Personal Data Protection Awareness Training
For Internal Use
2
Personal Data Protection
PERSONAL DATA refers to any data that can identify an individual
PERSONAL DATA PROTECTION refers to regulating and safeguarding the collection, use, disclosure and retention of individuals' personal data
Shangri-La is RESPONSIBLE for personal data in its possession/control
3
Importance of Personal Data Protection Responsibility
Compliance
Reputation
Keep our guests and employees data secure & confidential
Comply with diverse and evolving legal and regulatory landscape across the globe
Build upon the trust and confidence our guests and employees have in Shangri-La
Productivity
Data breach may cause operation downtime and other time-consuming issues
4
Shangri-La Personal Data Protection - Highlights
5
Front Desk Make sure you use the latest Guest Registration Card which sets out the Personal Information Collection Statement. Draw guests’ attention to Direct Marketing section in the latest Guest Registration Card.
Pay attention when collecting personal data to ensure that it is accurate and complete.
6
Health Club & SPA Do NOT force guests to provide their health and fitness data if they are not willing to. Keep all guests’ personal data secure and confidential.
Keep all payment data secure at all times.
ALWAYS refer to the updated version of Shangri-La policies, forms and templates related to personal data protection.
7
Vendor Management Vendors/strategic partners MUST abide by Shangri-La’s data protection, security and retention policies when handling personal data on behalf of Shangri-La.
Vendors/strategic partners should NOT use any shared personal data for direct marketing unless authorized to do so.
8
Events Do NOT force event attendees to provide their personal data or business cards to Shangri-La. . Providing business cards does NOT amount to consent to receiving marketing information from Shangri-La.
Discard all personal data collected immediately after the event in a secure manner.
9
Sales & Marketing Obtain written consent before sending direct marketing materials.
Do NOT send marketing materials about goods and services which are not covered in direct marketing consent forms.
Do NOT send marketing materials to guests who withdrew their consent, or subscribed to a Do-Not-Call Register.
10
Human Resources Shangri-La keeps all employees’ personal data confidential and ONLY use for purposes set out in the Employee Personal Information Collection Statement. If you need to access and update your own personal data, contact your HR Department.
11
Data Protection Officer An individual has the RIGHT to access, correct/rectify, request deletion/erasure, or restrict or withdraw consent to processing their personal data, a right to object against profiling and a right to data portability under applicable law.
If you receive any personal data request, contact the DPO at dataprotectionofficer@shangri-la.com.
12
Updated Forms/Templates
Shangri-La's Website/ App Privacy Policy Guest Registration Card GC and The Table Enrolment Forms Health Club & Spa Forms Post-Stay Survey Form Wi-Fi Terms and Conditions Candidate Data Protection Notice Employee Data Protection Notice Data Protection Addendum for Strategic Partners Data Protection Addendum for Third Party Vendors
13
Risk Management
Receive an enquiry/ request/ complaint from an individual or suspect misuse of personal data
1 2
Notify the DPO immediately
The DPO takes appropriate actions, which may include internal investigation
3 4
The DPO notifies affected individual(s), the relevant regulators, and any relevant third parties where appropriate
14
Summary Shangri-La takes personal data protection very seriously. 1. We VALUE and RESPECT the privacy of the personal data we collect from our guests, employees, business partners and service providers.
2. We COMPLY with data protection laws and AIM to offer a UNIFORM and HIGH STANDARD of personal data protection across our global operations. 3. We EXPECT our hotels, employees and contractors to abide by these principles.
This flipbook is meant for internal use. Version as of 8th May 2018.
For enquiries, contact dataprotectionofficer@shangri-la.com