310 Gloucester Road, Causeway Bay, Hong Kong, China
Privacy Policy
Victoria Park Hotels Limited (the "Company")
Personal Data Statement to Customers (the "Statement")
This Statement is intended to inform customers about the collection, use, retention, disclosure, transfer, confidentiality, and access policies and practices regarding customer data held by the Company and the hotel owners managed and/or operated by the Company, in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) (the "Ordinance") and applicable data protection laws. This includes data collected offline at our hotels, as well as data collected online through our website, application (including mobile applications), and third-party platforms (collectively referred to as the "Website"). References to "we," "our," or "the Group" in this Statement should be construed as referring to the relevant property or entity collectively or individually, as the context may require.
1. Personal Data We Collect
We collect personal data from the following categories of sources:
- a) Directly from Customers: Many of the personal data we process are provided directly by customers or their agents. For example, customers may provide contact and identity data, demographic data, and health-related data when establishing an account, making a reservation, completing surveys, entering competitions or promotions, contacting customer service, using our Wi-Fi, or contacting us via email, text, chat, phone, in person, or through third parties.
- b) Collected from Customers’ Devices and Our Network: When customers interact with us through our Website, application, email, or other online content, or when their devices connect to our hotel’s wireless network or are detected by it, we collect personal data from devices using cookies and related technologies.
- c) Collected from Other Businesses or Individuals: We work with business and marketing partners and social media platforms that provide us with customer personal data that they have collected directly or indirectly. We may also receive customer personal data from customers' friends and family, such as when family members or friends make reservations or check in on behalf of customers. We may also offer identity verification based on device or operating system to serve as a login method for customers to access certain services. In such cases, we receive notifications regarding whether the identity verification was successful.
- d) Collected from Social Media: If customers post content on our social media pages, we may receive their contact and identity data (ID) and any other personal data contained in the customer’s social media posts or profiles.
- e) Categories of Personal Data Collected:
Category Examples Contact and Identity Data Name, phone number, mailing address, email address, passport and visa details, government identification document data, nationality, date of birth Payment Data Credit/debit card details, billing address, bank account information Reservation and Accommodation Data Arrival/departure dates, room preferences, vehicle registration, purchased goods and services, special requests, guest preferences Account Data Username, password, loyalty program membership number Communication Records Records of correspondence with us, feedback, survey responses Technical Data IP address, browser type, domain name, access time, device data CCTV Footage Images captured at our hotel properties for security purposes Health-Related Data Data voluntarily provided regarding accessibility needs or other health-related requirements to accommodate guest stays
2. Mandatory Personal Data
Customers may sometimes need to provide personal data to facilitate the provision of goods and/or services. Customers must provide the personal data marked with an asterisk (*) or otherwise indicated as mandatory on our forms; otherwise, we may not be able to process their requests or fulfill our legal obligations. Failure to provide such data may result in our inability to provide goods and/or services.
3. Purposes of Collection and Use
We collect and use personal data for the following purposes:
- a) Providing Services:
- Processing and managing hotel accommodation and/or restaurant reservations and arrangements
- Providing membership-related services
- Responding to inquiries and requests for information or services
- Delivering purchased goods and services
- Managing guest stays and preferences
- b) Payment and Credit Management:
- Processing payment instructions, direct debit arrangements, and/or credit arrangements
- Analyzing, verifying, and/or checking credit, credit records, and payments
- Ensuring ongoing credit reliability
- Determining amounts owed and handling collections
- c) Legal and Contractual Obligations:
- Performing, preparing, and enforcing agreements between customers and us
- Satisfying any legal disclosure requirements
- Complying with legal, regulatory, and accounting obligations
- d) Business Operations and Improvement:
- Conducting data analysis, audits, and research
- Monitoring and improving our products and services
- Training and quality assurance
- Maintaining network and data security
- e) Direct Marketing (subject to Section 4 below):
- Sending information about our hotels, products, services, events, offers, and promotions
- Managing satisfaction surveys
- Communicating messages regarding our loyalty programs (Marriott Bonvoy and/or Prestige Club)
- f) Any other purpose directly related to the above
4. Direct Marketing
4.1 Use of Personal Data for Direct Marketing
We intend to use customers’ personal data for direct marketing related to our hotel business. We will not use customers’ personal data for direct marketing without their prior consent or unless they have indicated their objection.
