Privacy Policy

Learn More About Your Privacy Rights

This is the privacy policy (“Policy”) of Paradox Hotel Group (“PHG”). PHG is committed to protecting your Personal Information and complying with applicable data protection and privacy laws.

In this Policy, the terms “you”, “user” and “your” refer to a visitor of our Sites and any other user of our Services. The terms “we”, “us” and “our” refer to PHG.

Application of this Policy

This Policy describes how PHG collects, uses, discloses, stores, manages and processes Personal Information in relation to our business and operations. This includes our privacy practices when:

we collect Personal Information from you when you visit www.paradoxhotels.com websites and other websites owned or controlled by PHG (the “Sites”), or when you use any applications made available by us on or through computers and mobile devices (the “Apps”),
we communicate with you electronically, including through e-mail messages;
you purchase any products or services from us; and
we communicate with you by offline channels, such as when you provide your information to us over the phone or in person;

(collectively, referred to as the “Services”).

The Sites may contain optional links to services and other third-party websites that we believe may be of interest to you. If you click on these links, you will leave the PHG website, and these third parties may collect data from you or your electronic devices in connection with your visit to their websites. The accessing and use of third-party websites is at your own risk, and we do not assume responsibility for the privacy practices, policies or actions of the third parties who operate those websites. This Policy applies only to our Sites, and we encourage you to review the privacy policies contained on any third party website that you access.

Some privacy rights and obligations may differ in certain locations based on applicable local privacy and data protections laws. We have included supplemental information for certain jurisdictions as schedules to this Policy as follows:

Schedule 1: the Australia Addendum which supplements this Policy in relation to the handling of Personal Information in Australia in accordance with the Privacy Act 1988 (Cth) (Australian Privacy Act).

Please read this Policy carefully. By submitting Personal Information to us or by otherwise using our Services, you agree that you have read, understood and agree to be bound by this Policy and, if applicable, hereby consent to the collection, use and disclosure of Personal Information in accordance with this Policy. If you do not agree with some or all of this Policy, please do not use our Services.

What is "Personal Information"

“Personal Information” as used in this Policy means information about an identified or identifiable individual. An identifiable individual is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. Examples include a person’s name, home address, date of birth, social insurance number and personal contact information (including personal telephone number and personal e-mail address). Personal information does not include general, statistical, anonymized or aggregated information or, in certain jurisdictions, information to enable an individual at a place of business to be contacted, such as their name, position name or title, business telephone number, business address or business email address.

Accountability and Openness / Privacy Officer

PHG is responsible for Personal Information under its control, and we are responsible to you for its collection, use and disclosure by us. We have established policies and procedures to safeguard any Personal Information that we have on file or which we collect, and to deal with complaints and inquiries. We will only collect, use and disclose Personal Information as described in this Policy.

In this Policy, we have attempted to provide you with manageable, comprehensive and easily understandable information regarding the policies and procedures that we use to manage your Personal Information. However, we recognize that different individuals require different levels of detail and invite you to contact us directly as set out below should you require further information.

PHG has designated a chief privacy officer (“Privacy Officer”) who is accountable for the protection of data containing Personal Information and for our compliance with this Policy generally, as well as for ensuring that information about our practices relating to the management of Personal Information is easily accessible and understood.

All questions or concerns regarding this Policy, our compliance with it, as well as any of our processes and procedures relating to the collection, use and disclosure of your Personal Information, should be directed to the Privacy Officer in writing, and sent by email to privacy@paradoxhotels.com or by post to:

Privacy Officer
Paradox Hotel Management Limited
1111 W Georgia St, Suite 200, Vancouver, BC V6E 4S4

Collection of Your Information

In the course of providing our Services, and in connection with our other business and organizational activities, we may collect your Personal Information. We will only collect Personal Information as permitted under the applicable data protection and privacy legislation.

