The privacy and security of your information is very important to us. Whether you are visiting our website, using our app, booking a room, or are a member of one of our loyalty programmes, we want you to trust the way that we manage your information and to keep you informed about how we use that information.
We have prepared this Privacy Statement to explain more about who we are, how we collect and manage your information (whether through our website, mobile apps or other IHG® Hotels & Resorts-branded digital channels (e.g. our branded IHG Connect WiFi), our social media pages, or offline) and the choices you have about how we use your information. Specific additional rights may apply if required by applicable law. For example, please view our additional disclosures directed to residents of California and the UK and European Economic Area (EEA) and Nevada and the People’s Republic of China (Excluding Hong Kong Sar, Macau Sar and Taiwan for the purposes of this statement) (“PRC”) and Brazil in this Privacy Statement.
Who we are
This Privacy Statement is issued by the InterContinental Hotels Group of Companies (collectively referred to as “IHG”, “IHG® Hotels & Resorts”, “we”, “us” or “our” in this Privacy Statement), which includes the direct and indirect subsidiaries of InterContinental Hotels Group PLC and covers information that we collect and use in the course of our business. When we mention “IHG”, “IHG® Hotels & Resorts”, “we”, “us”, or “our”, we are referring to the relevant company in the InterContinental Hotels Group that processes your personal information.
Your information may also be collected and used by IHG® Hotels & Resorts-branded hotels. In most cases, these hotels are independently owned and their use of your information is covered by their own privacy notices, not this one. If you would like to learn more about IHG and our relationship with our IHG® Hotels & Resorts-branded hotels, click below.
ABOUT IHG
About our IHG-branded hotels
Information we collect and how we use and share it
We collect personal information directly from you, information about you from other persons/entities/online channels, and automatically when you use our website, mobile application or other IHG-branded digital channels, and through certain offerings or services available at IHG-branded properties (such as IHG Connect WI-FI). We provide more detail in the sections below. In particular, we collect and use information about you if you (or someone on your behalf) make a reservation to stay at an IHG-branded hotel or property offered through IHG reservations, participate in one of our loyalty programmes such as IHG® Rewards, or interact with us through our corporate site, mobile app or other IHG-branded digital channels. You do not have to provide us with your personal information in order to use our website or mobile app; in some cases, however, we may not be able to provide services to you without your personal information (for example, we would not be able to complete a requested booking or enrol you in our rewards programme). To learn more about how we collect, use and share your information and how you can opt out, please click on the relevant section below.
If you make a reservation or stay at an IHG-branded hotel
If you join one of our loyalty programs
If you interact with us through our corporate sites
The legal basis for processing your personal data
We are committed to collecting and using your information in accordance with applicable data protection laws.
We collect, use and share your information where we have an appropriate legal basis to do this.
This may be because:
you have provided your consent to us using the personal information;
our use of your information is necessary to perform our contract with you, for example, making and managing your booking and operating and providing services in connection with our Loyalty Programme in accordance with the terms of our agreement with you;
our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities;
our use of your information is in our legitimate interest as a commercial organisation, for example, to operate and improve our services and to keep people informed about our products and services (including for profiling and targeted advertising) - in these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and, depending on the applicable law, you have a right to object to the processing, as explained in To object to how we use your information.
If you would like to find out more about the legal basis for which we process personal information, please contact us (details found in the How to contact us section). If you have provided your consent to the processing of your information, you can withdraw this consent at any time by contacting the IHG Privacy Office (details found in the How to contact us section).
Data Transfer
As we operate via a global network of corporate offices, reservation and service centres, data centres and hotels, it may be necessary to transfer your information, for example, information collected in connection with making a reservation or your stay at an IHG-branded hotel, joining one of our loyalty programmes or interacting with us through our corporate site, websites, emails or our other digital channels to a country outside of the country where it was originally collected or outside of your country of residence or nationality. The information that you provide us during the course of a reservation or through the provision of any other services may be transferred to any of our IHG-owned or affiliated entities and hotels around the world for the purposes of carrying out or facilitating these services. It will also be necessary to transfer this information to other entities, including, without limitation, our IHG-branded hotels, partners and our service providers.
Where we transfer information that originates in the European Union (“EU”), the United Kingdom (“UK”) or in Brazil to a country outside the EU, the UK or Brazil, we will take steps to make sure such transfer is carefully managed to protect your privacy rights:
transfers within the IHG Group will be covered by an agreement entered into by members of the IHG Group (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within the IHG Group;
where we transfer your data outside of the IHG Group including to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information. Some of these assurances are well-recognised certification schemes such as standard contractual clauses;
we will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed, where permitted by the applicable law.
