Privacy policy

Privacy Policy

We, Nina Hospitality Company Limited (including its parent company, subsidiaries and affiliated companies, collectively the "NH") are committed to protecting the privacy of anyone who visits our websites ninahotelgroup.comdining.ninahotelgroup.com, ninaboutique.com and ninapatisserie.com (the "Websites") or registers to use our services (the Websites and other services altogether referred to as the "Web Services"). As part of our commitment, we have thus adopted certain measures in relation to the collection, use, retention, disclosure, transfer, security and accessibility of your personal data in order to comply with the requirements laid down in the Personal Data (Privacy) Ordinance (Cap. 486) of the Hong Kong Special Administrative Region (the "Ordinance") and the European Data Protection Legislation (as defined below).


This Privacy Policy (the "Policy") applies to personal data and information regarding guests and other individuals with whom we do business and to the management of that data and information in any form, whether electronic or written.

Whilst we make every effort to protect your personal data, no security measures can guarantee that your personal data and information will not be subject to interference, misuse or hacking and we shall not be responsible for any loss, misuse or alteration arising as a result of such incidents.
  

1. Your Use of the Web Services

Use of this Web Services constitutes your agreement to the terms of this Policy and the application of any applicable laws and regulations. Whenever you submit Personal Data and any other information via the Web Services, you acknowledge that data and information will be collected, used and disclosed in accordance with this Policy.
 

2. Data Protection Legislation

It is our policy to comply with the Personal Data (Privacy) Ordinance, Chapter 486 of the laws of Hong Kong (the "Hong Kong requirements"). In addition, we adhere to the European Data Protection Legislation as described below to the extent it applies to the Personal Data we process about you (the European Data Protection Legislation and the Hong Kong Requirements jointly referred to as the "Data Protection Legislation").

For the purposes of this Policy, "European Data Protection Legislation" means all applicable legislation relating to data protection in the European Economic Area ("EEA"), including the EU General Data Protection Regulation 2016/679 ("GDPR") and all legislation implementing or made under or pursuant to or replacing or superseding the GDPR. Where this Policy uses terms which are defined in the GDPR, the definitions set out in the GDPR will apply.

 

"Personal Data" is data relating to you from which you can be reasonably identified. Examples of Personal Data include your full name, email address, postal address, telephone number, job title or the company you work for. We recognise that your Personal Data is valuable and we process it in accordance applicable law, and to the extent that it applies to your Personal Data, with the Hong Kong Requirement and/or European Data Protection Legislation.
 

3. Data controller

The NH is responsible as data controller for the processing of your Personal Data collected on via the Web Services under the European Data Protection Legislation and the Hong Kong requirements as applicable.
 

4. Types of Personal Information We Collect

When we need to collect personal data from you to provide you with a particular membership or service, we will ask you to voluntarily supply us with the information we need. The information collected includes but is not limited to:

4.1  For Hotel eNewsletters (eNews subscription):

4.1.1  Prefix

4.1.2  Name

4.1.3  Email address

4.1.4  Mobile phone no.

4.1.5  Preferred language

4.1.6  Consent and marketing channel preference for promotional materials

4.3  For Hotel rooms booking:

4.3.1  Prefix

4.3.2  Name

4.3.3  Email address

4.3.4  Company name

4.3.5  Mobile phone no.

4.3.6  Contact phone no.

4.3.7  Postal address (Country/District of residence/City/Postal Code/etc.)

4.3.8  Correspondence address

4.3.9  Payment type

4.3.10  Room requests

4.3.11  Reservation email option

4.3.12  Credit card information

4.3.13  Consent and marketing channel preference for promotional materials

4.4  For Restaurant bookings:

4.4.1  Restaurant name

4.4.2  Reservation date

4.4.3  Reservation time

4.4.4  Meal period

4.4.5  Reservation cover

4.4.6  Reservation type/mode (i.e. via mobile phone or pc)

4.4.7  Guest type

4.4.8  Prefix

4.4.9  Name & Chinese name

4.4.10  Contact phone no.

4.4.11  Email Address

4.4.12  Consent and marketing channel preference for promotional materials

4.5  For Banquet bookings:

4.5.1  Banquet choice

4.5.2  Booking guest's and contact guest's prefix

4.5.3  Booking guest's and contact guest's name

4.5.4  Booking guest's and contact guest's email address

4.5.5  Booking guest's and contact guest's company name

4.5.6  Booking guest's and contact guest's mobile/contact phone no

4.5.7  Booking guest's and contact guest's Postal address (Country/District of residence/City/Postal Code/etc.)

4.5.8  Source of booking

4.5.9  Event start/end date and flexibility on such dates

4.5.10  Nature of event

4.5.11  Expected no of guests

4.5.12  Event set up

4.5.13  No of function rooms

4.5.14  No of hotel rooms

4.5.15  Consent and marketing channel preference for promotional materials

4.6  For online purchases
4.6.1  Prefix
4.6.2  Name
4.6.3  Email address
4.6.4  Mobile phone no.
4.6.5  Contact phone no.
4.6.6  Postal address (Country/District of residence/City/Postal Code/etc.)
4.6.7  Correspondence address and shipping address
4.6.8  Payment type
4.6.9  Credit card information
4.6.10 Transaction history
4.6.11 Membership information (if applicable)
4.6.12 Consent and marketing channel preference for promotional materials

 

5. Purpose of Personal Data Collection

You acknowledge and agree that such personal data will be used by us for the following purposes:

5.1  The provision of any goods and /or services offered by any member of the NH, including processing your reservations and managing your room and restaurant bookings, and online purchases. In these circumstances, we will use your Personal Data to perform an agreement with you because we would be unable to provide those services without that information;

5.2  The analysis, verification and /or checking of your credit, credit history, on-going credit worthiness; the processing of any payment instructions, direct debit facilities and/or credit facilities you requested; the determination of the amount of debt owed to or by you and/or the processing and/or collection of amounts outstanding from you and those providing security for your obligations. We will do this because it is in our legitimate interest to receive payment for the services we provide to you;

5.4  To conduct market analysis, market research, customer satisfaction and quality assurance surveys. We do this because it is in our legitimate interests to understand the trends in the use and popularity of our services so that we can adapt existing and offer new services based on this research and analysis;

5.5  To respond to requests for information and services. We will do this because it is in our legitimate interest to use your Personal Data to communicate with you, to respond to your requests about the services and facilities you require and to develop the relationship between us in the context of your use of our services and facilities;

5.6  For disclosing the winner of contests and lucky draw competitions conducted by us or on our behalf. We will do this because it is in our legitimate interest to develop the relationship between us in the context of your use of our contests, privileges, benefits and other advantages we offer, which we will only communicate to you subject to the next bullet point; 

5.7  To facilitate direct marketing, promotional and customer management purposes, including sending you sales, promotional communications or special offers from any member of the NH if you have consented to receive them by the channels which you have agreed to receive, as further described under the chapter “Direct Marketing”.
 

6. Information we collect from your browser and your device

When you make use of the Web Services, we may automatically collect information about your interaction with the Web Services such as your IP address, traffic data, clickstream information, time stamp, location data, web logs, other communication data and the resources that you access. We automatically collect this data using various technologies such as cookies, web logs and beacons as described below. This data is primarily used for delivering and optimising services offered by us, such as:

a)  authenticating your identity and remembering certain data for the purposes described in "Purposes of Personal Data Collection" above;

b)  providing you with relevant, personalised content in order to help us focus on what you are most interested in; and

c)  improving our services, whereby we may occasionally display different versions of content to you and measure your usage of our Web Services.

To the extent this information constitutes Personal Data, we use it to ensure that content from the Web Services is presented in the most effective manner for you and your device because it is in our legitimate interest to improve our customers' online experience in relation to the Web Services.

Use of Cookies
Cookies are small text files that are stored on your browser and the hard drive of your computer, mobile or other handheld device. Our Web Services use
cookies to enhance your use of the Web Services, to monitor your activity during your visit(s) to the Websites and to distinguish you from other users. Our use of cookies allows us to provide you with a good experience when you browse our Websites by displaying content effectively and obtaining and analysing statistics about the use of our Web Services.

