Privacy Policy

1 PRIVACY NOTICE

In a digital world were data flows at the speed of light and data storage and process made simpler and faster, protect the privacy of individuals is essential for the future of any businesses and to advance to a true digital economy. This Privacy Notice demonstrates our full commitment to the right of individuals to privacy and data protection and summarizes how we treat information that may be used to directly or indirectly identify an individual (“Personal Data”).

1.1 The Muthu Hotels MGM commitment to protecting privacy
As we consider you an important customer, our first priority is to offer you exceptional times and stays throughout our properties. Your complete satisfaction and confidence in Muthu Hotels MGM are absolutely essential to us. As part of our commitment to meeting your expectations, we have set up a customer privacy protection policy.

This Notice formalizes our commitments to you and describes how Muthu Hotels MGM uses your personal data within the data privacy principles.

1.2 Consent
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. e-mail) as a natural person. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.

Although, when necessary we’ll ask for your consent, this Privacy Notice forms part of the terms and conditions that govern our hospitality services. By accepting these terms and conditions, you expressly accept the provisions of this Notice.

1.3 Muthu Hotels MGM data privacy principles
The principles below are applicable within the Muthu Hotels MGM.

1.3.a Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.

1.3.b Legitimacy: We will collect and process your personal data only for the purposes described in this Notice.

1.3.c Proportionality and accuracy: We will only collect personal data that is necessary within the data processing purpose. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.

1.3.d Retention limitation: We will hold your personal data only for the period necessary for processing the same in compliance with the provisions of the law.

1.3.e Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. The details of the department to contact in this respect are shown below (§13) in the clause “Access and modification”.

1.3.f Confidentiality and security: We will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.

1.3.g Sharing and international transfer: We may share your personal data within the Muthu Hotels MGM or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Notice. We will take appropriate measures to guarantee security when sharing or transferring such data.

1.3.h No data sell: Muthu Hotels MGM will not sell your personal data.

For any questions concerning Muthu Hotels MGM Data Protection, please contact the our Data Privacy department whose details appear in the clause “Access and modification”.

1.4 Scope of application
This Privacy Notice applies to:

1.4.a All data processing implemented in our subsidiary and managed hotels, i.e. those operating under an Muthu Hotels MGM brand name listed here. This list is regularly updated.

“MGM MUTHU HOTELS” AND ITS COMMERCIAL SUBSIDIARIES

MGM MUTHU HOTELS

• Leisure Dimensions Limited & Subsidiaries,
• OPH – Management Company Unipessoal LTD,
• OVBC Management Co. Uni. LTD,
• Polvilha Sucesso Uni.Ltd.,
• Raga Hotel SA,
• Cascata de Sonhos Uni.,
• Valmangude Explorações Hoteleiras SA,
• Woodbourne European Investments SA,
• Welcome Dialogue Uni.,
• HRI Ltd
• Bright Ventures Limited (BBH),
• Westcliff Ventures Limited (WCH),
• Verinica Ventures Limited (CPH),
• Newton Hotel Management Limited,
• Highland Coaches Limited (4 Hotels and Coaches),
• Oban Queens Management Limited,
• Oban Queens Management Limited,
• Damally Management Limited (Royal Thurso),
• Fort West End Hotel Management Company Limited
• Glasgow Erskine Bridge Hotel Management Company Limited

1.4.b All Muthu Hotels MGM reservation websites, including www.muthuhotels.com but also brand sites (www.mgmhotelresort.com, www.leisuredimensions.com, www.muthuhighlandheritage.co.uk)

Although our customer privacy protection policies cannot be imposed on our franchised hotels, Muthu Hotels MGM will do its utmost to promote the privacy principles set out in this Notice so that our franchises comply with the applicable laws in relation to the processing of your personal data.

1.5 What personal data do we collect
At various times, we will be obliged to ask you, as an Muthu Hotels MGM customer, for information about you and/or members of your family, such as:

1.5.a Contact details (for example, last name, first name, telephone number, email).

1.5.b Personal information (for example, date of birth, nationality).

1.5.c Information relating to your children (for example, first name, date of birth, age).

1.5.d Your credit card number (for transaction and reservation purposes).

1.5.e Your membership number for the Muthu Hotels MGM loyalty program (Vacation Club, Infiniti, Atlas, Muthu Highland Heritage Coach Tours) or another partner program (RCI, the airline loyalty program)

1.5.f Your arrival and departure dates.

1.5.g Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests).

1.5.h Your questions/comments, during or following a stay in one of our establishments.

