Privacy Policy - Front Desk & Reservation System for Small Hotels

Introduction
1. At Little Hotelier, we are committed to protecting and respecting your privacy. Please read this policy as it contains important information about how we use personal data that we collect from you or that you provide to us. This policy has been adopted by all of the companies and businesses in our group (including Online Ventures Pty Ltd, SiteMinder Distribution Limited, Online Ventures Hospitality Limited and SiteMinder Hospitality Corporation).
2. By accessing the website or providing information, you agree to our privacy practices as set out in this privacy statement. We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version.
3. If you have any questions regarding this policy or about our privacy practices, please contact us at the relevant address set out below in the ‘Contact Us’ section.
Who are we?
1. When we say ‘we’ or ‘us’ in this policy, we are generally referring to the separate legal entities that make up the SiteMinder Group. These include:
  - Online Ventures Pty Ltd (t/a Siteminder), a company registered in Australia (ABN 59 121 931 744) with our registered office at 88 Cumberland Street, The Rocks, NSW 2000, Australia
  - Siteminder Distribution Limited, a company registered in England and Wales (Company Number: 07242801) with our registered office at Waterfront, Hammersmith Embankment, Manbre Road, London, W6 9RH;
  - Online Ventures Hospitality Limited, a company registered in Ireland (Company Number: 581051) with our registered office at 5 Dock Road, Galway, Ireland; and
  - SiteMinder Hospitality Corporation, a company registered in Delaware with our registered office The Colonnade, Tower 1, Suite 350, 15301 North Dallas Parkway, Addison, TX 75001, USA.
2. It also includes any other businesses we add to this group in the future. If you would like more information about which SiteMinder Group company you are dealing with, check the terms and conditions of your contract with us.
Information we collect from you?
1. Personal data is information that can be used to uniquely identify or contact a single person. We will collect and process information about users of our website and customers’ hotel guests, in order to provide our services. Therefore, we may process any information, including personal data, that our customers’ hotel guests provide to the hotel or to any online travel agency relating to the hotel guests’ arrangements.
2. Personal data processed by us may include, but is not limited to: name, address, e-mail address, phone number and credit card information, date of birth, records of our interactions and travel information.
3. We will hold your personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us. We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations.
How do we collect your information?
1. We collect personal data from and about users of our website and our customers’ hotel guests through the provision of our services. We also collect information from conferences we attend.
  - Information you give us.
    - This is information about you that you give us directly through our website or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our website or services, when you report a problem with our website and when you provide us with details relating to the nature of any query or problem.
    - Details you provide relating to your proposed travel arrangements, including relevant hotel bookings and related information.
  - Information we collect about you.
    - When you visit our website we will automatically collect:
      - Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions and operating system and platform;
      - Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
  - Information we receive from other sources.
    - This is information we receive about you if you use any of the other websites we operate or the other services we provide. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
    - Personal information that is provided to us by travel agencies or online travel sites using The Channel Manager;
    - Personal information that is provided to us by hotels using The Channel Manager or The Booking Button.
How we might use your information?
1. We use information held about you in order to administer any contracts between you and us and for the legitimate interests of our business, for example, the processing of hotel guest data in order to register the hotel guest’s booking.
  - Information you give to us. We will use this information:
    - to provide you with information, products or services that you request from us;
    - to carry out our obligations under any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
    - to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
    - to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you change your mind and decide that you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please use the unsubscribe option when we contact you;
    - to notify you about changes to our service;
    - to ensure that content from our website is presented in the most effective manner for you and for your computer.
  - Information we collect about you. We will use this information:
    - to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    - to improve our website to ensure that content is presented in the most effective manner for you and for your computer or other device;
    - to allow you to participate in interactive features of our service, when you choose to do so;
    - as part of our efforts to keep our website safe and secure;
    - to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
    - to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
  - Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive) and to facilitate the hotel booking and related services of hotel guests.
2. We may aggregate your data into an anonymised form to help us provide more useful information to our customers and to understand which parts of the website are of most interest to visitors.
Who we might share your information with
1. We may from time-to-time make certain personal information available to strategic partners that work with Little Hotelier, such as the following:
  - Various affiliates of Little Hotelier, which means our current subsidiaries and our ultimate holding company and its subsidiaries. It also includes such other affiliates as we may add in the future;
  - Hotels and online travel agencies through which you have arranged travel, but only the personal information that is needed for successful access to or processing of your travel arrangements;
  - Service providers we use to support our business who provide services such as information processing, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys, including service providers who offer applications which may be of interest to hotel customers through our SiteMinder Exchange platform; and
  - In the event of merger, acquisition, or any form of sale of some or all of our assets, in which case personal data we hold about our customers will be among the assets transferred to the buyer.
2. If we engage a third party to process an individual’s personal data on our behalf, that third party will be bound by our data privacy policies or have similar contractual obligations in relation to the storage and processing of your personal information.
3. We may also disclose your personal information to third parties to:
  - Comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities;
  - Enforce or apply our terms of use and any other agreements;
  - Protect the rights, property, or safety of us, our employees, customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  - Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