By continuing to use the Web Services you consent to our use of cookies as explained in this Policy.

The following table sets out the types of cookies used on the Websites and provides detail about what they are used for. When you use the Websites for the first time, cookies which are essential to make the Websites operate (see those identified as "essential cookies" below) will have been set but other cookies will not have been set unless you agreed to those cookies being set at that time. If you have agreed to accept cookies then the Websites will remember this and continue to set cookies each time you visit. If you do not want cookies to be stored, then you may turn off certain cookies listed below individually or you can select the appropriate options on your web browser to delete some or all cookies. Please note, however, that if you block some or all cookies (including essential cookies) you may not be able to use or access all or parts of the Websites, such as being able to log on to member specific areas.

For Websites under the NH and CCG Hearts Application

Cookie Type

Cookie Name

Function and Purpose

Further Information

ninahotelgroup.com, dining.ninahotelgroup.com, ninaboutique.com, ninapatisserie.com

Essential Cookies

__cfduid

Used by the content network, Cloudflare, to identify trusted web traffic.

Cannot turn cookie off

ASP.NET_SessionId

Preserves the visitor's session state across page requests

Cannot turn cookie off

Tracking Cookies

_ga, _gat, _gid

Google Analytics (www.googletagmanager.com)

Blocking this cookie will prevent Google Analytics to track you across all websites

HMACCOUNT

Baidu Analytics (hm.baidu.com)

Blocking this cookie will prevent Baidu Analytics to track you across all websites

Functionality Cookies

CMSPreferredCulture

This cookie is used to recognize you when you return to the Website.
It enables us to personalize our content and remember your language preference.

Blocking this cookie will prevent the Site to change the language

Targeting and advertising Cookies

test_cookie, IDE

DoubleClick (doubleclick.net) Advertising and Analytics Solutions
This cookie is used for direct marketing purposes, in order to send website visitors personalized online advertisement.

For further information about this cookie, please visit https://www.doubleclick.net
Blocking this cookie will prevent us from offering you personalized and relevant offers via online advertising

Other Cookies (3rd party Cookies)

__atuvc, __atuvs, uvc, xtc,
ouid, di2, uid, vc, loc, mus

AddThis (addthis.com) Social Media Sharing Function

For further information about this cookie, please visit addthis.com
Blocking this cookie will prevent us from offering you sharing function of the website to any social media network

CCG Hearts Application

Essential Cookies

email, password

For identify member login account information

Cannot turn cookie off

Tracking Cookies

membership number, last login, isLoginbyFB, isLoggedin, lastLogin, LastUpdateOn

For identify member login & web browsing / traffic information

Cannot turn cookie off

Functionality Cookies

FacebookID, FacebookEmail, IsRememberMe, HideBannerCookie

For recognizing member when they return to the website

Cannot turn cookie off


If you would like to disable cookies, you can set your web browser to reject cookies. However, if you disable the cookie function, you may not be able to access or receive all the information contained on the Websites. How to alter your cookie setting will depend on the type of browser you use. We have provided examples of how to disable cookies on the most popular browsers below:

 

Microsoft Internet Explorer

 

-  choose the tools menu then Internet Options;

-  click on the privacy tab; and

-  select the appropriate setting.
 

Mozilla Firefox

 

-  choose the tools menu then Options;

-  click on the privacy menu then Options;

-  click on the privacyicon; and

-  find the cookie menu and select the relevant options.


Please note that Google and other third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies as a result of you visiting other websites, over which we have no control.

