Privacy
Policy
Here at Rosemont Project Management, we use your information to deliver an exceptional experience every time you interact with us. Protecting the privacy of your personal information is a core part of that promise, and we take great care to keep it secure.
1. Introduction
We are Hyatt, one of the world’s leading hospitality groups. We use information about you to fulfil our commitment to providing an unparalleled guest experience in connection with all of your interactions with us. As part of that undertaking, we are committed to safeguarding the privacy of the personal information we gather.
To fulfil our commitment to providing an unparalleled guest experience, we need to collect, use and share personal information. This Privacy Policy (“Policy”) explains how we do that when you book with us, travel with us or otherwise stay at a Hyatt Location (as defined in Section 14) or receive other services from our portfolio of brands described in Section 14.
2. Types of personal information we may collect
We obtain most of your information either directly from you or from booking channels you’ve used to book a stay at a Hyatt Location. The main booking channels people use to travel with us or access our services are Hyatt.com, World of Hyatt, our mobile app and other booking platforms operated by third parties that make available stays at Hyatt Locations, tour operators and travel agents.
The table below contains more details regarding the personal information we may collect and process about you where permitted by applicable law.
Categories
Identification information
Demographic information
Contact Information
Stay information
Loyalty information
Payment information
Purchase history
Correspondence
Login details
Social media platform information
Website or mobile application data
Pictures and images
CCTV and other video surveillance
Other video and/or audio
Biometric information
Consent records
Details
First name
Surname
Salutation
Professional and work information
Passport and visa information
Details of your government-issued ID
Gender
Age
Date and place of birth
Nationality
Home or work address(es) (including country of residence and postcode)
Telephone numbers
Email addresses
Booking channels
Places of stay and booked stays
Due date and actual dates of stays
Other purchases, preferences, requests and feedback
Physical and digital room key usage
Hotel complaints and incident reports
World of Hyatt program details
United Vacation Club program details
Other loyalty scheme participation details
Account or card details
Billing address
Records of purchases
Invoices
Calls, voice messages, faxes, chats, texts, letters, emails, and other communications sent between us or made by or to you at Hyatt Locations
Times, duration and size of those calls, letter and emails
Username
Password
Username for social media platforms (for example, Facebook, Google or X) used to access Hyatt or ALG's platforms and other services
Emails associated with social media platforms
IP address
Your browser and device type, manufacturer and operating system
Your device IDs
Your advertising ID
Your location from time to time
Internet connection and mobile network details
Information collected via cookies (including third-party cookies) and similar technologies (please see Section 4 for more information)
Log files and clickstream
Web page and app interaction information
Analytics and usage tracking
Pictures and images you share with us on social media or other third-party websites and applications
Marketing and promotional materials you agree to be a part of
Pictures and images for facilitating claims, litigation, and disputes
Your image captured within CCTV images
Phone recordings (subject to consent requirements jurisdiction)
Video and audio you share with us directly, through social media, or other third-party websites and applications
Video and/or audio for facilitating claims, litigation, and disputes
Information about your appearance
Records of your consent provided via Hyatt's platforms
Source
You
Anyone who makes a booking on your behalf or travels with you
Anyone who checks in on your behalf
Booking channels
Third parties who promote our services jointly with us (including airlines and credit card partners)
You
Anyone who makes a booking on your behalf or travels with you
Anyone who checks in on your behalf
Booking channels
Third parties who promote our services jointly with us (including airlines and credit card partners)
You
Anyone who makes a booking on your behalf or travels with you
Anyone who checks in on your behalf
Booking channels
Third parties who promote our services jointly with us (including airlines and credit card partners)
You
Us
Anyone who makes a booking on your behalf or travels with you
Booking channels
You
Anyone who makes a booking on your behalf or travels with you
Anyone who checks in on your behalf
Booking channels
Third parties who promote our services jointly with us (including airlines and credit card providers)
You
Booking channels
You
Us
Third-party providers at Hyatt Locations (for example, spas and laundry services)
Booking channels
Third parties who promote our services jointly with us (including airlines and credit card providers)
You
Us
Booking Channels
You
You
Social media sites and other third-party sources
Police and other government authorities
You
Third-party data providers such as demographic data providers and advertising networks
You
Us
You
You
Us
You
You
3. Biometric, health-related, or other sensitive personal information
There may be instances in which the personal information listed above contains information that is categorised as sensitive personal information under the privacy laws of some territories/countries.
Special Categories Depending on the applicable law, sensitive personal information can mean, for example, personal information from which we can determine or infer an individual’s citizenship, immigration status, or racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional, religious, philosophical, or political association, physical or mental health or condition, medical treatment, genetic data, biometric information, information about an individual’s sexual orientation, username and password information for your Hyatt accounts, personal information relating to potential crimes or international sanctions, or your precise geolocation.
We may collect sensitive personal information you provide us to fulfil special requests (e.g., requests require specific accommodation or services, or biometric information). For example, if you request accommodations for the purpose of your travel, we may pass such details on to your place of travel so that they can confirm or arrange appropriate access.
On a voluntary basis, we may collect biometric information to enable access to our services at Hyatt Locations. In such cases, we will provide additional disclosures and/or obtain specific consent in accordance with applicable laws.
Financial Information In some rare instances, financial records, credit card information and location data may constitute sensitive personal information where you are located.
Use of sensitive personal informationWe only process sensitive personal information if and to the extent permitted or required by applicable law in your jurisdiction (for example, (i) sanctions or anti-money laundering screening, (ii) so that we can tailor our services to you, (iii) for security purposes or to facilitate access to, or use of, our services, or (iv) to ensure we can process card payments).
Consent Importantly, where we rely on consent to process your sensitive personal information, you have the right to withdraw that consent at any time.
4. Cookies and other technologies
We and other parties use cookies, tags, pixels, beacons and other technologies on our websites, mobile applications, and email and marketing messages. These technologies are used to enable functionality, track usage, improve products and services, and for marketing and analytics, and they also allow us, advertising networks, social media companies, and other providers to place and serve advertisements and customized content. These technologies may collect information about your online activities over time and across different websites, devices, and browsers so that we or other parties may display interest-based advertising using information gathered about you over time across multiple websites or other platforms. For additional information on the data processed by the cookies, click on the Cookie Center link that may be in the footer of the website.
Some of our websites allow you to manage your cookie preferences by clicking on the Cookie Center link that may be in the footer of those websites. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting http://www.aboutads.info/choices and you can consult the user instructions for your internet browser for additional controls relating to the use of cookies, including blocking certain cookies by adjusting the settings on your internet browser.