Please note that information collected in relation to persons under 13 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult, so it is important that you could ensure that your children do not send us any personal data without your consent (particularly via the Internet). If such data is sent, you can contact the Data Privacy department, details appear in the clause “Access and modification”, to arrange for this information to be deleted.

We do not deliberately collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health or sexual orientation.

Moreover, depending on applicable local laws, other information could be considered sensitive, such as your credit card number, your leisure activities, personal activities and hobbies, and whether or not you are a smoker. We may be obliged to collect such information in order to meet your requirements or provide you with an appropriate service, such as a specific diet.

In this case, depending on the laws in force in certain countries, your prior consent may be required with regard to the collection of sensitive information.

1.6 When is your personal data collected?
Personal data collection can occur on a variety of occasions, including:

1.6.A Hotel activities

• Booking a room
• Checking-in and paying
• Eating/drinking at the hotel bar or restaurant during a stay
• Requests, complaints and/or disputes

1.6.B Participation in marketing programs or events

• Signing up for loyalty programs
• Participation in customer surveys (for example, the Guest Satisfaction Survey)
• Subscription to newsletters, in order to receive offers and promotions via email

1.6.C Transmission of information from third parties

Tour operators, travel agencies, GDS reservation systems, and others

1.6.D Internet activities

Connection to Muthu Hotels MGM websites (IP address, cookies)

Online forms (online reservation, questionnaires, Muthu Hotels MGM pages on social networks, network login devices such as Facebook login, etc.)

1.7 Purpose of personal data collection
We collect your personal data for the purposes of:

1.7.A Legal obligations

• Some countries require by law the collection of personal data and send it to the authorities (i.e. passport our identification details)
• Storing accounting documents

1.7.B Meeting our obligations to our customers

1.7.C Managing the reservation of rooms and accommodation requests:

• Creation and storage of legal documents in compliance with accounting standards

1.7.D Managing your stay at the hotel:

• Managing access to rooms
• Internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents)

1.7.E Improving our hotel service, especially:

• Processing your personal data in our customer marketing program (eShots, Newsletters) in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes
• Adapting our products and services to better meet your requirements
• Customizing commercial offers and the promotional messages we send to you
• Informing you of special offers and any new services created by Muthu Hotels MGM or one of its subsidiaries

1.7.F Managing our relationship with customers before, during and after your stay:

• Managing the loyalty program.
• Providing details for the customer database.
• Segmentation operations based on reservation history and customer travel preferences with a view to sending targeted communications.
• Predicting and anticipating future behaviors, developing statistics and commercial scores, and carrying out reporting.
• Providing context data for the offer push tool when a customer visits a Muthu Hotels MGM website or makes a reservation.
• Knowing and managing the preferences of new or repeat customers.
• Sending you newsletters, promotions and tourist, hotel or service offers, or offers from Muthu Hotels MGM partners or contacting you by telephone.
• Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys or taking into account the right to object
• Using a dedicated telephone service to search for persons staying in Muthu Hotels MGM hotels in the event of serious events affecting the hotel in question (natural disasters, terrorist attacks etc.).

1.7.G Use a trusted third party to cross-check, analyze and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your customer profile, and to allow us to send you personalized offers.

1.7.H Improving Muthu Hotels MGM services, especially:

• Carrying out surveys and analyses of questionnaires and customer comments and managing claims or complaints.
• Offering you the benefits of our loyalty program.

1.7.I Securing and enhancing your use of Muthu Hotels MGM websites, especially:

• Improving navigation and user interaction experience.
• Implementing security and fraud prevention.

1.8 Conditions of third-party access to your personal data

Muthu Hotels MGM makes an effort to provide you with the same services throughout the world. Thus, to guarantee you the right of access and amendment (“Access and modification” clause), we have to share your personal data with internal and external recipients subject to the following conditions:

1.8.A Within the Muthu Hotels MGM, in order to offer you the best service, we can share your personal data and give access to authorized personnel from the Group, including:

• Hotel staff, reservation staff using Muthu Hotels MGM reservation tools, IT departments.
• Commercial partners ( examples: RCI Europe Limited HUTCHINSONS & Associates Trustees Ltd. HMC Funding – Business Brookers Limited Honeycomb Finance Ltd; MONDI-HOLIDAY GmbH & Co. KG GeoHoliday, PRAXIS, Visacar, Best4U, Official Taxi Tenerife, Taxis Almeria) and marketing services.
• Medical services and or legal services if applicable.
• Generally, any appropriate person within Muthu Hotels MGM entities for certain specific categories of personal data.