When we otherwise transfer personal information between jurisdictions, we will take such steps as required by local law in an effort to ensure that such transfer is managed to protect your privacy rights.
Using our websites, mobile applications and other technology
We and our service providers use cookies, pixels, web beacons, tracking tools and other similar technologies on our websites, mobile applications and in other areas of our business to collect information and provide you with the services that you have requested or participate in and to provide targeted advertising. Subject to local consent requirements, we may use this and other information we collect, such as a hashed email address, to help us and our service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). If you are using our mobile applications and have consented to sharing your location information with us, this information might be collected through GPS to enable us to provide certain personalised services to you such as recommendations of hotels nearby, customised offers and promotions. Your location preferences can be set or modified at the device level or through modifying your settings with the relevant social media platform. This information also includes personally identifiable information that you provide when you join one of our loyalty programmes to enable us to verify your membership. We, and our service providers, also may use the cross-device tracking and other information we learn about you to serve targeted advertising on your devices. We also use the information that we collect to improve our products and services as well as your experience when visiting our websites and using our mobile applications. If you are using these third-party functions, you are also protected by the privacy policies of these third parties. For more information on these subjects, please click the relevant section below.
Cookies and other tracking technologies
What is a cookie: A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember as well as obtain information about that party. You might be assigned a cookie when visiting our websites or when using our mobile applications or other digital channels. In some instances, where permitted under the applicable law, cookies may also be used for the purposes of certain email campaigns.
What types of cookies we use and how we use them: We use three primary types of cookies, which include:
Functional Cookies – these cookies support the use of the website and applications and enable certain features to enhance your experience. For example, we use functional cookies to facilitate your reservation and to remember your selections as you move from page to page. We also use functional cookies for remembering things like your sign-in information and hotel preferences to avoid you having to re-enter it.
Performance Cookies – these cookies collect information needed to support the website and our applications and allow us to improve our website and identify any problems that you faced while visiting us. For example, performance cookies may provide us with information about how you came to our website and how you navigated around our website during your visit. We also use these cookies to provide us with certain statistical and analytics information, such as how many visitors came to our website or how effective our advertising is.
Targeting Cookies – these cookies are used to collect information from you to help us to improve our products and services as well as serve you with targeted advertisements that we believe will be relevant for you. We use targeting cookies across our websites and applications for various marketing initiatives and campaigns. For more information, please see the Targeted advertising section below.
To learn more about cookies and how they are used, please visit: http://www.allaboutcookies.org/.
Cookies: As described above, we use a number of service providers to help us manage, carry out and improve our advertising. These parties set cookies at our direction to help us collect information and provide you with advertisements that we believe would be relevant for you. In some instances these parties may also assist us by providing certain statistical and analytics information in relation to our marketing practices. We also may share information collected through cookies (and other tracking technologies) with third parties to use for their own analytics and marketing purposes. These third parties may serve targeted advertising to you about IHG and non-IHG branded hotels. The scope of information shared may include information collected through cookies, such as your IP address/device ID, and information about the search that you performed on our website (e.g., you were looking for a hotel in New York City), but would not include your name or IHG® Rewards information.
Managing cookies and opting out: You can change your cookie preferences in our Cookie preferences tool, which is also available from the Privacy and Cookies Centre. You can choose to visit our web sites without cookies, but in some cases certain services, features and functionality may not be available. To visit without cookies, you can configure your browser to reject all cookies or notify you when a cookie is set. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences. To manage Flash cookies, please see Flash Player Help.
In relation to cookies placed by our service providers, we participate in the Self-Regulatory Programme for Online Behavioural Advertising managed by the Digital Advertising Alliance (“DAA”). As part of this commitment, IHG has agreed to comply with the standards and guidelines promulgated by the DAA. For more information regarding targeted advertisements and/or to opt out of automatic collection for these purposes, please visit http://www.aboutads.info/choices/ or http://www.networkadvertising.org/managing/opt_out.asp. Within the EU, UK and Canada the local DAA organizations operate a similar “ad choices” scheme: see http://www.youronlinechoices.com (UK/Europe) and http://youradchoices.ca/ (Canada). If you opt out of these targeted advertising cookies, your opt-out will be specific to the web browser or mobile device from which you accessed the opt-out. If you use multiple devices or browsers, you will need to opt out for each browser or device that you use.
Other technologies: Other technologies such as pixels and web beacons may also be used on our websites, mobile applications, in email messages and in other areas of our business. These technologies are used to improve our products and services as well as our marketing efforts. We use pixels in our emails to help us determine the success of our advertising campaigns, such as to give us insight into whether you opened, deleted or forwarded an email, or clicked on a link contained in the email.