Choices you make regarding cookies are website, device, and browser specific, and are deleted whenever you clear your cookies or your browser’s cache. This means you need to adjust your cookie preferences on each website, device, and browser you use. If you block cookies, you will not be able to use all of the features of our websites, including the customization features associated with creating a user profile. Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform and we do not currently respond to “do not track” signals. Hyatt recognizes the Global Privacy Control signal as described in Section 10.
Further information about cookies and related technologies and how they work is available at allaboutcookies.org.
Our mobile applications may contain software development kits (“SDKs”) provided by other parties which may collect and transmit information, including for purposes of enabling features in the applications. We may also collect device advertising identifiers. You can configure your mobile device privacy or advertising settings via your iOS or Android device to limit how applications track certain activity for advertising purposes. Choices you make are device specific.
5. How we use your personal information and our lawful reasons for that use
We use your personal information to administer your travel or the services you receive from us. To the extent permitted by applicable law, we also use your personal information for our wider business interests, such as planning, risk management and marketing. We describe that in more detail in the table below.
Lawful reasons for use. When we process your personal information as one of our guests or someone else with whom we do business, we process that information on the basis of one more of the following so called “legal bases” depending on the circumstances:
Performance of a contract: If you make a booking to travel with or receive services from us, our main lawful basis for using your personal information is the performance of our contract with you.
Legitimate interests: If you are traveling with or receiving services from us but someone else in your party or family contracted with us to make the booking, our lawful basis is our legitimate interest in administering your travel and services.
Our main lawful basis for using your information for our wider business purposes – such as planning, risk management and marketing – is the legitimate interests in providing, improving, and developing our services. We will not use your information for the purposes of a legitimate interest where this legitimate interest is overridden by your interests or fundamental rights and freedoms.
Legal obligations: Where necessary, we will use your personal information to meet our tax and other legal obligations.
We and the separate and distinct legal entities that manage, operate, franchise, license, or own properties and/or provide services in connection with the Hyatt Locations and World of Hyatt also use your personal information as controllers to meet our tax and other legal obligations.
Sensitive personal information. Where we use your special category information or other information that is treated as sensitive personal information in a specific territory/country, certain jurisdictions require that we identify an additional ground to process that information. Such additional ground will mainly be that the use is necessary for compliance with the law or other substantial public interest. However, at times we may also rely on your consent. Where we rely on your consent, we will explain at the time what we need your information for and what we will do with it.
Purpose and lawful basis. The table below sets out in more detail how we use your information and our lawful bases.
Purpose/Activity
Administering travel and providing products and services, or through products and services developed in the future (such as customer support, personalization, concierge services, loyalty programs, destination services, excursion providers, or contests)
Taking payments
Interacting with third parties at your request, such as your travel agent, credit card provider, group travel booker, employer, destination services, excursion providers, airline operator or third-party loyalty or points schemes
Correspondence, feedback, market research and surveys
Business planning, improvements and development
Marketing, contests, sweepstakes and other promotions
Safety, cyber incident and crime prevention, prevention of harmful activities
Tax, legal and regulatory requirements or compliance obligations on Hyatt, property owners and other third parties involved in administering your travel or providing our services
Providing our platforms and applications
Processing credit applications
Management of our internal systems, processes and our use of technology, including audits, testing and upgrading of systems
Information we use
Identification information
Demographic information
Contact information
Stay information
Loyalty information
Payment information
Purchase history
Preferences and inferences
Correspondence
Login details
Other booking platform information
Third-party information
Website or mobile application data
Biometric information
Consent records
Identification information
Contact information
Payment information
Identification information
Demographic information
Contact information
Stay information
Loyalty information
Payment information
Purchase history
Preferences and inferences
Correspondence
Other booking platform information
Website or mobile application data
Consent records
Identification information
Demographic information
Contact information
Stay information
Loyalty information
Payment information
Purchase history
Preferences and inferences
Correspondence
Other booking platform information
Website or mobile application data
Identification information
Demographic information
Contact information
Stay information
Loyalty information
Purchase history
Preferences and inferences
Correspondence
Social media platform information
Other booking platform information
Third-party information
Website or mobile application data
Identification information
Demographic information
Contact information
Preferences and inferences
Social media platform information
Other booking platform information
Third-party information
Website or mobile application data
Consent records
Identification information
Contact information
Demographic information
Stay information
Website or mobile application data
CCTV and other video data
Login details
Third-party information
Biometric information
Identification information
Demographic information
Contact information
Stay information
Loyalty information
Payment information
Purchase history
Correspondence
Other booking platform information
Third-party information
Website or mobile application data
Website or mobile application data
Login details
Consent records
Identification information
Contact information
Purchase history
Payment information
Correspondence
Third-party information
Consent records
Identification information
Demographic information
Contact information
Stay information
Loyalty information
Payment information
Purchase history
Preferences and inferences
Correspondence
Login details
Social media platform information
Other booking platform information
Third-party information
Website or mobile application data
CCTV and other video surveillance
Biometric information
Consent records
Lawful basis/condition
Performance of a contract
Legitimate interests
Performance of a contract
Performance of a contract
Consent
Legitimate Interests
Performance of a contract
Legitimate interests
Legitimate interests
Consent
Legitimate interests
Performance of a contract
Legitimate interests
Legal obligations
Legal obligations
Consent (for non-essential cookies)
Legitimate interests
Consent
Legitimate interests
Legal obligations
Legitimate interests
6. Disclosures of your personal information
Hyatt, ALG, Playa, and MMSWe may disclose your information to other organisations within Hyatt, ALG, Playa, and MMS, for the purposes described in this Policy, including for providing you with our services, and for administering membership/loyalty programs.
Our service providers and suppliers of goodsLike most international hotel brands, we may outsource the processing of certain functions or the provision of goods and/or information to third parties. When we do outsource the processing of your personal information to third parties or provide your personal information to third-party service providers or suppliers, we oblige those third parties to protect your personal information with appropriate security measures.
Please click here for a list of the third-party service providers or suppliers to which your personal information may be transferred from time to time.
Other booking platformsWe may disclose your personal information to other booking platforms where you have used those platforms to book stays at Hyatt Locations, in order to administer your stay at the relevant Hyatt Location.
Reservations and other requests at third-party locationsOur services, including hyatt.com, allow you to make requests for reservations and other items or services with third parties, including hotels that are not locations we manage, and excursions offered by third parties. This includes booking of MMS properties and bookings on Homes & Hideaways, which properties are operated by third-party property managers and owners. Where you make such a request, you are directing us to pass your information and information about your request that you provide to us, along with information about your World of Hyatt account, to the third party, including third-party property managers and owners. The information we provide to these third parties will be handled in accordance with their own privacy policies and procedures, and not Hyatt’s.
