Last Updated: August 12, 2020
For the purposes of (1) protecting the health and safety of you and team members at Hilton properties, and (2) complying with legal requirements, some Hilton properties may take your temperature when you arrive at the property and/or during
your stay. If a property is conducting temperature checks of guests, the property will make available to you a privacy notice about the temperature checks. The notice will include details such as what personal information is being collected,
the legal basis for the collection of such information, the purpose for which the information will be used, and how long the information will be retained. For more information on Hilton’s commitment to you during the COVID-19 pandemic, please
click here.
Hilton’s mission is to be the most hospitable company in the world. We’re passionate about delivering exceptional guest experiences, and we look forward to welcoming you to our hotels so we can share the light and warmth of hospitality with you.
We pledge to deliver the highest level of customer service, which includes respecting your privacy and protecting your personal information. In this privacy statement (“Statement”), we provide you with details about how we collect, use, and disclose your personal information.
This Statement applies to Hilton Worldwide Holdings Inc., its subsidiaries , and all of the hotels within the Hilton Portfolio of Brands (collectively, “Hilton,” “we,” or “us”). Our Portfolio of Brands includes Waldorf Astoria Hotels & Resorts, LXR Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Signia Hilton, Hilton Hotels & Resorts, Curio A Collection by Hilton, DoubleTree by Hilton, Tapestry Collection by Hilton, Embassy Suites by Hilton, Hilton Garden Inn, Motto by Hilton, Hampton by Hilton, tru by Hilton, Homewood Suites by Hilton, and Home2 Suites by Hilton.
By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal information as described in this Statement.
Please note that this Statement does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or corporate customers.
1 Hilton Domestic Operating Company Inc. is the Hilton entity that is the data controller for all guest data and operates, among other things, Hilton’s marketing activities. Hilton Reservations Worldwide, L.L.C., which is a subsidiary of Hilton Domestic Operating Company Inc., processes the data you provide when making a reservation at a Hilton property and is a data controller for that information. Hilton Honors Worldwide LLC, which is a subsidiary of Hilton Domestic Operating Company Inc., operates the Hilton Honors loyalty program and is a data controller for that program. Hilton Domestic Operating Company Inc. is a subsidiary of Hilton Worldwide Holdings Inc.
The Hilton Portfolio of Brands includes managed hotels and franchised hotels. A list of entities that operate managed hotels in the European Economic Area, the United Kingdom, Switzerland, and the Asia Pacific region can be found here. In addition to Hilton Domestic Operating Company Inc., these entities also are data controllers for guest data. Franchised hotels are operated by entities that are separate from Hilton. To determine the entity that operates a franchised hotel, please contact that hotel. In addition to Hilton Domestic Operating Company Inc., those entities also are data controllers for guest data.
HGV operates timeshare and fractional resorts. HGV is a third-party partner whose privacy statement is available at https://www.hiltongrandvacations.com/en/privacy-policy.html.
The chart below summarizes the categories of personal information we have collected in the past 12 months, the sources for those categories of personal information, the business or commercial purposes for which the information was collected, the categories of third parties with whom the information may have been shared, as permitted by law, and whether the information was sold to a third party for a business or commercial purpose within the past 12 months.
We have collected the following categories of personal information in the past 12 months: | We have obtained this personal information from the following sources: | We collected this personal information for the following business or commercial purposes: | We have shared this personal information with the following categories of third parties: | This information was sold to a third party within the past 12 months |
---|---|---|---|---|
|
|
|
|
Yes |
|
|
|
|
Yes |
|
|
|
|
No |
|
|
|
|
No |
|
|
|
|
No |
|
|
|
|
No |
|
|
|
|
Yes |
|
|
|
|
No |
|
|
|
We do not share customers’ preferred language with third parties. | No |
|
|
|
We do not share customers’ room preferences with third parties. | No |
|
|
|
We do not share customers’ room assignments with third parties. | No |
|
|
|
We do not share customers’ arrival times with third parties. | No |
|
|
|
|
Yes |
|
|
|
|
No |
|
|
|
|
Yes |
|
|
|
|
Yes |
|
|
|
|
Yes |
|
|
|
We do not share vehicle information with any third parties. | No |
|
|
|
During the COVID-19 pandemic, we may share CCTV footage from a property with a college or university if that college or university is using rooms at the property for student housing | No |
|
|
|
|
Yes |
|
|
|
|
No |
|
|
|
|
Yes |
|
|
|
|
Yes |
|
|
|
|
No |
|
|
|
|
No |
|
|
|
|
No |
|
|
|
|
No |
|
|
|
|
Yes |
|
|
|
We do not share social media information with any third parties.
