HOTEL BENILDE MAISON DE LA SALLE
DATA PRIVACY POLICY

Hotel Benilde Maison De La Salle, together with its commitment to provide excellent service to its guests, patrons and potential clients, is also bound to comply with the Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations and relevant issuances of the National Privacy Commission. The Hotel is committed to protect the confidentiality of personal data it collects thus it has adapted necessary measures to secure it.

This Privacy Policy outlines the Hotel’s data collection practices. It ensures that clients make informed decisions and feel confident about disclosing their personal data.

“Data” refers to any personal information that can be used to identify an individual. It may be a name, contact number, address, age, gender, passport or other identification document details, personal financial information, frequent flyer or travel partner information.

Collection of personal information

The Hotel limits the collection, use and retention of the Data to the specific information needed for legitimate purposes to administer the Hotel’s business, and provide its clients with quality service and offer various products or services that may be of their interest. The Hotel has taken appropriate steps to protect Data collected against unauthorized access, disclosure or alteration, and to keep such Data up to date.

When a client books a reservation or request for a particular service from the Hotel or otherwise interact with the Hotel, the Hotel staff will ask him/her to voluntarily provide the Hotel with Data that it needs. In making reservations, the Hotel requests for Data such as client’s name, address, telephone number, e-mail address, and credit card information for payment purposes (including credit card number, code and expiry date). The Hotel uses the client’s e-mail address to send an e-mail confirmation of the booking and a pre-arrival message summarizing the confirmation details and preferences.

Same information would be requested when you purchase the Hotel’s gift certificate or merchandise or make on-line inquiries.

Upon checking-in, Hotel requests the client to fill up a registration card, following information are collected client’s name, address, telephone/mobile number, e-mail address, passport details (photocopied with clients image) and credit card information for payment purposes (including credit card number, code and expiry date).

The Hotel also has installed CCTV cameras in strategic areas, the CCTV may record/capture images/videos of clients for security and safety purpose.

Purposes of Collection of Personal Information

1. Processing of reservation
2. Maintaining client records
3. Managing accommodation services
4. Providing access to facilities/services
5. Maintaining safety and security
6. Communicating Hotel promos/announcements
7. Payment
8. Marketing and publicity of the Hotel
9. Historical and statistical data
10. Research for improvement of services and facilities
11. Add if there are other purposes

Disclosure of Personal Information

The Hotel shall only disclose client’s personal information contained in the client’s records when there is a written consent of the client, except when the disclosure to Hotel officials who have a legitimate interest in the records.

A Hotel official is:

• A person employed by the Hotel in an administrative, supervisory, security services, or support staff position, including health or medical staff and also clerical staff who have access the clients record.
• A contractor, consultant, volunteer or other service provider with whom the Hotel has contracted as its agent to provide a service that would otherwise be performed by a Hotel employee, such as (but not limited to) an attorney, auditor, and security agency
A Hotel official has a legitimate interest if the official is:
• Performing a task that is specified in his/her position description or contract agreement.
• Providing a service or benefit relating to the Client
• Maintaining the safety and security of the Hotel.

Data Sharing

Client information is shared internally within the Hotel when appropriate to meet legitimate purposes. Data will only be shared between staff members who have the official need to have access to it.

In cases where personal information collected is shared and/or transmitted to third parties this shall be covered with data sharing agreement.

The Hotel may provide client’s information to third parties in the following circumstances:

(1) when you have given consent; (2) if it is in response to subpoenas, court orders or legal processes; (3) a requirement to fulfill a service that you have subscribed to; (4) detect, prevent or otherwise address fraud, security, or technical issues; or (5) protect our rights and safety and the rights and safety of our users or others.

The Hotel occasionally will use personal information data for research and may select information from a group of clients. Identification of individual will be kept anonymous.

Some of our Hotel operations staff maintain a database of client information which is used for marketing, promotion and research, understanding and analyzing customer behavior and customer profiling to improve our services. Client will receive marketing and promotional materials if he/she has given his/her express and specific consent in some data collection forms. Client may elect to unsubscribe from receiving future e-mail promotions at any time. Data Protection This Hotel has reasonable administrative, physical and technical security measures in place to help protect against the loss, misuse, and alteration of the information under our control.

The Hotel protects personal information through:

• Confidentiality requirements and data privacy training of our staff;
• Document storage security policies;
• Security measures to control access to our systems and premises;
• Limitations on access to personal information;
• Strict selection of third party data processors; and
• Electronic security systems, such as firewalls and data encryption.

Data Storage and Transmission

Personal information collected and processes are stored in secured filing cabinets and electronic data base.

Data Retention

Some personal information may be retained indefinitely for historical and statistical purposes. Data will only be retained until they are still relevant for the Hotel. In case when a retention period is provided, all records after such period will be securely disposed of. Data Access To protect the data of its clients, the Hotel would require the client to prove his/her identity in relation to his/her request to access his/her data, which may consist of a copy of a government-issued identification, the client’s signature and correspondence address to check them against the Hotel’s records. The above information is required and recorded to create an audit trail of services and requests the Hotel has provided its clients. Data Accuracy, Correction, Blocking, Erasure It is the duty of the Hotel to ensure that data it collects is accurate and has been processed fairly and lawfully. The client may object to the processing of his/her personal data, request to access his/her personal information, and/or have it corrected, erased, or blocked based on reasonable grounds. The Hotel will act on the request in accordance to Hotel’s policies and procedure. Third Party Providers

This policy statement does not apply to the processing of Data on behalf of, or at the direction of, third party providers (for example, airlines, booking sites) who may collect Data from the client and provide it to the Hotel. The Hotel merely acts as a data processor and thus advise client to review applicable third party providers’ privacy policies before submitting his/her Data.

Data Breach

Data breach refers to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

In case of breach, the Hotel will take the necessary steps to mitigate untoward effects of such breach. Any data security breach that comes to the knowledge of the Hotel will be recorded and reported as required by law. If there is strong suspicion that breach affects client’s personal information, the Hotel through the De La Salle – College of Saint Benilde Data Protection Officer (DPO) will immediately notify client of such breach in an appropriate manner.

If the client strongly believes that his/her personal information which is stored and processed by the Hotel has been compromised, the client shall file a written complaint to the DPO for proper and immediate action.

Amendment/Modification of Data Privacy Policy

The Hotel reserves the right to modify/amend this Policy at any time in its sole discretion. It will publish a notice of this on the Hotel’s website. The change shall be effective upon posting on its website.

Queries and complaints can be directed to the Data Privacy Officer at Tel. No. (632) 2305100 loc. 3104 or dpo@benilde.edu.ph