 

7. Disclosure and Transfer

7.1  We reserve the right to disclose any personal data and information we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property. We also reserve the right to retain information collected and to process such information to comply with accounting and tax rules and regulations. In addition, we may make certain disclosures in answering your query or providing you with services. By using the Web Services, you agree to disclosures to the following third parties:

7.1.1  advertisers, which may collect aggregated statistics from the Web Services;

7.1.2  payment processors who will collect your payment information if you choose to purchase services from us;

7.1.3  other companies and individuals which we employ to provide certain services such as email marketing services (e.g. analysing customer lists, deliverability statistics, opens and clicks), marketing assistance or consulting services. These third parties may have access to information needed to perform their function but cannot use that information for any other purpose;

7.1.4  our service providers and sub-contractors for the performance of any contract we enter into with them or you;

7.1.5  our business partners, but only to the extent you have purchased or expressed an interest in a product or service of such business partner or interacted with or otherwise authorised the sharing of your Personal Information with such business partner;

7.1.6  credit reporting agencies and other financial institutions including our own bankers, service providers; our professional advisers, such as our accountants, auditors and lawyers, insurers and industry groups having a legitimate reason to receive such information;

7.1.7  a purchaser or successor entity in the event of a sale or other corporate transaction involving some or all of our business or as needed to affect the sale or transfer of business assets, or as needed for external audit, compliance or corporate governance related matters;

7.1.8  any of the affiliates and the parent company of the NH, and any company in which the same has a direct or indirect interest or with which it is in joint venture or co-operation with or their respective successors and assigns;

7.1.9  any actual or proposed assignee or transferee of the NH; and

7.1.10  any other person under a duty of confidentiality to the NH

7.2 We may share aggregated demographic information with business partners, affiliates or other entities. This aggregate information is not linked or traceable to any personally identifiable information about you.

7.3 Except as described herein, we do not permit the sale or transfer of personally identifiable information to third parties.

 

8. Storage and transfer of your Personal Data to Other Countries

If you provide Personal Data to us, it may be transferred to, processed in, stored at or accessible from a destination outside the European Economic Area ("EEA"), such as Hong Kong, Japan, the United States of America, or any other country in which the NH or its service providers maintain facilities. All practical steps are taken to ensure that all data is treated confidentially, kept secure and protected against unauthorised or accidental access, processing, erasure, loss or other use and is maintained and kept no longer than is necessary for the purpose for which it is intended.

The NH is located in Hong Kong, which is a territory which has not been deemed to offer adequate data protection by the European Commission. If you provide your Personal Data to us in circumstances where our processing of it is subject to European Data Protection Legislation, please note that you are doing so on the basis that you explicitly consent to the transfer of your data outside the EEA. The potential consequence of you explicitly consenting to this are that there is a risk that your Personal Data will not be protected in a manner that complies with European Data Protection Legislation. You can withdraw your consent for this reason at any time by emailing us at 
privacy@ninahotelgroup.com. Withdrawing your consent will not affect our use of the Personal Data prior to your withdrawing that consent but it will mean that we will not be able to contact you about the services we may be able to offer you in the future.

Where we pass your Personal Data that is subject to European Data Protection Legislation from a location inside the EEA to parties located outside the EEA that do not offer adequate protection as determined by the European Commission, and if they are not subscribed to an approved data protection framework, such as the EU-US Privacy Shield that permits us to transfer the Personal Data to them from the EEA, we will enter into agreements which enable us to transfer Personal Data to them and that enable you to exercise your rights in accordance with the European Data Protection Legislation. A copy of these terms can be obtained by emailing us at 
privacy@ninahotelgroup.com.

 

9. Direct marketing

9.1  When you opt-in to receive communications from us, you are giving your consent for your Personal Data to be used by us to contact you (depending on your selection) by email, direct mail and telephone including but not limited to phone calls, text messages, multi-media messages and instant messaging applications, and to deliver personalized Web Services experiences, to share information about relevant services, news and events in relation to any member of the NH and its offering, including but not limited to residential, offices, commercial and industrial buildings, shops, hotels, serviced apartments, shopping malls and the events, room sales promotion, food & beverage promotion, banquet and conference services, the NH membership programme, surveys by e-mail or telephone on our service quality, educational, recruitment, charitable and non-profitable causes:

9.1.1  For Hotel eNewsletters (eNews subscription)

9.1.1.1  Prefix

9.1.1.2  Name

9.1.1.3 Email address

9.1.1.4  Mobile phone no.

9.2  We may not use your personal data for direct marketing purpose unless we have received your consent. We seek for your permission before we use your personal information for direct marketing during the CCG Hearts application process, online hotel check-in registration, e-newsletter subscription, restaurant booking etc. Your consent may also be communicated to us without charge by checking the opt-in / consent box in this Website or by writing to info@ninahotelgroup.com or by post at Nina Hospitality Company Limited, 37/F, Nina Tower, 8 Yeung Uk Road, Tsuen Wan, New Territories, Hong Kong. When you enter your contact details for the purposes of receiving marketing communications and click "sign up", you will be consenting to us contacting you for these purposes.

