HILTON GRAND VACATIONS INC. GLOBAL PRIVACY STATEMENT

 

Last Updated: May 2018

Effective Date: May 25, 2018

 

This privacy statement (“Statement”) applies to Hilton Grand Vacations Inc. its subsidiaries and all of the resorts within the Hilton Grand Vacations collection of resorts (collectively, “HGV,” “we,” or “us”). At HGV, we strive to deliver outstanding products, services, and experiences around the world. We value your business and, more importantly, your loyalty. We recognize that privacy is an important issue. We have developed this Statement to explain our practices regarding the personal information we collect from you or about you on this site or via our apps, through written or verbal communications with us, when you visit one of our properties, or from other sources. While this Statement broadly describes the practices we have adopted across HGV globally, local laws vary and some jurisdictions may place restrictions on our processing activities (e.g., certain jurisdictions may require an express consent to send marketing messages). Therefore, our practices in such jurisdictions may be more limited than those described herein in order to enable us to comply with local requirements.

 

By using any of our products or services and/or by agreeing to this Statement (e.g. in the context of registering for any of our products or services) you agree to the collection and use of personal information as described in this Statement.

 

Please note that this Statement does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or corporate customers.

 

PERSONAL INFORMATION WE COLLECT

At every touch point or guest interaction, and in conducting every aspect of our business, we may collect personal information. This personal information may include: your contact information; information related to your reservation, stay or visit to a property; participation in a membership or loyalty program; participation in a contest, sweepstakes, or marketing program (even if you do not stay at one of our resorts); information related to the purchase and receipt of products or services; personal characteristics, nationality, income, passport number and date and place of issue; social security or similar national identification number, travel history; payment information, such as your payment card number and other card information, as well as authentication information and other billing and account details associated with mobile billing; guest preferences; marketing and communication preferences; family composition, frequency of travel and other vacation history information, information about vehicles you may bring onto our properties; reviews and opinions about our collection of resorts or properties (if they are identified or associated with you); frequent flyer or travel partner program affiliation and member number; resort, airline and rental car packages booked; groups with which you are associated for stays at resorts; information provided on membership and account applications; and other types of information that you choose to provide to us or that we may obtain from third parties.

 

We may ask for details on joint travelers, including their names and frequent flyer numbers, and the age of the driver of the rental car. We may also collect information related to conversations, including recording or monitoring customer service calls and other communications such as in-app messages and SMS (i.e., text messages).

 

In addition, we collect other personal information in certain cases, such as:

 

  • Hilton Honors/Membership Program Participation: When you enroll in our Hilton Honors, Hilton Grand Vacations Club, Hilton Club programs or other products and services offered via a membership program (“Membership Programs”), you will receive a member number and we will ask you to create a user ID and password. We also collect information to administer the Membership Programs and profiles, including transaction and correspondence details, and to provide you with our Membership Program Apps functionality (where available). The Membership Program Apps allow you to do such things as use your mobile device to check your account, and reserve rooms.
  • Surveys: We may request demographic data or other personal information in customer surveys.
  • On-property Collection: We collect additional personal information during registration/check-in and during stays at our properties, including such information as may be required by local laws. We may also use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies). We may also use closed-circuit television and other technologies that record sound or video for the protection of our staff, guests and visitors to our properties. In addition, we may collect personal information in connection with on-property services, such as concierge services, health clubs, spas, activities, child care services, and equipment rental.
  • Event Profiles: If you plan an event with us, we collect meeting and event specifications, the date of the event, number of guests, details of the guest rooms, and, for corporate events, information on your organization (name, annual budget, and number of sponsored events per year). We also collect information about the guests that are a part of your group or event. If you visit us as part of a group, we may have personal information about you provided to us by the group and may market to you as a result of your stay with a group or attendance at an event. If you visit us as part of an event, we may share personal information about you with the event planners. If you are an event planner we may also share information about your event with third-party service providers who may market event services to you.
  • Online Contact: If you submit an online “pre-application” for a timeshare or if you submit a reservation or information request online, or participate in an online “click-to-chat” type feature, we may ask you to provide your contact information, contact preferences, annual income range, reservation information, marital status and whether you own a home.
  • Timeshare Financing: If you finance the purchase of a timeshare, we may collect loan application and servicing information.
  • Social Media: If you choose to participate in HGV-sponsored social media activities or offerings, we may collect certain information from your social media account consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates and friend list. We may also allow you to enter into contests to provide photos, such as of your stay with us, which you may share with your connections on social media for votes, shared offers or other promotions.
  • Forward-to-a-Friend: From time to time, we may offer a feature that allows you to send an electronic postcard or otherwise share a message with a friend, whether via the Internet, a stand-alone kiosk or mobile device. If you choose to use this feature, we will ask you for the recipient’s name and email address, along with the text of any message you choose to include. By using this feature, you represent that you are entitled to use and provide us with the recipient’s name and email address for this purpose.
  • Employment Applications: If you choose to apply online for employment with HGV, you will be provided access to the Applicant Privacy Notice for review or you can email HGVTalentAdmin@Hgvc.com to request a copy.
  • WMBE Suppliers: If your U.S. company is a Women’s/Minority Business Enterprise interested in participating in HGV’s Supplier Diversity Program, you may be asked to complete the Supplier Diversity Profile Application Form online. If you choose to apply, you will be asked to provide information about your company and its principals, including the principal’s name, address, email address, ethnicity, contact person’s name and email address, company’s tax identification number and legal structure, and evidence of Women’s/Minority Business Enterprise certification.