|
No |
|
|
|
We do not share demographics data with any third parties. | No |
|
|
|
We do not share your usability preference data with any third parties. | No |
|
|
|
|
No |
|
|
|
We do not share your customer ratings and survey responses with any third parties. | No |
|
|
|
We do not share your feedback with any third parties. | No |
Hilton does not knowingly collect, disclose, or sell personal information of minors under the age of 16.
When you browse a Hilton website, we collect the following categories of personal information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
|
|
|
|
If you are a Hilton Honors member and you log into your account during your browsing session, then we collect the following information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
California and Nevada consumers, if you would like to opt out of the sale of your personal information, please click here. California consumers, please note that if
you choose to opt out of the sale of your personal information through cookies, tags, and pixels, that opt-out will only apply to the device and the browser you are using when you opt out. Due to current technology limitations, if you wish to
opt out of the sale of your personal information through cookies, tags, and pixels on your other devices or other browsers, you will need to opt out again for each of your devices and browsers.
When you make a reservation at a Hilton property, we collect the following categories of personal information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
California and Nevada consumers, if you would like to opt out of the sale of your personal information, please click here. California consumers, please note that if
you choose to opt out of the sale of your personal information through cookies, tags, and pixels, that opt-out will only apply to the device and the browser you are using when you opt out. Due to current technology limitations, if you wish to
opt out of the sale of your personal information through cookies, tags, and pixels on your other devices or other browsers, you will need to opt out again for each of your devices and browsers.
When you enroll in Hilton Honors, we collect the following categories of personal information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
California and Nevada consumers, if you would like to opt out of the sale of your personal information, please click here. California consumers, please note that if
you choose to opt out of the sale of your personal information through cookies, tags, and pixels, that opt-out will only apply to the device and the browser you are using when you opt out. Due to current technology limitations, if you wish to
opt out of the sale of your personal information through cookies, tags, and pixels on your other devices or other browsers, you will need to opt out again for each of your devices and browsers.
When you check in at a Hilton property, we may collect the following categories of personal information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
California and Nevada consumers, if you would like to opt out of the sale of your personal information, please click here. California consumers, please note that if
you choose to opt out of the sale of your personal information through cookies, tags, and pixels, that opt-out will only apply to the device and the browser you are using when you opt out. Due to current technology limitations, if you wish to
opt out of the sale of your personal information through cookies, tags, and pixels on your other devices or other browsers, you will need to opt out again for each of your devices and browsers.
When you check in using e-check in, we collect the following categories of personal information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
California and Nevada consumers, if you would like to opt out of the sale of your personal information, please click here. California consumers, please note that if
you choose to opt out of the sale of your personal information through cookies, tags, and pixels, that opt-out will only apply to the device and the browser you are using when you opt out. Due to current technology limitations, if you wish to
opt out of the sale of your personal information through cookies, tags, and pixels on your other devices or other browsers, you will need to opt out again for each of your devices and browsers.
When you use Digital Key, we collect the following categories of personal information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
|
|
California and Nevada consumers, if you would like to opt out of the sale of your personal information, please click here. California consumers, please note that if
you choose to opt out of the sale of your personal information through cookies, tags, and pixels, that opt-out will only apply to the device and the browser you are using when you opt out. Due to current technology limitations, if you wish to
opt out of the sale of your personal information through cookies, tags, and pixels on your other devices or other browsers, you will need to opt out again for each of your devices and browsers.