How We Collect Your Information

We collect information from you in a number of ways, including through:

direct interactions (e.g., hotel bookings, check-in forms, customer inquiries forms, account registration, customer service);
our Sites, Apps, and Wi-Fi services;
reward/loyalty programs and cross-property promotions;
third-party services, travel agencies, business partners, and online booking platforms;
automated technologies (e.g., cookies, website analytics); and
other purchases of or interactions with our Services.

Personal Information you provide

The Personal Information we collect or use is based on the information provided by you, including, where applicable, sensitive personal information.
Examples of the types of Personal Information collected are set out below:

name, address, contact details including email address, phone number and other government-issued identification information;
gender, nationality, preferred language and date of birth;
car license and description;
financial and payment information including credit card details (type of card, credit card number, name on card, expiration date, and security code);
rewards/loyalty program details;
employer or other relevant details, if you are an employee of a corporate account holder;
guest stay information, including date of arrival and departure, special requests, and observations about your service preferences (including room preferences, preferences, facilities, guest privacy preferences and level of contact and other services used);
information regarding your past stays at our properties;
information in connection with the use of room keycards within our properties, including the time and date of your entry and exit into your room and other guest facilities within our properties;
information that you provide regarding your marketing preferences;
“guest type” information, such as transient, meeting/group, contract, corporate, tour or complimentary;
information collected through the use of closed circuit television (“CCTV”) systems and other security systems in common areas at our properties, which includes recordings or photographs of your image sound and/or voice. CCTV is not used in any of the hotel rooms within any of our properties or in any of the private areas within our properties, such as bathrooms;
your reviews, feedbacks, opinions and interactions you have with us about our properties and services; and
any other information that you may provide to us in conjunction with your use of our facilities and services.

“Sensitive personal information” includes information regarding health, religious or philosophical beliefs, racial or ethnic origin, and sexual orientation. We endeavour to limit the circumstances under which we collect and process sensitive personal information, and request that sensitive personal information not be disclosed when it is not necessary to do so. Examples of situations where we may collect and process sensitive personal information include those in which you have requested specific assistance from us, such as wheelchair-accessible facilities or meals that are compliant with religious or other dietary guidelines, if you experience a medical event during your stay with us, or where you have chosen to provide such information to us, or it has been provided to us by a third party such as a travel agent through which you have made a booking, in order to accommodate your needs or preferences.

Information collected through automated means

We automatically collect your Personal Information in certain circumstances, including as follows:

Log and Device Information: we may collect certain information related to a user’s visit to the Sites or use of the Apps, including the Internet Protocol (IP) address of the user’s computer, the user’s Internet Service Provider (ISP), the type and version of the browser that the user is using, the date and time the user accessed the Sites, the internet address of the website from which the user linked directly to the Sites, the operating system that the user is using, and the pages of the Sites that the user has visited.
Location Information: we may collect information about the location of the device when the user visits our Sites or otherwise consents to the collection of this information. You can disable the location services for a device at any time, but this may turn off some useful features.

Information collected through cookies or other tracking technologies

We also use cookies, analytics, pixels and other technologies in order to improve our service, your user experience, and to analyze how the Sites are used to assist with our business and marketing.

Cookies are small text files that are placed on your computer by websites that you visit. They are used to identify you to the webserver and will tell the server who you are when you return to a page on the same website. Your browser will only send a cookie back to the domain that originally sent it to you. Cookies cannot run any programs, deliver any viruses, or send back information about your system. There are different types of cookies: session cookies expire when you close your browser; persistent cookies remain on your device until they are deleted or expire. We use cookies:

- to optimize your user experience and to facilitate browsing;
- to determine, facilitate and authenticate your access privileges on our Sites;
- to complete and support a current activity, to track website usage;
- to implement security features;
- to remember your language and other preferences;
- to allow you to access your personal pages more efficiently, by storing log-in details and other information that you have previously provided;
- for advertising purposes, to offer you relevant targeted offers and other content that may be of interest to you;
- to identify third party websites that may have redirected you to our Sites; or
- to generally improve your experience.

