I. Introduction
THE BELLEVUE HOTELS AND RESORTS (“we”, “us”, “our”) respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide to us or that we collect about you when you use our website www.thebellevue.com or our mobile application and other online products and services (“Site”), when you contact guest services, or when you otherwise interact with us. We are aware of our responsibilities to protect your personal data, to keep it secure and comply with the Data Privacy Act of 2012 (“R.A. 10173”), its Implementing Rules and Regulations (IRR), and other applicable privacy and data protection laws.
This Privacy Policy explains our personal data practices and the choices you can make about the way your personal data is used. This Privacy Policy gives effect to our commitment to protect your personal data and serves as the guidelines to be observed by all of the hotels, resorts and properties managed and/or operated by THE BELLEVUE HOTELS AND RESORTS or its affiliates and subsidiaries.
You will be asked to consent to the terms of this Privacy Policy when making a reservation, joining, registering for events or promotions or otherwise corresponding with us via the Site or otherwise where required under applicable law.
What is Personal Data?
Personal data refers to all types of:
Personal Information – “any information, whether recorded in material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;”
Sensitive Personal Information – “personal information about an individual’s race, ethnic origin, marital status, age, color, religious/philosophical/political affiliations, health, education, genetic or sexual life, legal proceedings, government issued identifiers and other information specifically established by an executive order or an act of congress to be kept classified;” and
Privileged Information – “any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication, such as, but not limited to, information which a person authorized to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity.”
II. Types of Personal Data We Collect
Information you provide to us: we collect personal data (including where applicable personal and sensitive personal information) you provide directly to us. This includes:
- your full name and contact information, personal data (e.g. date of birth, nationality), Information relating to your children, residential/permanent address, passport and visa information; guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, your service preferences, telephone numbers dialed and email, faxes, telephone and other messages received; your credit card, mobile payment and other payment details; your membership information, account details, profile or password details and any frequent flyer or travel partner program affiliation; any information necessary to fulfill special requests (for example, leisure, travel and guest preferences); your reviews, feedback and opinions about our hotels, resorts, programs and services;
- information collected through the use of closed-circuit television systems and other security systems; and
- any other personal data you choose to provide to us.
III. Information We Collect Automatically When You Use the Site:
When you access or use the Site, we automatically collect personal data about you, including:
- Log Information: we may collect system log information about your use of the Site, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Site.
- Device Information: we may collect information about the computer or mobile device you use to access our Site, including the hardware model, operating system and version, unique device identifiers (such as, IP address, IMEI number, the address of the device’s wireless network interface, or mobile phone number used by the device) and mobile network information.
- Location Information: we may collect information about the location of your device each time you access or use our website or otherwise consent to the collection of this information. You can turn off location services for a device at any time, but this may turn off some useful features.
- Information Collected by Cookies and Other Tracking Technologies: we and our service providers use various technologies to collect information, including cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our Site and your experience, see which areas and features of our Site are popular and count visits.
- Information We Collect From Other Sources: we may also obtain personal data from our hotels and from our third party service providers (such as information relating to the credit of guests) and from public sources and combine that with information we collect through our Site where we believe that it is necessary to help manage our relationship with you.
Where you provide personal data of third parties (for example, names and contact details of your family members in connection with bookings or family memberships), you confirm that you have their consent to provide their personal data to us. We recommend you show them this Privacy Policy.
How We Use Your Personal Data
We may use your personal data for the purposes set out below.
- For the performance of our agreement with you, in order to:
- process, confirm, provide and charge for hotel arrangements and restaurant reservations and our goods and services, and administer mobile (where applicable) and in person check in and check out;
- fulfill contractual obligations to you, anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organizers and your employer) and vendors (e.g. credit card companies, airline operators and other loyalty programs);
- provide you with access to the content on our Site, and respond to your enquiries and requests for information and services; and
- administer, and disclose the winner of contests and lucky draw competitions conducted by us or on our behalf.
- For our legitimate commercial interests, in order to:
- understand how our products and services impact you, provide you with a better, more personalized level of service, and further develop our products and services, including linking or combining with information we get from others to do so;
- provide privileges, benefits and services to you, process applications for and administer membership programs, verify and validate your ability to access and use certain products, services and information.
- monitor your use of our Site and your bookings, and conduct analysis of the use of our Site in order to operate, evaluate and improve our Site and our services, understand your preferences, display customized content to you on our Site which may be of interest to you and troubleshoot any problems;
- conduct market analysis, market research, customer satisfaction and quality assurance surveys to improve our hotels, resorts and services; and
- provide for the safety and security of guests.
- To comply with legal obligations to which we are subject:
- meet legal and regulatory requirements of the government and/or any appropriate government agency and administer general record keeping.
- Use of information based on your consent:
- facilitate direct marketing, promotional and customer management purposes, including sending you promotional communications (including without limitation e-mails and push notifications) or special offers if you have consented to receive the same;
- for any other purposes for which we have your consent.