 

In addition to the information we collect from you directly, we may also infer information about you based on the information you provide to us or from Other Information we collect.

Back to Top

 

PERSONAL INFORMATION WE COLLECT FROM THIRD PARTIES

We may also collect information about you from third parties, including information from our airline, payment card, and other partners; from your social media services consistent with your settings on such services; from credit reporting agencies, from Hilton Worldwide; from data information verification providers, and from other third-party sources. We may append this information to the information we have on file for you and share it with others consistent with this Statement.

Back to Top

 

USE OF PERSONAL INFORMATION COLLECTED ABOUT YOU

We use your personal information in a number of ways, including to provide and personalize the services you request and expect from HGV, to offer you the expected level of hospitality in-room and throughout our properties, conduct direct marketing and sales promotions and as set forth below in more detail:

 

  • Hilton Honors/Membership Programs: If you are member of one of our Membership Programs, we use your information to administer the Membership Programs, to personalize your experience across our services and applications, and in connection with our Membership Program Apps. We also use your information to communicate news, promotional, and transactional materials across different HGV services and to personalize advertising and content delivered to you through online, email, mobile, and display advertising, as well as on our website and applications and through our customer service call center.
  • Service Administration: We use your personal information to administer programs in which you participate, including providing you with access to your account information, and offers for which you are eligible; to fulfill services that are part of such program; to enable direct communication between properties within the HGV collection of resorts; and between the HGV collection of resorts and you; and to facilitate collections.
  • Meeting and Event Planning: We may use your personal information to provide you with information about meeting and event planning.
  • Marketing and Communications: We may use your personal information to provide or offer you newsletters, promotions and featured specials, as well as other marketing messages. We also use your personal information to provide in-stay messaging, account alerts, and reservation confirmations; and to conduct surveys, sweepstakes, prize draws, and other contests. We may provide these communications via email, postal mail, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app messaging, and other means (including on-property messaging, such as your in-room television). We also use user-generated content (such as photos) from social media services to deliver display advertising on our website and apps.
  • Payment Card Marketing: We may also collect information from your payment card, which can be appended to personal information and used by HGV or its business partners to recognize what type of card you have, such as whether or not it is a Hilton co-branded card and/or the bank or network of the card, and present and/or send you targeted marketing messages based on your payment method. We may also partner with third parties to learn whether a visitor to our site has a cash-back offer associated with their payment card and to deliver the visitor advertising and information that explains how to take advantage of that offer through a stay at a resort within the HGV collection of resorts.
  • Service Improvements: We may use your personal information to improve HGV’s services and to ensure that our site, products, and services are of interest to you. We also use your personal information to provide you with the expected level of hospitality in-room and throughout our properties. This may include providing you with the ability to control your in-room technology through our website or apps on your personal devices.
  • eFolio Program: We may automatically enroll you in our eFolio program and use your email address to send you your resort bill via email. It is your responsibility to ensure that we have the correct (and preferred) email address for you. If you make a reservation for another person using your email address, that person’s eFolio will be sent to your email address.
  • Data Correctness, Analytics and Personalization: We may aggregate your personal information with data from third-party sources for purposes of keeping information up to date, for analytics and for appending missing or incorrect information. We also rely on information from third parties in order to provide better, more personalized service. For example, if you connect your social media services or other accounts to our services, we may use this information to make your experiences with us more personal and social, or share and use it as described elsewhere in this Statement.
Back to Top

 

