Privacy Statement

About Arora Hotels

Arora Hotels, a division of the Arora Group is one of the UK’s leading owner-operator of hotels with expertise in airport and city centre hotel operations. For more information regarding our hotels please visit https://www.thearoragroup.com/portfolio/hotels

About our hotels

We operate our hotels in two ways either in partnership with international brands or independently. Most hotels under the Arora Group are independently owned and operated by us under a franchise agreement with brands such as AccorHotels, IHG®, Marriott International and Hilton Hotels and Resorts, for the purposes of operating a hotel (referred to as “Franchisees” or “Franchised Hotels”). If you make a reservation through the parent brand website / portal to stay at an Arora Group operated hotel, the information is shared to our local hotels centrally from the brands. However, brands such as AccorHotels, IHG®, Marriott International and Hilton Hotels and Resorts are not owned or controlled by the Arora Group, their use of your information will be governed by their own privacy practices.

Information we collect and how we use and share it

We collect and use personal information if you make a booking through the central brand ‘franchisor’ reservation system, stay at one of our hotels, book meetings and events at one of our hotels or transact any other services at one of our hotels, participate in one of the branded loyalty programmes or interact with us through our corporate site.We generally collect this information directly from you, but in some cases we may collect your information from other sources.  For example, we occasionally run promotions where we ask our guests to refer a friend and send marketing emails.  In these cases we always ask members to make sure anyone they refer is happy for their personal information to be passed to the ‘franchisors’ or us as the ‘franchisee’, and to direct friends to read this privacy policy if they want to find out more about how the brands use their information.  We also collect information through our third party service providers' use of technologies such as pixels, web beacons, tracking tools and similar technologies.

You do not have to provide us with your information although in some cases, if you do not, it may mean that you are unable to use our services.  For example, we may be unable to complete any booking you may wish to make, or you may be unable to participate in the ‘franchisor’ brand loyalty programmes.

To learn more about how we collect, use and share your information, please see the relevant sections below.

If you make a reservation, stay at our hotels, book an event at our hotels or transact any other services at our hotels.

Information we obtain: We obtain information from you in a number of ways. Franchisors collect information from you when you make a booking through a central brand ‘franchisor’ reservation and booking system. This information is passed to us where we operate the booked hotel. We collect information directly from you when you stay or purchase other services and products at an Arora Group operated hotel. Information collected during the course of the reservation and booking and during your stay may include:

• your name, email address, home and business address, phone number, nationality and payment card information;
• information relating to your membership in one of our services or ‘franchisor’ loyalty programmes or those of our programme partners such as your brand loyalty number or frequent flier number; and
• information such as stay and room preferences made during the course of your reservation such as your preferred room type and specific requests to the hotel.

This information may be provided to us directly when you make a reservation through one of the global brand ‘franchisor’ reservation and booking offices, through the websites, directly at the hotel or through our mobile applications. In some cases, we will receive this information from a third-party, such as when you book through an online travel agency or meetings and events agent or if information is provided directly to us as a franchisee.

How we use this information: We use the information collected from you primarily to fulfil your hotel reservation or booking. Prior to your stay or event this may include sending your information to the hotel or sending you pre-stay or pre-event communications. Following your stay or event, we may also send you post-stay or post-event communications and satisfaction surveys to get feedback on your experience.

In some instances where we have your consent or where permitted under applicable law, we may send you marketing communications (which may include text messages or calls placed using autodialer technology) for products and services that we believe would be relevant for you. We also may use information related to your stay to display targeted advertisements on our websites or on third-party websites or to send you more relevant messaging. Additionally, we use this information for purposes of aggregated trend and statistical analysis to evaluate and improve our products and services, plan new hotel locations and services and other market research.

Who we share your information with: Where you stay or have an event at a franchised hotel, we will share your information with the ‘franchisor’. We may also share your information with third-party service providers to provide services in relation to our business as well as to help us improve our products and services. For example, we might use a third party or a third-party product for the purposes of market research and data analytics, or share data with online partners we work with, so we, or our online partners on our behalf, can communicate with you and serve advertisements through their platforms or on other websites or platforms. In certain instances, subject to local consent requirements, third-party service providers may also assist us with various marketing campaigns. These companies are authorised to use your personal information only as necessary to provide these services to us. We may also share your information with other operated hotels within the Arora Group and other third parties, to extend special offers about their own products and services to you. These parties have agreed to comply with our privacy requirements. If you do not want us to share your personal information with these companies, contact us using this GDPR form.