Consumer insightsWhere we hold personal information about you, we may disclose this personal information to other companies that may also hold information about you. These companies may combine the information in order to better understand your preferences and interests, thereby enabling them and us to serve you better. If your personal information is used for direct marketing purposes, you have the right to object to that (i.e., opt out) by contacting us using the relevant contact details set out in Section 13 below.
On-property companiesAt your direction, we may share your personal information with companies and other organisations that own and manage the spas, restaurants, health clubs, and other outlets at Hyatt Locations so they can send you information about the services you have booked (e.g., scheduling reminders), provide you with those services, charge their services to your room account, and/or send you information and promotions about other services that you may be interested in.
Business transfersAs we continue to develop our business, we may sell hotels and other assets, or cease being the manager or franchisor of a Hyatt Location. In those circumstances, we may include the personal information collected about you, or control of that personal information, as a business asset in any such transfer. Also, in the unlikely event that we, or substantially all of our assets, are acquired, personal information collected about you, or control of such information, may be one of the transferred assets. In each case we may also transfer information to third-party legal, technical or financial advisers as part of the relevant transaction.
Similarly, we may disclose your personal information to a third party whom we acquire in order to facilitate mergers and acquisitions of our business and for the furtherance of the purposes described in Section 5 above.
Credit authorizationWhen you request credit, your personal information will be used and disclosed to appropriate third parties in accordance with applicable laws for the purpose of determining whether to grant and maintain a line of credit to you.
Property owners and operatorsWe will share your personal information with property owners and operators. The property owner or operator will use your personal information on behalf of our brands to administer your travel or provide our services; they do so subject to the limitations set out in this Policy and the contractual obligations we have imposed on them to secure your information. These entities also use your personal information as independent controllers to meet their own tax and other legal obligations.
E-Folio ProgramIf you are an employee or independent contractor of a company that participates in our E-Folio Program, and you use the corporate credit card that is provided to you by your employer (if you are an employee of such a company) or corporate client (if you are an independent contractor of such a company) to pay for your hotel bill at a Hyatt Location, then you may benefit from our E-Folio Program.
Under the E-Folio Program, an extract of your bill (including the dates of your stay, your credit card details and amounts incurred at the Hyatt Location including room charges and all incidental charges including but not limited to food, beverage and entertainment charges) will be transferred electronically by the Hyatt Location either to Hyatt or to a third-party service provider located in the United States who acts on Hyatt’s behalf to compile the extract and transfer it to:
the credit card network operator, the credit card issuer and/or their respective subcontractors, who will, in turn, forward that extract to your employer or corporate client (and/or their respective subcontractors) to facilitate the processing and tracking of your travel-related expenses; or
in some limited circumstances, your employer or corporate client (and/or their respective subcontractors) directly for the same purpose
Once the personal information is transferred to the credit card network operator, credit card issuer, your employer or corporate client and/or their respective subcontractors, it is no longer subject to this Policy, but rather your own arrangements with your employer or corporate client, the relevant credit card network operator and/or the relevant card issuer.
Regulators and official authoritiesWe reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or lawfully requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws.
Summary of recipientsWithout limiting the disclosures above, further details about what information we share with service providers and third parties is included in the table below. Please note that the table below contains examples of personal information we may share on an occasional or one-off basis as well as personal information we share routinely.
Service provider / third party
Identification information
Details
ABC
Source
You
7. International transfers of personal information
Due to the international nature of our business, we transfer your personal information to other territories/countries. These territories/countries may have different laws and privacy compliance requirements to those that apply in your country of residence.
For example, we transfer your personal information to the property owners and operators that own, lease, franchise, license, or manage the property. We also transfer your personal information to the third-party suppliers responsible for administering your travel and providing our services. You can see all the territories/countries where Hyatt Locations are based by selecting “All” at www.hyatt.com/explore-hotels.
Safeguarding your personal informationWhen we transfer your personal information to another country, we will ensure that country has been recognised as providing an adequate level of data protection or implement appropriate EU approved standard contractual clauses (or, where applicable, appropriate clauses approved for use in other jurisdictions) or another approved mechanism to safeguard your personal information. Where we have not implemented an appropriate safeguard, we will rely on an exemption, such as your consent or the performance of the contract for our services.
Binding Corporate RulesWhen we transfer your personal information between Hyatt entities (other than ALG and MMS), we use an enhanced safeguard called the Hyatt Global Privacy Principles. The Global Privacy Principles act as Hyatt’s “Binding Corporate Rules” under the GDPR. Binding Corporate Rules are recognised as the ‘gold standard’ for safeguarding global data flows.
The Global Privacy Principles ensure we protect your personal information anywhere in the world – in particular, they effectively safeguard personal information we transfer from inside the European Economic Area to countries in the rest of the world, which have not been deemed by the European Commission to ensure an adequate level of protection for privacy and personal information.
We routinely transfer your personal information to all the major locations in which Hyatt Locations operate including, the United States of America, Hong Kong and Germany. We also transfer your personal information to other Hyatt Locations where necessary for your stay or any other services you request. A full list of the locations where your personal information could be transferred can be found by selecting “All” at www.hyatt.com/explore-hotels.
All entities within Hyatt are required to comply, and to ensure their employees comply, with the requirements of these Global Privacy Principles.
Please contact us using the details in Section 13, if you would like a copy of the Global Privacy Principles and details of any special protections we have implemented in relation to a specific territory/country, or when transferring your personal information.
8. Retention
We will retain your personal information (including your sensitive personal information) for as long as is reasonably necessary for the purpose for which information was collected, or as legally required.
We generally delete your personal information within ten years after our last contact with you subject to: regulatory requirements that we are subject to, including laws and regulations related to tax, employment, accounting, and securities; whether a legal claim might be brought against us, for which the information would be relevant; the necessity of the information to provide our services to our customers; and the types and sensitivity of personal information being processed.
9. Children
We do not sell products or services for purchase by children. You may only use our platforms if you are at least 18 years of age and can form legally binding contracts under applicable law. We do not knowingly solicit or collect information from children under 18 years of age. We will only collect information relating to children with the specific permission of parents or guardians.
10. Choice
You always have certain choices regarding what personal information you wish to provide to us. However, if you choose not to provide us with or allow us to process all personal information that is required for the purposes of your engagement with us, or that is necessary in order for us to comply with our legal obligations, your ability to receive services from us may be affected (for example, we cannot take a reservation without a name). For information on further rights which may be available to you, please see Section 11 below. If you have any further questions, please contact us using the details set out in Section 13 below.
