: UTC+08:00   |

Privacy Policy

The AHR (Astoria Hotels and Resorts) values your interest as our guest and recognizes that privacy is important to you. We want you to be familiar with how we collect, use and disclose data

This Privacy Statement describes the privacy practices of AHR for data that we collect:

• Through our company websites, software applications, mobile Apps, Social Media, Call Center Hot Lines and Emails made available by us to use through computers and mobile devices (collectively, Online Services)

• When you visit or interact with us in our Properties, Exhibits and Sales Venues as guest (collectively, Offline Services)

• Other Sources. We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties.

COLLECTION OF PERSONAL DATA

The personal data we collect are information that identify you as Data Subject and throughout your guest journey, we collect Personal Data in accordance with law, such as:

Personal Information – refers to any information or set of information in any form that would directly identify you. These may include your name, contact number, address, email address, among others.

Sensitive Personal Information – refers to personal information which may include your nationality, marital status, age, gender, education, passport or other government identification, license number, credit card and debit card number, among others.

Privileged Information – refers to data which are considered as privileged communication under the law. These may include any information between you and your doctor, your lawyer or your spouse.

In more limited circumstances, we may also collect:

• Guest preferences, enquiries and comments and any other personalized data such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit

• Data about family members and companions, such as names and ages of children

• Electronic data such as photos or digital images, biometrics, IP address and Device ID, Geolocation information, Internet click activities in our website.

• Images and video and audio data via: (a) security cameras located in public areas, such as hallways and lobbies, of our properties

HOW WE COLLECT OTHER DATA

• BROWSING – we collect general information about you or your activities through which you cannot be identified. When you use the Internet, your web browser or client software may transmit certain kinds of information to the servers that host the websites you visit. The information may include the IP address or unique numbers assigned to your server or Internet connection, the capabilities and features of your computer, your geographic location, and your movement within and interaction with the website, including what pages you look at and what information you download. When you visit AHR websites, its servers collect such general information. AHR uses this general information to generate aggregate statistics about visitors to its website. In situations where it is possible to do so, general information may be linked to personal information.

• COOKIES – AHR’s website uses cookie technology. Cookies are identifying pieces of information that are transferred to your computer hard drive by our website. Cookies helps identify you when you access its website. Cookies do not allow to access any personal information about you, but they do allow it to better understand your use of our website so that it may improve its website. AHR’s website uses cookies to provide a unique identifier to your computer so that it can generate statistics about usage of its website, such as the percentage of repeat visitors and other general statistics. The unique identifiers are not matched with any personal information. Cookies do not store any personal information about you. You can configure your browser to allow you to browse the Internet and AHR’s website without cookies or to notify you when each cookie is offered so that you can accept or reject each cookie. You may not be able to use some services on our website if you disable your browser from accepting cookies.

• PHISHING AND MALWARE – AHR strives to maintain the highest standards of decency, fairness and integrity in all its operations. Likewise, it is dedicated to protecting its customers’ and online visitors’ privacy on its website. Browsing AHR’s website will not result in your computer getting infected by spyware, adware, viruses or other forms of hostile or intrusive software. We do not phish, harm or participate in any illicit or identity theft activities.

• GOOGLE ANALYTICS – We use Google Analytics to help us get a better understanding of how visitors use our Website and to facilitate interest-based advertising associated with your Google Account and other devices you use. The information generated by the Google Analytics cookie about your use of our Website is transmitted to and stored by Google.

• MOBILE DEVICES – When you use or access our Services from a mobile device, we may collect information such as your unique device ID and your location. If you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number, as well as any other Personal Information specified by the App in its terms or notices.

THIRD PARTY LINKS/SITES

We are not responsible for the privacy policies and procedures of third-party sites that may link to our websites, or we may link to as part of past or present business relationships or initiatives. Please review the privacy policies of any linked sites you visit before using or providing information to any of those sites.

HOW WE USE YOUR INFORMATION

We may use the collected information when you enter into or perform a contract with you, marketing purposes, but not limited to notify you of special promotions, facilitating social sharing functionalities, offers and events; enable it to contact you for confirmation or customer service questions, or after you sign up for or participate in certain activities; respond to inquiries, complaints, and other communications; and for profiling or demographics of members. Comply with legal processes under applicable laws, responding to requests from public and government authorities, and enforcing our terms and conditions.

DISCLOSURE OF COLLECTED INFORMATION

• Affiliates and Resorts Partners: We may share Personal Information with our affiliated resort owners and operators in order to provide you with services, facilitate a booking you requested, to respond to your inquiry for further information about accommodation, tours, transfers and etc.

