310 Gloucester Road, Causeway Bay, Hong Kong, China
Privacy Policy
Victoria Park Hotels Limited ("Company")
Personal Data Statement to Customers ("Statement")
This Statement serves to inform the customers of the policies and practices with respect to the collection, use, retention, disclosure, transfer, security and access of personal data adopted by the Company and the owners of the hotel properties managed and/or operated by the Company in accordance with the Personal Data (Privacy) Ordinance Cap. 486 ("Ordinance") and applicable data protection laws. This includes personal data collected offline at our hotels, and online through our websites, applications (including mobile apps) and third-party platforms (together referred to as “Sites”). References to "we", "us", "our" or "ours" in this Statement are to be construed, depending on the context, as referring to those properties or entities collectively or severally.
1. Personal Data We Collect
We collect personal data from the following categories of sources:
- a) Directly from customers: Much of the personal data we process is information that customers or someone acting on customers’ behalf directly provides to us. For example, customers may provide us with Contact and Identification Information, Demographic Information, and Health-related Information, when customers create accounts, make reservations, complete surveys, participate in contests or promotional offers, contact customer service, use our Wi-Fi, or contact us via email, text, or chat, over the phone, in person, or through third parties.
- b) From customers’ devices and our networks: We use cookies and related technologies to collect personal data from and across devices when customers interact with us through our Website, Application, emails, or other online content or when their devices connect to, or are detected by, the wireless networks at our properties.
- c) From other businesses or individuals: We work with business and marketing partners and social media platforms that give us personal data of customers from whom they have collected either directly or indirectly. We also receive customers’ personal data from customers’ friends and family, for example when a family member or friend makes a reservation or checks in on a customer’s behalf. We may also offer device- or operating system-based authentication as a log-in method of accessing certain services. In those instances, we are notified as to whether the authentication was successful.
- d) From social media: If customers post to one of our pages on a social media site, we may receive their Contact and Identification Information (ID), and any other personal data contained in customers’ social media posts or profile.
- e) Categories of Personal Data Collected:
Category Examples Contact and Identification Information Name, phone number(s), postal address, email address, passport and visa information, government ID information, nationality, date of birth Payment Information Credit/debit card details, billing address, bank account information Reservation and Stay Information Arrival/departure dates, room preferences, vehicle registration, goods and services purchased, special requests, guest preferences Account Information Username, password, loyalty program membership number Communications Records of correspondence with us, feedback, survey responses Technical Information IP address, browser type, domain name, access time, device information CCTV Footage Images captured at our hotel properties for security purposes Health-Related Information Information voluntarily provided regarding accessibility requirements or other health-related needs to accommodate guest stays
2. Mandatory Personal Data
From time to time, it is necessary for customers to supply us with personal data in connection with the provision of goods and/or services. Customers must provide us with the personal data marked with an asterisk (*) or otherwise indicated as mandatory on our forms, otherwise we may not be able to process their requests or comply with our legal obligations. Failure to supply such data may result in us not being able to provide the goods and/or services.
3. Purposes of Collection and Use
We collect and use personal data for the following purposes:
- a) Provision of Services:
- Processing and managing hotel accommodation and/or restaurant reservations and arrangements
- Providing membership-related services
- Responding to inquiries and requests for information or services
- Delivering goods and services purchased
- Managing guest stays and preferences
- b) Payment and Credit Management:
- Processing payment instructions, direct debit facilities and/or credit facilities
- Analyzing, verifying and/or checking credit, credit history and payment
- Ensuring ongoing creditworthiness
- Determining debt amounts and processing collections
- c) Legal and Contractual Obligations:
- Performing, preparing and enforcing agreements between the customer and us
- Meeting disclosure requirements under any law
- Complying with legal, regulatory and accounting obligations
- d) Business Operations and Improvement:
- Conducting data analysis, audits and research
- Monitoring and improving our products and services
- Training and quality assurance
- Maintaining network and data security
- e) Direct Marketing (subject to Section 4 below):
- Sending information about our hotels, products, services, events, offers and promotions
- Administering satisfaction surveys
- Communicating news about our membership programmes (Marriott Bonvoy and/or Prestige Club)
- f) Any other purposes directly relating to the above
4. Direct Marketing
4.1 Use of Personal Data in Direct Marketing
We intend to use customers' personal data in direct marketing of our hospitality businesses. We will not use customers' personal data for direct marketing without obtaining customers' prior consent or indication of no objection.
