SCROLL
    Privacy Policy
    1.       PRIVACY POLICY – GENERAL
    1.1   INTRODUCTION

    We respect the privacy of all our customers and business partners, and treat personal information provided by you to us as confidential.

    Please read this Privacy Policy (together with the country specific portions applicable to you) and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can manage it.

    This Privacy Policy supplements and updates any other policies, notices or statements that we may have provided you, and is not intended to override them.

     

    1.2    HOW WE GET THE INFORMATION ABOUT YOU

    In order for us to operate effectively, we may collect information about you, whether as hotel guests, loyalty programme members, web site visitors or contact for any other purposes, where personal information is provided to us that can identify you as an individual.

    Your personal information can come to us via various channels, including but not limited to:

    Personal information provided directly by you

    • Through your use of our products and services – such as when you make a reservation, stay as a guest or visit the hotels, restaurants, spa or facilities managed by us
    • When you submit enquiries to us or provide us with you feedback
    • When you participate in our promotional offers, competitions or surveys
    • As a member of our loyalty programmes.

    Data we collect when you use our Websites and Apps

    • When you browse and interact with our website and/or use any mobile apps that we may make available - such as make a booking via our Online Reservation system, make an inquiry, sign up for newsletter subscription or make brochure  requests or download and use our mobile apps

    Information we receive from third parties or public sources

    • We may receive information from third party organizations, such as partners we work with, where you have provided your consent to that information sharing taking place or where we have a legitimate interest to use the personal information in order to provide you with our products and services.

     

    1.3   WHAT INFORMATION ABOUT YOU DO WE COLLECT AND WHY

    We may collect, use, store and transfer different kinds of personal information about you depending on our relationship with you and where you are located, this information may include:

    Identity details: such as your name, gender, date of birth, nationality, passport and visa information

    Contact Details: personal and work contact details (addresses, emails and telephone numbers) 

    Payment and credit card information: such as bank accounts, name of cardholder, credit card number, credit card billing address and expiry date

    Guest stay information and lifestyle information: such as hotels where you have stayed, arrival and departure dates, room preferences, leisure activities, names and ages of children, observation of your services preference, and other information necessary to fulfil special requests. Information, feedback or content you provide regarding your interests and preferences

    Profile Information: includes loyalty program member information, online account details, profile or password details

    Technical Information: includes information from our security systems such as from our closed-circuit television system, card key, internet login and firewalls

    Usage data: includes information about how you use and interact with our website and mobile apps and the services you use.

    Sensitive Personal Information: some of the personal information which you provide to us may be considered “sensitive personal information” under the privacy and data protection laws in specific jurisdictions – such as personal information from which we can determine or infer an individual’s racial or ethnic origin, health or biometric data. We only process sensitive personal information to the extent permitted or required by applicable law.

    Please note that, in respect of children’s personal information, except where required by local laws, we do not knowingly collect personal information from our websites from any children or minors. As a parent or legal guardian, please do not allow your children or minors to submit personal information without your permission.

     

    1.4   HOW WE PROCESS AND USE YOUR INFORMATION

    We may collect, process and/or use the personal information which we collect in order to:

    • Deliver our products and services to you – such as completing your reservations, sending you reservation confirmations, supplying the purchased goods and services, registering you for program membership, fulfilling a request for information, customising our services to your preferences, earning and redeeming rewards, keeping proper records of your transactions with us
    • Communicate and provide marketing and promotion to you – such as sending you information and updates on our products and services and other products and services that we think may be of interests to you, including latest promotions,  competitions, joint- and cross promotions with our business partners, response to enquiries, to send you important information regarding our website, changes to our terms, conditions and policies
    • Develop and improve our services to you – such as performing market research, analytics and/or profiling, developing new products and services, improve the effectiveness of our website, your hotel experience, our various types of communications, advertising campaigns, and promotional activities
    • Work and cooperate with third party parties to deliver our products and services to you – such as travel agents, group travel organisation, or anyone involved in the process of making your travel arrangements, credit card companies, airline operators and third party loyalty programs
    • Maintain your safety and security as well as that of other guests and personnel – such as to make proper identification and verification in processing of transaction, implement security surveillance and access controls when you visit or stay at our hotels, and administer general record keeping
    • Meet applicable legal and regulatory requirements
    • Use it in other ways as required or permitted by law or with your consent

    We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate lawful basis to do so.

