HILTON WORLDWIDE HOLDINGS INC. GLOBAL PRIVACY STATEMENT
Last Updated: April 23, 2018
This privacy statement (“Statement”) applies to Hilton Worldwide Holdings Inc., its subsidiaries and all of the hotels within the Hilton Portfolio of Brands1 (collectively, “Hilton,” “we,” or “us”). At Hilton, we strive to deliver outstanding products, services, and experiences around the world. We value your business and, more importantly, your loyalty. We recognize that privacy is an important issue. We have developed this Statement to explain our practices regarding the personal information we collect from you or about you on this site or via our apps, through written or verbal communications with us, when you visit one of our properties, or from other sources. While this Statement broadly describes the practices we have adopted across Hilton globally, local laws vary and some jurisdictions may place restrictions on our processing activities (e.g., certain jurisdictions may require affirmative consent to send marketing messages). Therefore, our actual practices in such jurisdictions may be more limited than those described herein in order to enable us to comply with local requirements. If you are a resident of the European Economic Area (EEA), please see Appendix A for additional information regarding Hilton’s use of your personal information.
By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal information as described in this Statement.
Please note that this Statement does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or corporate customers.
1 The Hilton Portfolio of Brands includes Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Hilton Hotels & Resorts, Curio A Collection by Hilton, DoubleTree by Hilton, Tapestry Collection by Hilton, Embassy Suites by Hilton, Hilton Garden Inn, Hampton by Hilton, tru by Hilton, Homewood Suites by Hilton, and Home2 Suites by Hilton. Hilton Grand Vacations is a third-party partner of Hilton.
Hilton Worldwide Holdings Inc. is the Hilton entity that is the data controller for all guest data. Hilton Honors Worldwide LLC, which is a subsidiary of Hilton Worldwide Holdings Inc., operates the Hilton Honors loyalty program and is a data controller for that program. Hilton Domestic Operating Company Inc., which is a subsidiary of Hilton Worldwide Holdings Inc., operates, among other things, Hilton’s marketing activities and is a data controller for that activity.
The Hilton Portfolio of Brands includes managed hotels and franchised hotels. A list of entities that operate managed hotels in the European Economic Area, the United Kingdom, Switzerland, and the Asia Pacific region can be found here. In addition to Hilton Worldwide Holdings Inc., these entities also are data controllers for guest data.
Franchised hotels are operated by entities that are separate from Hilton. To determine the entity that operates a franchised hotel, please contact that hotel. In addition to Hilton Worldwide Holdings Inc., those entities also are data controllers for guest data.
HGV operates timeshare and fractional resorts. HGV is a third-party partner whose privacy statement is available at https://www.hiltongrandvacations.com/en/privacy-policy.html.
Hospitality Marketing Concepts LLC is a third-party partner that operates Hilton’s dining club in Asia Pacific and is a data controller for participants in the club.
Click on one of the links below to jump to a specific section:
- Personal Information We Collect
- Personal Information We Collect from Third Parties
- Use of Personal Information Collected About You
- Personal Information We Share
- Other Information
- Sensitive Information
- Personal Information From Children
- Mobile and Location-Based Services
- Links to Third-Party Websites and Services
- Protecting Personal Information
- International Transfers of Personal Information
- Changing and Accessing Your Personal Information
- Retaining Personal Information
- Choices – Marketing Communications
- Statement Modifications
- Contact Us
- Hilton Privacy Statement Revisions
- Appendix A: Additional Provisions Applicable to Processing of Personal Information of EEA Residents
PERSONAL INFORMATION WE COLLECT
We collect personal information at every touch point or guest interaction, and in conducting every aspect of our business, we may collect personal information. This personal information may include: your name, mailing address, billing address, email address, phone number, information related to your reservation, stay or visit to a property; participation in a membership or loyalty program (including Hilton co-branded payment cards or other co-branded programs); participation in a contest, sweepstakes, or marketing program (even if you do not stay at one of our hotels); information related to the purchase and receipt of products or services; personal characteristics, nationality, income, passport number and date and place of issue; travel history; payment information, such as your payment card number and other card information, as well as authentication information and other billing and account details associated with mobile billing; guest preferences; marketing and communication preferences; information about vehicles you may bring onto our properties; reviews and opinions about our Portfolio of Brands or properties (if they are identified or associated with you); frequent flyer or travel partner program affiliation and member number; hotel, airline and rental car packages booked; groups with which you are associated for stays at hotels; information provided on membership and account applications; and other types of information that you choose to provide to us or that we may obtain about you.