PERSONAL INFORMATION WE SHARE

In order to offer you the expected level of hospitality and to provide you with the best level of service, we may share your personal information among members of the HGV collection of resorts, our service providers, third parties and others as set forth in detail below:

 

  • HGV Collection of Resorts: We may share personal information within the HGV collection of resorts, as well as with owners and operators of resorts that we manage or are affiliated with but do not own, resorts that may individually or jointly use the personal information to provide you with services, personalization, and for the purposes described above. HGV is the party responsible for the management of the jointly used personal information. In addition, when we cease managing a resort that we do not own or end a an affiliation relationship, we may provide the resort’s owner with certain information about past or future guests of that resort.
  • Electronic Billing Program: If you receive an eFolio by email (as discussed above), a summary detailing the goods and services provided to you during your stay will be shared with the payment card provider and, if you participate in a corporate billing program and use a corporate payment card, the payment card provider may share that summary with your employer.
  • Group Events or Meetings: If you visit HGV as part of a group event or meeting, information collected for meeting and event planning may be shared with the organizers of those meetings and events, and, where appropriate, guests who organize or participate in the meeting or event.
  • Business Partners: We may partner with other companies to provide you with products, services, or offers based upon your experiences at our properties and may share your information with our business partners accordingly. For example, we may help to arrange rental cars or other services from our business partners, and share personal information with our business partners in order to provide those services. We may also share your personal information, such as your email address, with our corporate travel partners to help them assess compliance with travel policies or participation in special rate plans or to engage in co-branded marketing with our corporate travel partners. We may also work with third parties, such as our airline, cruise and car rental partners, to allow us and our partners to deliver advertisements to our shared customers. Our partners may be able to provide more relevant offers to you based upon anonymous information that we share about your experiences at our properties. Additionally, we may allow third-party partners to recognize you when you visit that partner’s website or app, or to recognize you as one of their customers when you visit HGV websites or apps so that they may provide more relevant offers to you. We may share your email address with third parties using available security measures that may match it with their own email addresses so that they can send online and email advertisements to you on our behalf.
  • Co-Sponsors of Promotions: We co-sponsor promotions, sweepstakes, prize draws, competitions or contests with other companies, and we provide prizes for sweepstakes and contests sponsored by other companies. If you enter one of these sweepstakes or contests, we may share your information with the co-sponsor or third-party sponsor.
  • On-property Services: We may share personal information with third-party providers of on-property services such as concierge services, spa treatments, golf, or dining experiences.
  • Service Providers: We rely on third parties to provide services and products on our behalf and may share your personal information with them as appropriate. Our service providers are contractually obligated to protect your personal information and may not otherwise use or share your personal information, except as may be required by law. We may use service providers to communicate news and deliver promotional and transactional materials to you, including personalized online and mobile advertising. Please see our Cookies Statement for more information. We may also share information with service providers to allow you to, exchange your HGV timeshare interests for other products and services, create itineraries by selecting sites, activities, and restaurants from lists that we have personalized for you based on your preferences and third-party data.
  • Business Transactions: As we develop our business, we might sell, buy, restructure or reorganize businesses or assets, or cease being the manager of a resort that is currently part of our collection of resorts. In such circumstances, HGV may transfer, sell or assign information collected, including, without limitation, Other Information and personal information, to one or more affiliated or unaffiliated third parties. To the extent that local laws require it, we will provide notice of our intent to transfer personal data to a third party for this purpose, and explain how you can object to such transfer.
  • Telemarketing: If you stay at one of our hotels and are an Hilton Honors or other Membership Program member, we may share your telephone number among the Hilton Grand Vacations Collection of Resorts, for purposes of telemarketing. We may also receive your contact information from Hilton Worldwide, from our other partners or from other sources, which we may use for telemarketing purposes, electronic mail, text message (including SMS and MMS), push notifications, in-app messaging, and other means.
  • Other: In addition, HGV may disclose personal information in order to: (i) comply with applicable laws, (ii) respond to governmental inquiries or requests from public authorities, (iii) comply with valid legal process, (iv) protect the rights, privacy, safety or property of HGV, site visitors, guests, employees or the public, (v) permit us to pursue available remedies or limit the damages that we may sustain, (vi) enforce our websites’ terms and conditions, and (vii) respond to an emergency.
Back to Top

 

OTHER INFORMATION

When you visit and interact with HGV websites and apps, we collect other, non-personally identifying information about your use of the site, such as a catalog of the site pages you visit, and the number of visits to our sites (“Other Information”). We use Other Information, as well as data received from third parties, to deliver you email, online (on our sites and other sites) and mobile advertisements. We may also use Other Information to allow third-party partners to recognize you as an HGV customer when you visit the partner’s website or app, or to recognize you as one of their customers when you visit HGV websites or apps.

