GMS Group - Privacy Policy - 2023.pdf

1 Privacy Policy GMS (Asia Pacific) Limited , including its affiliate GMS Kabushiki Kaisha (hereinafter referred to as GMS Group ), recognizes that privacy is important to its customers. We are transparent about how we collect, store, use and disclose data and make it easier for you to understand and exercise choices available to you in this regard. In Japan, GMS Kabushiki Kaisha is the appointed operator by Marriott International for its Club Marriott hotel loyalty membership program. This P rivacy Statement describes the privacy practices of GMS or the data that we collect t hrough : 1. W ebsites operated by us from which you are accessing this Privacy Policy, including gms - group.com and myclubmarriott.com, and other websites owned / or controlled by GMS (collectively, our “Websites ” ) 2. Through the software applications made available by us for use on or through computers and mobile devices ( collectively, our “Apps”) 3. Through the social media pages that we control from which you are accessing this Pri vacy Policy (collectively, our “Social Media Pages”) 4. Through e - mail messages, online directories, public databases and digital campaigns , including on third - party sites through G oogle, affiliate marketing, blogs, influencers, internet search etc. that we u se and through your communications with us (collectively, our Digital campaigns ) 5. Through our various offline interaction s, including voice, print, trade shows, events, and others 6. The use and access of services linked to the membership programs that we mana ge 7. Through voice calls and customer services, emails, messages and all other form s of communication received from you 8. Data received through our Business Partners and Third Parties 9. Any other data received from Internet Connect Devices Collectively, we refer to the Websites, the Apps, Digital Campaigns and our Social Media Pages, as “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Policy. The User must carefully read this Privacy Policy, which has been written clearly and simply, to facilitate its understanding and to freely and voluntarily determine whether he/she wishes to provide their personal data, or those of third parties, to GMS Gr oup. If you fail to provide certain information when requested, in particular mobile phone number and email address, we may not be able to perform the contract we have entered into with you (such as providing you with the membership benefit through our digital membership platform ), and we may also be prevented from complying with our own legal obligations. IDENTIFICATION: WHO WE ARE & WHAT WE DO NAME OF THE COMPANY : GMS (Asia Pacific) Limited NAME OF SUBSIDIARY IN JAPAN : GMS Kabushiki Kaisha REGISTE RED ADDRESS : 2 - 4 - 11 - 50 3 , Minamihonmachi, Chuo - ku, Osaka, 541 - 0054, Japan TELEPHONE : +81 6 4708 4620 EMAIL : feedback@gms - group.com DATA PRIVACY OFFICER (DPO) MAIL : privacy@gms - group.com 2 GMS Group is a multinational headquartered in Singapore and a premium provider of customized loyalty marketing solutions and related technology products for the hotel industry. Details of its various services and clients are available on www.gms - group.com GMS Group uses sources of information as outlined above to enro l l new members to the loyalty programs it operates on behalf of its hotel clients and then service those memberships using the information provided by the Members. GMS Group has its own proprietary software and mobile app to manage these memberships. The information provided to GMS Group by the member is shared with the hotels and hotel companies whose membership programs GMS Group manages INFORMATION AND CONSENT: SCOPE OF THIS PRIVACY POLICY This Privacy Policy (‘Policy’) describes how GMS Group protects your privacy when we receive your information and this policy may be supplemented or amended from time to time. This Policy is part of the terms and conditions of the membership program you enro l l for that customers respond to as part of any sales and marketing promotions executed by GMS Group to acquire new members By providing us with your information as described above, you expressly agree to our terms and c onditions, including the terms of this Policy. If you do not consent to the collection, use, disclosure and transfer of your personal information as described in this Policy, you may choose not to provide us with the information as described above. NATURE OF DATA: PERSONAL INFORMATION/DATA As used in this Policy, the term “personal information/data” means information that identifies you personally, either alone or in combination with other information provided by you and now available with us. This informa tion that we collect directly from each member typically includes the member’s full name, telephone number and e - mail address and other information needed to manage your membership effectively. We use your personal information only to administer the Progra m, respond to your queries and communicate with you about Program related offers, transactions and ancillary services. Other data you provide directly to us , or that we obtain from you in the process of using your membership, generally includes: • Geolocati on data • Membership us age and transaction al information when you visit participating hotels and restaurants • Goods and services purchased, special requests