     

    1.5    HOW LONG WE KEEP YOUR PERSONAL INFORMATION

    We will keep your personal information in line with our data retention notice for no longer than is necessary to fulfil the purposes we collected it for, unless we have a lawful ground for holding it for longer.

    To determine the appropriate retention period for your personal  information we consider the amount, nature and sensitivity of the information, the risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

    We will safely and securely delete, dispose of or anonymise personal information when we no longer need it.

     

    1.6   INFORMATION SECURITY

    We endeavour to protect your personal information we maintain and have implemented reasonable technical, organizational and administrative measures to keep your personal information safe and secure and to protect it against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties that have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

    When we outsource the processing of your personal information to third parties or provide your personal information to third-party services providers, we oblige those third parties to protect your personal information with appropriate security measures.

     

    1.7   INFORMATION TRANSFER OVERSEAS

    We do business globally. In order for us to operate effectively and provide you with the best experiences with our services, we may centralize certain aspects of our information processing activities and may have databases in different countries (some of which are operated by our local group company and some of which are operated by third parties on our behalf). We may therefore have to share and transfer your personal information from one country to another, or even across multiple jurisdictions, such as:

    • In or to Hong Kong where our corporate office is located
    • In those countries in which we manage and operate hotels, residences, sales or representative offices
    • In those countries where our third-party suppliers and/or services providers, agents, advisors or consultants are located

    Your personal information may therefore be subject to privacy laws that are different from those in the country where the personal information is collected or those in your country of residences. We will endeavour that the transfer of your personal information is carried out in accordance with applicable privacy laws and that appropriate technical, organizational and administrative measures are in place for its safeguard.

     

    1.8   INFORMATION SHARING

    Insofar as reasonably necessary for us in delivering our products and services to you and for the purposes set out in this Privacy Policy, we may share your personal information with the below parties. The specific kind of information we share will depend on your activities with us and only to the extent as required or permitted by law, and/or with your consent.

    • Our Group entities, hotels, residences, outlets and other premises managed and operated by our Group
    • Our business partners and third parties involved in the delivery of our products and services to you – including those involved in a sale of all or part of our business operations or assets and those for business, operational and general administration
    • Our marketing and advertisement partners
    • Third party services providers which process data (including personal information) for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures
    • Our agents, advisors, consultants, other third-party suppliers and/or services providers to assist us to operate effectively and provide you with the best experiences with our services
    • Other third parties when we have your consent or are otherwise permitted or obliged by law to do so.

     

    1.9   WHAT HAPPENS IF I DO NOT PROVIDE YOU WITH MY INFORMATION?

    You may always choose what personal information (if any) you wish to provide to us. Please note, however, some of our products and services to you may be affected if you choose not to provide certain details, for example, we cannot reply to you without a name or contact details.

     

    1.10   MARKETING AND COMMUNICATIONS

    If you provide us with your contact details (e.g. postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions and events offered that we think you may be interested in. You can always choose whether or not to receive any or all of these communications by contacting us as described in Section 8 below.  In addition to your agreeing to this Privacy Policy, we may also ask you to give us a separate consent before we send you with promotional information or to indicate how you would like to receive any communication (e.g. via email or regular mail). After you have indicated your preferences, you can always change them.

     

    2.       RESIDENTS OF THE EUROPEAN UNION AND UNITED KINGDOM

    European Union (EU) or United Kingdom (UK) data protection law applies to the processing of information of residents of the European Union and United Kingdom.

     

    2.1   CONTROLLER

    We are the Controller and responsible for your Personal information under this Privacy Policy. This means we decide why we collect your data, how we collect it, what data is collected, how this data is going to be used and how this data is protected.

     

    2.2   DATA PROTECTION OFFICER (DPO)

    We have appointed GRCI Law Limited as our DPO, who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, our privacy practices or how we handle your personal information please contact us in the first instance via email info@yingnflo.com or, alternatively, you can contact our DPO directly via email dpoaas@grcilaw.com.

     

    2.3   OUR EU REPRESENTATIVE

    We have appointed IT Governance Europe Ltd to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please contact us in the first instance via email info@yingnflo.com or, alternatively, you can contact our EU Representative directly via  email  eurep@itgovernance.eu (please ensure you include our company name, YNF Hotels Management & Services (HK) Limited in any correspondence you send to our representative).