 

We use cookies and other technologies to collect this information. At this time, we do not respond to Do Not Track signals or other, similar mechanisms. Please see our Cookies Statement for more information, including how to opt out of interest-based advertising.

 

We may use information we have collected and aggregated, or anonymized personal information received from third parties, to understand more about our users (for example, we may use aggregated information to calculate the percentage of our users who have a particular telephone area code). This includes demographic data, such as date of birth, gender and marital status, inferred commercial interests, such as favorite products or hobbies, and other information we may collect from you or from third parties.

 

Because Other Information does not personally identify you, such information may be disclosed for any purpose. In some instances, we may combine Other Information with personal information. If we do combine any Other Information with personal information, the combined information will be treated by us as personal information in accordance with this Statement.

Back to Top

 

SENSITIVE INFORMATION

The term “sensitive information” refers to information related to your racial or ethnic origin, political opinions, religion or other beliefs, health or sex life, criminal background or trade union membership. We do not generally collect sensitive information unless it is volunteered by you. We may use health data provided by you to serve you better and meet your particular needs.

Back to Top

 

PERSONAL INFORMATION FROM CHILDREN

We do not knowingly collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit personal information without your permission.

Back to Top

 

MOBILE AND LOCATION-BASED SERVICES

We provide mobile apps that can be downloaded to your smartphone or mobile device. These apps have a variety of functionalities that enhance the customer experience. In addition to providing services, our apps may collect personal and Other Information that will be used in accordance with this Statement. We provide a link to this Statement to customers prior to their downloading of any of our apps.

 

If you allow our mobile apps to access your location information on your device, our mobile apps may use your mobile device’s Global Positioning System (GPS) technology and other technology (such as wireless transmitters known as beacons) to provide you with information and offers based on the location of your device. Beacons allow us to collect information about your location within participating resorts by communicating with mobile devices that are in range. We may use this location information to enhance your on-property experience by delivering push notifications and other content to your mobile device, providing navigation assistance as you move around our locations, and sending you information and offers about products, services, or activities we believe may be of interest to you. We may share this information with third parties, including business partners and service providers, to provide information, offers, and services that may be of interest to you. To the extent any location data is combined with personal information, that information will be treated as personal information in accordance with this Statement. You may prevent or limit collection of location information by changing the settings in your device’s settings.

 

For certain properties, we may also make available real-time or virtual “concierge” features, which may be pre-loaded onto a HGV-owned device, or downloadable to your web-enabled mobile device. For example, you may be able to communicate directly with the resort; order services from the resort, such as room service or valet parking; access our websites; access third-party websites, including local attractions and social media; and book a reservation. The resort will access and use your personal information (such as your name, confirmation number, check-in and checkout dates, and room number) in providing these concierge services. If you request SMS (i.e., text message) communications, you will be asked to provide your phone number and carrier. We may also communicate with you by means of third-party digital messaging apps. If we do so, the privacy policies of those services apply.

Back to Top

LINKS TO THIRD-PARTY WEBSITES AND SERVICES

Our site and our mobile applications may contain links to third parties’ websites. Please note that we are not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by such third parties. If you provide information on and use third-party sites, the privacy policy and terms of service on those sites are applicable. We encourage you to read the privacy policies of websites that you visit before submitting personal information.

 

HGV may also partner with a limited number of Internet providers to offer Internet access to our guests. Your use of on-property Internet service is subject to the third-party Internet provider’s terms of use and privacy policy. You can access those terms and policies using the links on the service sign-in page, or by visiting the Internet provider’s website.

Back to Top

 

PROTECTING PERSONAL INFORMATION

HGV will take reasonable measures to: (i) protect personal information from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal information accurate and up-to-date as appropriate. We also seek to require our affiliates and service providers with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information about you. For online transactions, we use reasonable technology to protect the personal information that you transmit to us via our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure.

 

For your own privacy protection, please do not send payment card numbers or any other confidential personal information to us via email.

 

We will not contact you by SMS/text messaging or email to ask for your confidential personal information or payment card details. We will only ask for payment card details by telephone when you are booking a reservation, promotional package or otherwise making a payment toward an HGV product or service you have agreed to purchase. We will not contact you to ask for your Membership Program account log-in information. If you receive this type of request, you should not respond to it. We also ask that you please notify us at privacyhgv@hgvc.com.