We also share your stay information with other third parties in circumstances such as:

• when we believe in good faith that the disclosure is required by law or to protect the safety of hotel guests, employees, the public or Arora Group property;
• when disclosure is required to comply with a judicial proceeding, court order, subpoena, warrant or legal process;
• or in the event of a merger, asset sale, or other related transaction.

If you join one of the ‘franchisor’ loyalty programs

Information we collect: We collect information from you during your stay or event at Arora Group operated hotels across the ‘franchisor’s’ loyalty programmes and services. Information collected during your enrolment and participation in these programmes are not owned or controlled by the Arora Group, their use of your information will be governed by their own privacy practices.

Information may include:

• your name, email address, home and business address, phone number, nationality, birthday and payment card information;
• your membership number and pin as well as details of your memberships with any of our programme partners such as our airline or car rental partners;
• information that you choose to provide in your loyalty profile, such as your personal stay and destination preferences; and
• marketing preferences, including how you prefer to be contacted by the franchisor as well as what types of information you are interested in hearing about.

If you interact with us through our corporate site

Information we collect: We collect information from you when you sign up to receive corporate news or newsletters.

Information collected may include:

• information relating to your registration for corporate news such as your name, email address, profession, country/region and email service preferences for news; and
• information relating to the receipt of newsletter such as your initials, surname, postcode, email address and password for communications.

This information may be provided to us directly when you sign up for corporate news or shareholder documents on our corporate site.

‍How we use this information: We use the information collected from you to provide you with corporate news and documents for which you have signed up. For corporate news, you may change your communication preferences in accordance with the “GDPR” section.

‍Who we share your information with:
We may share your information with third parties who provide services on our behalf to help with our corporate site and our communication functions.

We will also share your information with other third parties in circumstances, such as:

• when we believe in good faith that the disclosure is required by law or to protect the safety of hotel guests, employees, the public or Arora Group property;
• when disclosure is required to comply with a judicial proceeding, court order, subpoena, warrant or legal process; or
• in the event of a merger, asset sale, or other related transaction.

There are  other times when we collect and use personal information, for example if you choose to participate in one of our competitions or sweepstakes, sign up to receive our newsletters or other special offers and promotions, download one of our mobile applications or participate in one of our other services. In these instances, we will collect information from you for running and administering the respective competition, sweepstakes or service that you have elected to participate in. The information collected may include personal details such as your name and address as well as certain demographic information. In each case, we will collect, use and secure your information in a manner consistent with the general principles set out in this Privacy Statement unless we tell you otherwise.

We also collect information from you when you browse our website, use our mobile applications or participate in certain services at an Arora Group operated hotel. In these instances, information such as your country information, internet protocol ("IP”) address, media access control address and other characteristics about your system or device may be automatically collected. This information is collected for functional purposes as well as to improve your experience when using these services. This information may also be used for aggregated trend and statistical analysis, and for showing you more relevant advertisements and messages. More information on these practices can be found in the section below.

The legal basis for processing your personal data

We are committed to collecting and using your information in accordance with applicable data protection laws.We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this.This may be because:

• you have provided your consent to us using the personal information;
• our use of your information is necessary to perform our contract with you, for example, making and managing your booking and operating and providing services in connection with the ‘franchisor’ Loyalty scheme in accordance with the terms of our agreement with you;
• our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities;
• our use of your information is in our legitimate interest as a commercial organisation, for example to operate and improve our services and to keep people informed about our products and services (including for profiling and targeted advertising) - in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the “GDPR" page.

If you would like to find out more about the legal basis for which we process personal information please contact our offices (details found in the “GDPR" page). If you have provided your consent to our processing of your information you can withdraw this consent at any time by contacting the Arora Group Data Protection Team..

Data Transfer

As we operate franchise agreement with global hotel brands, reservation and service centres and data centres, it may be necessary to transfer your information to a country outside of the country where it was originally collected or outside of your country of residence or nationality. The information that you provide us during the course of a reservation or through the provision of any other services may be transferred to any of our Arora Groupowned and operated or affiliated entities and hotels around the UK for the purposes of carrying out or facilitating these services. It will also be necessary to transfer this information to third parties, including, without limitation, our Franchisors, partners and third-party service providers.