• Service Providers and Vendors: We may disclose your personal information to service providers and vendors we retain in connection with our business such as: travel services companies, property owners’ associations, data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, credit card processing, tax and financial advisers, legal advisers, accountants, auditing services or others.

• Sponsors, Business Partners and other Third Parties: We may disclose your Personal Information to Sponsors and co-sponsors of promotions, business partners and other third parties in order to provide you with services that may interest you. Further, we may share your Personal Information with third party providers located on-site at hotels or resorts, such as spa, golf, concierge, and dining providers. If you provide additional information to any of these third parties, such information will be subject to such third parties’ privacy practices.

• Disclosure Permitted by Law as follows:

• to comply with a court order, subpoena, search warrant or other legal process

• to protect and defend the company, its parent, subsidiaries and affiliates, and all of their officers, directors, employees, attorneys, agents, contractors, and partners, in connection with any legal action, claim or dispute

• to enforce the terms of our website

• to prevent imminent physical harm

• to businesses that we may use for purposes of performing its functions

• in connection with the sale, assignment, or transfer of any subsidiary or affiliate hotel and resorts or website.

CHOOSING TO PROVIDE INFORMATION

Providing personal information is required through our websites to be able to provide you with our products and services we offer. You may opt not provide any personal information; however, we cannot guarantee the limits of services offered through our website.

If you submit any personal information in behalf of another person, you represent that you have the authority to provide such information and to permit us to use said personal information in accordance with this Privacy Notice.

HOW WE STORE AND SECURE YOUR INFORMATION

Personal information collected by the website is stored on secure servers. The secure servers are protected by firewalls and other standard security procedures. The secure servers are not generally accessible by unauthorized third parties, but could become accessible in the event of a security breach.

YOUR RIGHTS AND PREFERENCES UNDER THE DATA PRIVACY ACT OF 2012

You acknowledge that you have a full understanding of and completely agree to giving your consent to us and/or its operating and related companies to collect, store, access, share, process, and/or destroy copies of your personal data. You further agree and give consent to the sharing of all your personal information with third parties, when required by the law or public authority in connection with the abovementioned purposes; and Warrant that you are fully aware and completely understand your rights under the Data Privacy Act, including the right to request access to your personal, sensitive and/or privileged data, as well as to move for the correction of the same, if said data is already inaccurate and/or outdated.

We shall safeguard the confidentiality of all types of personal data it has collected, stored, shared or used and treat them with reasonable and appropriate degree of protection.

We are keen to protect your privacy rights

• You have the right to be informed for which your personal data is collected

• You have the right to access your personal data with us and you right to rectify should you find that your personal data needs updating. We respect the exercise of said rights provided that the accompanying request is not vexatious and unreasonable.

• You have the right to object to processing of your personal data or withhold consent previously given. Likewise, you have the right to erasure or blocking of your personal data. Should you exercise these rights, we will be constrained to limit your access to its facilities and/or quality service.

• You have the right to data portability; and

• You have the right to damages

CHOICE, ACCESS AND RETENTION

You have choices when it comes to how we use your data and we want to ensure you have the information to make the choices that are right for you.

If you no longer want to receive marketing-related emails, you may opt out by visiting our unsubscribe page.

We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.

HOW CAN YOU REQUEST TO ACCESS, CHANGE, DELETE, RESTRICT THE USE OR OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA

If you would like to request to access, change, delete, restrict the use or object to the processing of your Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company, please complete access form. If you have any questions about the form or our process, feel free to email us at dpo@astoria.com.ph

For your protection, we may need to verify your identity before fulfilling your request. We will try to comply with your request as soon as reasonably practicable and consistent with applicable law.

Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may not allow you to review for legal, security, or other reasons.

RETENTION

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.

The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using our Services)

• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)

• Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

SENSITIVE DATA

Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security number, taxpayer identification number, passport number, driver’s license number or other government-issued identification number; credit or debit card details or financial account number, with or without any code or password that would permit access to the account, credit history; or information on race, religion, ethnicity, sex life or practices or sexual orientation, medical or health information, genetic or biometric information, biometric templates, political or philosophical beliefs, political party or trade union membership, background check information, judicial data such as criminal records or information on other judicial or administrative proceedings).

USE OF SERVICES BY MINORS

The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.

UPDATES TO THIS PRIVACY STATEMENT

Any changes will become effective when we post the revised Privacy Statement on the Online Services. Your use of the Services following these changes means that you accept the revised Privacy Statement.

CONTACTING US

If you have any questions about this Privacy Statement, please contact us by email.

Data Privacy Officer

Astoria Hotels and Resorts

#15 J. Escriva Drive, Ortigas Business District

Pasig City, Philippines

dpo@astoria.com.ph