9.3  You may opt-out from receiving marketing communications at any time with no additional charges, by:

9.3.1  Following the "opt-out" instructions contained in the communications

9.3.3  Contacting us by mail, email or phone

Nina Hospitality Company Limited

a: 37/F, Nina Tower, 8 Yeung Uk Road, Tsuen Wan, New Territories, Hong Kong

e: info@ninahotelgroup.com 

(Please indicate Opt-out from receiving marketing communications)
 

9.4  Withdrawing your consent will not affect our use of the Personal Data prior to you withdrawing that consent but it will mean that we will not be able to contact you about the services we may be able to offer you or your business in the future. When your opt-out request is received, your contact details will be suppressed rather than deleted. This will ensure that your request is recorded and retained unless you provide a later consent that overrides it.

9.5  We will let you know where you must provide us with Personal Data in order to perform an agreement with you or to comply with a legal obligation. If you do not provide us with the Personal Data in these circumstances, we will be unable to respond to your enquiry and/or engage in further communications with you.

 

10. Data Retention and Security

10.1  You further acknowledge and agree that the personal data will be retained by us for the purposes as mentioned aforesaid as well as for other purposes that may be agreed between you and us or required by law from time to time.

10.2  We will only retain the Personal Data collected from you for as long as your account is active or has otherwise not been cancelled and you have not requested that your Personal Data be deleted. We will retain Personal Data to fulfil the purposes for which we have initially collected it, unless otherwise required by law. All Personal Data will be retained only as necessary to comply with our legal obligations.

10.3  We will delete our copy of your Personal Data at the latest by 18 months from the end of our last contact with you although we may retain a record of the existence of the relationship, to the extent and for so long as we are required to do so by law. For example, if you have contacted us to ask us for the processing of your Personal Data to be erased, we will retain a record of your request in order to ensure we comply with your wishes.

10.4  We will take all practicable steps to ensure the data held by us are protected against unauthorized or accidental access, process, erasure, loss or other use.
 

11. Changes to the Policy

11.1  The Policy will be modified from time to time. Any changes to this Policy will be posted to the Websites and the Apps and, where appropriate, notified to you by email, so that you are always informed of the way we collect and use your personal data.

11.2  Any changes to our Policy will become effective upon posting of the revised policy on the Websites or Apps unless otherwise stated. We encourage you to periodically review our privacy policy to ensure familiarity with our most current version.
 

12. How to Access or Correct your Personal Data

12.1  Under and in accordance with the Ordinance, you have the right to:

12.1.1  check whether we hold your personal data and obtain copy of your personal data;

12.1.2  require us to correct any personal data which is inaccurate; and

12.1.3  ascertain our policies and practices (from time to time) in relation to the personal data and to be informed of the kind of personal data held by us

12.2  We have the right to charge a reasonable fee for processing any data access request. All requests for 12.1.1 to 12.1.3 above shall be made in writing and addressed to:

Nina Hospitality Company Limited  Data Protection Officer

a: 37/F, Nina Tower, 8 Yeung Uk Road, Tsuen Wan, New Territories, Hong Kong

e: privacy@ninahotelgroup.com

(Please indicate Personal Data Access Request on the email subject or on the envelope.)