Where we transfer information which originates in the European Union ("EU") to a country outside of the EU, we will take steps to make sure such transfer is carefully managed to protect your privacy rights:

• transfers within the Arora Group will be covered by an agreement entered into by members of the Arora Group (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within the Arora Group;
• where we transfer your data outside of the Arora Group including to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information.  Some of these assurances are well recognised certification schemes such as standard contractual clauses and the EU - U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America;
• we will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
• any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed.

Using our websites, mobile applications and other technology

We and our third-party service providers use cookies, pixels, web beacons, tracking tools and other similar technologies on our websites, mobile applications and in other areas of our business to collect information and provide you with the services that you have requested or participate in and to provide targeted advertising. Subject to local consent requirements, we may use this and other information we collect, such as a hashed email address, to help us and our third-party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We, and our third party service providers, also may use the cross-device tracking and other information we learn about you to serve targeted advertising on your devices. We also use the information that we collect to improve our products and services as well as your experience when visiting our websites and using our mobile applications. For more information on these subjects, please click the relevant section below.

Location Information and Services

We may receive information about your location during the course of and for the purpose of providing you the services described above through your use of our websites and mobile applications. For example, if you are using our mobile applications and have consented to sharing your location information with us, this information might be collected through GPS or Bluetooth technologies to enable us to provide certain services to you such as customised offers and promotions. In addition to your use of our websites and mobile applications, we may also receive location information from wireless networks or cellular towers in proximity to your mobile device, through your Internet protocol (“IP”) address or through your use of other services we provide at our hotels. We may also have access to location information that you provide to us through your use of social media, such as when you “tweet” your location. Your location preferences can be set or modified at the device level or through modifying your settings with the relevant social media platform.

Mobile Applications

We receive information about you when you use our mobile applications. Some information such as your device manufacturer, type and operating system version are collected automatically, while other information is only collected if you choose to provide it, such as your location information. Where we process and use your personal information in connection with any mobile applications, we will do this in line with the general principles outlined in this statement unless we tell you otherwise.

If you use our mobile app, we also send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.

We use mobile analytics software to allow us to better understand the functionality of our mobile applications on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.

Online Channels

We may use information from online sources, such as websites, social media and information sharing platforms. This information may be used to help tailor and improve our services and communicate with you effectively, as we know many of our customers use a range of media channels to communicate and share information.
‍
We may use various social media features such as the Facebook “Like” button on our websites and mobile applications. Certain information may be shared or otherwise provided to us through your use of these features in conjunction with our services and programmes. Subject to your account and privacy settings, we may also be able to see information that you post when using these social media platforms whether or not you are using one of our services. In some instances, depending on the circumstances, we may contact you on these social media platforms. The information you post on social media sites as well as the controls surrounding these disclosures are governed by the respective policies of these third parties.
‍
Where we use information from these sources, we will respect any permissions you have set about how you would like your information to be used for each source. We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms To learn more about opting out of certain types of targeted advertising, please see the “Managing cookies and opting out” section above.

Use of WI-FI services across the Arora Group operated hotels, properties and construction sites

When you use the WI-FI services at our hotels, properties and facilities, we may collect and process certain additional information.

What information we collect

• Registration and User-Provided Information: When you register to use WI-FI services, we may collect personal information about you including your name and email address. You may also provide us with personal information about you in various ways when you use our WI-FI services, for example, your room number for the property you are staying in when you send us customer service-related requests.
• Device Identifiers: In the course of providing the WI-FI services, we may automatically collect a device identifier (such as your IP address, MAC Address or other unique identifier) for the computer, mobile device, technology or other device you use to access WI-FI services. A device identifier is a number that is automatically assigned to your device when you access WI-FI services, and we may identify your device by its device identifier. When you use our WI-FI services, we may view your device identifier and use this information to enhance our service.  We may associate your device identifier with other information about you, such as your Room number.
• Other device information: We may also automatically record certain information from your device including, device type, the web pages, apps or sites that you visit, and the dates and times that you visit, access, or use WI-FI services. While generally this information is pseudonymous and/or aggregated, this information may be associated with other service account information or persistent identifiers.  This data helps us to manage our networks and provides us with information about the use of WI-FI services.  We do not, however, collect and process the contents of email communications or other electronic communications you send or receive when using WI-FI services.
• Location information: We may collect information about your location through your use of the WI-FI services we provide at our hotels to enable us to improve our service and provide certain services to you such as customised offers and promotions.

