Last Updated: Oct – 15th, 2024
Kempinski Hotels S.A. (Address:10 Rue Henriette et Jeanne-Rath, 1204 Genève, Switzerland) and Key International Hotels Management Co Ltd. (Address: 12/F, NUO Center Office, No.2A Jiangtai Road Chaoyang District, Beijing, China) (hereafter collectively referred to as “Kempinski” or “We”) are committed to being responsible for processing children’ s personal information.
Before you or your child under the age of 14 (“child” or “your child”) use or submit any children’s personal information, please carefully review this Privacy Policy (this “Policy”). We will continue to evaluate this Policy to reflect our children’s personal information processing activities, and we may make changes to this Policy accordingly. Any changes will be made on this page, and you should check this page periodically for updates. If we make material changes to this Policy, we will provide you with notice when required by law.
If you are a minor under the age of 14 , you are required to read this Policy carefully with your guardian and obtain your guardian’s consent to provide us with personal information about children.
If you are not the child’s guardian, please ensure that you are authorized by the child’s guardian to book the room for the child and to provide the child’s personal information.
This Policy contains the following sections:
- Application and definition
- Notice to Guardians
- How we collect and use children’s personal information
- How we share children’s personal information
- Legal bases for processing children’s personal information
- How we store your children’s personal information
- How we protect children’s personal information
- Your and your child’s rights
- Links to other sites and services
- Updates
- Contact us
1. Application and definition
This Policy governs and describes Kempinski’s practices (as a personal information processor under China’s data and privacy law) in connection with personal information that we collect and process through different channels available for child guests in mainland China as mentioned in Section 2 below.
Definitions of “personal information”, “sensitive personal information”, “processing” and “Child” in this Policy are set out as follows and are consistent with the definitions in the relevant laws.
- Personal information: refers to various types of information recorded in electronic or other ways that is related to an identified or identifiable natural person, including but not limited to name, address, mobile phone number, and ID number, etc. but excluding anonymized information.
- Personal information processor: refers to an organization or individual that independently decides on the processing purposes and processing methods during personal information processing activities.
- Sensitive personal information: refers to personal information that, if leaked or used illegally, may easily lead to an infringement upon the human dignity of a natural person or endangerment of the safety of his/her body or property, including information on biometric identification, religious beliefs, specific identity, health care, financial accounts, and personal whereabouts, and personal information of minors under the age of fourteen.
Personal information of children under the age of 14 is considered sensitive personal information. We collect and process children’s personal information only when there is a specific purpose and sufficient necessity, and when strict protection measures are taken.
- Processing: includes personal information collection, storage, use, processing, transmission, provision, disclosure and deletion, etc.
Child: for the purpose of this Policy, “child” means a minor who is under the age of 14 years.
2. Notice to Guardians
If you are a parent or other guardian of a child, please read and choose carefully whether you agree to this Policy, especially the sections marked in bold, and begin using or granting permission for use to a child in your custody only after you have confirmed that you fully understand and agree to all of the terms. If you are not the child’s guardian, please ensure that you are authorized by the child’s guardian to provide the child’s personal information.
If you do not agree with the contents of this Policy, you and the child should immediately stop accessing/using the products and/or services offered by Kempinski.
If you become aware of any incident that may result in the disclosure or misuse of the child’s personal information, please contact us promptly so that we can take prompt risk control measures.
3. How we collect and use children’s personal information
We will only collect and process children’s personal information for the following purposes described in this Policy in accordance with the principles of lawfulness, legitimacy, necessity and good faith and in compliance with applicable laws and regulations.
- When you use our official WeChat official account, for the purpose of providing your child with incentive and sending you gifts, we may collect and use your child’s name, phone number and address.
- When you or your children use our official WeChat Mini Programs, for the purposes of providing your child hotel booking services, we may collect and use your child’s name and room reservation information.
- When you contact or follow our Weibo official account, for the purpose of online marketing campaigns including but not limited to prize draws, we will collect and use your child’s name, contact details and mailing address.
- When you fill out offline registration forms of temporary residence at our hotels, for the purpose of providing on-site booking services to your child, we may collect and use your child’s name, date of birth, certificate (such as passport or ID card) number, visa type, visa expiration, gender, nationality, email address, phone number, membership number (if any), private address , payment method and other on-site booking required information.
- When you make a booking through our hotel website, for the purpose of providing online booking services to your child, we need to collect and use your child’s name, phone number, email address, payment method, room reservation information and other online booking required information.
Please note that in some cases we are unable to identify whether the specific person using our product or service is a child or not. If we are unable to determine whether personal information that is not clearly age-identifiable is children’s personal information in cases where the user does not voluntarily provide personal information, such as page views, we will process such personal information in accordance with the provisions of the Guest Privacy Policy. If you find that the personal information we are processing is personal information of a child, please contact us promptly.
4. How we share children’s personal information
In order to achieve the purposes above, we may entrust third-party service providers to assist us in providing relevant operation and service support. For companies, organizations and individuals who we entrust to process children’s personal information, we ask them to handle children’s personal information in accordance with our instructions, this Policy and applicable laws.