We may ask for details on joint travellers, including their names and frequent flyer numbers, and the age of the driver of the rental car. We may also collect information related to conversations, including recording or monitoring customer service calls for quality assurance and training purposes, and other communications such as in-app messages and SMS.
In addition, we collect other personal information in certain cases, such as:
- Hilton Honors Participation: When you enroll in our Hilton Honors program, you will receive an Hilton Honors number and we will ask you to create a user ID and password. We also collect information to administer the Hilton Honors program and profiles, including transaction and correspondence details, and to provide you with our Hilton Honors App functionality (where available). The Hilton Honors App allows you to do such things as use your mobile device to check-in, select your room, receive a room key, and check out. When you manage your profile online, you have the opportunity to provide additional information, such as your preferred airlines and your loyalty program account numbers with them, your room type preferences, your language preferences, your payment card account(s), and your email subscription preferences for receiving news, offers and information from us and our partners. Also, when you book a reservation, including a Rewards Reservation, or purchase Hilton Honors Points online, we may ask for additional specific account information such as corporate account number, group or convention code, travel agent number or AAA number. If you apply for a payment card or other account with one of our partners via one of our advertisements or on our properties, you may have the option to automatically add this information as part of your Hilton Honors profile.
- Surveys: We may request demographic data or other personal information in customer surveys.
- On-property Collection: We collect additional personal information during registration/check-in at our properties, including such information as may be required by local laws. We may also use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies). We may also use closed-circuit television and other technologies that record sound or video for the protection of our staff, guests and visitors to our properties where permitted by law. In addition, we may collect personal information in connection with on-property services, such as concierge services, health clubs, spas, activities, child care services, equipment rental, and our Digital Key functionality in the Hilton Honors App (where available).
- Event Profiles: If you plan an event with us, we collect meeting and event specifications, the date of the event, number of guests, details of the guest rooms, and, for corporate events, information on your organization (name, annual budget, and number of sponsored events per year). We also collect information about the guests that are a part of your group or event. If you visit us as part of a group, we may have personal information about you provided to us by the group and may market to you as a result of your stay with a group or attendance at an event in accordance with your preferences as permitted by law. If you visit us as part of an event, we may share personal information about you with the event planners, as permitted by law. If you are an event planner we may also share information about your event with third-party service providers who may market event services to you as permitted by law.
- Social Media: If you choose to participate in Hilton-sponsored social media activities or offerings, we may collect certain information from your social media account consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates and friend list. We may also allow you to enter into contests to provide photos, such as of your stay with us, which you may share with your connections on social media for votes, shared offers or other promotions.
- Forward-to-a-Friend: From time to time, we may offer a feature that allows you to send an electronic postcard or otherwise share a message with a friend, whether via the Internet, a stand-alone kiosk or mobile device. If you choose to use this feature, we will ask you for the recipient’s name and email address, along with the text of any message you choose to include. By using this feature, you represent that you are entitled to use and provide us with the recipient’s name and email address for this purpose.
- Franchise and Ownership Opportunities: If you are interested in obtaining more information about franchise or ownership opportunities, we may collect information about you in order to assess your suitability to become a franchisee or owner. We may combine the information you provide to us with information we obtain from third parties, such as credit reporting agencies and public records databases. We use this information to conduct due diligence on potential franchisees and owners.
- Employment Applications: If you choose to apply online for employment with Hilton, please see our Applicant Privacy Notice.
- WMBE Suppliers: If your U.S. company is a Women’s/Minority Business Enterprise interested in participating in Hilton’s Supplier Diversity Program, you may complete the Supplier Diversity Profile Application Form online. If you choose to apply, you will be asked to provide information about your company and its principals, including the principal’s name, address, email address, ethnicity, contact person’s name and email address, company’s tax identification number and legal structure, and evidence of Women’s/Minority Business Enterprise certification.