1.8.B With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:

• External service providers: IT sub-contractors, international call centers, banks, credit card issuers, external lawyers, dispatchers, printers.
• Commercial partners: Muthu Hotels MGM may, unless you specify otherwise to the Data Privacy department, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyze and apply certain devices to your data. This data processing will allow Muthu Hotels MGM and its privileged contractual partners to determine your interests and your customer profile and will allow us to send you personalized offers.
• Social networking sites: In order to allow you to be identified on the website without the need to fill out a registration form, Muthu Hotels MGM has put the Facebook login system in place. If you log in using the Facebook login system, you explicitly authorize Muthu Hotels MGM to access and store the public data on your Facebook account, as well as the other data mentioned during use of the Facebook login system. Muthu Hotels MGM may also communicate your email address to Facebook in order to identify whether you are already a Facebook user, in order to post personalized and relevant ads on your Facebook account if appropriate.
• Local authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.

1.9 Protection of your personal data during international transfers

For the purposes set out in this Notice, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection.

Consequently, in addition to implementation of this Notice Muthu Hotels MGM employs appropriate measures to ensure secure transfer of your personal data to an Muthu Hotels MGM entity or to an external recipient located in a country offering a different level of privacy from that proposed in the country where the personal data is collected.

As part of these activities, your data may be sent, in particular as part of the reservation process, to Muthu Hotels MGM hotels located outside of the European Union, in particular in the following countries: India, Singapore.

Other than those that are required to carry out your reservation, dataflows to countries having different levels of personal data protection are regulated by standard contractual manager-to-subcontractor clauses defined by the European Commission. Dataflows to the United States are made to entities that belong to Safe Harbor.

1.10 Data security
Muthu Hotels MGM takes appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.), also when you submit credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction.

1.11 Storage of data

We retain your personal data only for the period necessary for the purposes set out in this Notice or in accordance with the provisions of applicable law.

1.12 Access and modification
You have the right to access your personal data collected by Muthu Hotels MGM and to modify it subject to applicable legal provisions. You may also exercise your right to object by writing to the address below.

In the event of difficulty exercising your rights, please contact the Data Privacy department for the Muthu Hotels MGM directly by sending an email to privacy@muthuhotels.com or by writing to the address below:

Muthu Hotels MGM

Oura View Beach Club

Rua Ramalho Ortigão

8200 – 604

Albufeira, Portugal

For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to provide some personal data, along with your request.

If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the Data Privacy department as indicated above.

All requests will receive a response as swiftly as possible and in accordance with applicable law.

You may also exercise your rights in respect of your personal data that is stored and processed by a hotel following a stay. To do this, you must contact the hotel directly.

1.13 Updates
We may modify this Notice from time to time, we recommend that you consult it regularly, particularly when making a reservation at one of our hotels.

1.14 Questions and contacts
For any questions concerning the Muthu Hotels MGM personal data protection policy, please contact the Data Privacy department stated on the “Access and modification” clause.

* Definition of Vacation Club includes Club Infiniti, Club Infiniti Fractional, Club Atlas, Club Navigator, Club Genesis, Club Infiniti Investigate, Club Infiniti Investigate-Exit, Infiniti Experiences, Infiniti Impressions, MGM Holiday Club and Smart Vacations.

The “Vacation Club” is part of the Group of Companies of the Muthu Hotels MGM Group.

COOKIE POLICY

As many other websites Muthu Hotels MGM uses cookies or other tracers on its online sites. These tracers may be installed on your device depending on the preferences that you expressed or may express at any time in accordance with this policy.

A. Why do we have a cookies policy?

With a view to provide information and ensure transparency, Muthu Hotels MGM established this policy so that you can learn more about:

• The origin and purpose of the information processed when you browse Muthu Hotels MGM Websites
• Your rights with regard to cookies and other tracers used by Muthu Hotels MGM

B. What is a cookie?

Cookies and other similar tracers are packets of data used by servers to send status information to a user’s browser and return status information to the original server through this same browser.

The status information can be a session identifier, a language, an expiration date, a response field or other types of information.

During their validity period, cookies are used to store status information when a browser accesses various pages of a website or when the browser returns to this website at a later point.

There are different types of cookies:

• Session cookies, which are deleted as soon as you exit the browser or leave the website.
• Persistent cookies, which remain on your device until their expiration or until you delete them using the features of your browser.