In order to make an online hotel reservation, enroll with our programs, promos or if you make an enquiry, you must provide us with the personal data marked with an asterisk or otherwise indicated as mandatory, otherwise we may not be able to process your request or comply with our legal obligations.
IV. Disclosures of Your Personal Data
We may share your personal data:
- between and among THE BELLEVUE HOTELS AND RESORTS and a limited number of our affiliates as are relevant for the above purposes and to facilitate the operation of our business, but we shall only do so on a need to know basis;
- with the operator of the hotel or the hub of hotels which you book, stay or visit for the above purposes;
- with third-party payment processors, payment service providers, IT and marketing support service providers and other consultants, vendors and service providers who need access to such information to carry out work or provide services on our behalf or who help us to provide the Site to you;
- with anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organizers and your employer) in order to fulfill contractual obligations;
- with any law enforcement, courts, Government or regulatory bodies, or otherwise in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, court order or legal process;
- if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of THE BELLEVUE HOTELS AND RESORTS, our affiliates or others;
- in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company, or any change of management of a hotel;
- with our advisors, which includes our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
- with any other party at your consent or at your direction; and
- otherwise as permitted or required by applicable laws and regulations
V. Safekeeping of Your Personal Data
THE BELLEVUE HOTELS AND RESORTS strictly enforces its Privacy Policy. It has implemented technological, organizational and physical security measures to protect personal data from loss, misuse, unauthorized modification, unauthorized or accidental access or disclosure, alteration or destruction. The Company uses safeguards such as the following:
- Use of secured servers and firewalls, encryption on computing devices;
- Restricted access only for qualified and authorized personnel; and
- Strict implementation of information security policies.
Your personal data will be transferred to, and stored at a location found in the hotel in which you stay or visit. It will also be accessed and processed by our designated personnel. Your personal data will only be transferred to locations outside of the hotel where we are satisfied that adequate or comparable levels of protection are in place to protect personal data held in that jurisdiction, and when we are required to do so, with your consent.
Data subject are primarily responsible for ensuring that all personal data submitted are accurate, complete and up to date. From time to time, the Company requests update data; it is important that subjects cooperate and provide the same.
The Company takes reasonable steps to make sure that the personal data it collects, generates, uses or discloses are accurate, complete, and up to date.
VI. Direct Marketing
From time to time, we would like to use your name, e-mail address, mobile phone number, and other relevant contact information to send you either via e-mails, SMS messages, telephone calls, push notifications, post, or social media (e.g. Facebook) information that we think may be of interest to you, including about our hotels, products and services, news about our programs, satisfaction surveys, events, offers and promotions, but we can only do so with your consent.
You may opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in the marketing communications or contacting THE BELLEVUE HOTELS AND RESORTS thru (+632) 8 771 8181 or [email protected]. If you opt out of these communications, we may still send you non-promotional communications, such as those about your reservation, unless we are prohibited from doing so by applicable laws.
VII. Retention of Personal Data
To the extent required by law, we take reasonable steps to destroy, personal data in a secure manner when we no longer need it for the purposes for which it was collected (as set out in this Privacy Policy) and retention is no longer necessary for legal or business purposes. In any event, we do not retain your personal data for longer than two (25) years, subject to local laws and regulations.
VIII. Rights of data subjects under the Data Privacy Act of 2012?
Under Republic Act No. 10173, or the Data Privacy Act of 2012, individuals whose personal information is collected, stored and processed are called “data subjects”. They are accorded rights and may invoke the law against abuses committed by the receiver of data.
Right to be Informed – means that the data subject has the right to know when his or her personal data shall be, are being, or have been processed. Collection and processing of data without the data subject’s knowledge and explicit consent is made unlawful, and entities in possession of personal data is obligated to inform the data subject of any breaches or compromises in their data.
Right to Object – requires that the consent of the data subject be secured in the collecting and processing of his or her data. It grants the data subject the choice of refusing to consent, as well as the choice to withdraw consent, as regards collection and processing. As earlier stated, any activity involving a data subject’s personal data without his or her consent is deemed illegal.
Right to Access – involves being able to compel any entity possessing any personal data to provide the data subject with a description of such data in its possession, as well as the purposes for which they are to be or are being processed. Furthermore, other details regarding the processing of their information may be obtained, such as the period for which the information will be stored, and the recipients to whom the information may be disclosed. This must be complied with in an easy-to-access format, accompanied by a description in plain language.
Right to Correct or Rectification – allows the data subject to dispute any inaccuracy or error in the personal information processed, and to have the personal information controller correct it immediately. In line with this, the personal information controller must ensure that the new and the retracted information will be accessible, and that third parties who received the erroneous data will be informed, upon the request of the data subject.
Right to Erasure or Blocking – allows the data subject to suspend, withdraw or order the blocking, removal, destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. This is akin to the recognized right to be forgotten.
Right to Damages – entitles the aggrieved data subject to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of his or her personal information.