In addition to the information we collect from you directly, we may also infer information about you based on the information you provide to us or from Other Information we collect.
PERSONAL INFORMATION WE COLLECT FROM THIRD PARTIES
We may also collect information about you from third parties, including information from our airline, payment card, and other partners, including Hilton Grand Vacations; from your social media services consistent with your settings on such services; and from other third-party sources that are lawfully entitled to share your data with us. We use and share this information (and may append this information to the other information we have on file for you) for the purposes described in this Statement.
USE OF PERSONAL INFORMATION COLLECTED ABOUT YOU
We use your personal information in a number of ways, including to provide and personalize the services you request and expect from Hilton, to offer you the expected level of hospitality in-room and throughout our properties, administer the Hilton Honors program, conduct direct marketing and sales promotions and as set forth below in more detail. We will collect your consent prior to processing your data where required by applicable law.
We are obligated to collect certain data, including your name, address, payment information, and, in certain countries, travel document information, in order to process your reservation. Failure to provide this information will result in our inability to process your reservation.
- Hilton Honors Members: If you are a Hilton Honors member, Hilton Honors Worldwide LLC, a subsidiary of Hilton, uses your information to administer the Hilton Honors loyalty program, to personalize your experience across our services and applications, and in connection with our Hilton Honors App and Digital Key functionality (where available). Hilton Honors Worldwide LLC along with Hilton Domestic Operating Company Inc., a subsidiary of Hilton, also use your information to communicate news, promotional, and transactional materials across different Hilton services and to personalize advertising and content delivered to you through online, email, mobile, and display advertising, as well as on our website and applications and through our customer service call center in accordance with any communications preferences you have expressed.
- Service Administration: We use your personal information to administer programs in which you participate, including providing you with access to your account information, such as rewards status and offers for which you are eligible; to fulfil services that are part of such program; to enable direct communication between properties within the Hilton Portfolio of Brands; and between the Hilton Portfolio of Brands and you; and to facilitate collections.
- Meeting and Event Planning: We may use your personal information to provide you with information about meeting and event planning.
- Marketing and Communications: Where permitted we may use your personal information to provide or offer you newsletters, promotions and featured specials, as well as other marketing messages in accordance with any communications preferences you have expressed. We use your information to provide in-stay messaging, account alerts, and reservation confirmations; to send you marketing messages; and to conduct surveys, sweepstakes, prize draws, and other contests. We may provide these communications via email, postal mail, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app messaging, and other means (including on-property messaging, such as your in-room television). With your consent, we also use user-generated content (such as photos) from social media services to deliver display advertising or on our website and apps. We may also collect information from your payment card, which can be appended to personal information and used by Hilton or its business partners to recognize what type of card you have, such as whether or not it is a Hilton co-branded card and/or the bank or network of the card, and present and/or send you targeted marketing messages based on your payment method and in accordance with your communication preferences. We may also partner with third parties to learn whether a visitor to our site has a cash-back offer associated with their payment card and to deliver the visitor advertising and information that explains how to take advantage of that offer through a stay at a hotel within the Hilton Portfolio of Brands.
- Service Improvements: We may use your personal information to improve Hilton’s services and to ensure that our site, products, and services are of interest to you. We also use your personal information to provide you with the expected level of hospitality in-room and throughout our properties. This may include providing you with the ability to control your in-room technology through our website or apps on your personal devices.
- eFolio Program: We may enroll you in our eFolio program and use your email address to send you your hotel bill via email. It is your responsibility to ensure that we have the correct (and preferred) email address for you. If you make a reservation for another person using your email address, that person’s eFolio will be sent to your email address.
Data Correctness, Analytics and Personalization: We may aggregate your personal information with data from third-party sources for purposes of keeping information up to date and analytics. We also rely on information from third parties in order to provide better, more personalized service. For example, if you connect your social media services or other accounts to our services, we may use this information to make your experiences with us more personal and social, or share and use it as described elsewhere in this Statement.
