- when you visit or stay as a guest at one of our properties, or through other offline modes of communication
The Site makes available information relating to hotels and resorts owned or managed by EIH Limited, a company constituted under the laws of India, and its subsidiaries, managed entities, affiliates and related parties ( "Maidens").
The purpose of this policy is to highlight various obligations, best practices and tools that support compliance with data privacy regulations applicable to Maidens in its role as both data controller as well as data processor, as applicable (if any)
- everyone who accesses and uses www.maidenshotel.com including but not limited to external legal entities in any form or manner
- Maidens customers who visit or stay at one of our properties
- third party service providers or their representative
4. Collection and use of information
4.1 Collection of your information
Maidens collects, processes, and retains information about you when you visit our website www.maidenshotel.com or stay in one of our hotels or avail any other services provided by Maidens. You provide us with information, such as your name, email address, company information, street address, telephone number, other contact and demographic information when you make a reservation, purchase a gift card, subscribe to the Maidens newsletter or obtain web exclusive rates on www.maidenshotel.com.
Moreover, you may choose to provide your personal information in connection with sending an e-mail or message, logging complaints, promotional offers and when you use our service.
Personal Information may include, but is not limited to:
- Your name and physical address, email addresses, and telephone numbers
- Behavioral or demographic attributes, when tied to personal identifiers
- Credit card or debit card number
- Social media account ID or user ID, profile photo and other data you make available publicly or to us from your social media accounts, publically available platforms or other sources
- Other similar information.
4.2 How we use your information
Any of the information we collect from you may be used in one of the following ways:
- To develop, customize and improve the services: We shall process your personal information, preferences, user characteristics and usage patterns, and feedback to develop, customise and improve our services.
If you refuse consent for processing your personal information for the mentioned purposes in this subsection, you will not be significantly hindered in your use of the service. Refusing or withdrawing consent thus has no significant negative effects on your use of the service.
- Marketing purposes to inform you about other information, events, promotions, products or services we think will be of interest to you.
- To process personal information necessary for the performance of a contract and providing the services: We may use this information for the provision of the website and the provision of the service according to our Terms of Service. Further, to process and/or respond to your requests, submissions, queries, complaints and any transactions and to provide you with information or services requested.
- To process your personal information necessary for compliance with a legal obligation: In order to prevent or investigate actual or suspected fraud, hacking, infringement, or other misconduct involving our services or website. Additionally, if we are required by law to disclose your information to any government authority, you consent to the provision of such information.
- To send periodic emails: The email address you provide will be used to send you information and updates pertaining to the services provided by Maidens.
- Select content, improve quality and facilitate use of the other interface channels : Maidens may use your Personal Information to help create and personalise content on our Channels (including but not limited to our website, social media pages, promotional programs or campaigns, etc.) , facilitate your use of the Channels (for example, to facilitate navigation and the login process), avoid duplicate data entry, enhance security, improve quality, track campaign and survey responsiveness and evaluate page response rates.
- Obtain Third Party Services: We also share Personal Information and Other Information with third parties who provide services to Maidens for website management, information technology and related infrastructure provision, marketing and campaign management, customer service, e-mail delivery, auditing, and other similar services. When Maidens shares Personal Information with third party service providers, we contractually take an undertaking that they use your Personal Information and Other Information only for the purpose of providing services to us and subject to terms consistent with this Policy as well as mutual Non-Disclosure Agreements.
5. Fairness and purpose
Maidens will collect adequate, relevant and necessary Personal Information, and will process such information fairly and lawfully for the purpose it is collected. The purpose of collection will be specified not later than at the time of data collection, or on each occasion of change of purpose.
6. Accuracy of information
The information held by Maidens on www.maidenshotel.com or in our other systems collected by other means at the time of registration shall be checked and, from time to time, we may change the information requested upon registration or with respect to certain features or services.
7. Distribution of information
7.1 Information disclosure
- Maidens may disclose your Personal Information as we believe to be necessary or appropriate:
- under applicable law, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes;
- to enforce our terms and conditions; and
- to allow us to pursue available remedies or limit the damages that we may sustain.
- Additionally, in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the Personal Information we have collected to the relevant third party.
- We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when:
- permitted or required by law; or,
- trying to protect against or prevent actual or potential fraud or unauthorized transactions; or,
- investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.
