For your safety, avoid clicking on links in suspicious emails claiming to be from us or our travel partners. If in doubt, contact us directly. More information.

ALL CURRENCIES

  • BRLBrazilian Real
  • BWPBotswanan Pula
  • CADCanadian Dollar
  • DKKDanish Krone
  • HKDHong Kong Dollar
  • IDRIndonesian Rupiah
  • ILSIsraeli Shekel
  • INRIndian Rupee
  • KHRCambodian Riel
  • KRWKorean Won
  • KWDKuwaiti Dinar
  • LAKLao Kip
  • LKRSri Lankan Rupee
  • LSLLesotho Loti
  • MURMauritian Rupee
  • MXNMexican Peso
  • MYRMalaysian Ringgit
  • MZNMozambican Metical
  • NADNamibian Dollar
  • NZDNew Zealand Dollar
  • OMROmani Rial
  • PHPPhilippine Peso
  • QARQatari Rial
  • SARSaudi Riyal
  • SCRSeychellois Rupee
  • SGDSingapore Dollar
  • SZLSwazi Lilangeni
  • TNDTunisian Dinar
  • TWDNew Taiwan Dollar
  • VNDVietnamese Dong
  • ZARSouth African Rand
  • ZMWZambian Kwacha
Close the pop-up×
Best Rate Guarantee

Found a better rate elsewhere? If so, we are more than happy to match it. And if you find a lower rate within 24 hours of making a booking, we will match that and give you an additional 10% off.

*Terms and conditions apply

See Details
Primary content

Global Privacy Statement

Last Updated: September 2023

We respect your privacy and are committed to protecting your data. This Privacy Statement outlines how we collect, use, disclose, and protect your personal data when you interact with websites, apps and services provided within our portfolio of hotels. Our portfolio includes owned, managed and franchised hotels under the brand names of Anantara, Avani, Elewana, Oaks, NH Hotels, NH Collection, nhow and Tivoli (“Brands”). We encourage you to read this statement carefully to understand our practices regarding your personal information.
The Brands are operated jointly by NH Hotel Group and Minor Hotel Group, so when we mention "we", "us" or "our" in this privacy statement, we are referring to the relevant entity within our group responsible for processing your personal data.

Table of Contents

1. Data controllers
2. Information and consent
3. Scope of this Privacy Statement
4. How we collect your personal data
5. Purposes for which we collect data
6. The data we collect about you
7. Sharing of personal data
8. International transfers
9. Data retention
10. Your rights
11. Direct marketing
12. Contact us
13. Data security
14. Liability
15. Changes to this Privacy Statement

1. Data controllers

The purposes and means of personal data processing set in this Privacy Statement are determined jointly by:

Name: NH Hotel Group, S.A. ("NH HOTELS").

Tax identification number: A-28027944

Address: C/Santa Engracia 120, 7ª, 28003, Madrid, Spain.

Data Protection Officer: you can contact us via the following channels, addressing your message to the attention of Data Protection Officer:
E-mail: dpo@nh-hotels.com
Address: Headquarters of C/Santa Engracia 120, 7ª, 28003, Madrid 
Name: Minor Hotel Group Limited (“MINOR HOTELS").

Tax identification number: 100372000223
Address: 88 The Parq Building, 12th Fl., Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand.

Data Protection Officer: you can contact us via the following channels, addressing your message to the attention of Data Protection Officer:
E-mail: privacy.corporate@minor.com
Address: 88 The Parq Building, 12th Fl., Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand. 

2. Information and consent

By accepting this Privacy Statement, you give your free, informed, specific and unequivocal consent for the processing of personal data provided through this website (hereinafter, the "Website") to be processed by NH HOTELS and MINOR HOTELS, as joint data controllers.

The user must carefully read this Privacy Statement, which has been drafted in a clear and simple manner to facilitate its understanding, freely and voluntarily determining whether the user wishes to provide his/her personal data to NH HOTELS and MINOR HOTELS.

3. Scope of this Privacy Statement 

This Privacy Statement applies to the personal information we collect through:

  • Online services: websites owned or controlled by us, web and mobile applications, social media pages, HTML-formatted email messages, Wi-Fi connectivity and other digital channels; and
  • Offline interactions: when you visit or stay as a guest at one of our properties, attend events and activities hosted by us, reach out to our call center, or through other offline interactions.

Collectively, we refer to the above as our “Services.

In the performance of our obligations, we will comply with all applicable data protection and privacy laws and regulations in the jurisdictions we operate in:

  • California: please refer to the California Consumer Privacy Act Statement.
  • Australia or New Zealand: where our Brands are operated by Oaks Hotels & Resorts Ltd (and their related entities and affiliates): their privacy statement can be found here.