When you contact Guest Assistance, we collect the following categories of personal information about you, which are used for the following purposes:
We collect the following categories of personal information… | We collect this information in order to… |
---|---|
|
|
|
|
|
|
|
|
California and Nevada consumers, if you would like to opt out of the sale of your personal information, please click here. California consumers, please note that if
you choose to opt out of the sale of your personal information through cookies, tags, and pixels, that opt-out will only apply to the device and the browser you are using when you opt out. Due to current technology limitations, if you wish to
opt out of the sale of your personal information through cookies, tags, and pixels on your other devices or other browsers, you will need to opt out again for each of your devices and browsers.
We partner with certain third-party service providers to collect information to engage in analytics, auditing, research, and reporting. These third parties may use server logs, web beacons, tags, pixels, and similar technologies, and they
may set and access cookies on your computer or other device.
In particular, we use Yahoo Analytics to help us understand how our customers use our websites. You can read more about how Yahoo uses your Personal Information and opt out of the use of cookies in web browsers by Yahoo Analytics by clicking here. We also use FullStory. The FullStory analytics service uses heat mapping and records mouse movements, clicks,
scrolls, and keystrokes during your use of our site. This information helps us identify and address technical issues and understand usage of our Services, which we use to improve the Services for you. You can opt-out of our use of FullStory here. We also partner with 24/7 which supports our chat platform. 24/7 uses tags on websites to determine and enable predictive chat and allow the chat agent to understand what page the guest is on
so the agent can provide assistance.
We also partner with third parties to provide advertising services that are targeted based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our
advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices. They may collect such information using
server logs, cookies, web beacons, tags, pixels, mobile advertising IDs (such as Facebook cookies or Google’s Advertising ID), cross-device linking, and similar technologies. For example, our advertising partners may use the fact that you visited
our website to target advertising to you on other websites and mobile apps on your current device or on other devices you use. They may match your browsers or devices if you log into the same online service on multiple devices or if your devices
share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on websites or apps on your current browser or device may be combined and used with information
collected from your other browsers or devices. You can opt out of interest-based advertising in web browsers and mobile apps on your current browser or device by following the instructions below.
For more information about interest-based advertising and cross-device linking, please visit the Network Advertising Initiative (“NAI”) website and the
Digital Advertising Alliance (“DAA”) website. We adhere to the DAA’s interest-based advertising principles by providing you enhanced notice, transparency, and control of our digital marketing
practices as stated at http://www.aboutads.info/principles/. You may opt out of interest-based advertising and cross-device linking in web browsers and mobile apps on your current browser or device by following the instructions below.
Please note that the opt-outs described above will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or
mobile advertising identifiers, change browsers (including upgrading certain browsers), or use a different device, any opt-out cookie or tool may no longer work, and you will need to opt out again. We do not respond to Do Not Track signals at
this time.
If you are a Hilton Honors member, you may review and update the information you provided to us at the time of enrollment at any time by signing in to your Hilton Honors profile.
To the extent required by applicable law, you may be able to request that we inform you about the personal information we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that
we update, correct, delete, and/or stop processing your personal information. We will make all required updates and changes within the time specified by applicable law and as required by law. When permitted by law, we may charge an appropriate
fee to cover the costs of responding to the request. Such requests may be submitted by accessing the Data Subject Rights Requests Portal at datarights.hilton.com or in
writing to DataProtectionOffice@hilton.com or Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA.
In addition, in some circumstances based on applicable law, you may request that we cease sharing personal information about you with our business partners or that Hilton cease using personal information about you by contacting us using the
email or mailing address above. We will honor those requests as required by applicable law.
The California Consumer Privacy Act (“CCPA”) affords California consumers (1) the right to know what personal information we collect, use, disclose, and/or sell; (2) the right to request that we delete their personal information;
and (3) the right to request that we no longer sell their personal information.
