For general enquiries about our properties and destinations.
Capella Hotels & Resorts respects your right to privacy and we place the utmost importance in safeguarding any information that is shared with us by our guests.
1. GENERAL INFORMATION
1.1 Objective and Responsibility
1. This Data Privacy Statement is to inform you about the nature, scope and purpose of the processing of personal data related to our online service and the related websites, features and contents (hereinafter collectively referred to as ‘online service’ or ‘website’). Details of these processing activities can be found in section 2.
2. The online service is provided by Capella Hotel Group Pte Ltd, (Temasek Ave, Millenia Tower #05-02, 039192 Singapore) – hereinafter referred to as ‘provider’, ‘we’ or ‘us’ - who is also legally responsible under the data protection law.
3. You can reach out to our Data Protection Officer under: [email protected].
4. The term ‘user’ encompasses all customers, interested people, employees and visitors of our online service.
1.2 Purposes and legal basis for processing personal data
We process the personal information you supply to us via our website or at our hotels for the following purposes:
- To process and facilitate bookings, including verifying your identity, taking payments and communicating with you (legal basis: performance of the contract);
- To provide you with services at our hotels under the accommodation agreement, including execution of your stay at our hotels and payment processing (legal basis: performance of a contract);
- To make contact or interact with you and to handle your requests, remarks or complaints, which you have submitted via our website, during your stay or after your departure (legal basis: consent or legitimate interests);
- To send you our e-mail newsletter including managing your subscription to the newsletter (legal basis: consent or legitimate interests);
- To execute and manage your participation in our loyalty programme (legal basis: consent);
- To maintain, safeguard and improve the quality of our products and services, in particular by performing and analysing satisfaction surveys and guest comments, by processing your personal data in our centralised guest database enabling us to recognise you as a returning guest, to better appreciate your expectations and preferences, to improve the quality and individual character of our communication with you and to create offerings tailored to you (legal basis: legitimate interests);
- To ensure compliance with house rules, to prevent and investigate criminal activities (in particular also by video monitoring), to establish, exercise and defend against legal claims and to safeguard our interests in legal disputes, to ensure IT security and IT operation and to identify credit risks, in accordance with applicable law (legal basis: legitimate interests);
- To provide you with information relating to Capella or promotional information about products and services that may be of interest to you, as well as personalized mailings (electronic or otherwise) or other communications (legal basis: consent or legitimate interests);
- To place cookies and to use similar technologies as further set out below and the information provided to us when those technologies are used (legal basis: legitimate interests);
- On other occasions where we ask you for consent, we will use the personal data for the purpose explained at the time (legal basis: consent);
- To comply with obligations imposed by local laws or regulations such as the police and tax authorities (legal basis: legal obligation);
- In certain circumstances when it is not possible to obtain your consent, it may be necessary for us to process your personal data, including sensitive personal data you provided through our services, where it is in your vital interest or in the interest of others, for example in the event of a medical emergency (legal basis: vital interest).
Wherever we rely on your consent, you can withdraw your consent at any time. However, we may have other legal grounds for processing your personal data for other purposes, such as those set out above.
1.3 Data Subject Rights
You have the following rights with regards to the processing of your data through us:
- The right to lodge a complaint with a supervisory authority.
- Right of access
- Right to rectification
- Right to erasure (‘right to be forgotten’)
- Right to restriction of processing
- Right to data portability
- Right to objection
Notice: Users may object to the processing of their personal data in accordance with legal allowances at any time with effect for the future. The objection may in particular be made against processing for the purposes of direct marketing.
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates data protection law.
1.4 Data Erasure and Duration of Storage
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of data beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of data also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of data is required for the conclusion of a contract or the fulfilment of contractual obligations.
1.5 Security of Processing
- We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.
- These security measures include in particular the encrypted transfer of data between your browser and our server.
1.6 Sharing of your personal data
If you have given your consent, if it is required for the purposes set out above or if we are otherwise authorised to do so under the applicable laws, we may share your personal data with the following parties:
- To other affiliated companies of the Capella Hotel Group for purposes of keeping our guests updated on the products and services and for the purposes of evaluating and improving our products and services;
- To service providers and agents for the purposes of providing products and services or performing functions on our behalf, such as online reservation providers, payment providers, tour operators, email communication providers, market research analysts, IT service providers, postal mailing providers, accountants, auditors and lawyers.
- To public bodies and institutions if a statutory obligation to do so exists (e.g. financial authorities, criminal prosecution authorities).