For the purposes stated in this Policy, we may transfer children’s personal information to our affiliates and third-party companies located outside of China. The foreign recipients and details of the transfer are as follows:
Recipients | Contact information | Categories of personal information being shared | Purpose and means of the recipient’s processing |
Kempinski Hotels S.A. | https://www.kempinski.com/en/contact-us | Personal information listed in “2. How we collect and use children’s personal information” | For hotel accommodation arrangement purpose, please see the privacy policy below for more information: https://www.kempinski.com/en/privacy-policy |
Where children’s personal information is transferred to another jurisdiction outside mainland China, children’s personal information will be secured by appropriate safeguards as set forth under applicable law, including without limitation, where applicable by the use of the standard contractual clauses published by the supervisory authority for the transfer of Information between mainland China and other jurisdictions. To the extent required under applicable law, we will obtain separate consent from you before the transfer of children’s personal information.
5. Legal bases for processing children’s personal information
In most circumstances, we rely upon guardian’s separate consent to process children’s personal information. While under the relevant laws, we do not require your consent to process (including but not limited to, the collection, storage, use, processing, transmission, provision, disclosure, and deletion) children’s personal information when:
- the processing is necessary for the conclusion or performance of a contract to which you of your child are a contracting party;
- the processing is necessary to fulfill statutory functions or statutory obligations;
- the processing is necessary to respond to public health emergencies or protect the life, health or property safety of natural persons under emergency circumstances;
- children’s personal information is processed within a reasonable scope to conduct news reporting, public opinion-based supervision, or other activities in the public interest;;
- the children’s personal information that has been disclosed by you or other personal information that has been legally disclosed is processed within a reasonable scope in accordance with this Law; or
- under any other circumstance as provided by any law or administrative regulation.
6. How we store your children’s personal information
We only retain children’s personal information within the minimum period which is necessary for the fulfilment of the purposes stated in this Policy. Meanwhile, we will also store children’s personal information with adherence to the mandatory provisions about the retention period rising from applicable laws and regulations.
7. How we protect children’s personal information
We strive to maintain the appropriate standards of security and we have put in place robust technical and organisational measures for the protection of children’s personal information in accordance with the current state of the art technologies, especially to protect the data against loss, falsification or access by unauthorised third persons. However, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect children’s personal information, we cannot guarantee the security of children’s data transmitted to our servers. Once we have received children’s personal information we will use strict procedures and security features to prevent unauthorised access. Our internal processing takes place inside a VPN which is firewalled against the open internet and inside of which any kind of communication is processed in an encrypted way. As far as third parties (i.e. external companies) are rendering data processing services for us, we have committed them to the compliance with our data privacy regulations. The external service providers are supervised by our Global Data Protection Manager in terms of compliance with these regulations.
Where a personal information security incident occurs, we will inform you as required by the laws and regulations via mail, letter, telephone, pushed notification or other available means. Where it is difficult to inform the subjects of the personal information one by one, we may publish an announcement on our Services. Where required by law, we will also report the treatment result of the personal information security incident.
8. Your and your child’s rights
According to applicable law, you and your child may have the following rights regarding the children’s personal information:
- the right to know and the right to decide on the processing of children’s personal information;
- the right to restrict or refuse the processing of children’s personal information by others;
- the right to consult and duplicate children’s personal information;
- the right to request personal information processors to correct or supplement children’s personal information where you discover the information is incorrect or incomplete;
- the right to withdraw your consent to the processing of children’s personal information based on your consent (but please note that your withdrawal of consent does not affect the validity of the processing of children’s personal information that has been carried out based on your consent before the withdrawal);
- the right to request the transfer of children’s personal information to your designated personal information processors;
- the right to delete children’s personal information under specific circumstances.
If you want to exercise your rights above, please contact us via the contact information provided in this Policy. To protect the security of your child’s personal information, we need to verify the identity of the child and the identity of the child’s guardian in order to respond to your rights request(s), and we may not be able to respond to the request(s) for rights related to personal information that are not from the guardian or authorized by the guardian (for example, requests to consult personal information of other children).
Additionally, the rights above are subject to limitations and exceptions under applicable law. We will respond to and comply with your request(s) consistent with applicable law within 15 working days. If you have unresolved concerns, you also have the right to complain to relevant supervisory authorities or where applicable, file a lawsuit with the court in accordance with applicable law.
9. Links to other sites and services
Our services may contain links to third-party websites, applications and other services. Please be aware that we are not responsible for the privacy practices of such other sites and services. We encourage you to be aware when you leave our services and to read the privacy statements of each and every site you visit that collects your child’s information.
10. Updates
This Policy may be updated periodically. We will update the date at the top of its first page accordingly and encourage you to check for changes that we have made. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Policy, as required by applicable law.
11. Contact us
If you have questions about this Policy or wish to contact us for any reason in relation to our processing of children’s personal information, please contact our Global Data Protection Manager at data.privacy@kempinski.com.