4.2 Categories of Personal Data for Marketing
We may use the following categories of personal data for direct marketing:
- Name
- Email address
- Mobile number
- Mailing address
- Phone number
4.3 Categories of Marketing
We may promote the following categories of products, services, and topics:
- Hotel accommodation and related services
- Dining venues and services
- Events, meetings, and banquets
- Spa, wellness, and recreational facilities
- Special offers, promotions, and packages
- Loyalty and membership programs (Marriott Bonvoy and/or Prestige Club)
- Satisfaction surveys and market research
4.4 Consent Mechanisms
We will obtain individual and explicit consent (or indication of non-objection) from customers for direct marketing:
- At the time of account creation
- At the time of making a reservation
- Through a clearly marked "opt-in" checkbox on our forms
- Through recorded verbal consent in our system
In cases where consent is required, we will not assume consent from customers who do not opt out.
4.5 Right to Opt-Out
Customers may opt out of receiving marketing communications at any time for free, or they may choose to opt out of receiving marketing communications through:
- Following the unsubscribe instructions included in each marketing email or SMS/multimedia message; or
- Adjusting account preference settings on our platform; or
- Contacting us directly at info@parklane.com.hk
4.6 Non-Marketing Communications
If customers opt out of marketing communications, we may still send them non-marketing communications, such as those related to their reservations, service notifications, or communications related to their Marriott Bonvoy and/or Prestige Club membership accounts, unless applicable laws prohibit us from doing so. Loyalty program members will continue to receive service communications related to the program even after opting out of direct marketing, and their loyalty benefits will not be affected.
5. Third-Party Personal Data
If customers provide personal data of third parties (e.g., providing the names and contact details of family members or friends for reservation purposes, or emergency contact information), customers represent and warrant that:
- They have obtained the consent of the third party to provide their personal data to us
- They have informed the third party that their personal data will be used for the purposes described in this Statement
- They have communicated this Statement to the third party
If you are providing personal data of another person, please ensure that you share this Statement with that person before providing their personal data to us.
6. Disclosure and Transfer of Personal Data
6.1 Recipients of Personal Data
Customers agree that personal data may be disclosed and transferred to the following persons or entities on a need-to-know basis for the purposes described in Section 3:
- Hotel properties owned by us that customers have booked, stayed at, or visited, as well as other properties within the Group used to manage guest history and preferences
- Any agents, contractors, service providers, credit providers, financial institutions, or professional advisors that provide us with administrative, telecommunications, payment, marketing, research, legal, accounting, or other services
- Any holding company, subsidiary, or affiliate of ours
- Any actual or proposed assignee, transferee, or successor of our business
- Any government, regulatory, or law enforcement agency to which disclosure is required by applicable law
- Any other party with the consent or instruction of the customer
6.2 Cross-Border Transfers
Your personal data may be transferred to, stored in, and processed outside of Hong Kong (the jurisdiction where we or our service providers operate). Although the data protection laws in such jurisdictions may differ from those in Hong Kong, we will take appropriate safeguards to ensure that your personal data is continuously protected in accordance with this Statement and applicable laws. By providing your personal data to us, you confirm that such cross-border transfers may be necessary for the purposes described in Section 3.
6.3 No Sale of Personal Data
We do not sell, rent, or trade personal data for money or other valuable consideration.
7. Cookies and Similar Technologies
7.1 What are Cookies?
Cookies are small data files sent to customers' computers or devices when they browse our platform. Pixel tags, web beacons, and similar technologies perform similar functions. These technologies (collectively referred to as "Cookies") help us recognize devices, remember preferences, and understand how customers interact with our platform.
7.2 Types of Cookies We Use
| Type | Purpose | Examples |
|---|---|---|
| Strictly Necessary Cookies | Required for core website functionality | Secure login, order progress, load balancing |
| Functional Cookies | Remember preferences and choices | Language preferences, room preferences |
| Performance/Analytical Cookies | Analyze website usage to measure and improve performance | Page views, navigation paths, error messages |
| Advertising Cookies | Provide relevant advertisements | Interest-based advertising, frequency capping |
7.3 Your Cookie Choices
Our platform is initially set to accept cookies. Customers can:
- Set their web browsers to refuse cookies, delete past cookies, or notify them when cookies are sent
- Opt out of third-party advertising cookies through industry opt-out tools
Please note: If customers disable or refuse cookies, certain features of our platform may not function properly, and some services may not be available.
7.4 IP Address and Device Data
We may collect data about customers' IP addresses, browser types, domain names, and access times. This data is used for our own research, security, and system management purposes. This data is typically anonymized and will not be linked to personal identifiers unless otherwise required for security investigations or fraud prevention.