Targeted advertising: We and our service providers may serve targeted advertisements through the use of first-party or third-party cookies, pixels and web beacons when you visit our website, use our mobile applications, or visit websites owned by other entities. In some instances, these cookies may be persistent cookies. As described in the Using our websites, mobile applications and other technology section above, we and our service providers may also use cookie and other information to try to identify other devices and web browsers that you may use so we and our service providers may serve targeted advertisements to those devices. We do this to provide you with advertising that we believe may be relevant for you as well as improve our own products and services, including the functionality and performance of our websites and mobile applications. To learn more about opting out of certain types of targeted advertising, please see the Managing cookies and opting out section above.
Do-Not-Track: Currently, our systems do not recognise browser “do-not-track” signals. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions at the DAA and the Network Advertising Initiative websites.
Location Information and Services
Mobile Applications
Online Channels and Other Information Sources
Use of WI-FI services (IHG Connect)
When you use the IHG Connect WI-FI service (IHG Connect), we may collect and process certain additional information.
What information we collect
Registration and User-Provided Information: When you register to use IHG Connect, we may collect personal information about you including your last name, your IHG® Rewards number, your room number and, depending on your location and applicable law, other personal information (such as your mobile phone number). You may also provide us with personal information about you in various ways when you use IHG Connect, for example, when you send us customer service-related requests.
Device Identifiers.In the course of providing the IHG Connect, we may automatically collect a device identifier (such as your IP address, MAC address, device name or other unique identifier) for the computer, mobile device, technology or other device you use to access IHG Connect. A device identifier is a number that is automatically assigned to your device when you access IHG Connect, and we may identify your device by its device identifier. When you use IHG Connect, we may view your device identifier and use this information to enhance our service. We may associate your device identifier with other information about you, such as your IHG® Rewards number.
Other device information: We may also automatically record certain information from your device including, device type, the web pages, apps or sites that you visit, and the dates and times that you visit, access, or use IHG Connect (Internet activity information). While this information is generally pseudonymous and/or aggregated, this information may be associated with your IHG® Rewards number and/or other IHG service account information or persistent identifiers. This data helps us to manage our networks and provides us with information about the use of IHG Connect. We do not, however, collect and process the contents of email communications or other electronic communications you send or receive when using IHG Connect.
Location information: We may collect information about your location through your use of the WI-FI services we provide at our hotels to enable us to improve our service and provide certain services to you such as customised offers and promotions.
How We Use the Information We Collect
We use personal information only for the purposes described in this Privacy Statement, except if otherwise disclosed to you at the time the data is collected or otherwise authorised by law or by you. We use the personal information that we collect through IHG Connect:
to operate, maintain, enhance and provide all features of the service, to provide services and information that you request, to respond to comments and questions and to provide support to users.
to understand and analyse the usage trends and preferences of our users, to improve the IHG Connect service, and to develop new products, services, features, and functionality. If you provide your contact information or your IHG® Rewards number, we may (with your consent or where permitted by applicable law) send you personalised offers based on your web usage and location. You can opt out of receiving these offers when signing in to use the IHG Connect service or at any time within your IHG® Rewards account. Please see the 'Managing your preferences and information' section below.
Using Personal Information to create profiles
Our goal is to create a personalised and customised experience for you when you stay at an IHG-branded property. In order to determine appropriate advertising and to customise your experience, as described in the section above in relation to cookies, we have relationships with companies such as Google and Facebook which enable us to serve targeted advertising. In addition to the activities described under the heading Targeted Advertising above, we also match Facebook and Google users across sites and devices, which enables us to better understand your interests. We use this information to enable us to tailor our marketing communications to you so we can make sure we tell you about things which are most likely to be of interest to you. You have options about how we share your information; please log into the preference centre at any time to view and exercise your choices. In addition, California residents have the option of clicking on the Do Not Sell link, which would eliminate the sharing that might constitute a sale under California’s law.
How we secure your information
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organisational security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.
Managing your preferences and information
We want to ensure that you have the necessary tools at your disposal to control the information that you provide to us, including how we communicate with you. It is also important that you contact us to update your information if any of it is inaccurate or changes. Please click the relevant section below to learn more about how to control how we communicate with you and how to update, modify and delete your information. EU and UK Data Subjects, please see also the EU and UK-specific section Californians, please see also the CA-specific section. Data Subjects located in Brazil, please see the Brazil-specific section. Data Subjects located in PRC, please see the PRC-specific section.