This Privacy Statement does not apply to the personal information that we collect about employees, business partners and other personnel related to their working relationship with us, or the personal information that we collect about applicants and candidates. We may also collect, generate, use and disclose aggregate, anonymous, and other non-identifiable data related to our Services, which is not personal information subject to this Privacy Statement.

4. How we collect your personal data

We use different methods to collect data:
 
Direct interactions: You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide online when you book accommodation, sign up for a newsletter, or participate in a survey, contest or promotional offer. We collect personal data offline when you visit our properties, or use our Services such as restaurants, childcare services and spas.
The data requested in the forms on the Website is mandatory (unless otherwise indicated in the relevant field) to perform services or fulfill your request. If you do not wish to provide required personal information then we unable to fulfill your request, but you can still see the content of the Website.

Automated technologies or interactions: As you interact with our websites, apps or other pages, we will automatically collect technical data about your equipment, browsing actions and patterns. The information we may collect by automated means includes, but is not limited to:

  • Information about the devices you use to access our Websites (IP address, MAC address, device, browser and operating system type);
  • Pages and URLs that refer visitors to our sites, also pages and URLs that visitors exit to once they leave our Websites;
  • Information about your visits (date and time) and actions taken on our Websites(such as page views, site navigation patterns or application activity);
  • A general geographic location (such as country and city) from which a visitor accesses our Websites; and
  • Search terms that visitors use to reach our Websites.

We collect this personal data by using cookies, web beacons and other similar technologies.

Security Systems: When you visit our hotels, information may be collected about you through such properties’ closed-circuit television systems, electronic key cards and other security systems.

Third parties or publicly available sources: We will receive personal data about you from various third parties and public sources including business partners, hotels managed by us, travel agents and aggregators.

5. Purposes for which we collect data

We use personal data to provide you with the Services, to develop new products and services, and to protect safety and security of our guests, team members, and properties.
Personal data provided through the Website will be processed by us for the following purposes:

Booking process: Fulfill and manage booking requests, including any modifications and cancellations, perform basket retrieval, send a reminder of the pending booking or Website searches, send transaction confirmation, mange payment or prepayment, or refer you to loyalty programs that can be used to receive benefits. In addition to the information provided in the reservation form, we will integrate certain data from your guest profile previously managed by NH HOTELS and/or MINOR HOTELS to provide you with a better service in our hotels. The legal basis for this processing activity is the contractual relationship with you.

Sending commercial communications and newsletters: If you have subscribed to our marketing communications, we will send you tailored promotional offers regarding our Services and Brands. If we have your permission we will inform you about Services offered by other entities within our group and business partners, a list of which can be found at https://www.nh-hotels.com/loyalty. You have the option subscribe or unsubscribe at any time via the link included in the email of reaching out to us. The legal basis for this processing activity is your consent.

Check-in online and FAST PASS: Manage check-in online process, personalize our Services, and respond to requests. The legal basis for this processing activity is a contractual relationship.

Best-rate guarantee: Manage claims or requests submitted through the Best Rate Guarantee - Claim Form, including contacting you to resolve the claim or request. The legal basis for this processing activity is your consent.

NH PRO Blog: Manage the publication of your comments on the Website, subscribe and unsubscribe from the blog's newsletter. In the event that this is necessary, to check the content of users' comments and, where appropriate, remove those whose content does not comply with the conditions applicable to this Website at the discretion of the joint controllers. The legal basis for this processing activity is consent.

Electronic gift cards: Manage purchase and redemption of electronic gift cards, including communication between the parties and payment processing. The legal basis for this processing activity is a contractual relationship with you.

User-generated content (UGC) on social media platforms: Display UGC on our Websites for promotional purposes. The legal basis for this processing activity is your consent.

Social platforms log-in: If you register or sign in with your Facebook, Apple ID, Google or other third-party accounts to our Websites, you give such third-party service providers permission to share your personal information from those accounts (such as your registration and profile information). This information varies and is controlled by third-party service providers or as authorised by you via your privacy settings. The legal basis for this processing activity is your consent.

6. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“Aggregate Data”).
We may collect, use, store and transfer different kinds of personal data about you which we have arranged according to the different purposes as follows:
  • Contact information (email address, mailing address, country and phone number);
  • Payment information (card number, billing address and bank account information);
  • Demographic data (gender, age and preferred language);
  • Information related to your reservation, stay or visit to a property (including the property where you have stayed or outlet you have visited, date of arrival and departure, and goods and services purchased, interests and preferences);
  • Information necessary to fulfil your special requests and/or specific accommodations;
  • Health and dietary information (food preferences, allergies and any other health information you share with us);
  • Employment information (such as company name, job title and work contact information) to respond to requests for proposals or honor contractual arrangements;
  • Copies of your correspondence if you contact us;
  • Feedback and survey responses;
  • Information collected through the use of closed-circuit television systems, keycards and other security systems;
  • Information related to your use and interaction with our website and network; and
  • Information as requested by government authorities to fulfill our legal obligations.
We do not collect the following special categories of personal data about you: race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic, biometric data, and criminal convictions and offenses.