4.2 Classes of Personal Data for Marketing
We may use the following classes of personal data for direct marketing:
- Name
- Email address
- Mobile phone number
- Postal address
- Telephone number(s)
4.3 Classes of Marketing Subjects
We may market the following classes of products, services and subjects:
- Hotel accommodation and related services
- Food and beverage outlets and services
- Events, conferences and banqueting
- Spa, wellness and recreational facilities
- Special offers, promotions and packages
- Loyalty and membership programmes (Marriott Bonvoy and/or Prestige Club)
- Satisfaction surveys and market research
4.4 Consent Mechanism
We will obtain customers' separate and specific consent (or indication of no objection) for direct marketing:
- At the time of account creation
- At the time of reservation
- Through clearly presented opt-in checkboxes on our forms
- Through verbal consent recorded in our systems
We will not infer consent from customers' failure to opt out where consent is required.
4.5 Opt-Out Right
Customers may, at any time and free of charge, choose not to receive marketing communications or opt-out from receiving marketing communications by:
- Following the unsubscribe instructions contained in each marketing email or SMS/MMS message; or
- Adjusting account preferences on our Sites; or
- Contacting us directly at info@parklane.com.hk
4.6 Non-Marketing Communications
If customers opt out of marketing communications, we may still send them non-promotional communications, such as those relating to their reservations, service notices, or Marriott Bonvoy and/or Prestige Club members' account-related communications, unless we are prohibited from doing so by applicable laws. Loyalty programme members will continue to receive programme-related service communications despite having opted out of direct marketing, without detriment to their loyalty benefits.
5. Third-Party Personal Data
Where a customer provides personal data of third parties (e.g., names and contact details of family members or friends for reservation purposes, or emergency contact information), the customer represents and warrants that:
- They have obtained the relevant third party's consent to provide their personal data to us.
- They have informed the relevant third party of the purposes for which their personal data will be used as set out in this Statement.
- They have directed the third party to this Statement.
If you are providing personal data of another individual, please ensure that you share this Statement with that individual before providing their personal data to us.
6. Disclosure and Transfer of Personal Data
6.1 Recipients of Personal Data
The customer agrees that personal data may be disclosed and transferred to the following persons or entities for the purposes mentioned in Section 3 and on a need-to-know basis:
- Our hotel properties where the customer has booked, stayed at or visited, and other properties within our group for guest history and preference management.
- Any agent, contractor, service provider, credit provider, financial institution or professional adviser of ours who provides administrative, telecommunications, payment, marketing, research, legal, accounting or other services to us.
- Any of our holding companies, subsidiaries and affiliated companies.
- Any actual or proposed assignee, transferee or successor-in-interest of our business.
- Any government, regulatory or law enforcement authority as required by applicable law.
- Any other party at the customer's consent or instruction.
6.2 Cross-Border Transfers
Your personal data may be transferred to, stored in, and processed in jurisdictions outside Hong Kong where we or our service providers operate. While such jurisdictions may have data protection laws that differ from those of Hong Kong, we will take appropriate safeguards to ensure your personal data remains protected in accordance with this Statement and applicable laws. By providing your personal data to us, you acknowledge that such cross-border transfers may be necessary for the purposes set out in Section 3.
6.3 No Sale of Personal Data
We do not sell, rent, or trade personal data for monetary or other valuable consideration.
7. Cookies and Similar Technologies
7.1 What Are Cookies
Cookies are small data structures sent to customers' computers or devices when they visit our Sites. Pixel tags, web beacons and similar technologies perform similar functions. Together, these technologies ("Cookies") help us recognize devices, remember preferences, and understand how customers interact with our Sites.
7.2 Types of Cookies We Use
| Type | Purpose | Examples |
|---|---|---|
| Strictly Necessary Cookies | Required for core site functionality | Secure log-in, order progress, load balancing |
| Functional Cookies | Remember preferences and choices | Language preference, room preferences |
| Performance/Analytics Cookies | Analyze site usage to measure and improve performance | Page visits, navigation paths, error messages |
| Advertising Cookies | Deliver relevant advertisements | Interest-based ads, frequency capping |
7.3 Your Cookie Choices
Our Sites are initially set to accept cookies. Customers can:
- Configure their web browsers to reject cookies, delete historical cookies, or notify them when cookies are sent.
- Opt out of third-party advertising cookies through industry opt-out tools.