made, your service preferences • P ayment details provided by you whil st making payments towards your membership fee • Any information necessary to fulfil special requests under the membership program (for example, you r dining / leisure / travel preferences) • Your reviews, feedback and opinions about our programs and services • Social media data that is publicly available, or data made available by you through linking your social media details and the loyalty membership accounts • Any other personal data you choose to provide to us SENSITIVE PERSONAL DATA THAT WE DO NOT COLLECT GMS Group as a matter of policy never seeks, collects, processes or retains any of the Special Categories of Personal Data as mentioned in the GDPR, which are data/information revealing racial or ethnic origin, political opinions, 3 religious or philosophical beliefs , trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. GMS Group also as a matter of policy never seeks, collects, processes or retains any of the Sensitive Personal data or Information as defined under the applicable laws for all respective countries in which GMS Group operates in Asia Pacific. Sensitive personal data or information of a person under applic able laws in the respective countries means such personal information which consists of information relating to; — (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physica l, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the in formation received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or any other law for the time being in f orce shall not be regarded as sensitive personal data or information for the purposes of these rules. For the purpose of clarification, credit or debit card data received by us to enable a transaction, for example to purchase of a membership o r to guarant ee a reservation, is used only for that transaction and is never stored by us. Further, if an activation code for a membership is sent by us and converted into a changed password by the Member, then that will be stored with us for the purpose of facilitati ng the access of the Membership to that Member. HOW WE COLLECT PERSONAL DATA GMS Group collects Personal Data in a variety of ways: Online Services - We collect Personal Data when you make a reservation, purchase goods and services from our Websites or Ap ps, communicate with us, or otherwise connect with us or engage with our social media pages and d igital campaigns, or sign up for a newsletter or participate in a survey, contest or promotional offer. Offline Interactions - We collect membership usage and transactional d ata when you visit our client hotels and dine in the restaurants, or when you attend a member event. Program Centers - We collect Personal Data when we communicate with you over the phone or e - mail, chat for program - related and promotional calls, or when you communicate with us to make a reservation. These communications may be recorded for the purpose of quality assurance and training. Enrolment on Membership Programs - We collect personal details as described above in Clause 2 when you enrol l in a membership program with us. Other Sources - We may collect other Personal Data and/or Non - Personal Data from other sources, such as public databases, marketing partners, member referrals, internet search and other third parties. The information that we collect as a part of the Referral Program is used only for the purpose of marketing the Program. We store the received referral details only if the referral shows interest and allows us to send further communication u pon being contacted. If the referral opts out of receiving communication from us, we erase his / her data at the first instance. Physical & Mobile Location Based Services - We collect Personal Data if you download one of our Apps or choose to participate i n certain programs. For example, we may collect the precise physical location of your device by using satellite, cell phone tower, Wi - Fi signals, or other technologies. We will collect this data if you opt in through the a pp or other program (either during your initial login or later) to receive the special offers and to enable location - driven capabilities on your mobile device. If you have opted - in, the a pp or other program will continue to collect location data when you are in or near a participating prop erty until you log off or close the app (i.e., the a pp or other program will collect this data if it is running in the background) or if you use your phone’s or other device’s setting to disable location capabilities for the GMS Group App or other program. 