Back to Top

 

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

As a global company, we endeavor to provide you with the same level of service that you have come to expect at HGV whether you are in Honolulu, New York or Japan or the UK. To provide this service, you agree that we may share your personal information among members of the HGV collection of resorts, our service providers, and other third parties, which may be located in countries outside of your own. Although the data protection laws of these various countries may differ from those in your own country, we will take appropriate steps to ensure that your personal information is handled as described in this Statement.

Back to Top

 

CHANGING AND ACCESSING YOUR PERSONAL INFORMATION

To the extent required by applicable law, you may be able to request that we inform you about the personal information we maintain about you and, where appropriate, request that we update, correct and/or suppress personal information about you that we maintain in our active database. We will make all required updates and changes within the time specified by applicable law and, where permitted by law, may charge an appropriate fee to cover the costs of responding to the request. Such requests must be submitted in writing to the following address: Hilton Grand Vacations Legal Department, ATTN: Chief Privacy Officer, 5323 Millenia Lakes Blvd. Ste. 400, Orlando, FL 32839, USA or by emailing us at DPOffice@hgv.com. To protect your confidentiality, we can only respond to such requests to the email address that you have registered or otherwise provided to us. Please remember that if you make such a request, we may not be able to provide you with the same quality and variety of services to which you are accustomed.

 

In addition, in some circumstances based on applicable law, you may request that we cease sharing personal information about you with our business partners or that HGV cease using personal information about you on the grounds that such personal information was acquired by unjust means or used in violation of law by sending your written request to Hilton Grand Vacations Legal Department, ATTN: Chief Privacy Officer, 5323 Millenia Lakes Blvd. Ste. 400, Orlando, FL 32839, USA or by emailing us at DPOffice@hgv.com . We will seek to honor those requests consistently with applicable law.

Back to Top

 

RETAINING PERSONAL INFORMATION

We retain personal information about you for the period necessary to fulfill the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law.

Back to Top

 

CHOICES – MARKETING COMMUNICATIONS

We may inform you about our products and services or invite you to events via email, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app alerts, postal mail, our customer service call center, and other means (including on-property messaging, such as your in-room television).

 

You may opt-out of receiving marketing messages from us.

 

If you prefer not to receive email marketing materials from us, you may opt-out at any time by using the unsubscribe function in the email you receive from us. Opt-out requests can take up to ten business days to be effective.

 

To opt out of text messages, reply “STOP” to the message you received.

 

To be added to HGV’s internal do not call list, send a message to privacyhgv@hgvc.com.

 

You may also write to us to us (and including your email address, phone number or other information that you want to be removed from marketing communications) at Hilton Grand Vacations Legal Department, ATTN: Chief Privacy Officer, 5323 Millenia Lakes Blvd. Ste. 400, Orlando, FL 32839, USA or by emailing us at DPOffice@hgv.com.

 

You may control whether our mobile apps send you push notifications by changing your notification settings on your mobile device. If we engage in sending you in-app messages, we will allow control for those in our apps’ settings. For more information about cookies and interest-based advertising and to learn about how to manage these technologies, please see our Cookies Statement.

 

Please note, however, that if you change the communications you receive from us as described above, we will not be able to remove your personal information from the databases of affiliates, or business partners with whom we have already shared your personal information (i.e., to whom we have already provided your personal information as of the date of your opt-out request).

 

Special Notification for California Residents. Individual customers who reside in California and have provided their personal information to HGV may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. Such requests must be submitted to us at one of the following addresses: or Hilton Grand Vacations, Legal Department, ATTN: Chief Privacy Officer, 5323 Millenia Lakes Blvd. Ste. 400, Orlando, FL 32839, USA. Within thirty days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.

 

If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to privacyhgv@hgvc.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

Back to Top

 

STATEMENT MODIFICATIONS

We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site, and if you have registered for any of our products or services we may also inform you through a communications channel that you have provided. You can review when this Statement was last updated by looking at the “Last Updated” date provided at the date at the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site. Use of the site, any of our products and services, and/or providing consent to the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.

Back to Top

 

CONTACT US

If you have any questions about this Statement or how HGV processes your personal information, please contact us by email at privacyhgv@hgvc.com or by postal mail to Hilton Grand Vacations Legal Department, ATTN: Chief Privacy Officer, 5323 Millenia Lakes Blvd. Ste. 400, Orlando, FL 32839, USA.

Back to Top

 

HILTON GRAND VACATIONS PRIVACY STATEMENT REVISIONS

May 25, 2018

 

Updated to provide more detailed information about how we collect, use, share and protect personal information of our guests.