Managing your communication preferences
Managing your information
Links to Other Sites
Our websites and applications contain links to websites that are maintained and/or controlled by non-affiliated parties. In some instances these websites may be co-branded and display our logos or other trademarks. You can always tell whether you are on one of our websites by checking the uniform record locator ("URL”) on the page that you are visiting. We encourage you to review the privacy policies of these websites as their privacy practices may differ from ours.
Children
Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 18. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information. In limited instances, we may have a campaign or programme targeted toward children. In these instances, details on the information practices will be presented within the terms and conditions of the programme or campaign.
Retaining your information in our systems
We generally only keep your information for as long as is reasonably required for the purposes explained in this privacy policy. In some cases we keep transactional records (which may include your information) for longer periods if necessary to meet legal, regulatory, tax or accounting needs. We will also retain information if we reasonably believe there is a prospect of litigation.
We maintain a data retention policy which we apply to the records we hold.
How to contact us
For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:
By email: privacyoffice@ihg.com
By post:
InterContinental Hotels Group
Attn: Privacy Office
Three Ravinia Drive
Atlanta, Georgia 30346
InterContinental Hotels Group
Attn: Privacy Office
Broadwater Park
Denham, UB9 5HR, United Kingdom
GDPR main establishment in the EU:
InterContinental Hotels Group
Attn: Privacy Office
Thurn-und-Taxis-Platz 6
60313 Frankfurt am Main
GermanyBy phone: 1-770-604-8347
By fax: 1-770-604-5275
You may also contact our Data Protection Officer by emailing privacyoffice@ihg.com.
To the extent permitted under the local law, you may also use the above contact details to request access to, correct, or (in certain circumstances) delete, any of your personal information that is held by IHG, or, where we have relied upon your consent to process your personal information, to withdraw your consent to such processing of your personal information. These requests will be reviewed and processed in line with the local law.
You also may have a right under the local law to lodge a complaint with us or with your local data protection supervisory authority at any time. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
In the EU, IHG’s GDPR lead supervisory authority is the Hessen supervisory authority, which can be contacted at:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (The Commissioner for Data Protection and Freedom of Information of Hesse)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Additional Information for UK/EU/EEA, California, Nevada, PEOPLE’S REPUBLIC OF CHINA and Brazil
EU AND UK DATA SUBJECT’S RIGHTS UNDER EU AND UK DATA PROTECTION LAWS
EU and UK data subjects have legal rights under EU and UK data protection laws in relation to their personal information. Click on the links below to learn more about each right you may have. To exercise any of your rights, please use the forms available in our Privacy and Cookie Centre or contact our Data Protection Officer by emailing privacyoffice@ihg.com.
To access personal information
You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.To correct / erase personal information
You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.
You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.To restrict how we use personal information
You can ask us to restrict our use of your information in certain circumstances, for example:where you think the information is inaccurate and we need to verify it;
where our use of your information is not lawful but you do not want us to erase it;
where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
We can continue to use your information following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
To object to how we use your information
You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
You can also require us to stop using your data for direct marketing purposes.To ask us to transfer your information to another organisation
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of or reference to the safeguards under which your personal information is transferred outside of the European Union or the UK.
We may redact data transfer agreements to protect commercial terms.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual. We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
ADDITIONAL INFORMATION FOR CALIFORNIA CONSUMERS
Under the California Consumer Privacy Act (“CCPA”), we are required to notify California consumers about our collection, use and disclosure of their personal information (whether collected through this website or offline). In this section of our Privacy Statement, and in accordance with the CCPA, “personal information” includes any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, including the categories identified in the table below to the extent they identify, relate to, describe, are capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
This Privacy Statement does not apply to applicants for positions with IHG.
Categories of Personal Information that We Collect, Disclose, and Sell
Below we identify the categories of personal information that we collect about California consumers and households, the purposes for which we use each category, and whether we disclose or sell information within each category. Please note our data collection practices set forth below are not different than those described above; rather, the CCPA specifies particular categories of data that we must address, and, in this section, we aim to describe some of the information already provided above in accordance with the categories as outlined by the CCPA. This section should therefore be read in conjunction with the further information provided in the rest of this Privacy Statement.
Please note that the CCPA defines the term “sale” very broadly to include any exchange of data for consideration of any kind, not simply selling your data for monetary compensation.
Identifiers and Similar Data:
Collection. We collect:
Identifiers: Your real name, alias, postal address, unique identifier (e.g., your IHG® Rewards number if you choose to enrol in the program), IP address (if you access our websites, emails or other digital channels), email address or other similar identifiers.
Signature, physical characteristics, telephone number, financial information (e.g., payment information for your reservation). We typically do not collect medical information from our guests absent an emergency situation or specific request (which typically would be information provided to us by IHG-branded hotels and not information that we collect directly from you).
Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
Sources: We collect the information directly from you, from other persons/entities making a reservation on your behalf (e.g., travel agent, a member of your travel party, someone making the booking on your behalf) from IHG-branded hotels (that are independently owned and operated). In limited circumstances, we may obtain this information from carefully selected travel partners, including airlines and rental car agencies. With regard to the internet or other electronic information, we collect that information automatically as you use our Site and services.
Purposes of Collection: The primary purpose of our collection and use of this information is to fulfil your reservations and enhance and personalise your experience with us. In particular, we use your information to fulfil your reservation, manage your IHG® Rewards account, send direct marketing to you (in connection with your preferences), send targeted and personalised advertising to you, and as otherwise required by applicable law.
Disclosure: We disclose this information for business purposes, including at your direction, to IHG-branded properties (e.g., if you make a reservation through our central reservation department, then we share that information with the applicable property so that they can fulfil your request). We also share certain of your information to our carefully selected partners, including airlines and rental car agencies, for the purpose of personalising your stay; for example, if we know that you are arriving early in the morning, we may seek to offer you an early check-in. If you use our WiFi services at IHG-branded properties, we share certain unique identifiers like your device’s MAC address with our internet service providers to provide WiFi to you.
Sale: We use third party targeted advertising companies that collect certain information about you through website cookies (and similar technologies designed for mobile applications). These third parties may collect information about you that they then aggregate with data collected about you through cookies placed on other websites/mobile apps. Under the CCPA, this type of sharing of information could be deemed a “sale”. We also disclose your information to carefully selected marketing partners, advertising technology vendors and social media platforms through a central marketing/analytics company. We direct which entities may have access to your information and the scope of information to which they may access. This type of disclosure only occurs in limited markets and California consumers may opt out at any time through our communications portal and by clicking on the Do Not Sell link on our website/in the mobile app.
Protected Classifications/Audio/Visual Data:
Collection: We do not request information about protected classifications under California law such as race, sex, age, religion, national origin, disability, citizenship information, or genetic information. Nonetheless, we may capture information related to these categories in the following circumstances, by way of example only: IHG corporate offices and certain IHG-branded hotels use closed-circuit television for security purposes and the recordings may capture such information by virtue of the recording. We do not obtain recordings from the IHG-branded properties absent a unique situation (e.g., concern for security at a particular property). You have the option of providing your age range when you sign up for IHG® Rewards, but we do not require you to disclose that information. You have the option of requesting an accessible room.
Sources: We collect the information directly from you, from other persons/entities making a reservation on your behalf (e.g., travel agent, a member of your travel party, someone making the booking on your behalf), from IHG-branded hotels (that are independently owned and operated). In limited circumstances, we may obtain this information from carefully selected travel partners, including airlines and rental car agencies.
Purposes of Collection: The primary purpose of our collection and use of this information is to enhance and personalise your stay with us, in particular, to provide you with the specific room type requested. We may use video surveillance for security purposes and to protect their rights and interests as well as the rights and interests of other guests.
Disclosure: We disclose any information about special requests for business purposes, including at your direction, to IHG-branded properties (e.g., if you make a reservation through our central reservation department, then we share that information with the applicable property so that they can fulfil your request). If we obtain CCTV footage, we do not disclose such data except as necessary to protect our rights and interests and the rights and interests of other persons.
Sale: We do not sell this information.
Biometric and Geolocation Information:
Information Collected: In an effort to enhance your stay with us and to provide for a faster and easier check-in process, we may offer certain services on property such as check-in and/or room entry through the use of biometric identifiers at a limited number of IHG-branded properties. Any interested guest must affirmatively opt-into the programme; Where IHG is providing these services we will provide information about the specific biometrics collected through the programme and the use and disclosure of those identifiers so that you can choose whether you would like to participate in any particular programme. With your consent, we collect your geolocation information through our mobile application and our website or from internet service providers through certain services we offer on property such as IHG Connect (WiFi). We use this information for analytics purposes (e.g., to determine the general area where our guests may access our services from), to personalise your experience (e.g., suggest hotels of interest), and, in certain limited markets, to provide special offers based on your location.
Sources: We collect biometric information and geolocation information directly from you and automatically as you use devices designed to collect biometric information or, in the case of geolocation information, your own device.
Purposes of Collection: The primary purpose of our collection and use of this information is to enhance and personalise your stay with us. In particular, we use your information to create a faster check-in and/or room entry experience. With regard to geolocation information, we also seek to offer you relevant offers based on your location, where permitted.