     

    2.4   UK GDPR/EU GDPR LAWFUL BASIS TABLE

    The table below describes the ways we plan to use your Personal information, and which Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

    Lawful Basis Table

    LAWFUL BASIS

    PURPOSE EXAMPLES

    Contractual

    We use your Personal information on the basis that it is necessary for us to fulfil a contract with you.

     

     

     

     

     

     

    Onboarding

    When you register as a new client, or supplier and we interview and onboard you.

     

    Service delivery

    In order to be able to deliver our products and services to you

    Account administration

     

    Relationship management

     

    Communication 

    To be able to contact you regarding updates or informative communications

     

     

    Legitimate interest

     


    Our legitimate business interests do not automatically override your interests – we will not use your Personal information for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.

    Managing our business 

    Developing and improving our services to you – such as performing market research, analytics and/or profiling, developing new products and services, improve the effectiveness of our website, your hotel experience, our various types of communications, advertising campaigns, and promotional activities

    Cooperation with third parties

     

    Recommendations, communications and marketing

     

    Advertising Effectiveness

     

    Safety and security

     

    Service reviews 

     

    Data analytics 

    We use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

     

    Rights and claims 

     

    Data subject rights 

    Including verifying your identity when you exercise your data subject rights.

     

    Legal obligations

     

    We may use your Personal information to comply with any laws or regulatory requirements applicable to us. An example might be to detect fraudulent or criminal activity, whereby we may share information with forces such as the police.  

     

     

    Legal requirement  

     

    Criminal activity 

     

    Consent

     

    We may have to get your consent to use your Personal information, such as when we collect and use Special Category Personal information about you or when we want to send you electronic marketing.

     

    Where we rely on your consent for processing, it can be withdrawn at any time.

     

     

     

    Marketing 

    To measure and analyze the effectiveness of the advertising we serve you.

    We may collect IP addresses and store Cookies on visitors’ devices.

    Sending third-party direct marketing communications to you via email, letters or phone calls. 

     

    Special Category Personal information 

    Express consent for collecting and processing sensitive data also known as special category personal information (such as biometric data or data concerning health).

     

     

    2.5   DATA SUBJECT RIGHTS 

    You have several rights under UK and EU data protection law. The rights available to you depend on our reason for processing your information and are set out in the below.

     

    Table of your rights

    YOUR RIGHT

    DETAILS

    Right to be informed

    We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it.

     

    Right of access

    You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee.

     

    Right to rectification

    You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

     

    Right to erasure

    You have the right to ask us to erase your personal information in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the personal information for one of the following reasons:

    ·         To exercise the right of freedom of expression and information.

    ·         To comply with a legal obligation.

    ·         To perform a task in the public interest or exercise official authority.

    ·         For archiving purposes in the public interest, scientific research, historical research or statistical purposes.

    ·         For the exercise or defence of legal claims.

     

    Right to restriction of processing

    You may ask us to stop processing your personal information. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:

     

    ·         The accuracy of the personal information is contested.

    ·         Processing of the personal information is unlawful.

    ·         We no longer need the personal information for processing, but the personal information is required for part of a legal process.

    ·         The right to object has been exercised and processing is restricted pending a decision on the status of the processing.

     

    Right to object to processing

    You have the right to object to processing in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party).

     

    Right to data portability

     

    This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.

     

     

    2.6   HOW TO EXERCISE YOUR RIGHTS

     

    In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you. 

    To exercise your rights or get more information about exercising them, please contact us using the contact details provided in “HOW TO CONTACT US”, giving us enough information to identify you.

     

    2.7   HOW YOU CAN COMPLAIN TO OR ABOUT US

     

    We hope that we can resolve any query or concern you raise about our use of your information. Please contact us first and title your email “Complaint”. All complaints will be treated in a confidential manner, and we will try our best to deal with your concerns.

    You have the right to lodge a complaint with a supervisory authority in the EEA member state where you work or normally live, or where any alleged infringement of data privacy legislation occurred.  

    The supervisory authority in the UK is the ICO, which may be contacted at https://ico.org.uk/concerns or by telephone on 0303 123 1113.