PERSONAL INFORMATION WE SHARE
In order to offer you the expected level of hospitality and to provide you with the best level of service, we may share your personal information among members of the Hilton Worldwide Portfolio of Brands, our service providers, and other third parties as set forth in detail below:
- Hilton Portfolio of Brands, Including Franchised Hotels, Managed Hotels, Timeshare and Fractional Resorts: We may share personal information within the Hilton Portfolio of Brands, including Hilton Grand Vacations, as well as with owners and operators of franchised hotels, owners of hotels that we manage but do not own, and timeshare or fractional ownership resorts that may individually or jointly use the personal information to provide you with services, personalization, and for the purposes described above. In addition, when we cease managing a hotel that we do not own or end a franchise relationship, we may provide the hotel’s owner with certain information about past or future guests of that hotel.
- Electronic Billing Program: If you receive an eFolio by email (as discussed above), a summary detailing the goods and services provided to you during your stay will be shared with the payment card provider and, if you participate in a corporate billing program and use a corporate payment card, the payment card provider may share that summary with your employer. Additionally, if you participate in a special rate plan, we may share lists of Hilton Honors numbers that used the plan with the entity that provided the special rate plan to you. The privacy policies of your employer, the relevant payment card provider and card issuer apply once we have transferred your information.
- Group Events or Meetings: If you visit Hilton as part of a group event or meeting, information collected for meeting and event planning may be shared with the organizers of those meetings and events, and, where appropriate, guests who organize or participate in the meeting or event.
- Business Partners: We may partner with other companies to provide you with products, services, or offers based upon your experiences at our properties and may share your information with our business partners accordingly. For example, we may help to arrange rental cars or other services from our business partners, and share personal information with our business partners in order to provide those services. If you are a Hilton Honors member, we may share your personal information with our business partners in order to credit you with mileage or other benefits earned through your participation in the Hilton Honors program. We may also share your personal information, such as your email address, with our corporate travel partners to help them assess compliance with travel policies or participation in special rate plans or to engage in co-branded marketing with our corporate travel partners. We may also work with third parties, such as our airline and payment card partners, to allow us and our partners to deliver advertisements to our shared customers. Our partners may be able to provide more relevant offers to you based upon information that we share about your experiences at our properties, as well as information in your Hilton Honors profile. Additionally, we may allow third-party partners to recognize you when you visit that partner’s website or app, or to recognize you as one of their customers when you visit Hilton websites or apps so that they may provide more relevant offers to you. We may share a hashed version of your email address with third parties using available security measures that may match it with their own hashed versions of email addresses so that they can send online and email advertisements to you on our behalf.
- Co-Sponsors of Promotions: We co-sponsor promotions, sweepstakes, prize draws, competitions or contests with other companies, and we provide prizes for sweepstakes and contests sponsored by other companies. If you enter one of these sweepstakes or contests, we may share your information with the co-sponsor or third-party sponsor.
- On-property Services: We may share personal information with third-party providers of on-property services such as concierge services, spa treatments, golf, or dining experiences.
Service Providers: We rely on third parties to provide services and products on our behalf and may share your personal information with them as appropriate. Generally, our service providers are contractually obligated to protect your personal information and may not otherwise use or share your personal information, except as may be required by law. However, our fraud detection service providers may use, but not share, your personal information for fraud detection purposes. We may use service providers to communicate news and deliver promotional and transactional materials to you on our behalf, including personalized online and mobile advertising in accordance with your preferences and applicable law. Please see our Cookies Statement for more information. Hilton will only work with parties that offer a method to opt-out of such advertising. We may also share information with service providers to allow you to create itineraries by selecting sites, activities, and restaurants from lists that we have personalized for you based on your preferences and third-party data.
- Business Transactions: As we develop our business, we might sell, buy, restructure or reorganize businesses or assets, or cease being the manager or franchisor of a hotel that is currently part of our portfolio. In such circumstances, Hilton may transfer, sell or assign information collected, including, without limitation, Other Information (described below) and personal information, to one or more affiliated or unaffiliated third parties in connection with these business transactions. To the extent that local laws require it, we will provide notice of our intent to transfer personal data to a third party for this purpose, and explain how you can object to such transfer.