Disclosure: Where this service is offered, we may disclose your biometric information to service providers that assist us in validating your identity. We may make available your biometric identifier to the IHG-branded property where you are staying for the purposes of that particular stay.
Sale: We do not sell your biometric information.
Inferences
We may draw (or use service providers to draw) inferences from any of the information identified above to create or enhance a profile about a consumer reflecting the consumer’s preferences and tendencies (e.g., what types of properties the consumer prefers, how frequently the consumer travels, etc.). We may purchase aggregated and deidentified data and append such data to your profile (e.g., based on your age range) to assist us in determining relevant marketing opportunities.
Sources: We draw inferences based on the data collection described in this Notice.
Purposes of Collection: We use inferences to enhance your overall experience with IHG. For example, we may use inferences to identify and offer relevant marketing opportunities. Disclosure: We may disclose your information to carefully selected marketing partners, advertising technology vendors and social media platforms to provide relevant offers to you.
CALIFORNIA CONSUMER RIGHTS
California law grants consumers certain rights and imposes restrictions on particular business practices as set forth below. California consumers have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.
Do-Not-Sell. California consumers have the right to opt out of our sale of their personal information. We do not knowingly collect personal information about consumers that are younger than 18 years nor do we have actual knowledge that we sell personal information about consumers that we know are younger than 18 years old. To exercise your opt-out rights, please visit our Do-Not-Sell page. You may also submit a do-not-sell request by clicking on the link in the footer of this website, or by contacting the Privacy Office. If you use an authorised agent to submit a do-not-sell request, we will ask your agent to provide information to demonstrate the agent has your authorised consent to submit a request. Proof of authorization evidenced by your signed permission should be submitted to PrivacyOffice@ihg.com. We may also ask you to provide information to verify your identity directly with us.
Requests for Copy, Deletion and Right to Know. Subject to certain exceptions, California consumers have the right to make the following requests, at no charge, up to twice every 12 months. Please see Submitting Requests for instructions about how to exercise your rights:
Deletion: the right to request deletion of their personal information that we have collected about you, subject to certain exemptions.
Copy: the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months.
Right to Know (Collection): Where we have collected their personal information, the right to request that we disclose certain information about how we have handled their personal information in the prior 12 months, including the categories of personal information collected; categories of sources of personal information; business and/or commercial purposes for collecting and selling their personal information; and the categories of third parties/with whom we have disclosed or shared their personal information.
Right to Know (Disclosure and Sale): Where we have sold or disclosed for a business purpose their personal information, the right to request that we disclose certain information about how we have handled their personal information in the prior 12 months, including the categories of personal information collected; categories of third parties to whom the consumer’s personal information has been sold and the specific categories of personal information sold to each category of third party; categories of third parties to whom personal information has been disclosed; and the categories of personal information that we have disclosed or shared with a third party for a business purpose.
Submitting Requests. You can exercise your rights by visiting our Privacy and Cookie Centre or by contacting us at +1 877 424 2449 (Freephone). We will respond to your Copy, Delete and Right to Know requests within 45 days unless additional time is needed, in which case we will let you know.
When you submit your request, we will take steps to attempt to verify your identity. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to submit additional information, use identity verification services to assist us, or if you are an IHG® Rewards member, we may ask you to sign in to your account as part of our identity verification process. Please understand that, depending on the type of request you submit, to protect the privacy and security of your personal information, we will only complete your request where we are satisfied that we have verified your identity to a reasonable degree of certainty.
Authorised Agents. The CCPA allows California consumers to designate an authorised agent to exercise their rights under CCPA. If you use an authorised agent to submit a request, we will ask your agent to provide information to demonstrate the agent has your authorised consent to submit a request. Proof of authorisation evidenced by your signed permission should be submitted to PrivacyOffice@ihg.com. We may also ask you to provide information to verify your identity directly with us.
Incentives and Discrimination.The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California consumers related to their personal information.
Discrimination: If consumers exercise their rights under the CCPA, businesses may not discriminate against them, including by denying or providing a different level or quality of goods or services, or charging or suggesting that a business will charge different prices or rates or impose penalties, unless doing so is reasonably related to the value provided to the consumer by the consumer’s data. Disclosure of Incentives: If businesses offer any financial incentives for the collection, sale or deletion of their personal information, consumers have the right to be notified of any financial incentive offers and their material terms, as well as to not be opted into such offers without prior informed opt-in consent, and to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive or usurious financial incentives. We currently do not offer incentives.
Metrics on California Consumer Rights Handling
Metrics, such as the number of requests we received, complied with, denied, and the median or mean number of days within which we substantively responded to requests, where required for the previous calendar year, will be published here.