If you provide us with your contact details (e.g., postal address, email address, telephone number or fax number), we may contact you to let you know about the products, services, promotions, and events offered that we think you may be interested in, to the extent permitted by applicable law. We may also share your personal information with certain third parties, who may communicate directly with you, to the extent permitted by applicable law. In some jurisdictions, data privacy laws may require us to obtain a separate consent before we do so. You can choose whether or not to receive any or all of these communications from us by contacting us as described in Section 13 below or following the “unsubscribe” instructions contained in relevant communications.
11. Your privacy rights and specific territories/countries
You have the right to:
Access your information
Object to the use of your information
Erasure of your information
Portability of your information to other organisations
Correct and update your information if it is inaccurate
Restrict our use of your information while any concerns you raise are resolved
Withdraw your consent
Please be aware that these rights are not absolute and there may be situations where they cannot be exercised or they are not relevant to you or your personal information.
You can exercise these rights by clicking here, or by sending us a written request by letter or email to the addresses set out in Section 13 below. Please be sure to include your full name, address and telephone number so we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination.
Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.
If you submit a request to correct or update your personal information, and if we agree that the personal information is incorrect, or that the processing should be stopped, we will delete or correct the personal information. If we do not agree that the personal information is incorrect we will tell you that we do not agree, explain our refusal to you and record the fact that you consider that personal information to be incorrect in the relevant file(s). If you are unhappy with the way we have handled your request, you can escalate your concern to the Chief Privacy Officer by sending an email to privacy@hyatt.com. In some cases, you may also be able to complain to a data protection authority. You can find out more information about your rights on the website of your country’s data protection authority.
European Economic Area, Switzerland and United KingdomIf you are based in the European Economic Area, Switzerland or the UK or receiving services from a Hyatt Location in one of these jurisdictions, you have the right to:
Access your information
Object to the use of your information
Erasure of your information
Portability of your information to other organisations
Correct and update your information if it is inaccurate
Restrict our use of your information while any concerns you raise are resolved
Complain to your data protection authority
Withdraw your consent
The relevant contact details to exercise these rights are set out in section 13 below. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.
Please be aware that these rights are not absolute and there are situations where they cannot be exercised or they are not relevant. You can find out more information about your rights on the website of your country's data protection authority.
BrazilIf you reside in Brazil or are otherwise subject to the Brazilian Federal Law nº 13.709/18 (“LGPD”), you may also exercise the following rights when applicable:
Confirmation and access – you have the right to obtain confirmation as to whether or not your personal data is being processed. If we are processing personal data concerning you, you have the right of access to the personal data and to certain information regarding the processing, as provided for in the LGPD, including information regarding the public and private entities with which we share your personal data.
Rectification – you have the right to require the correction of incomplete, inaccurate, or out-of-date personal data concerning you.
Anonymization, blocking or erasure – you have the right to request the anonymization, blocking or erasure of unnecessary or excessive personal data or personal data processed in non-compliance with the provisions of the LGPD.
Data portability – you have the right to request that the personal data that we process concerning you is transmitted to another service or product provider, limited to our commercial or industrial secrets.
Withdraw consent – you have the right, when the basis for processing is consent, to withdraw the consent at any time, through an easy to use and free of charge procedure. This shall be without prejudice to the lawfulness of the processing of your personal data until consent has been withdrawn. You also have the right to request the erasure of personal data concerning you once consent is withdrawn and to be informed about the possibility of denying consent, and the consequences of such denial.
Object – you have the right to object to the processing of your personal data to the extent that we rely on legal bases other than your consent, in case of violation of the LGPD.
Right to review of automated decision-making – you may request review of decisions taken solely on the basis of automated processing of your personal data which affect your interests, including decisions intended to define personal, professional, consumer or credit profile or aspects of your personality. You may also request clear and adequate information regarding the criteria and procedures used for an automated decision, subject to our commercial and industrial secrecy.
Right to Petition – you may petition with the Brazilian regulatory authority as well as consumer protection entities regarding the processing of your personal data.
Brazilian residents can exercise these rights by emailing or calling us using the relevant contact details in Section 13 below.
Hyatt’s Brazilian Data Privacy Officer is Marilia Brackmann, and she can be reached by emailing privacy@hyatt.com with the subject: “Attn: Brazil DPO.”
IndiaIf you are based in India or receiving services from a Hyatt Location in India, the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the rules framed thereunder apply to the collection, use, sharing and processing of your digital personal information. Unless otherwise stated in the following paragraphs, the rules indicated in this India part apply in addition to and, where contradictions exist, replacement of other sections of the Policy.
NoticeWe will provide you clear notice with or before a request for consent to inform you regarding the purpose of processing your personal data, the manner in which you may exercise their rights under the DPDP Act and make a complaint to the Data Protection Board i.e., regulatory authority constituted under the DPDP Act. You can request for the notice to be provided in any of the 22 languages mentioned in the 8th schedule of the Constitution of India.
Legal basis for processingWe will seek your consent or follow other applicable legal bases to process your personal information for our business and commercial purposes described in Section 5 above. In particular, we rely on your consent for the processing of your personal information for conducting direct marketing activities.
If you are providing personal information to us which relate to another individual (for example, by making a booking on behalf of a family member or colleague), you confirm that they are aware and agree with such personal information being provided to us.
We and other parties use cookies and related technology for advertising purposes, which could constitute “processing” of your personal information under the DPDP Act. We will provide you an opt-in option before processing your personal information for advertising purposes. Your opt-in or opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your cookies or your browser’s cache.
We will not undertake tracking or behavioural monitoring of, or targeted advertising directed at children below the age of 18.
Further processingWe will not process your personal information for a purpose that is inconsistent with or differs from the purpose(s) for which we originally collected it, except where such personal information is publicly available, where you give us your consent, where we need to do so in order to comply with applicable law, or where we are processing such information for a ‘legitimate use’ as per the DPDP Act.
International transfers of your Personal InformationWe will not transfer any of your personal Information to countries specifically subjected to restrictions by the Indian Government.
Your rights under the DPDP ActIn addition to other rights outlined in this Section 11 which may be applicable to you, you have the right to nominate any other individual to exercise the above-mentioned rights under the DPDP Act in the event of your death or incapacity (unsoundness of mind or infirmity of body).
JapanIf you are based in Japan or receiving services from one of our Hyatt Locations in Japan, this Policy gives effect to our commitment to protect your personal information and has been adopted by Hyatt International-Asia Pacific, Limited and the legal entities who own and operate Andaz Tokyo Toranomon Hills, Caption by Hyatt Namba Osaka, Fuji Speedway Hotel, Grand Hyatt Fukuoka, Grand Hyatt Tokyo, Hotel Toranomon Hills, Hyatt Centric Ginza Tokyo, Hyatt Centric Kanazawa, Hyatt House Kanazawa, Hyatt House Tokyo Shibuya, Hyatt Place Kyoto, Hyatt Regency Hakone Resort and Spa, Hyatt Regency Kyoto, Hyatt Regency Naha Okinawa, Hyatt Regency Seragaki Island Okinawa, Hyatt Regency Tokyo, Hyatt Regency Tokyo Bay, Hyatt Regency Yokohama, Park Hyatt Kyoto, Park Hyatt Niseko Hanazono, and Park Hyatt Tokyo.