When you visit our Sites for the first time a pop-up banner informs you of the use of cookies, seeks your express consent to their use, and provides a direct link to this information page. Although the banner will not normally appear on subsequent visits to our Sites, you may withdraw your consent to the use of cookies at any time by following the instructions below.
Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. The management of cookies varies for each browser, and you should consult the “Help” menu of your browser. Certain professional advertising platforms also provide users with the option to accept or block cookies used by their clients. If you decline cookies, you may still be able to use the Sites but your ability to access certain pages, features and functions may be affected. To find out more about cookies, including how to see what cookies have been set and how to manage and remove them, please visit  Manage and Delete Cookies.
Meta Ads: we use Meta Ads or Facebook Ads to help us in attaining our marketing goals by building website traffic and to streamline our user network. For more information visit Meta Ads- Information.
Pixels or Pixel tags (also known as web beacons and clear GIFs) are tiny snippets of JavaScript code that we have placed on the Sites. They may be used in connection with some online services to track the actions of users of the online services, measure the success of our marketing campaigns and compile statistics about the usage of online services and response rates. For example, we use pixels to measure the return on investment of Facebook Ads by reporting on the actions people take after viewing those ads. We also use them to show you more relevant advertisements on Facebook based on your traffic on our Sites. Facebook may use cookies, beacons and similar technology placed on our Sites as part of this process. You may opt-out of Facebook's Custom Audience ads through their settings. Specifically, you can manage your ad preferences and potentially opt-out of certain personalized ads within Facebook's settings.
Google Analytics: we use Google Analytics, which uses cookies, UTM (Urchin Tracking Module) tags, and similar technologies to collect, track and analyze information about the use of the Sites, and to report on activities, trends and user behaviour patterns. We do this to obtain an overview of how people are accessing and using the Sites, as well as to provide marketing services to you. Information that we use from Google Analytics includes IP address; average engagement time per session; view per user; engagement rate; device information; frequency of use; language; demographic; geographic and interests. You can learn about Google’s practices by going to https://policies.google.com/technologies/partner-sites. You can opt-out by downloading the Google Analytics opt-out browser add-on, available at  https://tools.google.com/dlpage/gaoptout.
Google Ads: we use Google Ads to deliver targeted advertisements to individuals who visit our websites. For more information visit Google Ads. You can opt-out for ads personalization by using the link here: Opt out- Ads.

Your browser or device may include “Do Not Track” functionality. At this time, PHG does not respond to browser “Do Not Track” signals.

Why We Collect, Use and Disclose Information

We will not collect Personal Information which is not necessary. We will not use or disclose personal information for any purpose other than the purpose(s) for which it was collected without first notifying you (including via this Privacy Policy or additional notifications) or obtaining your consent, as applicable. The Personal Information that we collect is used and disclosed only for business purposes. The types of personal information that we may collect, use and disclose varies from person to person and depends on your interactions with us but these include:

to operate and maintain our properties, Sites and Apps, and to respond to your requests, questions and concerns;
to complete and manage your reservations, including confirmations, billings, and payment processing;
to provide high-quality customer service, including through the establishment of customer profiles which help us to better address your individual needs;
to assist you in planning meetings and events;
to provide you with personalized content, and to maximize our ability to provide you with information and services that are useful and relevant to you, and which address your individual needs or requirements;
to obtain feedback regarding our hotels and services, which may include inviting you by email to write a guest review after your stay. This allows us to continually improve the services that we offer;
to enable your participation in our rewards/ loyalty program, and our administration of that program including: providing you with information about your account, allowing you to access benefits and rewards, and managing your choices regarding program activity;
to support our advertising and marketing activities, which may include allowing you to participate in promotions and contests, and to provide you with information and promotional materials, and other marketing communications, regarding PHG and PHG’s related brands and subsidiary businesses;
to verify that any information submitted by you is accurate and complete;
to communicate with you for other reasons related to our business, and to create a record of your involvement with us;
to assist in ensuring your lost and forgotten belongings can be returned to you if they are located;
for security and operational purposes, in connection with the use of CCTV to monitor the usage of common areas of our properties, improve the delivery of our services and ensure the safety of our guests and staff to monitor for unauthorised or criminal activity;
for safety and operational purposes and to monitor usage of certain areas and facilities within our properties, in connection with the collection of information about your use of keycards to enter or exit your hotel room or other guest facilities;
for legal purposes, which may include the handling and resolution of claims and legal disputes, or for regulatory investigations and compliance;
to detect and prevent error, fraud, theft and other illegal or unwanted activities;
internal business purposes, including data analysis, to administer or improve our services, enhance the user experience, personalize promotional content you receive and to improve the functionality and quality of our Sites and online travel services;
test, train and improve our IT systems, people and processes (including via the use of Artificial Intelligence tools);
to comply with any legal, accounting and regulatory requirements, including reporting requirements; and
any other reasonable purpose for which you provide consent, or for which consent may be implied in accordance with this Policy and applicable law.

We may also collect, use or disclose your Personal Information without your knowledge or consent where we are permitted or required to do so by applicable law, government request, request of a law enforcement agency, search warrant, subpoena or court order, or based upon our good-faith belief that it is necessary to do so in order to comply with such law, request, warrant, subpoena or court order, or enforce our rights or to protect our assets, the users of our websites, products or services, or the public.

Where Personal Information that has been collected is to be used for a purpose not previously identified, we will notify you of the new purpose and, where necessary, obtain your consent, prior to the use of that information for the new purpose unless otherwise permitted by law.

We comply with applicable “anti-spam” and telemarketing legislation and will only send you electronic communications (including direct marketing) or call you as permitted by law. We may conduct direct marketing via a number of different channels such as email, text or phone. Note that you may always unsubscribe from direct marketing communications by following the “unsubscribe” link or other unsubscribe method clearly included in each communication, or by notifying our Privacy Officer using the contact details provided above at Section 3. Even if you opt-out of our marketing messages and communications, we reserve the right to send you transactional or informational emails such as customer service communications, updates, invoices in connection with your purchases, or changes to our Sites, Apps, your account or our policies.

Legal Basis for Collection and Use of Your Personal Information

PHG will only process your Personal Information where we have a legal basis to do so. The legal basis will depend upon the reason or reasons for which we collected and require the use of your information. The legal basis will generally be one or more of the following:

To comply with legal obligations or as otherwise permitted by applicable law.
To protect your vital interests or those of another natural person.
The performance of the contract that we have with you, for example, for the purpose of making, managing and completing reservations, creating customer accounts, processing payments, participating in our rewards/loyalty program, the purchase of gift cards, returning lost or forgotten items, and providing our services to you.
Our legitimate interests (or those of a third party) in conducting and managing our business to enable us to give you the best service and the best and most secure experience, such as providing you with the appropriate content for the Sites, emails, newsletters, and rewards programs; to enhance the customer experience; and to improve and promote our products and services and the content on our Sites. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting our Privacy Officer.

Where you have consented to our use of your Personal Information for particular purposes, such as direct marketing. Where we process Personal Information based on your consent, you may withdraw your consent at any time by contacting our Privacy Officer.

We have in place appropriate safeguards which we are required by law to maintain when processing sensitive personal information. We process special categories of personal information in the following circumstances:

Where permitted by law
In limited circumstances, with your explicit written consent.
Where we need to carry out our legal obligations or exercise rights in connection with employment.
Where it is needed in the public interest, such as for disability and accessibility.
Where it is needed to protect the vital interests of individuals.
Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent.
Where you have already made the information manifestly public.