International transfers of personal data
1. From time to time, we may transfer your personal information to our group companies, suppliers or service providers based outside of the EEA for the purposes described in this policy. If we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme).
2. Our data is stored in the cloud using Amazon Web Services in the USA. If you are accessing any of our systems from outside the USA, you acknowledge that your personal information will be transferred to the USA, a jurisdiction which may have different privacy and data security protections from those of your own jurisdiction, to be processed and stored.
Your rights
1. You have the right to ask us not to process, or to stop processing, your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us on the details set out below in the ‘Contact Us’ section.
2. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How you can access and update your information
1. You have the right to access the personal information that we hold about you in many circumstances. This is called a subject access request. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge except in exceptional circumstances.
2. Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information.
3. We strive to maintain accurate, complete, and relevant personal information for the purposes identified in this privacy statement. If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
4. You have the right to object to us processing your personal information if we are not entitled to use it any more or to have your information deleted or have its processing restricted in certain circumstances. You also have the right to port your personal data in certain circumstances.
5. If you would like to exercise any of these rights, please contact us using the details set out below in the ‘Contact Us’ section.
6. You also have the right to lodge a complaint with the supervisory data protection body that regulates us if you have concerns about how we use your personal information. For information on how to do this, please see the ‘Contact Us’ section.
Security precautions in place to protect against the loss, misuse or alteration of your information
1. We have implemented reasonable measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
2. These include:
  - physical security and access to all Little Hotelier premises;
  - all access to computer hardware is password protected, with encryption and default security firewalls in place;
  - staff access to personal information is given on a need to know basis only. Tight controls, consistent with the Payment Card Industry standard (audited annually), are maintained in relation to the use, storage and processing of PII credit card data;
  - Regular training of staff in relation to storage; and
  - Otherwise in accordance with Little Hotelier’s Data Protection Policy.
3. The safety and security of your information also depends on you. Any content, including personal information, that you contribute to be shared, published or transmitted to other users of the website, is visible to other users and can be read, collected, or used by them. We urge you to be careful about giving out information in public areas of any of the website. You understand and acknowledge that, even after removal, copies of your content, including personal information, that you contribute to be shared, published or displayed on a website, or transmitted to other users of a website, may remain viewable in cached and archived pages. Although we take efforts to protect your personal information, we cannot guarantee the security of your personal information transmitted to a website. Any transmission of personal information is at your own risk.
Cookies
1. The website may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us to improve and to deliver a better and more personalized service by enabling us to:
  - Estimate our audience size and usage patterns;
  - Store information about your preferences, allowing us to better customize the services according to your individual interests;
  - Speed up your searches; and
  - Recognize you when you return to the website.
2. You may refuse to accept cookies by activating the appropriate settings on your browser. Check with your provider to find out how to disable cookies. Please note that certain features of the website may not be available if cookies are disabled.
Recruiting Statement
1. By submitting your resume or other personal information to us you acknowledge that we may use and transfer data as described in this Privacy Notice.
2. You may provide personal information to us or another SiteMinder Group company related to education, employment, contacts, preferences, job qualifications, and jobs when you submit an application. You may also choose to provide Little Hotelier with additional information, such as resumes, CVs, transcripts, references, and compensation requests. We recommend that you do not disclose sensitive personal information (e.g., height, weight, religion, philosophical or political beliefs, financial data, sexual orientation, membership of a trade union or political party) in your resume/CV or any materials in support of your application. To the extent you provide sensitive personal information you expressly authorize Little Hotelier to handle such details as specified in this Statement.
3. We will use your personal information for recruitment purposes, and if you are offered a job or become employed by a member of the SiteMinder Group (collectively “us“), we will use it for other employment-related purposes. These purposes include, but are not limited to: verifying past employment and/or education, checking references, confirming ability to legally work in the relevant country, contacting you and/or your emergency contacts at home if necessary, setting/adjusting compensation, job duties and titles, administering benefits, including health insurance, administering savings and pension plans, managing performance, withholding and payment of applicable taxes and complying with legal and regulatory obligations.
4. We may also retain your information after the recruitment process is complete to contact you about potential future opportunities or for record keeping purposes for a period of three years from the date of your application. However, we may retain your information for longer in an anonymized form for statistical purposes. If you provide information about others (i.e. reference contact details), please ensure you have informed them that you will be providing their information.
5. By submitting your resume/CV or other information and any subsequent application materials to us, you agree that we may use such information for recruitment, hiring and employment purposes. You also agree that we may transfer the data to the United States and Australia.

Group Company	Address	Supervisory Data Protection Authority
Online Ventures Pty Ltd	88 Cumberland Street The Rocks NSW 2000 Australia Attn: Privacy Officer	Office of the Australian Data Protection Commissioner: https://www.oaic.gov.au/
SiteMinder Distribution Limited	Waterfront Hammersmith Embankment Manbre Road London W6 9RH UK Attn: Privacy Officer	Information Commissioner’s Office: https://ico.org.uk/
Online Ventures Hospitality Limited	5 Dock Road Galway Ireland Attn: Privacy Officer	Data Protection Commissioner: https://www.dataprotection.ie/docs/Home/4.htm
SiteMinder Hospitality Corporation	The Colonnade Tower 1 Suite 350 15301 North Dallas Parkway Addison TX 75001 USA Attn: Privacy Officer	Federal Trade Commission: https://www.ftc.gov/

DataSecurity/Privacy Policy/Updated Nov 2017