Please see Section 6 above for more information on disclosures of your personal information, including a list of:
our service providers and suppliers to which we may disclose your personal information for the purposes described in this Policy; and
the independent third parties to which we may disclose your personal information for the purposes described in this Policy.
Please click here for a list of the Hyatt, ALG, and MMS organisations to which we may disclose your personal information for the purposes described in this Policy.
Kingdom of Saudi ArabiaIf you are based in the Kingdom of Saudi Arabia (the “KSA”), the processing of your personal information is subject to the Personal Data Protection Law issued pursuant to Royal Decree M/19 of 16/09/2021 [Gregorian], as amended pursuant to Royal Decree M/148 of 27/03/2023 [Gregorian] (the “PDPL”) and the regulations accompanying the PDPL, the Regulation on Personal Data Transfer outside the Kingdom (“Transfer Regulation”) and Implementing Regulation of the PDPL (collectively, the “Regulations”). Accordingly, the following specific provisions apply to you and the processing of your personal information, despite anything else in this Policy to the contrary.
Additional information about our processing of your personal informationThe type of personal information that we may collect about you, the purpose for its collection and subsequent processing by us, the lawful bases for processing and the third parties to whom we may disclose your personal information are described in this Policy in Section 2, Section 3, Section 4 and Section 5 above. Except when we otherwise indicate to you at the time we collect personal information, its provision by you is optional, and where we rely on your consent for its collection and subsequent processing, you have the right to withhold or subsequently withdraw your consent, in whole or in part.
We will generally retain your personal information only for as long as necessary to achieve the purpose(s) for which it was collected, or for any longer period of time that we are required to retain your personal information under applicable law, after which we will securely destroy it.
Further processingWe will not process your personal information for a purpose that is inconsistent with the purpose(s) for which we originally collected it, except where such personal information is publicly available, where you give us your consent, where we need to do so in order to comply with applicable law, or where this is necessary to achieve our legitimate interests.
International transfers of your personal informationWe will not transfer any of your personal Information outside the KSA, except to jurisdictions which are formally recognized by the KSA authorities as having an adequate level of protection of personal information, or otherwise on the basis of one or more of the conditions set out in the Regulations of the PDPL.
Exercising your rightsThe relevant contact details to exercise these rights are set out in Section 13 below. Please state your name, address and valid ID document details (such as passport, iqama or identification card number) and attaching a copy of that ID document. We will respond to your request within 30 days, however if your request requires unexpected processing, we will inform you of any extension in our response to you. You will be informed in circumstances whereby we may decline to fulfil your request under the Regulations of the PDPL
MexicoIf you are based in Mexico or otherwise subject to the Mexican data protection laws (including the Data Protection Under Federal Data Protection Held By Private Parties Act (“the Act”)), the data controller for the use, processing, and protection of your personal data will be the company with whom you have contracted our services. You can find the relevant contact details in Section 13 below.
In addition to any relevant rights outlined in this Section 11, you have the right to:
learn how we use this information and the specific terms and conditions governing its use, and
opt-out of direct marketing.
You can find out more information about your rights on the website of the National Institute of Transparency, Access to Information and Personal Data Protection: www.inai.org.mx.
ConsentIf you are based in Mexico or otherwise subject to the Mexican data protection laws, where necessary you consent to Hyatt’s use of your personal information as described in this Policy, unless you provide an express objection, by sending an email to privacy@hyatt.com. Consent is not required for any processing that is necessary for a contract between you and Hyatt, or in respect of the matters referred to in Article 10 of the Act.
Where we rely on consent to process your personal information, you have the right to withdraw that consent. However, in certain cases, we may not be able to fulfil your request or immediately stop processing your information due to legal or tax obligations we are subject to. Additionally, withdrawing your consent for certain purposes might result in our inability to provide the service you requested, or terminate the agreement we have with you. Therefore, you may withdraw your consent or object to only those purposes that are not essential for performing the agreement we have with you or for complying with our obligations.
Your consent may be provided by agreeing to this Policy, through a third party, in person or through any other reasonable means used by Hyatt.
By providing any third-party’s personal information to Hyatt, you confirm that you have provided the third party with a copy of this Policy and where necessary have obtained their consent to any handling of their personal data by Hyatt.
The above is without prejudice to your ability to exercise your rights under the Act.
Limit the use and disclosure of your informationYou may also limit the use and disclosure of your personal information by registering with:
the public registry to avoid advertising, managed by the Federal Consumer Protection Agency (“PROFECO”), which prevents your data from being used to receive advertising or offers of goods and services. To do so, please visit the official website of PROFECO; or
our exclusion list, which ensures that your personal information is not processed by us for marketing, advertising, or commercial purposes.
How to make a requestIn order to (i) exercise any of your rights; (ii) withdraw your consent, and (iii) limit the use or disclosure of your personal information or obtain more information about the procedure and requirements to do so, you must submit a request to us using the relevant contact details provided below. Your request should include:
full name of the owner of the personal data;
a description of the personal data related to your request;
a specific reference to the right(s) you want to exercise, if applicable, or if you want to withdraw consent or limit the use or disclosure of your personal data; and
your address or other means for delivering our response to your request.
To verify your identity, please attach a copy of your official identification document to your request. If the request is submitted by a legal representative, you must provide proof of their authority to act on your behalf.
Please note that the team in charge of processing your request for exercising your rights or revoking consent will respond to your request within twenty (20) business days, starting from the date you submitted your request.
Mexican contact details
Hyatt Hotels & Resorts9805 Q Street
Omaha NE 68127
United States
People’s Republic of ChinaIf you are based in the People’s Republic of China (for the purpose of the Policy, excluding the Hong Kong Special Administrative Region, the Macau Special Administrative Region and Taiwan, the “PRC”), the Personal Information Protection Law (the “PIPL”) applies to the processing of your personal information. Unless otherwise stated in the following paragraphs, the rules indicated in this PRC part apply in addition to and, where contradictions exist, replacement of other sections of the Policy.
Legal basis for processingWe will seek your consent or follow other applicable legal bases to process your personal information. In particular, we rely on your consent for the processing of your personal information for conducting direct marketing activities.