If you would like information about the personal information that we collect, disclose, and/or sell about you, or if you would like to make a request for us to delete or to stop selling your personal information, please visit our website at datarights.hilton.com or click the “Personal Data Requests” link at the bottom of any Hilton website to submit your request. You also may call our
toll-free telephone number: (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@Hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102, or
complete a paper form available from the front desk at any of our hotels. In addition to these methods, California consumers may request that we no longer sell their personal information by clicking here.
When the DPO receives your request, the DPO will first verify your identity. If you are a Hilton Honors member, the DPO will verify your identify by asking you to provide your name, Hilton Honors account number, and the email address and phone
number associated with your Hilton Honors account. If you are not a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, the confirmation number from one of your stays at a Hilton property, and the email
address associated with that stay. Once the DPO has verified your identity, the DPO will promptly fulfill your request.
If you would like, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent, please submit an order issued by a court, a document submitted by a barred attorney, or a formal certified
document issued by an official governmental agency.
If you would like to opt out of the sale of your personal information to behavioral advertising networks, you may do so by clicking on the banner that appears on any Hilton website when you access that site from an IP address that relates to
California or by visiting our website at datarights.hilton.com or click the “Personal Data Requests” link at the bottom of any Hilton website to submit
your request. Please note that when you opt out of cookies, tags, and pixels, that opt out only pertains to the device and the browser that you are using when you opt out. If you wish to opt out for other devices or browsers, you must opt out
again when you are using those devices or browsers.
California consumers also may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. Such requests must be submitted to us at one of the following
addresses: CA_Privacy@Hilton.com or DataProtectionOffice@Hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102. Within thirty days of receiving such a request, we will provide a list of
the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no
more than once per calendar year. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
The CCPA prohibits a business from treating a consumer differently because the consumer exercised a right conferred on him/her by the CCPA. We welcome you to exercise your rights under the CCPA, and we will not discriminate against you for
doing so.
If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you
have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to CA_Privacy@Hilton.com. Please be aware that such a request does not ensure complete or comprehensive
removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
If you are a Nevada resident, you may request that we stop selling certain categories of personal information that we collect. To submit a request please visit our website at datarights.hilton.com or click the “Personal Data Requests” link at the bottom of any Hilton website to submit your request. You also may call our
toll-free telephone number: (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@Hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102, or
complete a paper form available from the front desk at any of our hotels. When the DPO receives your request, the DPO will first verify your identity. If you are a Hilton Honors member, the DPO will verify your identify by asking you to provide
your name, Hilton Honors account number, and the email address and phone number associated with your Hilton Honors account. If you are not a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, the
confirmation number from one of your stays at a Hilton property, and the email address associated with that stay. Once the DPO has verified your identity, the DPO will promptly fulfill your request.
We take reasonable measures to: (i) protect personal information from unauthorized access, disclosure, alteration, or destruction, and (ii) keep personal information accurate and up-to-date as appropriate.
Hilton employs a robust team of dedicated information security professionals who are responsible for managing Hilton’s security program. This team is responsible for, among many other things, monitoring our systems for potential intrusions,
responding to potential incidents, supporting property-level information security, regularly reviewing and updating the security controls Hilton uses to protect data, and providing training on Hilton’s information security program.
Hilton maintains a payment card industry (“PCI”) compliance program and an Information Technology compliance program. This compliance program generates audit reports concerning the adequacy and effectiveness of Hilton’s Technology
internal controls, including a PCI Attestation of Compliance signed by an external PCI Qualified Security Assessor and a SSAE16/SOC1 report addressing the Technology general controls over systems that support certain accounting and financial
reporting.
We require third parties with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information.
We will never ask you to send us confidential personal information or payment card information via email or text message.
In the event of a security incident, Hilton will notify regulators and/or consumers as required by applicable laws and regulations.
Hilton will disclose personal information as required by law. Examples of such disclosures include when countries require Hilton to collect personal data about visitors to properties in that country, when a law enforcement agency serves a valid subpoena on Hilton, and when a civil litigant serves a lawful discovery request on Hilton. Hilton may elect to share personal information with law enforcement or others as necessary to protect the safety and security of people and property, to pursue available remedies or limit the damages that we may sustain, and to respond to an emergency.
