The privacy and security of your information is very important to us. Whether you are booking a room or are a member of one of our loyalty programs, we want you to trust that the information that you have provided to us is being properly managed and protected.
We have prepared this Privacy Statement to explain more about who we are and how we collect and manage your information.
Who we are
This Privacy Statement is issued by the InterContinental Hotels Group of Companies (collectively referred to as "IHG”, "we”, "us” or "our” in this Privacy Statement), which includes the direct and indirect subsidiaries of InterContinental Hotels Group PLC and covers information collected and used by us in the course of our business. When we mention "IHG", "we", "us", or "our" we are referring to the relevant company in the InterContinental Hotels Group that processes your personal information.
Your information may also be collected and used by IHG-branded hotels. In most cases, these hotels are independently owned and their use of your information is only covered in this Privacy Statement where specifically noted.
If you would like to learn more about IHG and our relationship with our IHG-branded hotels, see below.
The legal basis for processing your personal data
We are committed to collecting and using your information in accordance with applicable data protection laws.
We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this.
This may be because:
- you have provided your consent to us using the personal information;
- our use of your information is necessary to perform our contract with you, for example, making and managing your booking and operating and providing services in connection with our Loyalty Program in accordance with the terms of our agreement with you;
- our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities;
- our use of your information is in our legitimate interest as a commercial organisation, for example to operate and improve our services and to keep people informed about our products and services (including for profiling and targeted advertising) - in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in "To object to how we use your information".
If you would like to find out more about the legal basis for which we process personal information please contact our offices (details found in the “How to contact us" section). If you have provided your consent to our processing of your information you can withdraw this consent at any time by contacting the IHG Privacy Office (details found in the “How to contact us" section).
As we operate via a global network of corporate offices, reservation and service centers, data centers and hotels, it may be necessary to transfer your information to a country outside of the country where it was originally collected or outside of your country of residence or nationality. The information that you provide us during the course of a reservation or through the provision of any other services may be transferred to any of our IHG-owned or affiliated entities and hotels around the world for the purposes of carrying out or facilitating these services. It will also be necessary to transfer this information to third parties, including, without limitation, our Franchisees, partners and third-party service providers.
Where we transfer information which originates in the European Union ("EU") to a country outside of the EU, we will take steps to make sure such transfer is carefully managed to protect your privacy rights:
- transfers within the IHG Group will be covered by an agreement entered into by members of the IHG Group (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within the IHG Group;
- where we transfer your data outside of the IHG Group including to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information. Some of these assurances are well recognized certification schemes such as standard contractual clauses and the EU - U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America;
- we will only transfer personal information to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
- any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed.
Using our websites, mobile applications and other technology
Use of WI-FI services (IHG Connect)
When you use the IHG Connect WI-FI service (IHG Connect), we may collect and process certain additional information.
What information we collect
- Registration and User-Provided Information: When you register to use IHG Connect, we may collect personal information about you including your IHG Rewards Club number. You may also provide us with personal information about you in various ways when you use IHG Connect, for example, when you send us customer service-related requests.
- Device Identifiers. In the course of providing the IHG Connect, we may automatically collect a device identifier (such as your IP address, MAC Address or other unique identifier) for the computer, mobile device, technology or other device you use to access IHG Connect. A device identifier is a number that is automatically assigned to your device when you access IHG Connect, and we may identify your device by its device identifier. When you use IHG Connect, we may view your device identifier and use this information to enhance our service. We may associate your device identifier with other information about you, such as your IHG Rewards Club number.
- Other device information: We may also automatically record certain information from your device including, device type, the web pages, apps or sites that you visit, and the dates and times that you visit, access, or use IHG Connect. While generally this information is pseudonymous and/or aggregated, this information may be associated with your IHG Rewards Club number and/or other IHG service account information or persistent identifiers. This data helps us to manage our networks and provides us with information about the use of IHG Connect. We do not, however, collect and process the contents of email communications or other electronic communications you send or receive when using IHG Connect.
- Location information: We may collect information about your location through your use of the WI-FI services we provide at our hotels to enable us to improve our service and provide certain services to you such as customized offers and promotions.
How We Use the Information We Collect
We use personal information only for the purposes described in this Policy, except if otherwise disclosed to you at the time the data is collected or further authorized by law or by you.
- We use the personal information that we collect through IHG Connect to operate, maintain, enhance and provide all features of the service, to provide services and information that you request, to respond to comments and questions and to provide support to users.
We use the personal information that we collect through IHG Connect to understand and analyze the usage trends and preferences of our users, to improve the IHG Connect service, and to develop new products, services, features, and functionality. If you provide your contact information or your IHG Rewards club number, we may send you personalized offers based on your web usage and location. You can opt out of receiving these offers when signing in to use the IHG Connect service or at any time within your IHG Rewards account. Please see the 'Managing your preferences and information' section below.