Sharing with Third Parties

We may disclose or share your Personal Information in the following circumstances:

with PHG properties worldwide, affiliated hotels and partners and subcontractors in the course of our supply of products and services to you (including where those entities provide back-end services to another entity with the group), to enhance your personalized guest experience, for your participation in loyalty and rewards programs that you have signed up for and for cross-selling purposes;
with payment processes, banks and credit card providers to securely process payments;
with travel agents and booking platforms to confirm reservations for our Services;
with affiliates in connection with our Services, including with respect to reservations that you book through our central reservations line or the Sites;
with subcontractors who provide services and technology to support our Services, including cloud and other IT service providers, login authentication services, web hosts and providers of other business systems;
with marketing and analytics providers to assist with marketing and analytics services relating to our Services;
with advertising agencies to assist with targeted promotions, where you have provided your consent to receive those materials;
with rewards/loyalty program partners to offer you exclusive benefits where you have signed up for those programs;
with government and regulatory authorities and other third parties if a law, regulation, search warrant, subpoena or court order legally requires or authorizes us to do so;
with a third party, in the event of or in contemplation of a change in ownership of all or a part of us through some form of merger, purchase, sale, lease or amalgamation or other form of business combination, provided that the parties are bound by appropriate agreements or obligations which require them to use or disclose your Personal Information in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you indicate otherwise;

Except as specifically provided in this Policy, otherwise notified to you or permitted by law, your Personal Information will not be shared with third parties unless we provide you with both prior notice and choice.

We have in place contracts with our subcontractors to make sure that they keep your Personal Information safe, secure, confidential and in line with applicable laws. Details regarding the Personal Information that we make available to our third-party contractors, and how it is used, is available by contacting our Privacy Officer. Any request made by you to correct, change or erase your Personal Information will be promptly communicated to any third-party subcontractors in possession of that information.

We may disclose or transfer to another entity, or its affiliates or service providers, some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control or financing transaction. In each such case, PHG and the other party(ies) to the transaction or proposed transaction will enter into a written agreement limiting the period and purposes for which your Personal Information may be used and disclosed.

Transfers of Your Personal Information

The Personal Data and other information that we collect from you will be transferred to, and stored in locations other than where you are located. It also may be processed by staff operating in other locations who work for us or other entities acting as data processors processing data on our behalf. This includes staff and providers engaged in, among other things, the fulfilment of your request or order and the provision of support services. This information is subject to the laws of those jurisdictions and may not offer the same level of data protection in the country you are located.

Where your Personal Information is transferred to other countries, we will take steps to ensure that your Personal Information is adequately protected as required by applicable data protection and privacy laws. For example, we have implemented international data transfer agreements on the basis of EU Standard Contractual Clauses in order to provide appropriate and suitable safeguards for Personal Information transferred to countries where an adequate level of protection is not already in place. By using our Services or otherwise submitting your Personal Information to us, you hereby consent to the transmission, use, processing and storage of Personal Information outside of the jurisdiction where you are located.

What is consent

Consent for the collection, use or disclosure of Personal Information may be express, implied or deemed, except in the case of sensitive personal information – in which case consent must be explicit. For consent to be meaningful, it must be informed, unambiguous and freely given.

Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from your action or inaction. For example, when you create an account with us in relation to the Services, we will assume your consent to the collection, use and disclosure of your Personal Information for purposes related to your account and the provision of the Services and for other purposes identified to you at the relevant time. Deemed consent is consent we assume in the event that you do not exercise an opt-out mechanism offered to you.

Consent will only be valid if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of the Personal Information to which they are consenting. Typically, where we rely on consent to process your Personal Information, we will seek your consent at the time of collection, and efforts will be made to ensure that you understand the purpose(s) for which the information will be used or disclosed.

Except where required by law, we do not knowingly collect Personal Information from minors. If you are a minor, you may only use our Sites and services with the permission of your legal guardian.

Part of providing meaningful consent is understanding the risk of harm and other consequences of the disclosure of your Personal Information. While we endeavour to continually use best practices to minimize the risk of harm, technology is constantly evolving and no safeguards can be guaranteed to be failsafe or to provide absolute protection against misfeasors. Significant harm that may result from the unauthorized use of the Personal Information that you disclose includes identity theft and credit card fraud.