Sensitive personal informationThere may be instances in which the personal information that you provide to us or that we collect is considered sensitive personal information under the PIPL (for example, governmental identifiers and financial information). We only process sensitive personal information if and to the extent permitted or required by applicable laws, including after obtaining your separate consent if required. We will seek to protect such information rigorously using the security measures required by the applicable laws and, hence, your sensitive personal information should not be processed in a way that will result in negative implications to your personal rights (for example, harm to your reputation, physical or mental health, personal or property security).
Sharing and international transferWhen necessary for the purposes described in the Policy, subject to your consent where necessary, your personal information may be shared to third parties located within or outside of the PRC. We will only share personal information that are necessary for the purposes indicated in Section 5 and Section 6 above.
Please click here for a full list of organisations to whom we transfer personal information and their respective contact details and details on what, how and why such organisations process your personal information.
If required by applicable laws, we will conduct a security assessment, and/or undergo a personal information protection certification or sign standard contracts for cross-border transmission of personal information and take necessary measures to ensure the overseas recipient’s personal information handling meets the relevant personal information protection standards under the PIPL.
Your rights under the PIPL In addition to any relevant rights outlined in this Section 10, you may have certain additional rights related to your personal information. These rights include the right to cancel your account and the right to request explanation.
The relevant contact details to exercise these rights are set out in Section 13 below. To ensure security, we will process your request in a timely manner and within the required timeframe after verifying your identity. We may refuse the requests that are unreasonably repeated, require too many technical methods (for example, need to develop new systems or fundamentally change current practices), raise risks to rights and interests of others, or are very impractical.
South KoreaIf you are based in South Korea or receiving services from one of our Hyatt Locations in South Korea, this section provides additional information regarding the processing of your personal information in accordance with the Personal Information and Protection Act (PIPA) of the Republic of Korea. In the event of any conflict between the main body of this Policy and this South Korea section this section shall prevail.
This Policy has been adopted by the legal entities, for their Hyatt related operations, who own and operate Andaz Seoul Gangnam (Owner: KT Estate Inc.), Grand Hyatt Incheon (Owner: KAL Hotel Network Company Limited), Grand Hyatt Jeju (Owner: Lotte Tour Development Co., Ltd), Grand Hyatt Seoul (Owner: Seoul Miramar Corporation), Park Hyatt Busan (Owner: Hyundai Development Company), and Park Hyatt Seoul (Owner: Hyundai Development Company).
Personal Information Processing PolicyHyatt has established and disclosed this Policy in accordance with Article 30 of the PIPA to protect the rights and freedoms of data subjects, and to ensure the prompt and effective resolution of related grievances.
Purpose of processing personal informationHyatt collects and processes personal information for the following purposes. Personal information will not be used for any purpose other than those specified below. Should the purpose of use change, Hyatt will take necessary measures such as obtaining consent, in accordance with Article 18 of the PIPA.
Loyalty membership registration and management: To confirm membership registration, verify identity and authenticate users for membership services (e.g., World of Hyatt), maintain and manage membership status, prevent unauthorized or fraudulent use of services, provide important notices, and handle related inquiries or grievances.
Provision of accommodation, goods and services: To process and fulfil accommodation reservations, deliver goods, provide various services, issue contracts and invoices, supply content, offer personalized services, verify identity and age, process payments and settlements, and provide concierge and related guest services.
Marketing and advertising: To develop new products and services, offer personalized services, provide information on promotional events, tailor advertisements based on demographic characteristics, and analyze service usage statistics and access frequency.
Grievance handling, dispute resolution, and exercising data rights Requests: To verify the identity of complainants, confirm the details of complaints, conduct fact-finding communications, and notify individuals regarding the resolution of their concerns and related outcomes.
Items and retention period of personal information processedHyatt processes and retains personal information only for as long as necessary to fulfil the purposes for which it was collected, or within the period stipulated by applicable laws and regulations.
Personal information processed with the data subject's consent
Categories
Identification information
Details
ABC
Source
You
Data subjects may refuse the overseas transfer of their personal information by contacting the department as specified below in the “Rights and obligations of data subjects and legal representatives, and methods of exercise” sub-section. However, please note that such refusal may result in the restriction of all or part of our services—including membership registration and reservations—as overseas transfers are essential for the provision of our global hospitality services.
Furthermore, the transfers detailed in the "Provision of personal information to third parties" (Lawful Basis: Article 28-8(1)(1) of the Personal Information Protection Act) and "Delegation of personal information processing(here)" (Lawful Basis: Article 28-8(1)(3) of the Personal Information Protection Act) section above also constitute international transfers of personal information, as all listed recipients and delegatees are located overseas. The timing and method of transfer, the data subject's method and procedure for refusal, and the effects of such refusal are the same as described in this article.
Destruction of personal informationHyatt will promptly destroy personal information without delay when it is no longer necessary, such as when the retention period has expired or the purpose of processing has been achieved. If personal information must be retained in accordance with other laws, it will be transferred to a separate database (DB) or stored in a different location.
Destruction Procedure: Hyatt selects the personal information to be destroyed and proceeds with destruction in accordance with Hyatt’s record retention procedures.
Destruction Method: Electronic files are destroyed using technical methods that render the records irrecoverable. Paper documents are destroyed by shredding or incineration.
Rights and obligations of data subjects and legal representatives, and methods of exercise
Data subjects may exercise the following rights with respect to Hyatt at any time: (1) Request access to personal information; (2) Request correction; (3) Request deletion; (4) Request suspension of processing; and (5) Withdraw consent for the collection, use, and provision of personal information.
These rights may be exercised by submitting a request online, by email, in writing, or by phone. Hyatt will respond without undue delay. You may also directly manage your information through the ‘My Account’ section on our website.
The exercise of rights may be carried out by the data subject, a legal representative, or an authorized agent. In such cases, a power of attorney must be provided.
Please note that requests for access or suspension of processing may be subject to restrictions under Article 35(4) and Article 37(2) of the Personal Information Protection Act (PIPA).
Requests should be directed to the following department:
Department for Receiving and Processing Requests: Consumer Affairs
Contact:
Online inquiries may be submitted here.
privacy@hyatt.com
(888) 524-9288,
Hyatt Hotels & Resorts, Attn: Consumer Affairs, 9805 Q Street, Omaha, NE 68127, United States
Automated collection of personal informationHyatt uses cookies and similar technologies to provide customized services. Cookies are small text files sent to your browser and stored on your device. For more information see Section 4 above.
Purpose of Cookies: To enable functionality, track usage, improve products and services, and for marketing and analytics, including interest-based advertising.
Behavioural Data: Hyatt and our partners (e.g., advertising networks, social media companies) may collect behavioural data (e.g., website visit history, search queries) to provide personalized services and targeted advertising. You can opt-out of such tracking via your browser or device settings or by going to the Cookie Center link in the footer when available.