We want to make you aware of the fantastic products we offer! To do so, we may send you communications via email, text message, push notifications, in-app alerts, direct mail, and social media.
If you are a Hilton Honors member, you may change the communications you receive from us by logging on to your online account and managing your subscriptions; by writing to us (and including your email address) at Hilton Data Protection Officer,
7930 Jones Branch Drive, McLean, VA 22102, USA; or by emailing us at DataProtectionOffice@hilton.com.
If you prefer not to receive email marketing materials from us, you may opt-out at any time by using the unsubscribe function in any email you receive from us or by clicking this link: https://secure.hilton.com/en/hhonors/optout/unsubscribe.jhtml?listid=0, by writing to us (and including your email address) at Hilton Data Protection Officer,
7930 Jones Branch Drive, McLean, VA 22102, USA, or by emailing us at DataProtectionOffice@hilton.com. Opt-out requests can take up to ten business days to be effective.
To opt out of text messages, tell the hotel front desk that you do not want to receive text messages from the hotel or reply “STOP” to the message you received.
You may control whether our mobile apps send you push notifications by changing your notification settings on your mobile device. If we engage in sending you in-app messages, we will allow control for those in our apps’ settings.
As a global company, we endeavor to provide you with the same level of service that you have come to expect at Hilton whether you are in San Francisco, London or Tokyo. To provide this service, you acknowledge that we may share your personal information among members of the Hilton Portfolio of Brands, our service providers, and other third parties, which may be located in countries outside of your own. When you stay at a Hilton property outside the United States, the data controller for that property transfers the personal information relating to your reservation to Hilton in the United States pursuant to data transfer agreements when required by applicable laws or regulations. The data controller may also maintain a local copy of your personal information when so required by applicable laws or regulations. Although the data protection laws of various countries may differ from those in your own country, we will take appropriate steps to ensure that your personal information is handled as described in this Statement and in accordance with the law.
We retain personal information about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. When we destroy your personal information, we do so in a way that prevents that information
from being restored or reconstructed.
We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site. You can tell when this Statement was last updated by looking at the date at
the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site. Use of the site, any of our products and services, and/or providing consent to the updated Statement following such
changes constitutes your acceptance of the revised Statement then in effect.
If you have any questions or concerns, please contact us by sending an email to DataProtectionOffice@hilton.com, by sending a letter to Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, or by calling our toll-free
number: (800) 413-7470.
This Statement was most recently updated on August 12, 2020.
For individuals residing in the EEA, this Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to
applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement.
Controller: for more information on the Hilton entities that process your personal information, please click here.
Data Protection Officer: Hilton’s Data Protection Officer may be contacted by email at DataProtectionOffice@Hilton.com, or at the following address:
Attn: Data Protection Officer 7930 Jones Branch Drive McLean, VA 22102 USA
Purposes and Legal Basis for Processing: Hilton processes your personal information for the purposes set forth in Sections 4 (Use of Personal Information Collected About You) and 5 (Personal Information We Share) of the main body of this
Statement.
The legal bases for Hilton’s processing activities include processing such information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests and others, for
our legitimate business interests, and pursuant to your consent.
The particular legal basis for the processing of your personal information is based on the purpose for which such information was provided or collected:
Hilton Honors Participation: We process the personal information obtained in connection with your participation in the Hilton Honors program on the basis of our contractual relationship with you and in furtherance of our business
interests, including to personalize your use of our services and applications, to communicate news and promotional items, and to deliver personalized advertising and content.
Surveys: Completion of surveys is voluntary – we process the information obtained from surveys on the basis of your consent and in furtherance of our business interests, including marketing, service improvements, and analytics.
On-property Collection: When you make a reservation and when you stay at one of our hotel properties, we process your name, address, contact information, along with the details of your stay (arrival and departure day and time, vehicle
information and information regarding others traveling or staying with you), on the basis of our contractual relationship with you. We also process such data for our business interests, including for marketing, service improvements,
administration of our e-Folio program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
We collect certain additional personal information during registration/check-in at our properties (such as national ID or passport information), as necessary to comply with our legal obligations.