- Telemarketing: If you stay at one of our hotels and are a Hilton Honors member, we may share your telephone number among the Hilton Portfolio of Brands, including Hilton Grand Vacations, for purposes of telemarketing in accordance with your preferences and applicable law. We may also receive your telephone number from our partners or from other sources, which we may use for telemarketing purposes.
- Other: In addition, Hilton may disclose personal information in order to: (i) comply with applicable laws, (ii) respond to governmental inquiries or requests from public authorities, (iii) comply with valid legal process, (iv) protect the rights, privacy, safety or property of Hilton, site visitors, guests, employees or the public, (v) permit us to pursue available remedies or limit the damages that we may sustain, (vi) enforce our websites’ terms and conditions, and (vii) respond to an emergency.
When you visit and interact with Hilton websites and apps, we collect other information that does not directly identify you about your use of the site, such as a catalog of the site pages you visit, and the number of visits to our sites (“Other Information”). We use Other Information, as well as data received from third parties, to deliver you email, online (on our sites and other sites) and mobile advertisements. We may also use Other Information to allow third-party partners to recognize you as a Hilton Honors member when you visit the partner’s website or app, or to recognize you as one of their customers when you visit Hilton websites or apps so that they may provide more relevant offers to you.
At this time, we do not respond to Do Not Track signals or other, similar mechanisms. Please see our Cookies Statement for more information.
We may use information we have collected and aggregated, or anonymized personal information received from third parties, to understand more about our users (for example, we may use aggregated information to calculate the percentage of our users who have a particular telephone area code). This includes demographic data, such as date of birth, gender and marital status, inferred commercial interests, such as favorite products or hobbies, and other information we may collect from you or from third parties.
Because Other Information does not personally identify you, such information may be disclosed for any purpose where permitted by law. In some instances, we may combine Other Information with personal information. If we do combine any Other Information with personal information, the combined information will be treated by us as personal information in accordance with this Statement.
The term “sensitive information” refers to information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, or sexual orientation, genetic information, criminal background, and any biometric data used for the purpose of unique identification. In some jurisdictions, mobile phone numbers, location data, and information contained on identity documents also are considered sensitive information.
We do not generally collect sensitive information unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs (for example, the provision of disability access).
PERSONAL INFORMATION FROM CHILDREN
We do not knowingly collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit personal information without your permission.
MOBILE AND LOCATION-BASED SERVICES
We provide mobile apps that can be downloaded to your smartphone or mobile device. These apps have a variety of functionalities that enhance the customer experience. In addition to providing services, our apps may collect personal and Other Information that will be used in accordance with this Statement. For example, to book or change a reservation, including a reward stay, you will be required to provide some personal information, such as your Hilton Honors credentials or other information as necessary. Our Digital Key functionality within the Hilton Honors App collects information we already have about you, including your Hilton Honors number and user ID, and additional information, including use of the key. We provide a link to this Statement to customers prior to their downloading of any of our apps.
If you allow our mobile apps to access your location information on your device, our mobile apps may use your mobile device’s Global Positioning System (GPS) technology and other technology (such as wireless transmitters known as beacons) to provide you with information and offers based on the location of your device. Beacons allow us to collect information about your location within participating hotels by communicating with mobile devices that are in range. We may use this location information to enhance your on-property experience by delivering push notifications and other content to your mobile device, providing navigation assistance as you move around our locations, and sending you information and offers about products, services, or activities we believe may be of interest to you. We may share this information with third parties, including business partners and service providers, to provide information, offers, and services that may be of interest to you. You may prevent or limit collection of location information by changing the settings in the Hilton Honors app, or by changing your device’s settings.
For certain properties, we also make available real-time or virtual “concierge” features, which may be pre-loaded onto a Hilton-owned device, downloadable to your web-enabled mobile device, or available as part of the Hilton Honors App. For example, you can communicate directly with the hotel; order services from the hotel, such as room service or valet parking; access our websites; access third-party websites, including local attractions and social media; and book a reservation. The hotel will access and use your personal information (such as your name, Hilton Honors tier, confirmation number, check-in and checkout dates, and room number) in providing these concierge services. If you request SMS (text) communications, you will be required to provide your phone number and carrier. We may also communicate with you by means of third-party digital messaging apps. If we do so, the privacy policies of those services apply.
