Effective as of May 25, 2018
This privacy statement describes the information privacy practices on www.discoveryloyalty.com, www.ultratravelcollection.com, the DISCOVERY mobile application and on other websites and applications operated by or on behalf of GHA (the “Sites”). It also explains how we collect, store and use data about members of the DISCOVERY loyalty programme (“Members”) so that we can provide them with recognition and rewards when they stay at hotels participating in the DISCOVERY loyalty programme (“Participating Hotels”).
INFORMATION WE HAVE COLLECTED AND MAY COLLECT AND HOW
GHA collects information about you that you specifically and voluntarily provide. The personal information collected may include a broad range of information including your name, phone number, date of birth, preferred communication methods, business name, e-mail address, physical address, DISCOVERY member number and, when you are ready to make a hotel reservation, the payment details. When you enrol in our DISCOVERY programme online, we will also ask you to indicate whether you are over 18 years old, and we will record a DISCOVERY number and password linked to your personal details.
Although you are required to register in order to use our DISCOVERY programme and you will need to provide some personal information when making a hotel reservation, many areas of our Sites can be accessed without providing any personal information.
On all Sites that collect any of your personal information, we specifically describe what information is required in order to provide you with the product or service you have requested.
GHA collects personal information when you:
- Sign up for the DISCOVERY programme
- Make a reservation for a hotel stay
- Participate in a survey or contest
- Contact GHA or DISCOVERY membership services
We may also collect a series of general data and information about your navigation of our Sites on an aggregated basis, such as your Internet Protocol Address (“IP Address”), which is identified and logged automatically in our server log files whenever you navigate our Sites, your Internet Service Provider (“ISP”), your login frequency, the pages you visited within the Sites, the operating system used by the accessing system, the website from which an accessing system reaches our website (so-called “referrers”), and the Internet browser types and versions used as well as the device you are using to access the Sites.
This information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, GHA analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by you.
You may also voluntarily provide personal information when you send us an enquiry or support request via email. When you contact us, we keep a record of your communication, and may use third party service providers (e-mail system provider, CRM systems), to help solve any issues you might be facing. Surveys are periodically conducted to collect information to help us improve our Sites. All information collected through surveys will remain confidential, even if we use a third party to help us conduct the survey, unless otherwise indicated.
DISCOVERY Member registration information:
When you register to become a member of DISCOVERY, we use your information to create your member account. You will then receive a 'Welcome to DISCOVERY' e-mail which confirms your email address and password.
Travel purchase information:
GHA collects the billing address of the credit card that is used to purchase travel. We will also collect credit card information, including card number, card type, cardholder name, and expiration date. All financial details provided to GHA are sent to us through a secured site (using SSL technology) and are encrypted with 128 Bit encryption. Your financial details will be transmitted to Participating Hotels and to third parties only to the extent needed, such as clearing houses, fulfilment centres and our data centre provider. We will ensure that our partners will not disclose any financial information that you have provided to us.
We use the following cookies:
These are cookies that are required for the operation of our Sites. They include, for example, cookies that enable you to log into your DISCOVERY membership account on the Sites.
These are used to recognise you when you return to the Sites. This enables us to personalise our content for you and to remember your preferences (for example, your choice of hotel or your language selection).
These allow us to recognise and count the number of visitors and to see how visitors move around the Sites. This helps us to improve the way the Sites work, for example, by ensuring that users are finding what they are looking for easily.
These cookies may record your visit to the Sites and the pages you have visited on our Sites. We will use this information to make the Sites more relevant to your interests. We may also use a cookie to learn whether someone took an action on our Sites after displaying that content (e.g. booking a hotel room).
You may, at any time, prevent the setting of cookies through our Sites by means of a setting on your Internet browser and in this way, you can permanently deny the setting of cookies in future. Furthermore, already set cookies may be deleted at any time via your Internet browser or other software programs. This is possible in all popular Internet browsers. However, if you deactivate the setting of cookies in the Internet browser used, not all functions of our Sites may be usable.
WHY WE COLLECT INFORMATION
Information collected on our Sites may be used to:
- Register you as a DISCOVERY member;
- Plan and purchase travel;
- Notify you of travel changes;
- Send marketing communications or surveys to you;
- Respond to your questions or suggestions; and
- Improve the quality of your visit to our site.
WITH WHOM WE SHARE INFORMATION
In order for the DISCOVERY Programme to provide guest recognition it is necessary that we are able to share with Participating Hotels and other parties the information that we receive about you (“Personal Data”) from your membership profile, from your stays in hotels or dealings with travel partners, through surveys or forms on our Sites, through verbal, written or electronic requests for information, and through various other means. In its capacity as a data controller, GHA is responsible for processing this Personal Data as part of its administration and management of the DISCOVERY loyalty programme. This Personal Data is intended for use by GHA, the operators of the Participating Hotels, affiliates and commercial partners. As a result of the global nature of our business, Members’ Personal Data is likely to be transmitted for the above-mentioned purposes to recipients located in countries outside the European Union which may not offer the same level of protection of your data as countries inside the European Union. This transmission, to which the Member gives his/her express consent, is required for the operation of the DISCOVERY Programme and for providing recognition and customer services to the Member. Such information may also be used for marketing purposes that you may find useful or otherwise of value, such as particular hotel, brand or programme marketing or other offers.