C. Why use cookies?

We use cookies and other tracers primarily for the following purposes:

Cookies strictly necessary for browsing the Muthu Hotels MGM Websites and the ability to use all of their features, and intended in particular to:

• · Manage authentication of website visitors and the associated security measures, and ensure proper functioning of the authentication module.
• Optimize the user experience and facilitate browsing, in particular determining “technical routes” for browsing
• Store information regarding the “cookies” information banner seen by website visitors who then continue to browse the website after agreeing to accept cookies on their device
• Implement security measures (for example, when you are asked to log in again after a certain period of time, or to ensure basic operation of Muthu Hotels MGM Websites and use of their major technical features, such as monitoring of performance and browsing errors, management of user sessions, etc.)

Cookies for features intended in particular to:

• Adapt Muthu Hotels MGM Websites to the display preferences of your device (language, currency, display resolution, operating system used, configuration and settings of the display of web pages based on the device you are using and its location, etc.).
• Store specific information that you enter on Muthu Hotels MGM Websites in order to facilitate and customize your subsequent visits (including displaying the visitor’s first and last names if the visitor has a user account).
• Allow you to access your personal pages more quickly by storing the login details or information that you previously entered

Cookies for visitor tracking are aimed at improving the comfort of users by helping us understand your interactions with Muthu Hotels MGM Websites (most visited pages, applications used, etc.); these cookies may collect statistics or test different ways of displaying information in order to improve the relevance and usability of our services.

Advertising cookies are intended to (i) offer you, in advertising spaces, relevant, targeted content that may be of interest to you (best offers, other destinations, etc.) based on your interests, browsing behavior, preferences, and other factors, and (ii) reduce the number of times that the advertisements appear.

Affiliate cookies identify the third-party website that redirected a visitor to Muthu Hotels MGM Websites.

Social network cookies, set by third parties, allow you to share your opinion about and content from Muthu Hotels MGM Websites on social networks (for example, the “Share” or “Like” application buttons for social networks).

The social network applications on Muthu Hotels MGM Websites as mentioned above can in some cases allow the social networks concerned to identify you even if you did not click on the application button. This type of button can allow a social network to track your browsing on Muthu Hotels MGM Websites, simply because your account in the social network concerned is enabled on your device (open session) while you are browsing.

We recommend that you read the policies of these social networks to familiarize yourself with how they use the browsing information they may collect, especially with regard to advertising. These policies must specifically allow you to make choices on these social networks, particularly by configuring your user accounts for each of them.

D. Cookie Consent

The installation of certain cookies is subject to your consent. Also, when you first visit the Muthu Hotels MGM Websites, you are asked whether you agree to the installation of this type of cookie, which is only activated after your acceptance.

This process is supported by means of an information banner on the home page of the Muthu Hotels MGM Websites, which informs you that by continuing to browse, you are agreeing to the installation of cookies that require consent on your device.

You can change your mind at any time using the various methods described in section “Deleting and/or blocking cookies”.

E. Deleting and/or blocking cookies

You have several options for deleting cookies and other tracers.

E.1 Browser settings

Although most browsers are set by default to accept cookies, you can, if you desire, choose to accept all cookies, always block cookies, or choose which cookies to accept based on their senders.

You can also set your browser to accept or block cookies on a case-by-case basis before they are installed. Your browser also allows you to regularly delete cookies from your device. Remember to configure all the browsers in your different devices (tablets, smartphones, computers, etc.).

Regarding management of cookies and your preferences, configuration varies for each browser. This is described in the Help menu of your browser, as well as how to edit your preferences with regard to cookies. For example:

• For Internet Explorer: http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies
• For Safari: http://www.apple.com/legal/privacy/en-ww/cookies
• For Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• For Opera: http://help.opera.com/Windows/10.20/en/cookies.html
• For Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
• Saving a cookie to your device depends on your wishes, which you can exercise and change at any time and free of charge using the settings offered by your browser software. If your browser is set to accept cookies on your device, the cookies embedded in the pages and content that you view may be temporarily stored in a dedicated space on your device. They can only be read by their issuer. However, you can set your browser to block cookies. Keep in mind that if you set your browser to block cookies, some features, pages and spaces on MGM Muthu Hotels Websites will not be accessible, and we cannot be held responsible in this case.

E.2 Specialized advertising platforms

Several professional advertising platforms also give you the option to accept or block cookies used by companies that are members. These centralized mechanisms do not block the display of ads; they simply prevent the installation of cookies that tailor ads to your interests.

For example, you can visit the website http://www.youronlinechoices.com to prohibit the installation of these cookies on your device. This website is offered by digital advertising professionals brought together within the European Digital Advertising Alliance (EDAA) and managed in France by Interactive Advertising Bureau France.