Withdrawal of Consent / Objection to Processing

When we are using your Personal Information on the basis of your consent, you may withdraw or change your consent at any time. To withdraw or change your consent to our use of your Personal Information please send your request in writing, along with details of the use of your information that you wish to change or withdraw your consent for, to our Privacy Officer. Please note that where our processing of your Personal Information is not based on your consent (but is based on another legal ground), then we may not be able to comply with your request. We will inform you of this in writing if this is the case.

When we are using your Personal Information on the basis of our legitimate interests (or those of a third party), where permitted by applicable law, and there is something about your particular situation which makes you want to object to processing on this ground, you may raise your objections to us. To do so, please send details of your objection in writing to our Privacy Officer.

You may always choose not to disclose Personal Information. In some circumstances, particularly where our use of your Personal Information is integral to the provision of a product or service, your refusal to provide consent, or a change or withdrawal of consent, may affect your transactions and/or our ability to provide you with information, products or services.

Retention

Subject to any legal or accounting requirements, we will retain Personal Information only as long as necessary to fulfil the purposes for which it was collected. Personal Information that is no longer required will be destroyed, erased, or made anonymous, although copies of deleted Personal Information may continue to exist on backup media. In certain circumstances, you may request the erasure of your Personal Information, which we will endeavour to do without undue delay as required by applicable law. Written requests should be sent to our Privacy Officer. Any third-party subcontractors to which we disclose your Personal Information must return or destroy the information when it is no longer required for the purpose of the subcontracted services.

Security

We have implemented physical, organizational, contractual and technological security measures to protect Personal Information in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the Personal Information, with the highest level of protection given to the most sensitive information.

Staff permission to access Personal Information is role-based and is determined in accordance with the purpose for which the information has been disclosed and the staff member’s role in fulfilling that purpose. Our data systems use user IDs, passwords, and encryption technology. We store our data with third-party cloud providers, secure on-site property management systems and remote servers hosted by reputable companies. Staff and contractors who have access to Personal Information are bound by confidentiality obligations in order to ensure that information is handled and stored in a confidential and secure manner. Any credit card information that you submit will not be stored on our servers, but rather will be sent to a PCI Level 1-compliant payment processor for storage.

When destroying Personal Information, we delete electronically stored Personal Information. While we will endeavour to destroy copies of Personal Information, you acknowledge that deleted information may continue to exist on backup media but will not be used unless permitted by law.

We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the internet or other public means of communication to collect and process Personal Information may involve the transmission of data on an international basis and across networks not owned and/or operated by us. Accordingly, we cannot guarantee that Personal Information will not be lost, or that it will not be altered, intercepted or stored by an unauthorized third party.

Accuracy and Your Rights

Accuracy

Personal Information contained in our records or which is disclosed to third parties for the purposes described above shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is used.

Access

You may request access to the Personal Information that we hold about you by submitting a written request to the Privacy Officer. Including “Request Personal Information” in the subject line of your email or letter will facilitate compliance with your request. We will inform you of your Personal Information held by us and provide an account of the use that has been made of the information, as well as identify any third parties to whom we have disclosed the information. In some instances, you may also be entitled to receive a copy of your Personal Information in a structured, commonly-use, machine-readable format (or request that this be transferred to a third party where technically possible). In certain circumstances, PHG may not be able to provide you with access to all or some of your Personal Information, in which case you will be advised in writing of the reasons for our inability to provide you with the information.

Correction

You also have the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect. If you demonstrate the inaccuracy or incompleteness of your Personal Information, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data or if your Personal Information changes. All notices and requests regarding inaccuracies or changes should be in writing and sent to the Privacy Officer.

Erasure

In certain circumstances, you have the right to require that we erase, limit, or cease processing your Personal Information. All notices and requests asking us to erase, limit or stop processing your Personal Information should be in writing and sent to the Privacy Officer.