     

    4. NOTICE TO CALIFORNIA RESIDENTS

    VIEW SECTION 4

     

    5. NOTICE TO MAINLAND CHINA RESIDENTS

    VIEW SECTION 5

     

    6.OTHER RELEVANT INFORMATION
    6.1  COOKIES

    To enhance your experience on our web site, some of our web pages may use “cookies.” Cookies are text files that we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information unless you choose to provide this information to us by, for example, registering for one of our services. However, once you choose to furnish the site with your personal information, this information may be linked to the data stored in the cookie. We use cookies to understand site usage and to improve the content and offerings on our sites. For example, we may use cookies to personalize your experience at our web pages (such as to recognize you by name when you return to our site), save your username and/or password in password-protected areas, and to offer you products, programs, or services. We may allow select third parties to collect information about our site visitors’ online activities over time and across other websites. We do not control the third parties’ use of such information.  Please refer to our Cookies Policy.

    6.2  DO NOT TRACK

    We currently do not recognize do not track signals from your web browser.  As technology develops, we may add this feature to our sites.

    6.3  LINKS TO OTHER WEBSITES

    For your convenience and information, we provide links to external third-party websites, including web sites owned or controlled by independent franchisees, third party owners of hotel, resort, interval ownership, or residence properties that may use our brand name(s), or web sites not controlled or authorized by us. The linking of external third-party websites to this website does not indicate any association with or endorsement from us. We cannot always ensure, and are not responsible or liable for, any content of these external third-party websites, including, but not limited to, any advertising claims or marketing practices. Please note this Privacy Policy is limited to our own information collection practices. We strongly recommend that you read the separate privacy and security policies and the information collection practices of any external third-party website before providing any personal information while accessing those websites.

     

    7. HOW TO CONTACT US

    For any questions, concerns or requests regarding this Privacy Policy or our information collection practices, please contact us by email at info@yingnflo.com or by post at 2701, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong.

     

    8. ABOUT THIS PRIVACY POLICY

    This Privacy Policy is in accordance with the relevant laws of the Hong Kong Special Administrative Region but may be applied to personal information processing activities globally. The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.

    This Privacy Policy is effective from October 24, 2022. From time to time, we may have to update, change, modify or amend this Privacy Policy. Subject to any applicable legal requirements to provide additional notice, when we make material changes to this Privacy Policy, we will provide you with notice as appropriate under the circumstances such as through our website or by sending you an email.

    “We”, “us”, “ourselves” and “our Group” refers to YNF Hotels Management & Services (HK) Limited and its affiliates involved in the management, operations, franchising, licensing, or provision of services to or in connection with our properties around the world, including hotels, residences, outlets, local management entities and sales offices worldwide. Members of the Langham Hospitality Group are  affiliates in our Group.

    This Privacy Policy is written in the English language and may be translated into other languages.  In the event of any inconsistency between the English version and the translated version of this Privacy Statement, the English version shall prevail.

    Legal Disclaimer

    In addition to our rights of disclosure as mentioned hereinabove, we may also disclose your personal information when required by law or court order, or as requested by other government or law enforcement authorities, or in the good faith that disclosure is otherwise necessary or advisable including and without limitation to protect the rights or properties of our Group. This also applies when, in compliance with applicable laws, we have reason to believe that disclosing the personal information is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

    Contents

    The information and material contained in this site are for general references only. Our Group disclaims any warranty or representation of any kind, express or implied, as to any matter whatsoever relating to this site or any linked site. To the fullest extent allowed by law, our Group shall accept no responsibility or liability in respect of any loss or damage howsoever arising.

    Use of or visit this site does not constitute any binding contract over any goods and services provided by our Group, nor does it constitute an offer of any goods and services provided by our Group. Goods and services may only be available in certain countries and any offer to purchase goods or to retain services from our Group are subject to acceptance by our Group and in accordance with specific terms and conditions on which they are offered.

    Copyright and Trademark Notices

    All contents of this website are: ©2022 YNF Hotels Management & Services (HK) Limited. 2701, Great Eagle Centre, 23 Harbour Road, Wanchai, Hong Kong. All rights reserved. This website may contain or reference trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes or other intellectual property or proprietary rights of YNF Hotels Management & Services (HK) Limited and/or our Group. No license to or right in any such trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes and other intellectual property or proprietary rights is granted to or conferred upon you.