In some cases, the recipients are based in countries in countries outside the EEA that do not have an adequate level of data protection. We have taken measures to ensure suitable and adequate safeguards to make sure your personal data remains adequately protected, e.g. by means of agreements such as the Standard Contractual Clauses approved by the European Commission (a copy of which is available upon request).
2. PROCESSING ACTIVITIES WITHIN THE SCOPE OF OUR ONLINE SERVICE
2.1 Collection of Information on the Use of the Online Service
- When using our online-service, information may be transferred automatically from the browser of the user to us; this information includes the name of the accessed website, file, date and time of the access, amount of data transferred, notification about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
- This information will be automatically deleted or properly anonymized one year after the termination of the connection, unless any other retention periods require otherwise.
- The collection of the data and the storage of the data in log files is essential for the provision of the online service. Therefore users are not entitled to the options of erasure, objection or correction.
- Legal basis: The processing takes place based on legitimate interests (e.g. to optimize the online service) as well as to ensure the security of processing (e.g. for the defence and clarification purposes of cyberattacks)
2.2 Contact Form and Contacting via E-Mail
- When contacting us (via online form or e-mail), the data provided by the user will be processed exclusively for processing the inquiry and its handling.
- Any other use of the data will only take place based on the given consent from the user.
- The users' data will be stored in our Customer Relationship Management System (‘CRM System’) or a comparable software/database. The legal retention periods for business letters apply.
- Legal basis: consent and legitimate interest
2.3 Newsletter subscription
- Description and scope of data processing
On our website you can subscribe to a newsletter free of cost. If a user realizes this option, the data entered in the input mask will be transmitted to us and processed by us. We use your personal data exclusively to send the requested newsletter.
We also store the IP addresses you use, as well as the times of subscription and confirmation. The purpose of this procedure is to enable verification of your registration and, where necessary, to clarify any misuse of your personal data.
For the subscription to our newsletter, we use the single opt in procedure. This means that following your subscription we will send an email to the email address you have specified, requesting you to confirm if the subscription was done erroneously and if you wish to opt out. If we do not receive your request to opt out, we will continue to send you newsletters.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection policy.
- The newsletter is sent by Cendyn.
The personal data of the newsletter recipients are stored on the servers of Cendyn in the USA. We have a contract processing agreement with Cendyn. Furthermore, Cendyn claims to use the data to optimize or improve its own services, e.g. for the technical optimization of shipping and the presentation of newsletters or for economic purposes, to determine from which countries the recipients come. However, Cendyn does not use the data of our newsletter recipients to address them themselves or to pass the data on to third parties.
- Legal basis for data processing
The legal basis for processing the data is the consent given by the user.
- Purpose of the data processing
The collection of the e-mail address of the user serves to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.
- Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose mentioned above. The user's e-mail address will be saved as long as the subscription to the newsletter is active.
- Opposition and removal option
Subscription to the newsletter may be terminated by the user at any time. For this purpose, there is a corresponding unsubscribe link in each newsletter. This also allows a revocation of the consent of the storage of the personal data collected during the registration process.
- Note: Even though you opt-out of newsletters, we will still send you transaction emails including responses to your enquiry and reservation confirmation emails.
- Legal basis: consent and legitimate interest
2.4 Google Analytics
- This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. (“Google”). Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website. The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there.
- We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp()” ; to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.
- Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
- You can prevent the storage of cookies by making the proper setting using your browser software. In addition, you can prevent Google from recording the data related to your use of the website generated by the cookie (including your IP address) and from processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
Google Analytics Terms of Service:
General overview on Google Analytics security and privacy principles:
- This website also uses Google Analytics for a device-independent analysis of visitor flows, which is carried out via a user ID. You can disable cross-device tracking of your usage in your Google Account under “My information”, “Personal information”.
- Legal Basis: consent
2.5 Google Tag Manager
- Our online service uses the Google Tag Manager. This tool allows website tags to be managed through an interface. The Google Tool Manager only implements tags, does not set cookies and does not collect any personal data. The Google Tag Manager triggers other tags that may collect personal information. However, the Google Tag Manager does not access this data.
- If deactivated at domain or cookie level, it will remain valid for all tracking tags implemented with Google Tag Manager.
- Legal basis: legitimate interest
2.6 YouTube Videos
- Our site uses YouTube plugins from the Google-owned video portal service. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as: "Youtube").
- We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode ”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.
- Legal Basis: consent
2.7 LinkedIn Analytics
- We use LinkedIn Analytics for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user.