Please note: If customers disable or reject cookies, certain features of our Sites may not function properly, and some services may be unavailable.
7.4 IP Address and Device Information
We may collect information regarding customers' IP address, browser type, domain name and access time. This information is used for our own research, security and system administration purposes. This information is generally anonymized and not linked to personal identifiers unless required for security investigations or fraud prevention.
8. Data Security
We maintain appropriate technical and organizational measures to protect the personal data customers provide to us against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to customers' personal data.
These measures include:
- Encryption of data in transit using SSL/TLS technology
- Access controls and authentication requirements
- Regular security assessments and monitoring
- Staff training on data protection
- Physical security measures at our properties
While we implement reasonable safeguards, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
9. Data Retention
We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying legal, accounting or compliance-related requirements.
| Data Category | Retention Period |
|---|---|
| Guest reservation and stay records | 7 years after last stay (for tax and legal compliance) |
| Loyalty programme account data | Until account closure, then 7 years |
| Marketing preferences and consents | Until opt-out or account deletion, then 3 years |
| CCTV footage | 30 days (unless required for incident investigation) |
| Payment card information | Not retained beyond transaction completion (except tokenized reference for future bookings with consent) |
To determine the appropriate retention period, we consider:
- The amount, nature and sensitivity of the personal data
- The potential risk of harm from unauthorized use or disclosure
- The purposes for which we collect and process the personal data
- Applicable legal, regulatory and industry requirements
After the retention period expires, personal data will be securely deleted, anonymized, or destroyed.
10. Children's Privacy
Our Sites and services are intended for individuals who are at least eighteen (18) years of age. We do not knowingly solicit or collect personal data from children under the age of eighteen (18) through our Sites or services.
If we become aware that we have inadvertently collected personal data from a child under eighteen (18) without verification of parental consent, we will take reasonable steps to delete that information as soon as possible.
If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at privacy@parklane.com.hk.
11. Your Rights Under Data Protection Laws
11.1 Summary of Rights
Under and in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) and applicable data protection laws, customers have the following rights:
| Right | Description |
|---|---|
| Right of Access | Check whether we hold your personal data and request access to such data. |
| Right to Correction | Require us to correct any inaccurate personal data. |
| Right to Withdraw Consent | Withdraw previously given consent to processing of personal data. |
| Right to Opt-Out | Object to or opt-out of direct marketing at any time. |
| Right to Erasure | Request deletion of your personal data (subject to legal exceptions). |
| Right to Restriction | Request restriction of processing in certain circumstances. |
| Right to Information | Ascertain our policies and practices in relation to personal data. |
| Right to Complain | Lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong. |
11.2 How to Exercise Your Rights
Access and Correction Requests:
Any request for access to personal data, correction of personal data, or information regarding our policies and practices should be made in writing and addressed to:
Victoria Park Hotels Limited310 Gloucester Road
Causeway Bay
Hong Kong
Customers may also send written requests regarding access or correction of personal data addressed to the Sales & Marketing Administrator of our Company.
Opt-Out and Consent Withdrawal:
For direct marketing opt-out, please follow the unsubscribe instructions in our marketing communications or contact info@parklane.com.hk.
For withdrawal of other consents, please contact us in writing at the address above.
11.3 Response Time and Fees
We will respond to access and correction requests within 40 days of receipt. In accordance with the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request. We will notify you of any such fee before processing your request.
11.4 Verification
To protect your privacy, we may take reasonable steps to verify your identity before fulfilling requests regarding your personal data.
12. Changes to This Statement
We may update this Statement from time to time to reflect changes in our practices, technologies, legal obligations, or other operational reasons.
When we make material changes, we will:
- Update the "Last Updated" date at the end of this Statement
- Post the updated Statement on our Sites
- Provide additional notice (such as a prominent notice on our Sites or email notification) where appropriate
We encourage customers to review this Statement periodically.
13. Language
This Statement may be translated into different languages. The English language version of this Statement shall prevail in the event of any inconsistency or ambiguity between the English version and any translated version, unless otherwise required by applicable local law.
14. Contact Us
If you have any questions, concerns or complaints regarding this Statement or our privacy practices, please contact us:
Email: info@parklane.com.hk
Postal Address:Victoria Park Hotels Limited
310 Gloucester Road
Causeway Bay
Hong Kong
Telephone: +852 2293 8888
Last Updated: March 2026
© Victoria Park Hotels Limited. All rights reserved.