The data subject has the right to choose whether to install cookies. Therefore, you may allow all cookies, require confirmation each time a cookie is saved, or refuse to save any cookies by adjusting the options in your web browser or by using the Cookie Center link in the footer of some of our websites.
However, if you refuse to install cookies, you may experience difficulties using certain services that require them, such as personalized features.
Below are instructions on how to configure your cookie settings in major web browsers. Please note that menu paths may vary slightly depending on the browser version.
(a) For Google Chrome
Click the [More] button (⋮) at the top right of the browser.
Go to [Settings].
Select [Privacy and security] from the left-hand menu.
Click on [Cookies and other site data].
You can choose one of the following options:
"Allow all cookies"
"Block third-party cookies in Incognito"
"Block third-party cookies"
"Block all cookies (not recommended)"
(b) For Microsoft Edge
Click the [Settings and more] button (...) at the top right of the browser.
Go to [Settings].
Select [Cookies and site permissions] from the left-hand menu.
Click on [Manage and delete cookies and site data].
You can toggle "Allow sites to save and read cookie data (recommended)" on or off, and manage "Block" and "Allow" lists for specific sites.
(c) For Safari
From the [Safari] menu at the top left of the screen, select [Settings] (or [Preferences]).
Go to the [Privacy] tab.
Under "Cookies and website data," you can select "Block all cookies."
You can also click [Manage Website Data...] to see and remove cookies for specific sites.
(d) For Other Browsers Please refer to the help section of your respective browser for instructions on how to manage cookie settings.
Processing of Online Behavioral Information
Hyatt and our partners use automated tools such as cookies and SDKs to collect users’ online behavioral information in order to provide personalized services and targeted advertising. Hyatt processes this behavioral information without identifying you as an individual.Behavioral Information Collected by Hyatt
Categories
Identification information
Details
ABC
Source
You
Security measures for personal information. In accordance with Article 29 of the PIPA, Hyatt implements the following security measures to ensure the safe handling of personal information
Administrative Measures: Establishment of internal management policies and regular training for employees.
Technical Measures: Management of access rights, installation of access control systems, encryption of sensitive information, and implementation of security software.
Physical Measures: Access restrictions for data centers and information storage rooms.
Remedies for infringement of rightsIf your personal information rights have been infringed, you may seek dispute resolution or consultation from the following institutions:
Personal Information Dispute Mediation Committee: (Toll-free) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: (Toll-free) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: (Toll-free) 1301 (www.spo.go.kr)
National Police Agency: (Toll-free) 182 (ecrm.police.go.kr)
Domestic RepresentativeIn accordance with Article 31-2 of the PIPA and Article 32-5 of the Network Act, Hyatt has designated a domestic representative as follows:
HYGCC KOREA
Representative: Neo Yoke Lin Patricia
Address: 4F, 35 Seongsuil-ro 12-gil, Seongdong-gu, Seoul, Korea
Contact person: Woonghee Kim, Assistant Director of Operations
Phone: 02-461-2188
Email address: marcus.kim@hyatt.com
Amendments to this Privacy Policy
This policy (Republic of Korea) will be effective from July 15, 2025.
United States and California notice at collection
For purposes of exercising the rights described in this section, please note the following additional details regarding how we collect and use your personal information as described in this policy:
Depending on the nature of our interactions with you, we may collect, and use for our business and commercial purposes, the following categories of personal information as set forth in applicable California law: Identifiers; California customer records (such as birthdate, contact information, and payment information); characteristics of protected classifications under California or federal law (such as demographic information); commercial information; biometric information; Internet or other electronic network activity information; professional or employment information; education information; geolocation data; audio, electronic or visual information; sensitive personal information (as set forth in Section 3); and inferences.
We use the above categories of personal information for the business and commercial purposes described in Section 5 above. We may use and disclose sensitive personal information for the purposes described in Section 4 and Section 5 above.
We collect personal information from the following categories of sources, as more fully described in Section 2 above: directly from you, automatically from your devices, from other booking platforms, from our service providers, from social media, from our business partners, and from our affiliates and subsidiaries.
We may disclose each of these categories of personal information to the extent permitted by applicable law with the following categories of parties, as more fully described in Section 5 above: affiliates and subsidiaries, service providers, business partners, advertising networks, data analytics providers, social media networks, other booking platforms, credit reporting bodies, with entities for our legal compliance purposes, and with potential acquirers or creditors.
We may “sell” (as defined in applicable state privacy laws) or “share” (as defined in applicable state privacy laws) for purposes of cross-context behavioral advertising the following categories of personal information: identifiers; customer records; demographic information; commercial information; website data or other electronic network activity; geolocation data; and inferences. We sell and share this personal information with advertisers, advertising networks, and social networks. We do not knowingly sell or share the personal information of consumers under 16 years of age.
We use or disclose sensitive personal information for purposes specified under applicable California privacy regulations. We retain your personal information as described in Section 8 above.
From time to time, we may collect personal information in connection with a promotion, offer, program, or discount, including the World of Hyatt loyalty program. See here for World of Hyatt terms and conditions. We or our vendors may disclose such personal information in connection with our World of Hyatt alliances, including those listed at here. The offers and incentives made available through them are generally related to the value of the relationships that we have with the individuals who participate. Participation is voluntary, and you may withdraw at any time by contacting us using the information set forth in Section 13 below.
Where you are resident in the United States, depending on the privacy laws in your state of residence and to the extent required by such applicable privacy laws, you may also be able to make some or all of the following requests with respect to your personal information, all of which are subject to certain exceptions, specific definitions, and limitations under applicable law and regulation:
Access/right to know – You can request to confirm whether we process personal information about you, and you can request that we disclose to you the categories of personal information collected about you (including sensitive personal information), the categories of sources from which the personal information is collected, the categories of personal information sold, shared, or disclosed, the business or commercial purpose for collecting, selling or sharing the personal information, the categories of third parties (or, in certain states, a list of third parties as defined in applicable state law) to whom we disclosed the personal information, the specific pieces of personal information collected about you, and information about the logic involved in any automated decision-making processes used by us (if applicable), as well as a description of the likely outcome of the process with respect to you.
Deletion – You can request that we delete your personal information that we maintain about you, subject to certain exceptions.
Do not sell or share my personal information – You can request to opt out of the sale (as such term may be defined in applicable law in your jurisdiction of residence) of your personal information and the sharing (as such term may be defined in applicable law in your jurisdiction of residence) of your personal information for cross-context behavioral advertising. We and other parties use cookies and related technology for advertising purposes, which could constitute a “sale” or “sharing” of your personal information according to some privacy laws. If you would like to opt out of such cookie-based tracking for advertising purposes, you can update your cookie preferences on our websites by clicking on the “Cookie Center” link that may be in the footer of the page you are viewing or by broadcasting an opt-out preference signal recognized by Hyatt, such as the Global Privacy Control signal, on a browser or browser extensions that support such a signal. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting aboutads.info/choices.