- Further information from the third-party provider on data protection can be found at:
- Legal basis: consent
2.8 New Relic
- We use the web analysis service „New Relic“ on our website, a service of New Relic Inc, 101 Second Street, 15th Floor, San Francisco, CA 94105, USA (hereinafter referred to as: "NewRelic").
- This service allows statistical analysis of the speed of access to our website. Through the plugin, New Relic receives the information that you have accessed the corresponding page of our website. If you are logged in as a user at New Relic, New Relic can assign the visit to your account. If you are not a member of New Relic, there is still the possibility that New Relic will find out and save your IP address.
Further information can be found here: https://newrelic.com/privacy
- Legal basis: consent
2.9 Google Ads Conversion
- We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
- The advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
- These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their device has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
- Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.
- Legal basis: consent
2.10 Google Ads Remarketing
- We use the remarketing function within the Google Ads service. The remarketing function allows us to present to users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores cookies in the browsers of users who visit certain Google services or websites in the Google Display Network. This cookie is used to record the visits of these users. The number is used to uniquely identify a web browser on a particular device. Used Cookies: Type C. For further information, see Section „Cookie Overview“.
- Legal basis: consent
2.11 Facebook Custom Audiences („Facebook Pixel“)
- This website uses the so-called "Facebook Pixel" of the social network "Facebook" for the following purposes:
- Facebook (website) Custom Audiences
We use the Facebook pixel for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network "Facebook" or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you.
- Facebook conversion
We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
- Facebook (website) Custom Audiences
The processing of this data by Facebook takes place within the framework of Facebook's data policy. Special information and details about the Facebook pixel and its functionality can also be found in the Facebook help area.
For further information, see Section „Cookie Overview“.
- We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for the collection and transfer of data in this process. This applies to the following purposes:
- The creation of individualized or suitable ads, as well as for their optimization
- Delivery of commercial and transaction-related messages (e.g. via Messenger)
The following processes are therefore not covered by joint controllership:
- The process that takes place after the collection and transmission is within the sole responsibility of Facebook.
- The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility.
- The contact details of the Controller and the data protection officer of Facebook can be found here: https://www.facebook.com/about/privacy.
- We have agreed with Facebook that Facebook can be used as a contact point for the exercise of data subject rights. Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited.
- Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here:
- Information on the data security conditions can be found here:
- Legal basis: consent
- We use the Triptease service to analyse user behaviour. The operating company in Europe is Triptease Ltd, WeWork Bishopsgate, 15 Bishopsgate, London.
- We may share a limited amount of your information (such as room search, email address and name if you provide it) with the Triptease Group (“Triptease”) and use Triptease to collect data for analysis purposes when you visit our website to book a stay with us.
- As our shared data controller, Triptease analyses your use of our website and tracks it through cookies and similar technologies so that we can improve our service.
- Legal basis: consent
2.13 Links to other websites
- While using some of our services (e.g. in section ‘Discovery’ / ‘Sign up for Capella DISCOVERY loyalty programme‘ or in section ‚Book your Stay‘) you will be automatically redirected to other websites.
3.1 General Information
- When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
- Cookies are small text files stored in your computer or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us. Cookies are not programs and therefore cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
3.2 Cookie Overview
We use the following categories of cookies for the following purposes:
- Necessary cookies: To make our websites work correctly. We use these cookies to enable you to move around the website and to use its features – you do not need to consent for the use of strictly necessary cookies. These cookies usually expire when you end your browsing session or shortly afterwards.
- Functionality cookies: These cookies allow us to remember choices you make (such as your language or your log in details when you return on restricted areas of our Website) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. The information these cookies collect cannot track your browsing activity on other websites.
- Performance cookies: To analyse and improve your browsing experience. We use these cookies, such as Google Analytics cookies, to analyse usage of the website and interaction with our content and communication, so we can measure and improve performance.
3.3 Cookie Management Options
- You may accept or reject cookies (apart from necessary cookies, which are always required and are not subject to your consent). You can manage your cookie preferences and provide or withdraw your consent at any time through our Cookie Consent Management Platform, available at our webpage.
- Please bear in mind that if you restrict or disable cookies, this can limit functionality and prevent our websites from working properly.
- deactivation page of the Network Advertising Initiative: http://optout.networkadvertising.org/
- the US-American website: http://www.aboutads.info/choices
- the European website http://www.youronlinechoices.com/uk/your-ad-choices/