Using Personal Information to create profiles
As described in the section above in relation to cookies, we have relationships with third parties such as Google and Facebook which enable us to serve targeted advertising. In addition to the activities described under the heading Targeted Advertising above, we also match Facebook and Google users across sites and devices which enables us to better understand your interests. We use this information to enable us to tailor our marketing communications to you so we can make sure we tell you about things which are most likely to be of interest to you. You can opt out of receiving these offers when signing in to use the IHG Connect service or at any time within your IHG Rewards account. Please see the 'Managing your preferences and information' section below.
How we secure your information
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organizational security measures are put in place to protect against any unauthorized access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.
Managing your preferences and information
We want to ensure that you have the necessary tools at your disposal to control the information that you provide to us, including how we communicate with you. It is also important that you contact us to update your information if any of it is inaccurate or changes. Please click the relevant section below to learn more about how to control how we communicate with you and how to update, modify and delete your information.
Through the provision of the services described above, we and in some instances our Franchisees, third-party partners and service providers, may communicate with you in relation to a reservation, as a member of any of our loyalty programs, through online digital services (e.g. online advertising, social media communications), or to support any other services that we provide.
In some instances, especially if you are a member of IHG® Rewards Club or an InterContinental Ambassador, you can go to your account, sign in and click on the “Communication Preferences” section to revise your communication preferences. IHG® Rewards Club members can also contact any of our IHG Rewards Club Service Centres. Additionally, the option to unsubscribe from marketing communications will be included within the communication itself. In all other cases, or if you are having difficulties with unsubscribing from any particular communication, please contact one of our global customer care offices or the IHG Privacy Office (details found in the “How to contact us section”).
Please be aware that unsubscribing from one type of communication may not unsubscribe you from another type. Likewise, unsubscribing from our communications may not mean that you are unsubscribed from certain communications carried out independently by our Franchisees.
In the event any information that you provide to us is inaccurate, changes or you would like this information deleted, your information can be updated by contacting one of our global customer care offices. In some instances, especially if you are an IHG® Rewards Club or InterContinental Ambassador member, you can update certain aspects of your personal information by going to your account, signing in and clicking on the “Personal Information” section to update and amend your personal information. For all other cases, please contact the IHG Privacy Office (details found in the “How to contact us section”). We will respond to your request within a reasonable timeframe.
Please note that in some instances it may not be possible to delete certain pieces of your information and a portion of the information may be needed for suppression purposes. In other instances, we may not have the ability to delete certain pieces of information that are stored on our systems or that have been provided to third parties in connection with the services discussed in this Privacy Statement.
California residents may request a list of certain third parties to which we have disclosed personally identifiable information about you for their own direct marketing purposes. You may make one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us through one of the methods listed under the “How to contact us” section. Please allow up to thirty (30) days for a response.
Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 18. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information. In limited instances, we may have a campaign or program targeted toward children. In these instances, details on the information practices will be presented within the terms and conditions of the program or campaign.
Retaining your information in our systems
We maintain a data retention policy which we apply to the records we hold.
How to contact us
For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:
- By email: firstname.lastname@example.org
- By post:
InterContinental Hotels Group
Attn: Privacy Office
Three Ravinia Drive
Atlanta, Georgia 30346
- By phone: 1-770-604-8347
- By fax: 1-770-604-5275
You may also contact our Data Protection Officer by emailing email@example.com.
To the extent permitted under the local law, you may also use the above contact details to request access to any of your personal information that is held by IHG. These requests will be reviewed and processed in line with the local law.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider here.
Where EU data protection laws apply, you have a right to lodge a complaint with your local data protection supervisory authority at any time. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
Your rights under EU data protection laws
You have legal rights under EU data protection laws in relation to your personal information. Click on the links below to learn more about each right you may have. To exercise any of your rights please contact our Data Protection Officer by emailing firstname.lastname@example.org.
- To access personal information
You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
- To correct / erase personal information
You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.
You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
- To restrict how we use personal information
You can ask us to restrict our use of your information in certain circumstances, for example:
- where you think the information is inaccurate and we need to verify it;
- where our use of your information is not lawful but you do not want us to erase it;
- where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
- where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
We can continue to use your information following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
- To object to how we use your information
You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
You can also require us to stop using your data for direct marketing purposes.
- To ask us to transfer your information to another organization
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
- Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
Changes to this Privacy Statement
In some instances, we may have to change, modify or amend this Privacy Statement in order to comply with the evolving regulatory environment or the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Privacy Statement will be communicated through our websites and mobile applications. However, if there will be changes made to the use of your personal information in a manner different from that stated at the time of collection we will take appropriate steps to notify you, such as by posting a notice on our website for 30 days prior to the changes taking effect or by emailing you.
Effective Date: May 12, 2018