We use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and
other technologies) for the protection of our staff, guests and visitors to our properties.
We process personal information in connection with on-property services (such as concierge services, health clubs, spas, activities, child care services, equipment rental, and our Digital Key functionality), in order to provide the services to
you and for our business interests including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
Event Profiles: We process the personal information obtained in connection with your event on the basis of our contractual relationship with you and for our business interests, including for marketing, service improvements, and
analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
Social Media: Participation in Hilton-sponsored social media activities and offerings is voluntary – we process information obtained from social media participation on the basis of your consent and in furtherance of our related business
interests, including for marketing, service improvements, and analytics and service personalization, as described in Section 4 of our Global Privacy Statement (above).
Promotions and Sweepstakes: Participation in sweepstakes, contests and other promotional offerings is voluntary – we process the information obtained from such participation based on your consent and as necessary to administer the
offering. We also use certain data for our business purposes, including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in Section 4 of our Global Privacy
Statement (above).
Direct Marketing: We use your personal information to send you marketing messages on the basis of your consent. You may withdraw your consent for direct marketing communications at any time by contacting us at customer_privacy@Hilton.com or by following the unsubscribe instructions in the marketing message, or by logging in to your Hilton Honors account and updating your communication preferences.
Franchise and Ownership Opportunities: We process this information on the basis of our contractual relationship with you and for our related business interests, including maintaining and promoting the Hilton brand and facilitating
direct communication between properties within the Hilton Portfolio of Brands.
WMBE Suppliers: Participation in Hilton’s Supplier Diversity Program is voluntary – we process this information based on your consent and for our related business interests, including maintaining and enhancing our diversity program.
Retention: We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as
legally required or permitted by applicable law. Our retention policies reflect applicable statute of limitation periods and legal requirements.
Data Subject Rights: Residents of the EEA have the following rights:
Access, Correction and Erasure Requests: You have the right to:
Right to Object to Processing: You have the right to request that Hilton cease processing of your personal information:
Right to Restrict Processing: You have the right to request that Hilton limit the processing of your personal information:
Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format. Please note, however, that data
portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
Submitting Requests: your requests may be submitted by accessing the Data Subject Rights Request Portal or in writing to DataProtectionOffice@hilton.com, or the Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA. You may also update your personal information as provided in Section 12
(Changing and Accessing Your Personal Information) of the main body of this Global Privacy Statement.
We will respond to all such requests within 30 days of our receipt of the request, unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than
30 days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the
requester’s identity. We may charge you a reasonable fee for subsequent copies of data that you request.
If you have concerns about our data practices or the exercise of your rights, you may either contact Hilton at DataProtectionOffice@Hilton.com or the supervisory authority in the Member State
of your residence.
Right to Withdraw Consent: You have the right to withdraw your consent to any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account). You may withdraw your
consent to marketing activities by following the instructions on any marketing emails, or contacting customer_privacy@hilton.com. For any other activities for which you have previously consented,
you may contact DataProtectionOffice@hilton.com to withdraw such consent.
Segmentation (also referred to as profiling) and Automated Decision Making: We use personal information to divide large groups of consumers into sub-groups of consumers (known as segments) based on some type of shared
characteristics such as geography, behavior, or demographics.
With your consent, we make automated decisions, meaning without human interference, using segmentation and/or your specific personal information to offer you certain benefits based on your characteristics (such as discounted room rates or other
special offers based on your geography, behavior, or demographics). For example, if you travel frequently during the week to hotels in France, we may send you special offers for Hilton hotels in France.
International Data Transfers: We may transfer the personal information we collect about you pursuant to the purposes described in this Statement to countries that have not been found by the European Commission to provide adequate
protection. In particular, we transfer your personal information to the United States.
We use appropriate safeguards for the transfer of personal information among our affiliates in various jurisdictions, and where required, we have implemented European Union controller-to-controller standard contractual clauses or other such
safeguards for such purposes. To obtain a copy of theses clauses or additional information on transfers, you may send your request to privacy@hilton.com.