HILTON GLOBAL PRIVACY STATEMENT
Last updated: November 24, 2025
INTRODUCTION
Hilton’s mission is to be the most hospitable company in the world. We’re passionate about delivering exceptional guest experiences, and we look forward to welcoming you to our hotels so we can share the light and warmth of hospitality with you.
We pledge to deliver the highest level of customer service, which includes respecting your privacy and protecting your personal information. In this privacy statement (“Statement”), we provide you with details about how we collect, use, and disclose your personal information.
This Statement applies to Hilton Worldwide Holdings Inc., its subsidiaries, and all of the hotels within the Hilton Portfolio of Brands (collectively, "Hilton," "we," or "us"). Our Portfolio of Brands includes Waldorf Astoria Hotels & Resorts, LXR Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Signia by Hilton, Hilton Hotels & Resorts, Curio Collection by Hilton, DoubleTree by Hilton, Tapestry Collection by Hilton, Embassy Suites by Hilton, Tempo by Hilton, Motto by Hilton, Hilton Garden Inn, Hampton by Hilton, Tru by Hilton, Spark by Hilton, Homewood Suites by Hilton, Home2 Suites by Hilton, and LivSmart Studios by Hilton, Graduate by Hilton, NoMad, and Outset Collection by Hilton.
By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal information as described in this Statement.
Please note that this Statement does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or certain corporate customers.
Hilton Domestic Operating Company Inc., a corporation in the United States duly organized and existing under the laws of the State of Delaware, is the Hilton entity that is the data controller for all guest data and operates, among other things, Hilton’s marketing activities. Hilton Domestic Operating Company Inc. is a subsidiary of Hilton Worldwide Holdings Inc.
The Hilton Portfolio of Brands includes managed, franchised, and joint venture hotels. Franchised hotels are operated by entities that are separate from Hilton. Joint venture hotels are operated by entities that are partially owned and/or controlled by Hilton. In addition to Hilton Domestic Operating Company Inc., those entities may be independent data controllers for guest data.
COLLECTION OF PERSONAL INFORMATION – GENERALLY
The following summarizes the categories of personal information we have collected in the past 12 months, the sources for those categories of personal information, the business or commercial purposes for which the information was collected, the categories of third parties with whom the information may have been shared, as permitted by law, and whether the information was sold to a third party for a business or commercial purpose within the past 12 months. Certain categories of personal information collected are required in order for us to provide you with the requested products or services, and if you choose not to provide us with such information, we may not be able to provide you with these products or services. If consent is required, we will obtain your consent before selling or sharing your personal information.
COLLECTION OF PERSONAL INFORMATION – NOTICE AT POINT OF COLLECTION
Browsing Hilton Websites
When you browse a Hilton website, we collect the following categories of personal information about you, which are used for the following purposes:
If you are a Hilton Honors member and you log into your account during your browsing session, then we collect the following information about you, which is used for the following purposes:
Making a Reservation
When you make a reservation at a Hilton property, we collect the following categories of personal information about you, which are used for the following purposes:
Enrolling in Hilton Honors
When you enroll in Hilton Honors, we collect the following categories of personal information about you, which are used for the following purposes:
Checking in at a Hilton Property
When you check in at a Hilton property, we may collect the following categories of personal information about you, which are used for the following purposes:
E-Check In
When you check in using e-check-in, we collect the following categories of personal information about you, which are used for the following purposes:
Digital Key
When you use Digital Key, we collect the following categories of personal information about you, which are used for the following purposes:
Guest Assistance
When you contact Guest Assistance, we collect the following categories of personal information about you, which are used for the following purposes:
Minors
Hilton does not knowingly collect, disclose, or sell personal information of individuals under the age of majority in their respective jurisdiction without permission from a minor’s parent or guardian. When searching for hotel reservations on a Hilton website or on the Hilton Honors app, you may be asked to provide the ages of any minor guests staying in the room. Hilton collects this information for the purpose of determining room rates where applicable, such as at an “all-inclusive” property.
Closed Circuit Television (CCTV)
We use closed circuit television (CCTV) and other security measures at our properties that may capture or record images of guests and visitors in public areas, such as hallways and lobbies. We do not use CCTV and other security measures in areas where guests and visitors have a reasonable expectation of privacy, such as locker rooms and bathrooms. We retain CCTV footage on property and in the cloud for 30 days unless we are required to maintain footage for a longer period, such as if the footage is subject to a legal proceeding or investigation. We protect CCTV footage in accordance with our information security policies. You may be able to request access to CCTV footage within the time specified by applicable law and as required by law.
Franchised hotels are operated by entities that are separate from Hilton. To request access to CCTV images from a franchised hotel, please contact that hotel. In addition to Hilton Domestic Operating Company Inc., those entities also are independent data controllers of CCTV images. When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Such requests may be submitted by accessing the Data Subject Rights Requests Portal at datarights.hilton.com or in writing to DataProtectionOffice@hilton.com or Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA.