13. Rights of Users in the European Economic Area

With respect to the Personal Data that the NH collects about you from the Web Services, to the extent that you are located in the EEA under the European Data Protection Legislation you have the right to:

13.1  request access to that Personal Data;
13.2  receive a copy of the Personal Data that you have provided to us in a structured, commonly used and machine readable format so that you can share it with others;

13.3  request the transfer of your Personal Data to another party;

13.4  ask that Personal Data be erased;

13.5  object to us possessing your Personal Data by asking for the processing of that Personal Data to be restricted or stopped. For example, if we use Personal Data for marketing purposes; and

13.6  make a complaint to a European data protection authority about the manner in which we process your Personal Data. The contact details for the European data protection authorities can be found at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Please contact us to exercise these rights or for additional information at:

Nina Hospitality Company Limited

a: 37/F, Nina Tower, 8 Yeung Uk Road, Tsuen Wan, New Territories, Hong Kong

e: privacy@ninahotelgroup.com

(Please indicate Personal Data Access Request on the email subject or on the envelope. )

In addition to the above, you have the right to review, update, and correct your account information and preferences at any time by managing your accounts Profile page. If there is any information that you are not able to edit or delete, contact us to help you make the amendments.

You have the right to request for your account to be terminated and your information to be deleted when there is no longer a legitimate or legal reason for us to keep your Personal Data.

On the other hand, if you wish to change or use other services affiliated to us, you may request for your Personal Data to be transferred or transmitted.


14. Contact Information

If you wish to contact us about the privacy-related matters described above or find out more information about our privacy practices, please use the contact details below:

Nina Hospitality Company Limited

a: 37/F, Nina Tower, 8 Yeung Uk Road, Tsuen Wan, New Territories, Hong Kong

e: privacy@ninahotelgroup.com

(Please indicate “Personal Data Access Request” on the email subject or on the envelope. )


15. Privacy Policy - Addendum (Personal Information Protection Law of the People’s Republic of China)

This Addendum (“Addendum”) is made for compliance with the Personal Information Protection Law of the People’s Republic of China, and shall form an integrate part of the Privacy Policy. However, it shall apply only to people who resided in or who are in Mainland China when signing up for any of our services. In case of any discrepancy between any provision herein and any other provision in the Privacy Policy, the provision herein shall prevail.

 

Before providing your personal data, please ensure that you have carefully read this Addendum.

15.1 Collection, Disclosure, Sharing, Transfer and Publication of Personal Data

15.1.1 Collection of Sensitive Personal Information

The personal data that we may collect in order to perform the service you have purchased may contain sensitive personal information, which means any personal information that once disclosed, provided illegally or misused, may endanger your personal or property safety and may extremely easily lead to any harm to your reputation or health in body and mind or any other discriminatory treatment. When it becomes necessary to collect any sensitive personal information from you, we will solicit your consent in advance.

15.1.2 Disclosure and Sharing of Personal Data

15.1.2.1 Except otherwise provided for in any applicable law or regulation or required by any competent regulatory authority, we will only disclose to or share with any third party your personal data, as necessary for the related service, in the following circumstances. We will enter into a non-disclosure agreement with such third party, under which the third party should be required to process your personal data pursuant to the Privacy Policy and its addendum and other related confidentiality and security measures. Such third party shall not be entitled to subject the personal data to any other purpose than specified in the Privacy Policy and its addendum. We will solicit your consent by means of a written agreement or a pop-up window, pursuant to any applicable law or regulation or standard and with your explicit consent, will provide to or share with the third party your personal data. Such third party will include:

15.1.2.1.1 Any advertising agency, to whom we will not directly disclose your personal data, except with your authorization, provided that we may provide such advertising agency with the personal data anonymized in order for the latter to use it for statistical aggregation purposes.

15.1.2.1.2 Any payment service provider, to whom we may disclose your name, bank account number, bank card details and other data that is required for completion of the payment service concerned, when you purchase and pay for any of our services.

15.1.2.1.3 Any other company or individual who we may retain to provide us with email publicity service (such as, to analyze the customer list, transmissibility data, launch and click data), publicity assistance service or consultation service, to whom we may provide the anonymized personal data in order for the latter to use it for analytical and statistical purposes, provided that we will solicit your consent in advance when it becomes necessary to disclose the personal data in view of any business need.

15.1.2.1.4 Any of our service providers and subcontractors, in order to fulfill any contract between us and you or between us and such service provider or subcontractor.