We offer all of these mobile and location-based services only to the extent permitted by applicable local laws.
LINKS TO THIRD-PARTY WEBSITES AND SERVICES
PROTECTING PERSONAL INFORMATION
Hilton will take reasonable measures to: (i) protect personal information from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal information accurate and up-to-date as appropriate. Hilton employs a robust internal team of dedicated information security professionals who are responsible for creating, updating and managing Hilton’s security program. Hilton’s Global Information Security team is responsible for, among many other things, monitoring our systems for potential intrusions, responding to potential incidents, supporting property-level information security, regularly reviewing and updating the security controls Hilton uses to protect data, and providing training on Hilton’s information security program. Hilton maintains a PCI compliance program and an IT compliance program. This compliance program generates audit reports concerning the adequacy and effectiveness of Hilton’s IT internal controls, including a PCI Attestation of Compliance signed by an external PCI Qualified Security Assessor and a SSAE16/SOC1 report addressing the IT general controls over systems that support certain accounting and financial reporting. In the event of a security incident, Hilton will notify regulators and/or consumers as required by applicable laws or regulations.
We also seek to require our affiliates and service providers with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information about you. For online transactions, we use reasonable technological measures to protect the personal information that you transmit to us via our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure.
For your own privacy protection, please do not send payment card numbers or any other confidential personal information to us via email.
We will not contact you by mobile/text messaging or email to ask for your confidential personal information or payment card details. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We will not contact you to ask for your Hilton Honors account log-in information. If you receive this type of request, you should not respond to it. We also ask that you please notify us at ISC@hilton.com.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
As a global company, we endeavor to provide you with the same level of service that you have come to expect at Hilton whether you are in San Francisco, London or Tokyo. To provide this service, you acknowledge that we may share your personal information among members of the Hilton Portfolio of Brands, our service providers, and other third parties, which may be located in countries outside of your own. When you stay at a Hilton property outside the United States, the data controller for that property transfers the personal information relating to your reservation to Hilton in the United States pursuant to data transfer agreements when required by applicable laws or regulations. The data controller may also maintain a local copy of your personal information when so required by applicable laws or regulations. Although the data protection laws of various countries may differ from those in your own country, we will take appropriate steps to ensure that your personal information is handled as described in this Statement and in accordance with the law.
CHANGING AND ACCESSING YOUR PERSONAL INFORMATION
If you are a Hilton Honors member, the information you provided to us at the time of registration may be accessed, reviewed and updated at any time by signing in to your Hilton Honors profile.
To the extent required by applicable law, you may be able to request that we inform you about the personal information we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your personal information. We will make all required updates and changes within the time specified by applicable law and as required by law. When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Such requests may be submitted by accessing the Data Subject Rights Requests Portal or in writing to DataProtectionOffice@hilton.com or Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA. To protect your confidentiality, we can only respond to such requests to the email address that you have registered or otherwise provided to us. Please remember that if you make such a request, we may not be able to provide you with the same quality and variety of services to which you are accustomed.
In addition, in some circumstances based on applicable law, you may request that we cease sharing personal information about you with our business partners or that Hilton cease using personal information about you by contacting us using the email or mailing address above. We will seek to honor those requests consistently with applicable law.
RETAINING PERSONAL INFORMATION
We retain personal information about you for the period necessary to fulfill the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law. We retain personal information collected in order to fulfill guest reservations for seven years after the stay is completed. We retain other personal information for shorter periods of time if possible and if permitted by law.
We will destroy your personal information as early as practicable and in a way that the information may not be restored or reconstructed.
If printed on paper, the personal information will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.
CHOICES – MARKETING COMMUNICATIONS
If you have given us your contact information (mail address, fax number, email address or phone number), we may want to inform you in accordance with any preferences you have expressed, and with your consent where required, about our products and services or invite you to events via email, online advertising, social media, WeChat, WhatsApp, telephone, text message (including SMS and MMS), push notifications, in-app alerts, postal mail, our customer service call center, and other means (including on-property messaging, such as your in-room television).