Added Appendix A: “Additional Provisions Applicable to Processing of Personal Information of EEA Residents.” Appendix A includes detailed information provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, commonly referred to as the “General Data Protection Regulation” (GDPR).

 

Issue Date: January, 3, 2017

 

APPENDIX A

 

ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF
PERSONAL INFORMATION OF EEA RESIDENTS

 

1.             Introduction and Scope

For individuals residing in the EEA, this Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement. This Privacy Notice applies to Hilton Grand Vacations, Inc. and its websites (“Website“).

 

2.             Data Controller

The responsible data controller for any personal data collected and processed in connection with the use of the Website is Hilton Grand Vacations Inc. (“HGV“, “we” or “us“). You can contact HGV as follows:

Hilton Grand Vacations Legal Department
Attn: Chief Privacy Officer
5323 Millenia Lakes Boulevard, Suite 400
Orlando, Florida 32839

or by email at privacyhgv@hgvc.com.

 

3.             Contact Details, Representative and Data Protection Officer

 

3.1          If you have any questions etc. about or in connection with this Privacy Notice or would like to complain about our handling of your personal data or exercise any of your rights (see section 9 below), please contact us by using one of the following contact details:

Email: DPOffice@hgv.com
Ordinary mail: Hilton Grand Vacations, Inc.
6355 Metrowest Blvd.
Orlando, FL 32835, USA
ATTN: Data Protection Office

 

3.2          You may contact our data protection office:

Email: DPOffice@hgv.com
Ordinary mail: Hilton Grand Vacations, Inc.
6355 Metrowest Blvd.
Orlando, FL 32835, USA
ATTN: Data Protection Office

 

4.             Data Subjects

This Privacy Notice applies to the collection and processing of personal data of users of the Website residing in the European Economic Area and Switzerland.

 

5.             Categories of Data, Purposes of the Processing and Legal Basis

We process the following personal data we collect from you or from third parties (e.g., public resources or social media services (consistent with your settings on such services)) in connection with the use of the Website as detailed in the following:

 