4 WHAT WE DO WITH THE DATA WE COLLECT AND FOR HOW LONG WE KEEP IT GMS Group uses the personal data collected to acquire new Members and personalize and customize their loyalty membership programs for enhancing the overall experience of the existing members . The contact details are primarily used for passing on i nformation related to their membership account , such as notifications, benefits, promotional offers, lapsed membership communication etc. , which a member is eligible to. We may contact you for admin istrative purposes, such as confirming a transaction you may have made, informing you of your account status or informing you of important Program changes We further use the information provided by the members pertaining to preferences/likings and interes ts to tailor - make and customize our offerings accordingly. T he personal data collected will be processed by GMS Group in accordance with the following purposes: • To inform you about the membership program you m ay be interested in • To manage our contractual relationship with you under the loyalty membership program when you are a member with us and/or to comply with a contractual or legal obligation • To manage and facilitate bookings and reservations made by you through our offices • To manage your opt - in to receive the program e - newsletter • To communicate with you about goods and services according to your personal preferences • To manage your contact requests with GMS through the channels provided We keep your personal information till the fulfilment of the purpose for which it was collected. This means that we will keep your information for as long as you continue to be a member with any of our programs for fulfilment of the legal and contractual obligations entered into by the members by accepting the loyal ty membership. In case you cease to be a member, we will retain your details for a further period of 24 months post - expiration of the membership so that you may easily re - join when you wish to within that period. This information would also help us commun icate to you any new benefits that you may receive with a renewal of membership. Please note that you can always choose to opt - out from receiving such communications and also raise a request for removal of your information/data post expiry of your member ship by a click - through on each e - mail you receive from us We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. COLLECTION OF OTHER DATA – Our web server collects the following access log infor mation: click - stream data and HTTP protocol elements and access logs containing this information. The data may be used by us and our agents for the following purpose: • Website and system administration • To administer our website and for our Email campaigns, we track and analyze anonymous usage and volume of statistical information from our visitors and members. All data collected are owned and used solely by us or on behalf of our client hotel partner. • In the event of registration and/or access through a thir d - party account, GMS Group may collect and access certain information of the member’s profile from the corresponding social network solely for internal administrative purposes and/or for the purposes indicated above. • User Information: We collect the follow ing user information: unique identifiers which may be used for o Completion and support of the current activity 5 o Anonymous user analysis o Anonymous user profiling and decision making o Contacting visitors for the marketing of services or products (the user may o pt out of this usage) • Such data is classified as “Non - Personal Data” , a type of data that generally does not reveal your specific identity or does not directly relate to an individual. To the extent non - personal data reveal your specific identity or relate s to an individual, we will treat non - personal data as personal data. Other non - personal data mainly include o Browser and device data o App usage data o Data collected through cookies, pixel tags and other technologies o Demographic data and aggregated data o Your IP address o Google and adobe analytics Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing messages. We also use cookies to tr ack responses to online advertisements and marketing emails. You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Tracking Preferences” located at the bottom of our home page. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receiv e advertising or other offers from us that are relevant to your interests and needs. We treat information collected by cookies and other technologies as non - personal information. However, to the extent that Internet Protocol (IP) addresses or similar ide ntifiers are considered personal information by local law, we treat these identifiers as personal information. Similarly, to the extent that non - personal information is combined with personal information, we treat the combined information as personal infor mation for the purposes of this privacy policy. LINKS TO THIRD - PARTY SITES We may provide links to third - party websites. Please be aware that we do not control and are not responsible for the information collection practices of such third - party websites’ policy that may differ from those of this Site. We encourage you to review and understand the privacy policies of these other Web sites before accessing and providing any information to them. RIGHTS OF DATA SUBJECTS: INFORMATION ACCESS, CHANGE, AND/OR DEL ETION You have a right to access, rectify, restrict, suppress, update, and/or erase any or all of the personal information that you submit to us by contacting us at privacy@gms - group.com If you would like to receive an electronic copy of your personal data for your purposes of review or transmitting it to another company (to the extent this right to data portability is provided to you by law) you can contact us at privacy@gms - group.com You can unsubscribe from receiving our e - mails by a click through on each e - mail. You may also unsubscribe from mailing lists or any registrations on the Site. To do so, please follow the instructions on the page of the e - mail. However, we