Your California Privacy Rights under California’s Shine-the-Light Law
Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us with certain personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to PrivacyOffice@IHG.com. In your request, please attest to the fact that you are a California resident and provide a current California address.
Contact Us
If you have questions about our privacy practices, would like to make a complaint, or request a printable version of this Privacy Statement, please contact us at PrivacyOffice@ihg.com. This California privacy notice is effective from 1 January 2020 and was last updated on 17 January 2022.
NEVADA
Nevada privacy law grants residents of Nevada certain rights and imposes certain restrictions on particular business practices. To exercise your individual rights under Nevada law, please contact the Privacy Office.
ADDITIONAL INFORMATION FOR THE PEOPLE’S REPUBLIC OF CHINA (EXCLUDING FOR THE PURPOSES OF THIS STATEMENT HONG KONG SAR, MACAU SAR AND TAIWAN) (“PRC”)
If there is any inconsistency between the below and the above Privacy Statement, the following shall prevail in respect of the PRC.
Data controller
For the PRC, Intercontinental Hotel Groups (Shanghai) Co., Ltd., Registered office: 22nd Floor, Citigroup Tower, No. 33 Huayuanshiqiao Road, China (Shanghai) Pilot Free Trade Zone, is the data controller. For questions or concerns related to your personal information or related to the Privacy Statement, please contact privacyoffice@ihg.com.
Consent
We will obtain your consent (where applicable, separate consent) to collect, use, share, transfer (including but not limited to overseas transfer), disclose or otherwise process your personal information if and to the extent required by the applicable laws.
Sensitive personal information
Certain of the types of personal information described in this Privacy Statement are considered "sensitive" and, depending on your jurisdiction of work or residence and applicable law, additional rules will apply in respect of this personal information. References to personal information in this Privacy Statement shall be deemed to include reference to sensitive personal information (if any) where applicable.
“Sensitive personal information” as defined under PRC laws and regulations which we may collect and use for the purposes described in the above Privacy Statement may include information relating to:
payment card information;
stay records;
biometric information;
pin or password;
your precise geolocation;
web browsing history
Share and disclose your personal information with another controller
With your consent, we may share and disclose your personal information with another data controller as explained in the section “Information we collect and how we use and share it” in the Privacy Statement.
International data transfers
As IHG is a global hospitality group, for the purposes described in this Privacy Statement and in order to provide you with privileged and quality service worldwide, we may, with your separate consent (if required by applicable laws), transfer your personal information to IHG affiliated entities outside of mainland China, such as Six Continents Ltd (UK) (“IHG Foreign Affiliated Entity”), who will process your personal information for the purposes and in the manner as described in this Privacy Statement. IHG will take appropriate measures to ensure that cross-border data transfer and the processing of your personal information by IHG Foreign Affiliated Entities comply with the requirements of applicable laws and that such mechanisms are aimed at ensuring an adequate level of protection as regards your personal information under the applicable laws. If you wish to exercise your rights with respect to your personal information with any IHG Foreign Affiliated Entity, you can contact such entity through the means described in “How to Contact Us” section.
How we store and protect your personal information
We will store your personal information for as long as necessary to achieve the purposes described in this Privacy Statement and for as long as you use our services, and as otherwise required by applicable law. We take reasonable security measures to protect your personal information in accordance with industry standards and are committed to using various technologies and initiatives to protect your personal information from unauthorized access, use, modification, disclosure and damage, such as the use of encryption technology to protect your personal information. We will deal with personal information security incidents in accordance with applicable laws and regulations, and conduct training and dissemination of personal information protection to relevant personnel to enhance their awareness of the importance of personal information and responsibilities related to personal information protection.
SDKs and other similar software technologies made available by non-affiliated entities
Under the PRC laws, IHG is required to disclose SDKs. As a practical matter, the information described below is captured elsewhere in the privacy statement, including, in particular, in our description of IHG’s use of cookies. If you have any questions about which trackers listed in our cookie policies are SDKs, please contact the Privacy Office.
We use software known as software development kits (SDKs) and other similar technologies made available by non-affiliated entities on our mobile applications and mini programs to ensure their stable operation and to provide the services as described in this Privacy Statement. Please see our SDK list for more information about our integrated SDKs.
If you are using these features and plug-ins provided by non-affiliated entities, the privacy policies of these entities may also apply to you. Some of these entities may collect data from you for their use and processing and may obtain your consent prior to doing so. In any case, we recommend you read the privacy policies of these non-affiliated entities to understand how they collect and process your data before using their features and plug-ins.
Personalized marketing
In order to provide you with personalized advertising, we may collect your personal information.