Right to Data Portability – enables the data subject to obtain and electronically move, copy, or transfer personal data for further use. This also carries out another policy behind the law–ensuring the free flow of personal information.
Right to File a Complaint – if you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint.
Transmissibility of Rights of the Data Subject – means that the lawful heirs and assigns of the data subject may invoke the rights of the data subject for, which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.
IX. Our Commitment to Data Security
We have in place reasonable technical and organizational measures to prevent unauthorized or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third-party service providers to take reasonable precautions to keep your personal data confidential and to prevent unauthorized or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws.
X. Warranties and Disclaimer from liability due to Electronic Communication Failure.
We cannot guarantee that our Site will function faultless and without any interruptions. We shall not be liable for damages, of whatever kind, direct or indirect, that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses or due to acts of God.
XI. Children and Minors
Except where required by local laws, we do not knowingly collect personal data from minors. If you are a minor, you may only use our Site and services with the permission of your parent or guardian.
XII. Third Party Sites
The Site may contain links to other websites, apps, content, services or resources on the internet which are operated by third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware that they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal information to these sites.
XIIL. Contact Us
If you have any questions or inquiry about how we handle your personal data, or would like us to update the data we maintain about you and your preferences, please contact our data protection officer by e-mail at [email protected] or by mail at North Bridgeway, Filinvest City, Alabang, Muntinlupa City, Philippines 1781.
XIV. Changes to the Privacy Policy
We may modify this Privacy Policy from time to time. Any changes to this Privacy Policy will be posted in the Site so that you are always informed of the way we collect and use your personal data, and we encourage you to review this Privacy Policy whenever you access the Site or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.
Updated versions of this Privacy Policy will include the date of the revision at the end of this Privacy Policy so that you are able to check when the Privacy Policy was last amended. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy on the Site. Continued use of the Site following such changes constitutes your acceptance of the revised Privacy Policy then in effect.
XV. Governing Law
This Privacy Policy is governed by and shall be construed in accordance with the laws of the Philippines.
Any disputes arising in connection with this Privacy Policy and interpretation thereof shall be governed by and construed in accordance with the laws of the Philippines. Any dispute arising out of or in connection with this Privacy Policy, including any question regarding its existence, validity or termination, shall be referred to and resolved by arbitration in accordance with the Data Privacy Act of 2012 (RA 10173) and the Alternate Dispute Resolution Act of 2004 (R.A. 9285). The place of mediation shall be Muntinlupa City.
Last Updated: May 16, 2023
COOKIES POLICY
This policy (“Cookies Policy”) is issued by THE BELLEVUE HOTELS AND RESORTS (referred to as “we”, “us”, “our”). This Cookies Policy applies to our use of cookies in connection with our website www.thebellevuemanila.com (“Site”).
By continuing to use our Site, you are agreeing to our use of cookies in the manner set out in this Cookies Policy.
If you do not wish to accept cookies in respect of your use of this Site, you should stop using the Site, or turn off your cookies, but this may affect the functionality of the Site.
I. WHAT IS A COOKIE?
After you enter the Site, the Site will make use of “cookies”. Cookies are small text files containing small amounts of information which are downloaded and may be stored on any of your internet enabled devices e.g. your computer, smartphone or tablet – like a memory for a web page. This Cookies Policy provides you with information about the cookies we use and why. Our Privacy Policy sets out full details of the other information we may collect and how we may use your personal data. If you do not wish to accept cookies in connection with your use of this Site, you should stop using it or turn off your cookies but this may affect the functionality of the Site.
II. COOKIES USED ON THE SITE
We use cookies which monitor usage of the Site and advertising cookies which record the fact that you have visited the Site and then which links you have accessed while you use the Site.
Some of these are session cookies which are temporary and allow us to link your actions during a browser session. These cookies help us identify you as a unique user (by storing a randomly generated number).
III. GOVERNING LAW
This Cookies Policy is governed by and shall be construed in accordance with the laws of the Philippines.
Any disputes arising in connection with this Cookies Policy and interpretation thereof shall be governed by and construed in accordance with the laws of the Philippines. Any dispute arising out of or in connection with this Cookies Policy, including any question regarding its existence, validity or termination, shall be referred to and resolved by arbitration in accordance with the Data Privacy Act of 2012 (R.A. 10173) and the Alternate Dispute Resolution Act of 2004 (R.A. 9285). The place of mediation shall be Muntinlupa City.
IV. CONTACT US
Should you have any other inquiries, feedback, concern, clarification, and/or complaints you can always contact us and/or reach the Common Data Protection Officer (DPO) through the following contact details:
Marites J. Canada
DPO
BH&R (Bellevue Hotels & Resorts)
North Bridgeway, Filinvest City, Alabang, Muntinlupa
Metro Manila, Philippines 1781
Telephone: (632) 8 771 8181 | Fax: (632) 8 771 8282
[email protected]
In case any data subject considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint maybe lodged with the local supervisory authority for data protection or before the National Privacy Commission (NPC). For further details, please refer to NPC’s website: https://privacy.gov.ph