If Maidens goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal information collected through our website(s) may be among the assets transferred. A prominent notice will appear on our website(s) for 30 days after any such change in ownership or control of your personal information.
7.2 Data transfers
Maidens is a global organisation and provides a global service. Sharing information cross borders is essential so that you receive the same high quality service wherever you are in the world. As a result, we may, subject to applicable law, transfer Personal and Other Information collected in connection with the Services, to these entities in countries where information protection standards may differ from those in the country where you reside. By making a reservation, staying at an Maidens hotel or using any Maidens-branded service, you understand that we may transfer your personal information globally as deemed appropriate.
In most cases, the information you provide is added to an Maidens local or global database. In the course of processing your information, it may be necessary to transfer your personal data to Maidens’ affiliates, and/or third party service providers located in India and throughout the world for the purposes outlined within this Privacy Statement.
8. Consent and control
Consent is often referred to as an individual's choice to "opt-in" or "opt-out" of Maidens' use of personal information and is usually obtained by a "check box" or signature confirming the individual understands and agrees to the processing of their personal information. At times, express written consent from the individual may be required based on the information processing activity. Maidens receives consent from individuals prior to:
- collecting, using, or processing their personal information, including sensitive personal information, in certain ways or sharing the individual's personal information with any third party. Sensitive personal data is data revealing an individual’s trade union membership, loyalty program membership, stay and booking patterns, biometric data, data concerning health or data concerning preferences during hotel stays;
- transferring the individual's personal information outside of the individual's country of residence
- using or placing web cookies on an individual’s computer or other electronic devices.
8.2 Control of your information
Maidens also provides individuals with the right to control their personal information, which includes the right to review, modify, erase, restrict, transmit, or object to certain uses of their information.
You may request to review, correct, update, suppress or object to the use or processing of your Personal Information that you have previously provided to us while making a reservation through www.maidenshotel.com or during the stay at one of our hotels or by availing any of the other services provided by Maidens. You may review, update, correct or delete your Personal Information collected through the website or service by e-mailing us at email@example.com
If you have privacy concerns regarding access to or the correction of your Personal Information, please contact us by emailing at DPO@oberoigroup.com
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information that you have provided to us suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information that you have provided to us. We may require you to provide some additional information in order to fulfil your request.
While the majority of questions and issues related to access or requests can be handled quickly, complex requests may take more research and time. In such cases, issues will be addressed, or you will be contacted regarding the nature of the problem and appropriate next steps, within 30 days.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or participate in a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase, reservation, or promotion). There may also be residual information that will remain within our databases and other records, which will not be removed. In addition, there may be certain information which we are unable to enable you to review, for legal, security, or other reasons.
Maidens reserves the right to decline access to your Personal Information under certain circumstances. If your Personal Information is not disclosed to you, you will be provided with the reasons for this non-disclosure.
9. Commitment to data security
We strive to keep your personal information secure and take reasonable effort to ensure that appropriate security and technical controls are implemented to ensure data security. Only selected and authorised employees, business partners, vendors and other third party providers may have access to this information.
Maidens ensures that our third party service providers employ industry standard security measures to ensure the security of information through legally binding terms and conditions. However, users of www.maidenshotel.com are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of www.maidenshotel.com. Access to and use of password protected and/or secure areas of www.maidenshotel.com is restricted to authorised users only. Unauthorised access to such areas is prohibited and may lead to criminal prosecution.
10. Retention and disposal
Your personal data will be retained in a form which enables Maidens to identify the individual for no longer than is necessary for the purposes for which the data was collected and used. Your personal data may be retained in certain files and systems for a period of time as required by applicable law and following Maidens’ data retention policies in order to comply with such financial or legal requirements, to properly resolve disputes or to troubleshoot problems. If you wish to review or delete your information, contact us at firstname.lastname@example.org. We will respond to your request to access or delete your information within 30 days.
In addition, some types of information may be stored for an infinite duration due to technical constraints, and will be blocked from further processing for purposes which are not mandatory by law or when consent is withdrawn. The information that you provide may be stored or transferred in our systems or on the systems provided by our third parties.
11. Withdrawing consent and restriction of processing
You may request to withdraw consent to personal data processing or you may review, update, correct or delete your personal information collected through the website or service by e-mailing us at email@example.com. For users below the age of 16, consent should be provided by the holder of parental responsibility of the child.
12. Privacy contact information
You may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection by e-mailing us at DPO@oberoigroup.com .