may disclose your information, including personal information, if we believe it is necessary to protect the property and/or rights of GMS Group, you, or a third party, to protect th e safety of the public or any person, in the event of a legal dispute, or to prevent or stop activity we believe may pose a risk of being illegal, unethical or in 6 violation of the Terms of Service. In case of such an event, the right to have the personal i nformation rectified or erased may also stand suspended. However, you would still be able to view your personal information. SECURITY MEASURES GMS Group has implemented generally accepted standards of technology and operational security to protect persona lly identifiable information from loss, misuse, alteration, or destruction. Only authorized GMS Group personnel have access to personally identifiable information, and these employees are required to treat this information as confidential. We maintain app ropriate physical, technological, and organizational safeguards to protect your personal information against loss, misuse, unauthorized access or disclosure, alteration and destruction. Only authorized personnel of GMS Group have access to member accounts and details. Although we use reasonable measures to help protect your personal information, it is important that you understand that no website or database is completely secure or "hacker proof". If you believe the security of your account has been breache d, please contact us immediately at feedback@gms - group.com and privacy@gms - group.com Our security procedures mean that we may occasionally request proof of identity before we d isclose personal information to you. CROSS BORDER TRANSFER AND SHARING OF INFORMATION Personally identifiable information collected may be transferred, from time to time, to GMS Group offices or personnel or to relevant third parties located throughout t he world, and the website may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. GMS may store your personal data on the servers of the AWS Infrastr ucture as per the needs and location of their respective clients. Cross border transfers are necessitated for providing seamless services to members. For example, a member may travel outside the country of his ordinary residence and would want to avail be nefits of the membership abroad. To facilitate this, cross - border transfer of information becomes necessary. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries will be entitled to access your Personal Data. By using our website or by providing consent to us, you agree to the transfer of your personal information to countries outside of your country of residence for the purposes specified in this Privacy Policy. We ensure, by mea ns such as contracts and personal data transfer agreements that your personal data is protected at all times in accordance with applicable privacy laws, regulations or binding codes. The personal data that GMS Group collects may be disclosed to GMS Group of companies, solely for administrative purposes and/or for purposes indicated above and/or suppliers of GMS Group necessary for the adequate fulfilment of the legal obligations and/or the purposes previously indicated. CONTACT US If you have any question s about this Policy or our privacy practices, you may contact us at feedback@gms - group.com or privacy@gms - group.com 7 COMMERCIAL & PROMOTIONAL COMMUNICATIONS: DO NOT CALL If you choose not to receive any promotional communications from us, we will not send you promotional messages and will not share your personal information with our partners or other companies for marketing purposes. In order to discontinue receiving promotional communications from us, you may Unsubscribe at any time, or you may contact the Program where you are a member or contact our Privacy Officer at privacy@gms - group.com Any customer detail collected on our website, through social media including digital campaigns, emails, landing pages and other offline mediums will allow GMS Associates to call, SMS, Email and chat guests who have filled in their information. By dropping in details, the guest explicitly allows and gives consent to GMS and group companies to call him / her and such commercial & promotional communication would not be considered in v iolation of Do Not Call registration laws in the countries of operations for GMS. USER’S RESPONSIBILITY/ DECLARATIONS T he user g uarantees that they are of legal age and are persons who can form a legally binding contract under the respective country laws and that the information furnished to GMS is true, accurate, complete and up - to - date. Guarantees that he/she has informed third parties on whose behalf he/she has provided data, such as in the case of member referrals, of the aspects contained in this document and has obtained the third party’s authorization to provide their data to GMS Group for the purposes indicated. Will be res ponsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to GMS Group or third parties. Accepts and agrees that there may be certain data that we may not allow you to review for legal, security or other reasons. UPDATES The "Last Updated" legend at the bottom of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Online Services. Your use of the services following these changes means that you accept the revised Privacy Policy. Last Updated: 23 rd June 2023