Purposes of the Processing Categories of Personal Data Legal Basis for the Processing
Administration, operation, maintenance (including maintenance of the Website’s security) and improvement of the Website
  • IP address, operating system, browser type, browser version, browser configuration, name of internet service provider, and other types of computer and connection related information relevant to identifying your type of device, connecting to the Website, enabling data exchange with you and your device, and ensuring a convenient use of the Website;
  • URL and IP address of the Website from which you accessed, or were directed to, our Website, including date and time;
  • Subpages visited while on our Website, links followed on the Website, including date and time; and
  • The full Uniform Resource Locator (URL) click stream to, through and from the Website, including date and time.
Required
for the performance of a contract (Art. 6 (1) (b) GDPR) and legitimate
interests* (Art. 6 (1) (f) GDPR).
Provision of a more personalized experience of the Website by tailoring Website content to your preferences
  • IP address, operating system, browser type, browser version, browser configuration, and other types of computer and connection related information relevant to identifying your type of device, connecting to the Website, enabling data exchange with you and your device, and ensuring a convenient use of the Website;
  • URL and IP address of the Website from which you accessed, or were directed to, our Website, including date and time;
  • Subpages visited while on our Website, links followed on the Website, including date and time;
  • Search terms entered;
  • User profile information (for registered users); and
  • Services/products viewed or searched for on the Website.
Performance of analytics and conducting customer research, including general market research or surveying our customers’ needs and opinions on specific issues, generating traffic patterns, and analyzing advertising effectiveness, both on an anonymous basis (e.g., by aggregating data) or on an individual basis
  • IP address, operating system, browser type, browser version, browser configuration, and other types of computer and connection related information relevant to identifying your type of device, connecting to the Website, enabling data exchange with you and your device, and ensuring a convenient use of the Website;
  • URL and IP address of the Website from which you accessed, or were directed to, our Website, including date and time;
  • Subpages visited while on our Website, links followed on the Website, including date and time;
  • Search terms entered;
  • Services/products viewed or searched for on the Website;
  • Consents, authorizations, etc. granted;
  • User profile information (for registered users); and
  • Survey answers, reviews, ratings and other types of feedback provided.
Legitimate interests* (Art. 6 (1) (f) GDPR) or, depending on the individual activity, consent (Art. 6 (1) (a) GDPR).
Processing and fulfillment of product and service orders placed via the Website
  • Name, title and address;
  • Personal contact information (phone, email, fax, etc.);
  • Login information such as login name and password;
  • User profile information;
  • Service requests and orders placed; and
  • Payment information;
Required for the performance of a contract (Art. 6 (1) (b) GDPR)
Responding to your questions, inquiries and requests provided via the Website
  • Name, title and address;
  • Personal contact information (phone, email, fax, etc.);
  • Service requests and orders placed (if related to the question, inquiry and/or request);
  • User profile information (for registered users);
  • Content of any communication sent through the Website (e.g., by sending questions, inquiries and requests via the Website’s contact form).
Legitimate interests* (Art. 6 (1) (f) GDPR)
Administration of rewards, surveys, sweepstakes, contests, or other promotional activities or events;
  • Name, title and address;
  • Personal contact information (phone, email, fax, etc.);
  • User profile information (for registered users);
  • Any other information that you enter on, or upload to, the website (e.g., content that you fill into an online form, a photo that you upload);
  • Social media information, consistent with your settings within the social media service (such as location, check-ins, activities, interests, photos, status updates and friends list); and
  • Consents, authorizations, etc. granted;
Legitimate interests* (Art. 6 (1) (f) GDPR) or, depending on the individual activity, consent (Art. 6 (1) (a) GDPR).
Communication with you about products and services that may be of interest to you performed through traditional mail, email, and telephone, , , including periodic sending of promotional materials on products, services and promotions of HGV specifically dedicated to you (direct marketing);
  • Name, title and address;
  • Personal contact information (phone, email, fax, etc.);
  • Newsletter subscriptions, enrollment for promotions, use of special offers, etc.
  • Consents, authorizations, etc. granted;
Legitimate interests* (Art. 6 (1) (f) GDPR) or, depending on the individual activity, consent (Art. 6 (1) (a) GDPR).
Compliance with legal obligations, prevention of unlawful uses of the Website, resolving disputes, and enforcement of our agreements;
  • IP address, operating system, browser type, browser version, browser configuration, name of internet service provider, and other types of computer and connection related information relevant to identifying your type of device, connecting to the Website, enabling data exchange with you and your device, and ensuring a convenient use of the Website;
  • Subpages visited while on our Website, links followed on the Website, including date and time;
  • The full Uniform Resource Locator (URL) click stream to, through and from the Website, including date and time; and
  • Name, title and address;
  • Personal contact information (phone, email, fax, etc.);
  • Login information such as login name and password;
  • Service requests and orders placed;
  • Shopping history, including open and completed transactions;
  • User profile information (for registered users);
  • Service requests and orders placed; and
  • Payment information;
Legitimate interests* (Art. 6 (1) (f) GDPR) and compliance with a legal obligation (Art. 6 (1) (c) GDPR).

 

*For data processing activities based solely on legitimate interests (Art. 6 (1) (f) GDPR): Further information on the balancing test performed are available upon request to DPOffice@hgv.com.

 

*For data processing activities based solely on legitimate interests (Art. 6 (1) (f) GDPR): Further information on the balancing test performed are available upon request to DPOffice@hgv.com.

 

5.2          Please note that we may process your personal data for other purposes only if we are obligated to do so on the basis of legal requirements (e.g., transfer to courts or criminal prosecution authorities), if you have consented to the respective processing or if the processing is otherwise lawful under applicable law. If processing for another purpose takes place we will provide you with additional information.

 

5.3          You may choose not to provide certain types of personal data to us, unless the provision of personal data is required for the performance of a contract you conclude with us (e.g., to provide you with products and services you ordered). If you choose to not provide certain types of personal data, our ability to provide you with, and your ability to make use of, the Website or their features and services may be affected.

 

6.             Recipients and Categories of Recipients

 

Any access to your personal data at HGV is restricted to those individuals that have a need to know in order to fulfill their job responsibilities.

 

6.1          HGV will transfer your personal data for the respective purposes to the recipients and categories of recipients listed below, if and to the extent permitted or required by law:

 

Business Partners: We share your personal data with affiliated and unaffiliated business partners as follows:

  • to provide you with products and services you have ordered via the Website (e.g. in order to perform reservations via the Website, to arrange rental cars or other ordered services which are provided by business partners, and to help our business partners assessing compliance with travel policies or participation in special rate plans). Such data transfers are based on Art. 6 (1) (b) and/or (f) GDPR.
  • to allow us and our business partners, such as our airline, cruise and car rental partners, to deliver advertisements to our shared customers. Such data transfers are based on your consent, Art. 6 (1) (a) GDPR.
  • to allow our business partners to recognize you when you visit that partner’s website or app, or to recognize you as one of their customers when you visit HGV websites or apps so that they may provide more relevant offers to you. We may share your email address with such partners using available security measures that may match it with their own email addresses so that they can send online and email advertisements to you on our behalf. Such data transfers are based on legitimate business interests (Art. 6 (1) (f) or your consent, Art. 6 (1) (a) GDPR.