Compliance

Inquiries, requests and complaints regarding our compliance with this Policy should be directed to the Privacy Officer.

Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual.

Changes to this Policy

We will update this Policy from time to time. When we make changes to this Policy, we will change the last updated date at the end of this Policy and will provide other forms of notice as may be required by law. All changes will be effective from the date of publication unless otherwise provided.

Last Updated: 1 June 2025

Schedule 1: Australia Addendum

Last Updated: 1 July 2025

This Australia Addendum (Australia Addendum) supplements this Policy and applies to the extent that the Australian Privacy Act applies in relation to the handling of Personal Information by PHG. In case of any inconsistency between this Australia Addendum and the rest of this Policy, this Australian Addendum prevails.

Personal Information under the Australian Privacy Act

In this Australia Addendum and the Policy as it relates to the processing of Personal Information in Australia, “Personal Information” has the same meaning as “personal information” as defined in the Australian Privacy Act.

“Sensitive Information” is a type of “personal information” and has the same meaning as defined in the Australian Privacy Act.

In Australia, PHG collects Personal Information as set out in the Policy and in accordance with the Australian Privacy Act. PHG does not require a legal basis (as set out in section 6 of the Policy) in order to process Personal Information. However, the legal basis does explain some of the purposes for which we collect, use and disclose your personal information for the purpose of the Australian Privacy Act.

Dealing with PHG without providing your name or other personal information

Where it is lawful and practicable, you will have the option of not providing your name, or using a fake name, when you deal with us. This includes for example, when you make a general enquiry about a potential booking.

However, in many circumstances we may need your real name as it may not be practicable for us to deal with you anonymously or pseudonymously on an ongoing basis. For example, this includes when you make a booking to stay with us, check in for a booking or open a loyalty account with us. This means that if we do not collect your personal information, we may not be able to provide you with the products and/or services you have asked for.

Transfers of your Personal Information Overseas

As we note in section 8 of the Policy, we may share your personal information outside of Australia to overseas recipients located in Singapore, the United States, Canada, Thailand, Malaysia, China or any other jurisdiction that PHG operates in and/or as applicable.

We will only ever share your Personal Information outside of Australia where we are permitted to do so under applicable data protection and privacy laws.

Generally, this means we will take reasonable steps to ensure that your Personal Information is treated securely and in accordance with applicable data protection and privacy laws (as we outline at section 8 of the Policy).

Consent

Under the Australian Privacy Act, the requirements regarding consent are different to what is set out in the Privacy Policy. For example, under the Australian Privacy Act, consent may be express or inferred and there is no legal right to withdraw your consent as is currently provided under other data protection laws.

Certain rights do not apply under the Privacy Act

Under the Privacy Australian Privacy Act, you do have a right to make a complaint (see below) and request information held about you. However, certain rights do not apply. For example, there is currently no express right to erasure under the Privacy Act.

Accordingly, this means we will assess your request on a case-by-case basis.

Privacy complaints and questions

If you have any questions or concerns about this Policy, Australia Addendum or how we have handled your personal information, you may contact us at any time using the relevant contact details set out above in section 3.

Please also contact us if you have a complaint about privacy. If you make a complaint about privacy, the following will occur:

No.	Step
1	We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally acknowledge your complaint within a week.
2	If your complaint requires more detailed consideration or investigation: we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and we may ask you to provide further information about your complaint and the outcome you are seeking.
3	We will then typically gather relevant facts, locate and review relevant documents and speak with the individuals involved.
4	In most cases, we will respond to your complaint within 30 days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the Privacy Act (including the Australian Privacy Principles), you are entitled to make a complaint to the Office of the Australian Information Commissioner (the Australian privacy regulator).

The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992, or you can fill out this form to make a complaint about our handling of your personal information. Full contact details for the Office of the Australian Information Commissioner can be found online at www.oaic.gov.au.