How we use the information we collect

‍We use personal information only for the purposes described in this Policy, except if otherwise disclosed to you at the time the data is collected or further authorised by law or by you.

• We use the personal information that we collect through WI-FI services to operate, maintain, enhance and provide all features of the service, to provide services and information that you request, to respond to comments and questions and to provide support to users.

We use the personal information that we collect through WI-FI services to understand and analyse the usage trends and preferences of our users, to improve the WI-FI services, and to develop new products, services, features, and functionality. You can opt-out of receiving these offers when signing in to use the WI-FI services or at any time. Please see the 'Managing your preferences and information' section below.

Using Personal Information to create profiles

As described in the section above in relation to cookies, we have relationships with third parties such as Google and Facebook which enable us to serve targeted advertising.  In addition to the activities described under the heading Targeted Advertising above, we also match Facebook and Google users across sites and devices which enables us to better understand your interests.  We use this information to enable us to tailor our marketing communications to you so we can make sure we tell you about things which are most likely to be of interest to you.  You can opt-out of receiving these offers. Please see the 'Managing your preferences and information' section below.

How we secure your information

We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organisational security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.

Managing your preferences and information

We want to ensure that you have the necessary tools at your disposal to control the information that you provide to us, including how we communicate with you. It is also important that you contact us to update your information if any of it is inaccurate or changes. Please click the relevant section below to learn more about how to control how we communicate with you and how to update, modify and delete your information.

Links to Other Sites

Our websites and applications contain links to websites that are maintained and/or controlled by third parties. In some instances these websites may be co-branded and display our logos or other trademarks. You can always tell whether you are on one of our websites by checking the uniform record locator ("URL”) on the page that you are visiting. We encourage you to review the privacy policies of these third-party websites as their privacy practices may differ from ours.

Children

Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 18. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information. In limited instances, we may have a campaign or programme targeted towards children. In these instances details on the information practices will be presented within the terms and conditions of the programme or campaign.

Retaining your information in our systems

We generally only keep your information for as long as is reasonably required for the reasons explained in this privacy policy. In some cases we keep transactional records (which may include your information) for longer periods if necessary to meet legal, regulatory, tax or accounting needs. We will also retain information if we reasonably believe there is a prospect of litigation.We maintain a data retention policy which we apply to the records we hold.

How to contact us

For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:

• Online: GDPR
• By email: gdpr@thearoragroup.com
• By post: World Business Centre 3, Newall Road, London Heathrow Airport, Middlesex, TW6 2TA United Kingdom

You may also contact our Data Protection Officer by emailing gdpr@thearoragroup.com.

‍To the extent permitted under the local law, you may also use the above contact details to request access to any of your personal information that is held by the Arora Group and its subsidiaries. These requests will be reviewed and processed in line with the local law.

Where EU data protection laws apply, you have a right to lodge a complaint with your local data protection supervisory authority at any time.  However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.

Changes to this Privacy Statement

In some instances, we may have to change, modify or amend this Privacy Statement in order to comply with the evolving regulatory environment or the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Privacy Statement will be communicated through our websites and mobile applications. However, if there will be changes made to the use of your personal information in a manner different from that stated at the time of collection we will take appropriate steps to notify you, such as by posting a notice on our website for 30 days prior to the changes taking effect or by emailing you.

Your rights under EU data protection laws

You have legal rights under EU data protection laws in relation to your personal information. Click on the links below to learn more about each right you may have.  To exercise any of your rights please contact our Data Protection Officer by emailing gdpr@thearoragroup.com.

• To access personal information: You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
• To correct / erase personal information: You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first. You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information. We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
• To restrict how we use personal information: You can ask us to restrict our use of your information in certain circumstances, for example:
  • where you think the information is inaccurate and we need to verify it;
  • where our use of your information is not lawful but you do not want us to erase it;
  • where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims;
  • or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.

  We can continue to use your information following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

• To object to how we use your information: You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information. You can also require us to stop using your data for direct marketing purposes.
• To ask us to transfer your information to another organisation: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
• Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction: You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms. We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual. We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive.  Where a fee is necessary, we will inform you before proceeding with your request. We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests.  We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about. We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.