If you are a Hilton Honors member, you may change the communications you receive from us by logging on to your online account and managing your subscriptions, by writing to us (and including your email address) at Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA, or by emailing us at DataProtectionOffice@hilton.com.
If you prefer not to receive email marketing materials from us, you may opt-out at any time by using the unsubscribe function in the email you receive from us or by clicking this link: https://secure.hilton.com/en/hhonors/optout/unsubscribe.jhtml?listid=0. Opt-out requests can take up to ten business days to be effective.
To opt out of text messages, tell the hotel front desk that you do not want to receive text messages from the hotel or reply “STOP” to the message you received.
To be added to Hilton’s internal do not call list, send a message to firstname.lastname@example.org.
You may control whether our mobile apps send you push notifications by changing your notification settings on your mobile device. If we engage in sending you in-app messages, we will allow control for those in our apps’ settings. For more information about cookies and interest-based advertising and to learn about how to manage these technologies, please see our Cookies Statement.
Special Notification for California Residents. Individual customers who reside in California and have provided their personal information to the Hilton Portfolio of Brands may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. Such requests must be submitted to us at one of the following addresses: CA_Privacy@Hilton.com or Hilton, Inc., 7930 Jones Branch Drive, McLean, VA 22102, USA. Within thirty days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to CA_Privacy@Hilton.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site, and if you have registered for any of your products or services, will may also inform you though a communications channel that you have provided. You can tell when this Statement was last updated by looking at the link and at the date at the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site. Use of the site, any of our products and services, and/or providing consent to the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.
If you have any questions about this Statement or how Hilton processes your personal information, or if you wish to either provide a compliment or a complaint, please contact us by email at DataProtectionOffice@hilton.com or by postal mail to Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA. We will respond within 30 days or sooner if practicable.
HILTON WORLDWIDE PRIVACY STATEMENT REVISIONS
- Updated to provide more detailed information about how we collect, use, share and protect personal information of our guests.
- Added hyperlinks to Hilton’s Data Subject Rights Request Portal for guests to make individual rights requests pursuant to laws in some jurisdictions.
- Added Appendix A: “Additional Provisions Applicable to Processing of Personal Information of EEA Residents.” Appendix A includes detailed information provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, commonly referred to as the “General Data Protection Regulation” (GDPR).
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL INFORMATION OF EEA RESIDENTS
For individuals residing in the EEA, this Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement.
Controller: for more information on the Hilton entities that process your personal information, please click here.
Data Protection Officer: Hilton’s Data Protection Officer may be contacted by email at DataProtectionOffice@Hilton.com, or at the following address:
Attn: Data Protection Officer
7930 Jones Branch Drive
McLean, VA 22102 USA
Purposes and Legal Basis for Processing: Hilton processes your personal information for the purposes set forth in Sections 4 (Use of Personal Information Collected About You) and 5 (Personal Information We Share) of the main body of this Statement.
The legal bases for Hilton’s processing activities include processing such information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests and others, for our legitimate business interests, and pursuant to your consent.
The particular legal basis for the processing of your personal information is based on the purpose for which such information was provided or collected:
- Hilton Honors Participation: We process the personal information obtained in connection with your participation in the Hilton Honors program on the basis of our contractual relationship with you and in furtherance of our business interests, including to personalize your use of our services and applications, to communicate news and promotional items, and to deliver personalized advertising and content.
- Surveys: Completion of surveys is voluntary – we process the information obtained from surveys on the basis of your consent and in furtherance of our business interests, including marketing, service improvements, and analytics.
- On-property Collection:
- When you make a reservation and when you stay at one of our hotel properties, we process your name, address, contact information, along with the details of your stay (arrival and departure day and time, vehicle information and information regarding others traveling or staying with you), on the basis of our contractual relationship with you. We also process such data for our business interests, including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- We collect certain additional personal information during registration/check-in at our properties (such as national ID or passport information), as necessary to comply with our legal obligations.
- We use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies) for the protection of our staff, guests and visitors to our properties.