Your opt out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache. This means you need to adjust your cookie preferences on each website, device, and browser you use.
Opt-out of targeted advertising –We may use personal information obtained (or in some instances inferred) from your activities across unaffiliated sites to send more relevant advertising to you, including certain categories of personal information in Section 2above. You can request that we stop using your personal information for such targeted advertising by following the steps below and also updating your cookie preferences by clicking on the “Cookie Center” link that may be in the footer of our websites (e.g., Hyatt.com), or broadcasting an opt-out preference signal recognized by Hyatt, such as a Global Privacy Control signal, on the browser or browser extensions that support such a signal. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting aboutads.info/choices. Your opt out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your cookies or your browser’s cache. This means you need to adjust your cookie preferences on each website, device, and browser you use.
Correct or update my personal information –You may request that we correct, update, or modify the personal information we maintain about you. If you have an account, you can also update your profile information any time by visiting the account settings page within your account.
As is the case for all consumers regardless of residency, we will not deny you any products or services, nor discriminate against you in any other manner, in response to you exercising any of these rights.
Eligible individuals can request to exercise these rights by emailing or calling us using the contact information below or by clicking here:
Email –privacy@hyatt.com
Phone –(888) 524-9288
We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. You may submit an appeal if you are not satisfied with the outcome of your request. To do so, please send us an email to privacy@hyatt.com with “Data Subject Request Privacy Appeal” in the subject line.
Please note that after you opt out of sale, sharing, or targeted advertising, your use of our websites may still be tracked by Hyatt and our service providers.
We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the personal information, the nature of your request, and whether you have an account with us.
You may designate an authorized agent to make a request on your behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent and ensure the agent has the necessary information to complete the verification process.
If you reside in California, you also have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please write to us using the contact information provided under Section 13 below. Indicate in your correspondence that you are a California resident making a “Shine the Light” inquiry.
If you are a Nevada resident, you can request that we not “sell” your “covered information” (as defined in applicable Nevada law). To make such a request, email us using the information set forth in Section 13 below. Please use “Nevada Do Not Sell” in the subject line.
12. Updates
This Policy may undergo modifications, changes, or updates resulting from new legal requirements, internal needs, improvements in our privacy practices, or other reasons. Any changes made to this Policy will be available on this website.
13. Contact
GeneralIf you have any questions about this Policy or would like to exercise any of your rights set out in Section 11 above, please click here or contact us by any of the following means:
by calling one of the toll-free reservation numbers located at the Customer Service page on hyatt.com;
by mail at the following address:
Hyatt Hotels & ResortsAttn: Consumer Affairs
9805 Q Street
Omaha NE 68127
United States; or
by contacting the front desk at any of our Hyatt Locations.
If you are not satisfied with the response that you receive, you can escalate your concern to our Chief Privacy Officer or contact our Data Protection Officer (DPO) team by sending an email to privacy@hyatt.com.
14. The application of this Policy
Hyatt portfolioThis Policy applies to Hyatt Hotels Corporation and its direct and indirect subsidiaries.
This Policy also applies to the reservation information collected when booking through our websites and apps and any location listed on our website (unless excluded below) which includes Homes and Hideaways by World of Hyatt and the following brands (collectively, “Hyatt Locations”).
Park Hyatt®
Alila®
Miraval®
Impression by Secrets
The Unbound Collection by Hyatt®
Andaz®
Thompson Hotels®
The Standard®
Dream Hotels®
The StandardX®
Breathless Resorts & Spas®
JdV by Hyatt®
Bunkhouse Hotels
Me And All Hotels
Zoëtry® Wellness & Spa Resorts
Hyatt Ziva®
Hyatt Zilara®
Secrets® Resorts & Spas
Dreams Resorts® & Spas
Hyatt Vivid Hotels & Resorts
Sunscape® Resorts & Spas
Alua Hotels & Resorts
Grand Hyatt®
Hyatt Regency®
Destination by Hyatt®
Hyatt Centric®
Hyatt Vacation Club®
Hyatt®
Caption by Hyatt®
Hyatt Place®
Hyatt House®
Hyatt Studios®
Hyatt Select®
The use of the ® symbol designates marks that are registered with the U.S. Patent and Trademark Office, and such marks may also be registered with the trademark offices of certain other territories and countries.
Hotel owners and operatorsMost Hyatt Locations are operated in cooperation with independent property owners and their operators (as applicable) that own, lease, license, franchise or manage the property. As indicated in Section 6, property owners and operators may use your personal information for the limited purposes of complying with their legal obligations.
You can ask for the details of the property owner for your Hyatt Location at the front desk or by using the contact details below.
Apple Leisure GroupThis Policy does not apply to the Apple Leisure Group companies (“ALG Companies” or "ALG") and their affiliates, including ALG Vacations Corp., Unlimited Vacation Club, Amstar DMC, or Trisept Solutions, LLC.
The ALG Vacations Corp. privacy notice is available here.
The Unlimited Vacation Club privacy notice is available here.
The Amstar DMC privacy notice is available here.
The Trisept Solutions, LLC privacy notice is available here.
Mr and Mrs SmithThis Policy does not apply to Mr and Mrs Smith (“MMS”) or properties made available for reservations via MMS. The MMS privacy notice is available here.
Playa Hotels & ResortsThis Policy does not apply to Playa Hotels & Resorts ("Playa"). The Playa privacy notice is available here.
Further exclusionsThis Policy does notapply to:
Bahia Principe properties and locations,
UrCove properties and locations,
The Venetian Las Vegas,
locations affiliated with the Joie de Vivre brand but not affiliated with Hyatt. This includes the Galleria Park hotel; and
locations that participate in the World of Hyatt loyalty program through an alliance with the World of Hyatt program, but which are not Hyatt Locations.
In each case, please check for and read the separate privacy policies provided.
Local lawsWhile this Policy is intended to describe the full range of our information collection, processing and sharing activities globally, some activities may be more limited in some jurisdictions based on the particular laws or regulations in those territories/countries.
For example, the laws of a particular territory/country may limit the types of personal information we can collect or the manner in which we process that information. In those instances, we adjust our practices to reflect the requirements of local law.
Please check Section 11 to see if there are any specific requirements under local law which are applicable to your jurisdiction.
Hyatt personnel If you:
are currently, or have been, a staff member of Hyatt; or
apply, or have applied, to be a staff member of Hyatt,
Please see the applicable Privacy Policy for Employees. This Policy does not apply to your personal information, unless collected in your capacity as a guest.