We will endeavour to take the appropriate steps to ensure that Members’ Personal Data is protected and handled in accordance with best practice in all territories. Members have a right of access to their Personal Data held by GHA, which they can exercise by writing to GHA at firstname.lastname@example.org.
WHERE WE STORE/TRANSFER YOUR PERSONAL DATA
Your personal data will only be processed and stored for the purpose of providing information and administering the membership in the DISCOVERY loyalty programme and to coordinate offers and activities with GHA, the Participating Hotels and GHA’s partners around the world. Any other purpose(s) will require your additional and express consent. Your consent does, however, cover and extend to the transfer of personal data to GHA's administrative centres, to other countries where Participating Hotels are situated and to GHA's partners in countries that are not members of the European Union or are not affiliated to the European Economic Area.
In order to comply with applicable legislation, GHA will be required to routinely update personal data whereupon you will be asked to verify and/or update relevant personal data.
PROTECTING YOUR INFORMATION
We want you to feel confident about using our Sites to plan and purchase your travel, so we are committed to protecting the information we collect. GHA has implemented a security program to keep information that is stored in our systems protected from unauthorized access. Our systems are configured with data encryption and industry-standard firewalls.
When you send personal information to GHA over the Internet, your data is protected by Secure Socket Layer (SSL) technology to ensure safe transmission.
OPTING IN OR OUT OF COMMUNICATIONS
On our Sites and through the DISCOVERY family of hotels and brands in the Global Hotel Alliance, you are given the opportunity to subscribe to the DISCOVERY newsletter.
GHA sends regular emails to DISCOVERY loyalty programme members to tell them about their account status, to inform them about DISCOVERY programme news and also to let them know about offers. You may opt out of receiving marketing communications at any time but we may still need to contact you when you make a booking or when your status in the programme changes.
During your registration for receiving marketing communications on our Sites, we store the IP address assigned to your computer system by the Internet service provider (ISP) and used by you at the time of the registration, as well as the date and time of the registration. We collect this data in order to monitor the (possible) misuse of your e-mail address at a later date.
The personal data collected as part of your registration for marketing communications will only be used to send DISCOVERY programme communications to you. You may unsubscribe from our marketing communications at any time by clicking on the “unsubscribe” link we include in every email. Your consent to the storage of personal data, which you have given for marketing communications, may be revoked by you in this way at any time. You can also unsubscribe from the communications at any time directly on the Sites or you can communicate this to us via our call centre or by sending an email to email@example.com.
Communication-Tracking: Most DISCOVERY emails contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. These pixels allows us to analyse the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the GHA may see if and when you opened an e-mail, and which links in the e-mail you clicked on.
Personal data collected via the tracking pixels are stored and analysed by us in order to track the distribution of the emails, as well as to adapt the content of future emails even better to your interests. These personal data will not be passed on to third parties.
You may opt-out of receiving communications from us at any time by either
- following the simple unsubscribe process set out in each email
- sending us an email at firstname.lastname@example.org
- or by going to your DISCOVERY Member account preference settings on www.discoveryloyalty.com and deselecting the relevant boxes
On our Sites, we have integrated components of the Facebook website. You will recognize the Facebook plug-ins on our Sites through the Facebook logo or the “Like button”.
The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. If you activate the Facebook button, a direct link is created between your browser and the Facebook server via the plug-in and data is transferred to Facebook. This provides Facebook with the information that you have visited our Sites from your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, the content of our Sites may be linked automatically to your Facebook profile.
Facebook can link your visit to our Sites to your Facebook user account. We, as providers of the Sites, do not receive information about the contents of the transmitted data nor their use by Facebook.
Please refer to Facebook’s data protection statement at http://www.facebook.com/about/privacy/ for further information on the purpose and scope of data collection by Facebook and its processing and usage of your data and the associated rights and setting options on the protection of your privacy.
If you do not want Facebook to assign the visit of our web pages to your Facebook user account, please log out of your Facebook user account before activating the button.
To find out more about Google Analytics privacy policies or to opt out of being tracked by Google Analytics across all websites visit: https://tools.google.com/dlpage/gaoptout
All text, images, audio- and video material used on this website is protected by copyright and may not be copied, modified or used for private or commercial reasons. Our aim is to keep the information displayed on this website timely and accurate. We do not accept any responsibility or liability whatsoever with regards to the information on this site.
Our website may provide links to other Internet sites for the convenience of users. www.discoveryloyalty.com is not responsible for the availability or content of these external sites, nor does endorse, warrant, or guarantee the products, services, or information described or offered at these other Internet sites.
NAME AND ADDRESS OF THE CONTROLLER
The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
GHA Loyalty DMCC
21st Floor, JBC5 Tower, Jumeirah Lake Towers
PO Box 487771 Dubai
United Arab Emirates
Phone: +971 4 4214287
NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
The Data Protection Officer of the controller is:
Prof. Dr. Rolf Lauser
Dr.-Gerhard- Hanke-Weg 31
Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.