- We process personal information in connection with on-property services (such as concierge services, health clubs, spas, activities, child care services, equipment rental, and our Digital Key functionality), in order to provide the services to you and for our business interests including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Event Profiles: We process the personal information obtained in connection with your event on the basis of our contractual relationship with you and for our business interests, including for marketing, service improvements, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Social Media: Participation in Hilton-sponsored social media activities and offerings is voluntary – we process information obtained from social media participation on the basis of your consent and in furtherance of our related business interests, including for marketing, service improvements, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Promotions and Sweepstakes: Participation in sweepstakes, contests and other promotional offerings is voluntary – we process the information obtained from such participation based on your consent and as necessary to administer the offering. We also use certain data for our business purposes, including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
- Direct Marketing: We use your personal information to send you marketing messages on the basis of your consent. You may withdraw your consent for direct marketing communications at any time by contacting us at customer_privacy@Hilton.com or by following the unsubscribe instructions in the marketing message, or by logging in to your Hilton Honors account and updating your communication preferences.
- Franchise and Ownership Opportunities: We process this information on the basis of our contractual relationship with you and for our related business interests, including maintaining and promoting the Hilton brand and facilitating direct communication between properties within the Hilton Portfolio of Brands.
- WMBE Suppliers: Participation in Hilton’s Supplier Diversity Program is voluntary – we process this information based on your consent and for our related business interests, including maintaining and enhancing our diversity program.
Retention: We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. Our retention policies reflect applicable statute of limitation periods and legal requirements.
Data Subject Rights: Residents of the EEA have the following rights:
Access, Correction and Erasure Requests: You have the right to:
- ask us to confirm whether we are processing your personal information
- receive information on how your data is processed
- obtain a copy of your personal information
- request that we update or correct your personal information
- request that we delete personal information in certain circumstances
Right to Object to Processing: You have the right to request that Hilton cease processing of your personal information:
- for marketing activities, including profiling
- for statistical purposes
- where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise or defense of a legal claim
Right to Restrict Processing: You have the right to request that Hilton limit the processing of your personal information:
- while Hilton is evaluating or in the process of responding to a request by you to update or correct your personal information
- where such processing is unlawful and you do not want Hilton to delete your data
- where Hilton no longer requires such data, but you want us to retain the data for the establishment, exercise or defense of a legal claim
- where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request
- Where we limit the processing of your personal information pursuant to your request, we will inform you prior to re-engaging in such processing.
Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
Submitting Requests: your requests may be submitted by accessing the Data Subject Rights Request Portal or in writing to DataProtectionOffice@hilton.com, or the Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA. You may also update your personal information as provided in Section 12 (Changing and Accessing Your Personal Information) of the main body of this Global Privacy Statement.
We will respond to all such requests within 30 days of our receipt of the request, unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of data that you request.
If you have concerns about our data practices or the exercise of your rights, you may either contact Hilton at DataProtectionOffice@Hilton.com or the supervisory authority in the Member State of your residence.
Right to Withdraw Consent: You have the right to withdraw your consent to any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account). You may withdraw your consent to marketing activities by following the instructions on any marketing emails, or contacting email@example.com. For any other activities for which you have previously consented, you may contact DataProtectionOffice@hilton.com to withdraw such consent.
Segmentation (also referred to as profiling) and Automated Decision Making: We use personal information to divide large groups of consumers into sub-groups of consumers (known as segments) based on some type of shared characteristics such as geography, behavior, or demographics.
With your consent, we make automated decisions, meaning without human interference, using segmentation and/or your specific personal information to offer you certain benefits based on your characteristics (such as discounted room rates or other special offers based on your geography, behavior, or demographics). For example, if you travel frequently during the week to hotels in France, we may send you special offers for Hilton hotels in France.
International Data Transfers: We may transfer the personal information we collect about you pursuant to the purposes described in this Statement to countries that have not been found by the European Commission to provide adequate protection. In particular, we transfer your personal information to the United States.
We use appropriate safeguards for the transfer of personal information among our affiliates in various jurisdictions, and where required, we have implemented European Union controller-to-controller standard contractual clauses or other such safeguards for such purposes. To obtain a copy of theses clauses or additional information on transfers, you may send your request to firstname.lastname@example.org.