the security of all information you provide to us via the Services.
You acknowledge that you have a full understanding of and completely agree to giving your consent to us and/or its operating and related companies to collect, store, access, share, process, and/or destroy copies of your personal data. You further agree and give consent to the sharing of all your personal information with third parties, when required by the law or public authority in connection with the abovementioned purposes; and Warrant that you are fully aware and completely understand your rights under the Data Privacy Act, including the right to request access to your personal, sensitive and/or privileged data, as well as to move for the correction of the same, if said data is already inaccurate and/or outdated.
We shall safeguard the confidentiality of all types of personal data it has collected, stored, shared or used and treat them with reasonable and appropriate degree of protection.
We are keen to protect your privacy rights.
- You have the right to be informed for which purposes your personal data is collected.
- You have the right to access your personal data with us and it is your right to rectify should you find that your personal data needs updating. We respect the exercise of said rights provided that the accompanying request is not vexatious and unreasonable.
- You have the right to object to the processing of your personal data or withhold consent previously given. Likewise, you have the right to erasure or the blocking of your personal data. Should you exercise these rights, we will be constrained to limit your access to our facilities and/or quality service.
- You have the right to data portability.
- You have the right to damages.
If you would like to request to access, change, delete, restrict the use or object to the processing of your Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent these rights are provided to you by law), please complete the access form. If you have any questions about the form or our process, feel free to email us at dpo@astoria.com.ph
For your protection, we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable and consistent with applicable law.
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security, or other reasons.
If you would like to request to access, change, delete, restrict the use or object to the processing of your Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company, please complete access form. If you have any questions about the form or our process, feel free to email us at dpo@astoria.com.ph
For your protection, we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable and consistent with applicable law.
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security, or other reasons.
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using our Services)
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them)
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data e.g., social security number, taxpayer identification number, passport number, driver’s license number or other government-issued identification number; credit or debit card details or financial account number, with or without any code or password that would permit access to the account, credit history; or information on race, religion, ethnicity, sex life or practices or sexual orientation, medical or health information, genetic or biometric information, biometric templates, political or philosophical beliefs, political party membership, background check information, judicial data such as criminal records or information on other judicial or administrative proceedings.
The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.
Any changes will become effective when we post the revised Privacy Statement on the Online Services. Your use of the Services following these changes means that you accept the revised Privacy Statement.
CCTV Privacy Policy (CLICK HERE)
If you have any questions about this Privacy Statement, please contact us by email.
Data Privacy Officer
Astoria Hotels and Resorts
#15 J. Escriva Drive, Ortigas Business District
Pasig City, Philippines
dpo@astoria.com.ph