15.1.2.1.5 Any of our business partners, provided that you have purchased or manifested your interest to purchase any product or service from such business partner, or you interact with such business partner, or you explicitly authorize that your personal data may be shared with such business partner.

15.1.2.1.6 Any credit consulting organization or other financial institution, including our banks, service suppliers, professional advisors (such as, accountants, auditors and lawyers), insurance companies, and other industrial groups that are justified to collect your personal data, in order to fulfill the related contract and improve the quality of our services.

15.1.2.1.7 The parent company of or any other company affiliated to Nina Hospitality, or any other company in which it/they holds shares directly or indirectly or which it/they engages for joint operation or cooperation, or any successor or transferee of the above.

15.1.2.1.8 Any actual or proposed transferee or assignee of Nina Hospitality.

15.1.2.1.9 If you need to know any company, organization or individual who is involved in the circumstances under Sections 1.2.1.1 through 1.2.1.8, please send an email to privacy@ninahotelgroup.com, noting “Third-Party Data Inquiry” in the subject line, to which we will respond within 15 working days of receiving the email.

15.1.2.2 We may share your personal data pursuant to any obligation under any applicable law or regulation or the need to enforce any legal proceeding, or the requirement raised by any competent government authority according to law.

15.1.3 Transfer of Personal Data

We will not transfer your personal data to any third party, unless:

15.1.3.1 Your prior explicit consent or authorization has been obtained.

15.1.3.2 It involves any merger, acquisition, or insolvency and liquidation proceedings, where, if the transfer of your personal information is involved, we will require that any succeeding third party that comes to hold your personal data continue to be bound by this Privacy Policy and its addendum; otherwise, we will require that such third party resolicit your authorization or consent.

15.1.4 Public Disclosure

We will not disclose your personal data to the public, unless:

15.1.4.1 Your prior explicit consent has been obtained (for example, in any contest or lottery organized by or for us, we will not disclose to the public the personal data of the winner unless and until the explicit authorization and consent from the winner is obtained).

15.1.4.2 We do so pursuant to any mandatory requirement of any applicable law or regulation, legal proceeding or competent government authority.

15.2 Protection and Storage of Personal Data

15.2.1 Protection of Personal Data

15.2.1.1 We will take any and all reasonable and feasible measures to protect your personal data and we ensure that we will not collect any personal data that is irrelevant to the service you purchase.

15.2.1.2 The Internet is not 100 percent safe and secure, and we will do our best to ensure the safety of the personal data that you provide us through the Internet. In the event of any personal data breach, we will promptly inform you of the breach and its possible consequence, the action we have taken or will take, and any action you may take, pursuant to the applicable law or regulation. We will promptly notify you by email, regular mail, telephone or push notification and if it is too difficult to reach all the owners of the personal data, we will make a public announcement in a reasonable and effective manner.

15.2.2 Storage of Personal Data

In principle, we will only store your personal data within the time limit that is necessary for us to perform the service you have purchased, which is the longer of the following:

15.2.2.1 the period that is required to finish the service you have purchased;

15.2.2.2 the period that we can ensure the safety and quality of the service for you;

15.2.2.3 the period specified in any applicable law or regulation;

15.3 Your Rights

Pursuant to applicable laws, regulations and standards of the People’s Republic of China and any other national or regional practice, you may exercise the following rights to your personal data:

15.3.1 To access your personal data

You may do this by sending an email to privacy@ninahotelgroup.com, noting “Personal Information Inquiry” in the subject line. We will respond to your inquiry within 15 working days.

15.3.2 To correct your personal data

You may do this by sending an email to privacy@ninahotelgroup.com, noting “Personal Information Correction Request” in the subject line. We will respond to your correction request within 15 working days.