You can turn off personalized advertising in our App in “Account”-“Personalized recommendations”. Once you turn off it, you will not receive any personalized advertising, including promotional offers and special offers.
Mobile device permissions
If you choose to use certain functions using our mobile app we will ask you for related permissions to use features on your mobile device to enable this.
When you add a payment method to book a hotel, we will ask you for camera permission if you choose to add payment information by scanning your payment card using the camera.
If you choose to add the booking to your calendar after the booking is made, we will ask you for calendar permission to help you add the booking to your calendar.
If you choose to use the voice search function when booking a hotel, we will ask you for microphone permission to allow dictation on your device to enable this.
If you choose to use the function to search for hotels near your location we will ask you for permission to access your location to enable this.
Your rights
In addition to the rights mentioned in the Privacy Statement, you have the following rights where permitted by the PRC data protection laws:
To access your personal information and obtain a copy
You have the right to access or obtain a copy of the personal information we hold about you.To transfer your personal information
You have the right to request transferring your personal information to another data controller where permitted by the applicable laws.To deregister your account
You also have the right to ask us to deregister your loyalty program account by contacting one of our global customer care officesRights to request deletion and rectification
You can ask us (details found in the How to contact us section) to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.
You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.Rights to withdraw consent to use mobile device permissions
You can withdraw your authorization or withdraw your consent for mobile device permissions in your device settings.
To exercise any of your rights above, you may also contact us by emailing privacyoffice@ihg.com as well.
We aim to respond to all valid requests to exercise the above rights within 15 working days upon verifying your identity. To help us respond more quickly, we may ask you to provide more detail about your inquiry.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
Purchasing product vouchers through IHG WeChat Mini Program
When you purchase a product voucher through our IHG WeChat Mini Program, we will collect your WeChat OpenID, UnionID, membership number and purchase, redemption, and refund records. We process your information primarily to attribute your purchases to you, to show you the status of product redemptions or refunds status, and to notify you of necessary product information changes. You can check purchase, redemption, and refund records at any time. We will share your information with the hotel providing the product voucher to provide you with the services described in the product voucher. If you decline to provide such personal information, we will not be able to provide you with the abovementioned services.
BRAZIL DATA SUBJECTS' RIGHTS UNDER BRAZIL DATA PROTECTION LAW
Brazil data subjects have legal rights under Brazil’s Federal Law nº 13.709/2018 (LGPD), as well as any other applicable laws in relation to your personal information. To exercise any of your rights, please use the forms available in our Privacy and Cookie Centre or contact our Data Protection Officer by emailing privacyoffice@ihg.com.
To access personal information
You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.To correct personal information
You can ask us to correct any information about you that is incorrect, inaccurate or outdated. We will be happy to rectify such information but would need to verify the accuracy of the information first.To erase/anonymise personal information
You can ask us to erase, anonymise or block your information if you think we no longer need to use it for the purpose for which we collected it from you, or if such data is excessive or is processed in violation of applicable law. You can also ask us to erase your information if you have withdrawn your consent to us using your information (if we originally asked for your consent to use your information). We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligations or where we need to use your information to establish, exercise or defend legal claims.To object to how we use your information
You can object to any use of your information that we have justified on any legal bases other than consent, only in case of infringement of the applicable law. If you raise an objection, we may continue to use your information if we can demonstrate that we have a legal basis to continue to use the information.To ask us to transfer your information to another organisation
You can ask us to provide your personal information to you or you can ask to have it transferred directly to another data controller (e.g. another company.Other rights
You may at any time revoke your consent to the processing of your personal data, whenever you have given it.
You may file a claim before competent governmental authorities, such as the national data protection authority.
You may ask us to provide information about any public and private entities with which we have shared your data.
You may request a review of decisions taken solely on the basis of automated personal data processing that affects your interests, including decisions intended to define your personal, professional, consumer and or aspects of your personality.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual.
We aim to respond to all valid requests within 15 (fifteen) days. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than 15 (fifteen) days. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
If there is any inconsistency between the rights above and this Privacy Statement, the above specific rights shall prevail in respect of Brazil.
Changes to this Privacy Statement
In some instances, we may have to change, modify or amend this Privacy Statement in order to comply with the evolving regulatory environment or the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Privacy Statement will be communicated through our websites and mobile applications. However, if there will be changes made to the use of your personal information in a manner different from that stated at the time of collection we will take appropriate steps to notify you, such as by posting a notice on our website for 30 days prior to the changes taking effect or by emailing you. We will obtain your consent to such changes where required to do so by applicable law.
Effective Date: May 11, 2022