 

6.2          Buyers: As we develop our business, we might sell, buy, restructure or reorganize businesses assets or our Website. In such circumstances, HGV may transfer, sell or assign personal data, to the respective buyers. Such data transfers, depending on the concrete transaction will be based on your consent, Art. 6 (1) (a) GDPR or legitimate business interests, Art. 6 (1) (f) GDPR. To the extent required by applicable law, we will provide further information about the transfer of your personal data in this respect, and explain the rights you have to object such transfer.

 

6.3         Service Providers: We use third party service providers to provide services and products on our behalf and may share your personal data with them as necessary for the provision of the services and products. Our service providers are contractually obligated to process such data on behalf of HGV under appropriate instructions as necessary for the respective processing purposes and to appropriately protect your personal data. Our service providers may not otherwise process or share your personal data, except as permitted by law. We use service providers to communicate news and deliver promotional and transactional materials to you, including personalized online and mobile advertising. Please also see our Cookies Statement for more information.

 

6.4         Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law, in order to: (i) ensure compliance with applicable laws, (ii) respond to governmental inquiries or requests from public authorities, (iii) comply with valid legal process, (iv) protect the rights, privacy, safety or property of HGV, site visitors, guests, employees or the public, (v) permit us to pursue available remedies or limit the damages that we may sustain, (vi) enforce our websites’ terms and conditions, and (vii) respond to an emergency. Such data transfers are based on Art. 6 (1) (c) and/or (f) GDPR.

 

7.             Cross-Border Data Transfer

 

7.1          Some of the recipients of your personal data will be located or may have relevant operations outside of your country and the EU, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist.

 

7.2          The countries which provide an adequate level of data protection from a European data protection law perspective (Art. 45 GDPR) include Andorra, Argentina, Canada (commercial organizations), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, and Uruguay. Recipients in the US may be certified under the EU-U.S. Privacy Shield and thereby recognized as providing an adequate level of data protection from a European data protection law perspective (Art. 45 GDPR).

 

7.3          We may also provide adequate level of data protection by other means. By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC) as referred to in Art. 46 (5) GDPR or other adequate means, which are accessible upon request under the contact details provided in Section 3 above, we have established that all other recipients located outside the EEA will provide an adequate level of protection for the Personal Data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by applicable law.

 

8.             Storage Period

 

Your personal data is stored by HGV and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. For example, personal data contained in contracts, communications, and business letters may be subject to statutory retention requirements, which may require retention of up to 10 years. In addition, if a judicial or disciplinary action is initiated, the personal data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.

 

9.             Your Rights

 

9.1          If you have declared your consent for any personal data processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.

 

Under the conditions set out under applicable law, you have the following rights (which might be limited under the applicable national data protection law):

 

a.          Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed.

 

You have the right to obtain a copy of the personal data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.

 

b.          Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

c.          Right to erasure (right to be forgotten): You have the right to ask us to erase your personal data.

 

d.          Right to restriction of processing: You have the right to request the restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.

 

e.          Right to data portability: You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those personal data to another entity without hindrance from us.

 

f.          Right to object:

 

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any costs.

 

Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

 

9.3          In addition to the rights set out above, you also have the right to lodge a complaint with the competent data protection supervisory authority.

 

10.             Cookies and similar technologies

 

10.1          Cookies. When you use the Website, we will send cookies – small text files containing a string of alphanumeric characters – to your device. We use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits of our website. Your web browser may provide you with some options regarding cookies. Please note that if you delete, or choose not to accept, cookies, you may not be able to utilize the features of the services provided via the Website to their fullest potential. We use third party cookies in connection with the services provided via the Website as well. At this time, we do not respond to Do Not Track signals or other, similar mechanisms.

 

10.2          For detailed information regarding cookies and related data processing activities please refer to our Cookie Statement.

 

11.             Changes to the Privacy Notice

This Privacy Notice may require an update from time to time—e.g. due to the implementation of new technologies or the introduction of new services or features. We reserve the right to change or supplement this Privacy Notice at any time. We will publish the changes in the Privacy Notice in the Hilton Grand Vacations Privacy Statement Revisions section.