7. Sharing of personal data

Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share personal data with the following parties:

  • Our Hotels: We disclose personal data to other companies within the MINOR HOTELS and NH HOTELS for the purposes described in this Privacy Statement, such as providing Services and personalizing our communication with you. We share your personal data with hotels where you will stay to fulfil and complete your reservation. The companies indicated in the list are owners and franchisees of the Brands.
  • Strategic business partners: We disclose personal data and other data to business partners who provide goods, services and offers that enhance your experience at our properties. By sharing data, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services.
  • Service providers: We disclose personal data to third-party service providers for the purposes described in this privacy statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery and marketing,
  • Public administrations and police bodies: We disclose personal data to public administrations and police under requirement, in order to comply with obligations under the regulations, and to cooperate with these entities in the performance of their duties.

We require all third parties to protect your personal data and to process it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International transfers

As a global hospitality company, we may transfer your personal data across multiple jurisdictions. Insofar as it is necessary for the purposes, your personal data may be transferred to the following locations:

  • Countries where our corporate offices are located;
  • Countries in which we manage and operate hotels, residences, and/or sales offices; and
  • Countries where our third-party service providers, advisors and consultants are located, which changes from time to time.

A list of the above countries is located here.

Where personal data is transferred to a country with a lower level of data protection as compared to the country in which the information was collected, we take all reasonable steps to ensure that your information is protected in line with the applicable legal requirements. Whenever we transfer your personal data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We enter into a specific contract with third parties which enable the enforcement of the data subject’s rights, according to the applicable regulations.
  • We use your consent to transfer data if the applicable law requires it.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

9. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In order to determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the relevant country.

We determine the retention period based on the following considerations:
  • If personal data was collected for the purpose of contract performance, it will be stored for the entire duration of the contractual relationship, and once it has ended until the statute of limitations expire.
  • If personal data was collected for the purpose of compliance with legal obligations, it will be stored until the obligation is fulfilled.
  • If personal data was collected for the purpose of legitimate interest, it will be stored until the end of this interest.
  • If personal data was collected with your consent, it will be stored until consent is withdrawn. You can withdraw your consent at any time through the link provided in the communications.
Details of retention periods for different aspects of your personal data are available in our Retention Statement which you can request from us by contacting us.

10. Your rights

You can exercise your data rights under data protection laws by contacting us:

  • Request access to your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing your personal data
  • Request portability of your personal data
  • Right to withdraw consent. Please note that you can withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Under certain circumstances where applicable law permits, you also have the right to lodge a complaint with a competent data protection supervisory authority.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances, and we will indicate the reason for refusal.

Time limit to respond

We try to respond to all legitimate requests within one month, or within the timeframe as specified by the applicable data protection legislation. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11. Direct marketing

With your consent, we may send you direct marketing communications regarding our Brands and Services. If you have opted in to receive marketing communications, we may contact you by electronic messages (email, SMS, or website), by mail or other means that you share with us. You have the right to withdraw consent at any time by contacting us using the details provided in the Contact Us section or clicking unsubscribe link in our marketing messages.

Please note that if you choose to opt out of marketing emails, we will continue to send you transactional messages, such as information about your reservations or stays, including confirmation and pre-arrival emails, or account security updates.

12. Contact us

If you wish to exercise any of the rights set out above, please contact us.

Asia, Africa and Middle East
Email: privacy.corporate@minor.com; or
Post: 88 The Parq Building, 12th Fl. Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand

Europe and America
Email: dpo@nh-hotels.com; or
Post: Calle Santa Engracia 120, 7ª, 28003, Madrid

Australia
Email: Privacy.corporate@minorhotels.com.au; or
Post: PO Box 473, Cotton Tree, QLD 4558, Australia

13. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.

14. Liability

This Website is not intended for children, and we do not knowingly collect data relating to children.

You guarantee that you have informed any third parties whose data you are providing, if you have done so, of the points covered in this privacy statement. In addition, you guarantee that their authorization has been obtained to provide their data to us for the indicated purposes.

You will be liable for any false or inaccurate information provided, and for direct or indirect damage caused to us or to third parties.

15. Changes to this Privacy Statement

We keep our privacy statement under regular review. At the top of this page, you will see the date on which the privacy statement was last revised, and it is also the date from which any changes will become effective. Your use of the Services following these changes means that you accept the revised privacy statement. If you would like to review the version of the privacy statement that was effective immediately prior to this revision, please contact us at privacy.corporate@minor.com.

It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.