15.3.3 To delete your personal data

15.3.3.1 You may require that your personal data be deleted from our system by contacting us in the way specified in Article 14 of the Privacy Policy, to which we will respond within 15 working days to confirm your deletion request, if:

15.3.3.1.1Our processing of your personal data violates any applicable law or regulation;

15.3.3.1.2 We have collected and used your personal data without first obtaining your consent;

15.3.3.1.3 Our processing of your personal data breaches any agreement between us and you;

15.3.3.1.4 You cease using our products or services, or cancel your member account with us (if applicable); or

15.3.3.1.5 We cease providing you with our products or services.

15.3.3.2 If we decide to respond to your deletion request, we will also inform any entity who receives your personal data from us to delete your personal data in timely manner, unless otherwise provided for in any applicable law or regulation or if such entity has independent authorization from you.

15.3.3.3 When your personal data is removed from our service system, we may not immediately delete the same from our backup system until the related backup is updated.

15.3.4 To change or withdraw the scope of your authorization

Different personal data may be required in order for us to perform any single service. You may change the scope of personal data you have agreed for us to use or process, or withdraw your authorization or consent, with respect to any single service, by sending an email to privacy@ninahotelgroup.com. We will respond within 15 working days to confirm your request. When you withdraw your consent, we will cease processing your personal data concerned and become unable to continue to perform the related service for you, which, however, will not affect any previous processing of your personal data on the basis of your consent.

15.3.5 To cancel your member account (if applicable)

You may require that your member account be canceled with our website, by contacting us in the way specified in Article 14 of the Privacy Policy, to which we will respond within 15 working days to confirm your cancellation request.  After your member account is canceled, we will cease providing the related service for you, stop collecting your personal data, and if you so request, delete your personal data under the member account, unless:

15.3.5.1 It is otherwise provided for in any applicable law or regulation;

15.3.5.2 Your member account cannot be canceled under the relevant requirements of the competent administrative, judicial or other authority; or

15.3.5.3 While using any of our services, you have seriously violated any law, regulation or contract and/or any policy or terms and conditions that we formulate for our services.

15.3.6 To obtain a copy of your personal data

You may request a copy of your personal data by contacting us in the way specified in Article 14 of the Privacy Policy, to which we will respond within 15 working days. 

15.3.7 To restrict the Information System in automated decision-making

For certain services, we may make decisions solely on the basis of nonhuman automatic decision-making mechanisms, including the Information System or algorithms. If any of your legal rights or interests is significantly affected, you may require an explanation or refuse to accept our decisions made by the automated decision-making system, by contacting us in the way specified in Article 14 of the Privacy Policy, to which we will respond within 15 working days.

15.3.8 To respond to your requests hereinabove

15.3.8.1 For security reasons, we may require that you should provide a written request or identify yourself in any other way. We may also require that your identification be verified before your request may be processed. We will respond to you within 15 working days of receiving your request.

15.3.8.2 We will not charge you, in principle, if you have raised a reasonable request, but may ask you to pay for the cost, depending on the situation, if the same request has been raised for multiple times or the reasonable extent is exceeded. We may reject any request that is unreasonable and filed repeatedly, that require us to offer any technical means that we cannot reasonably offer (for example, to develop a new system or fundamentally change the existing practice), or that brings any risk to any legal right or interest of any other person, or that is too hard to be feasible (for example, to create a backup copy for the information stored on the magnetic tape).

15.3.8.3 Also, if it is so required under any special provision of any applicable law or regulation, or pursuant to any legitimate requirement of any administrative, judicial or other competent authority, we may not be able to respond to your request.

15.4 Personal Data of Minors

15.4.1 If you are a minor under 14 years of age, you should obtain the written consent of your parent or guardian before using our services and providing your personal data.

15.4.2 The personal data of a minor that we have collected with the consent of the parent or guardian will not be shared, transferred or disclosed publicly, unless it is allowed under the applicable law, the explicit consent of the parent or guardian is obtained or it is necessary to do so in order to protect the minor.

15.4.3 If we discover that we have collected the personal data of any minor without first obtaining the verifiable consent of the parent or statutory guardian, we will delete such personal data as soon as practicable pursuant to the applicable law.

15.4.4 If you are the guardian of a minor and you have any question regarding the personal data of the minor, please contact us in the way specified in Article 14 of the Privacy Policy.

 

Last updated: Mar 2024


Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.