8. Data Security
We maintain appropriate technical and organizational measures to protect personal data provided by customers against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
These measures include:
- Using SSL/TLS technology to encrypt data in transit
- Access controls and authentication requirements
- Regular security assessments and monitoring
- Employee data protection training
- Physical security measures at our properties
Although we implement reasonable safeguards, internet transmission or electronic storage methods are not completely secure. We cannot guarantee absolute security.
9. Data Retention
We will only retain personal data for as long as necessary to fulfill the purposes for which it was collected (including for the purposes of satisfying any legal, accounting, or reporting requirements).
| Data Category | Retention Period |
|---|---|
| Guest Reservation and Accommodation Records | 7 years after the last stay (for tax and legal compliance) |
| Loyalty Program Account Data | Until the account is closed, then retained for 7 years |
| Marketing Preferences and Consent | Until opted out or account deleted, then retained for 3 years |
| CCTV Footage | 30 days (unless required for incident investigation) |
| Payment Card Data | Not retained after transaction completion (except for tokenized reference with consent for future bookings) |
To determine the appropriate retention period, we will consider:
- The quantity, nature, and sensitivity of the personal data
- The potential risk of unauthorized use or disclosure
- The purposes for which we collect and process personal data
- Applicable legal, regulatory, and industry requirements
Upon expiration of the retention period, personal data will be securely deleted, anonymized, or destroyed.
10. Children’s Privacy
Our platform and services are intended for individuals aged 18 or older. We do not knowingly collect personal data from children under the age of 18 through our platform or services.
If we become aware that we have inadvertently collected personal data from a child under the age of 18 without parental consent, we will take reasonable steps to delete such data promptly.
If you are a parent or guardian and believe that your child has provided personal data to us without your consent, please contact us at privacy@parklane.com.hk.
11. Your Rights Under Data Protection Laws
11.1 Summary of Rights
Under and in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) and applicable data protection laws, customers have the following rights:
| Right | Description |
|---|---|
| Right to Access | To check whether we hold your personal data and to request access to such data |
| Right to Rectification | To request that we correct any inaccurate personal data |
| Right to Withdraw Consent | To withdraw consent previously given for the processing of personal data |
| Right to Opt-Out | To object to or opt out of direct marketing at any time |
| Right to Erasure | To request the deletion of your personal data (subject to legal exceptions) |
| Right to Restrict Processing | To request the restriction of processing under certain circumstances |
| Right to Information | To ascertain our policies and practices regarding personal data |
| Right to Complain | To lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong |
11.2 How to Exercise Your Rights
Access and Rectification Requests:
Any request for access to personal data, rectification of personal data, or to obtain our policies and practices regarding personal data should be made in writing and sent to:
Victoria Park Hotels LimitedHong Kong
Causeway Bay
310 Gloucester Road
Customers may also send their written requests for access or rectification of personal data to the Company’s Operations and Marketing Manager.
Opt-Out and Withdraw Consent:
To opt out of direct marketing, please follow the unsubscribe instructions in our marketing communications, or contact info@parklane.com.hk.
To withdraw other consents, please contact us in writing at the address above.
11.3 Response Time and Fees
We will respond to any access and rectification requests within 40 days of receipt. Under the Ordinance, we have the right to charge a reasonable fee for processing any data access requests. We will notify you of any such fees before processing your request.
11.4 Identity Verification
To protect your privacy, we may take reasonable steps to verify your identity before processing any requests regarding your personal data.
12. Changes to This Statement
We may update this Statement from time to time to reflect changes in our practices, technologies, legal obligations, or other operational reasons.
When we make significant changes, we will:
- Update the "Last Updated" date at the end of this Statement
- Post the updated Statement on our platform
- Provide additional notices as appropriate (e.g., prominent notice on our platform or email notification)
We encourage customers to review this Statement periodically.
13. Language
This Statement may be translated into different languages. In the event of any inconsistency or ambiguity between the English version and any translated version, the English version shall prevail unless local law provides otherwise.
14. Contact Us
If you have any questions, concerns, or complaints regarding this Statement or our privacy practices, please contact us:
Email: info@parklane.com.hk
Correspondence Address:Victoria Park Hotels Limited
Hong Kong
Causeway Bay
310 Gloucester Road
Phone: +852 2293 8888
Last Updated: March 2026
© Victoria Park Hotels Limited. All rights reserved.