RESERVATIONS WITH HILTON PARTNER ACCOMMODATIONS
When making a reservation with AutoCamp or Small Luxury Hotels of the World (SLH) through a Hilton channel, Hilton will provide AutoCamp or SLH with certain guest information for the exclusive purpose of fulfilling the reservation and providing customer support, as identified in this Statement. Hilton channels include Hilton’s website, the Hilton Honors application, or Mini Programs. The guest information will be processed and retained in accordance with AutoCamp’s or SLH’s privacy policies and as permitted by applicable law. You can access AutoCamp's privacy policy here. You can access SLH's privacy policy here.
RESERVATIONS WITH HILTON'S THIRD-PARTY PARTNER
When making a reservation with Hilton Grand Vacations (HGV) through a Hilton channel, Hilton will provide the information you provided for your booking to HGV to fulfill your reservation. Hilton channels include Hilton’s website, the Hilton Honors application, and the Hilton Honors Mini Programs. HGV may also process your personal information in accordance with HGV’s privacy policies and as permitted by applicable law. You can access HGV’s privacy policy here. Hilton may also share your personal data with HGV if you are a Hilton Honors member. Depending on your jurisdiction, prior consent to share your personal data with HGV may be required. If this is the case, we will obtain your consent to do so during the Hilton Honors enrollment journey.
RESERVATIONS WITH HILTON'S THIRD-PARTY OPERATOR
If you are a guest who lives in the United States, when you make a reservation with Resorts World Las Vegas, Conrad Las Vegas, or Crockfords Las Vegas through a Hilton channel, Hilton will provide our Third-Party Operator, Genting with the information you provided for your booking to fulfill your reservation. Hilton channels include Hilton’s website, the Hilton Honors application, and Hilton's Mini Programs. Genting may also process your personal information in accordance with Genting’s privacy policies and as permitted by applicable law. You can access Genting’s privacy policy here.
RESERVATIONS WITH HILTON'S PRINCIPAL
If you are a guest who lives in the United States, when you make a reservation at the Waldorf Astoria Grand Wailea, Hilton will provide BRE Hotels & Resorts (or “Hilton Principal”), the hotel’s owner, with your booking information. BRE may process your personal information in accordance with its privacy policy and as permitted by applicable law. You can access BRE’s privacy policy here.
ANALYTICS AND INTEREST-BASED ADVERTISEMENTS
We partner with certain third-party service providers to collect information to engage in analytics, auditing, research, and reporting. These third parties may use server logs, web beacons, tags, pixels, and similar technologies, and they may set and access cookies on your computer or other device.
In particular, we use Adobe Analytics to help us understand how our customers use our websites. We also use Adobe Audience Manager to create audiences for personalizing content and advertising experiences.
Read more about how Adobe uses your Personal Information in web browsers by Adobe Analytics.
We partner with Amazon Chat which supports our chat platform. We may use Amazon Chat for sharing dynamic content for authenticated users.
We use WhatsApp and LINE to help us send you personalized content and advertising experiences across multiple platforms. We may use WhatsApp and LINE for analytics, research, and reporting. We will use your WhatsApp and LINE phone number to link you to your existing Hilton account (if available) and leverage your data to enhance our analytics, providing you with a richer customer experience across all channels.
Read more about how WhatsApp protects Personal Information here . Read more about how LINE processes your personal information here .
If you are a Hilton Honors member, you follow Hilton on LINE, and you log in via Universal Login, we will link your LINE identification number to your Hilton Honors account. If you have consented to receiving marketing messages from us, we may then send you personalized marketing messages on LINE. We also use LINE for analytics, research, and reporting.
We partner with third parties to provide advertising services that are targeted based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). Our advertising partners may collect information about your activities on our Services on your current device and combine it with information about your activities on other websites, mobile apps, and devices. They may collect such information using server logs, cookies, web beacons, tags, pixels, mobile advertising IDs (such as Facebook cookies or Google’s Advertising ID), cross-device linking, and similar technologies. For example, our advertising partners may use the fact that you visited our website to target advertising to you on other websites and mobile apps on your current device or on other devices you use. They may match your browsers or devices if you log into the same online service on multiple devices or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on websites or apps on your current browser or device may be combined and used with information collected from your other browsers or devices. You can opt out of interest-based advertising in web browsers and mobile apps on your current browser or device by following the instructions below.
For more information about interest-based advertising and cross-device linking, please visit the Network Advertising Initiative (“NAI”) website and the Digital Advertising Alliance (“DAA”) website . We adhere to the DAA’s interest-based advertising principles by providing you enhanced notice, transparency, and control of our digital marketing practices as stated at http://www.aboutads.info/principles/ . You may opt out of interest-based advertising and cross-device linking in web browsers and mobile apps on your current browser or device by following the instructions below.
Web Browser Opt-Out. To opt out in web browsers, please visit http://optout.aboutads.info/ and http://optout.networkadvertising.org. To help preserve the choices that you make in the DAA’s WebChoices page, you can install the DAA’s “Protect My Choices” extension that is available at http://youradchoices.com/PMC.
Mobile Application Opt-Out. To opt out in mobile apps, you can adjust the advertising preferences on your mobile device (for example, in iOS, visit Settings > Privacy & Security > Tracking, and in Android, visit Settings > Google > Ads > Opt out of interest-based ads). You can also opt out for companies that participate in the Digital Advertising Alliance’s AppChoices tool by downloading the app and following the instructions. Learn how to opt out on mobile devices.
Please note that the opt-outs described above will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or mobile advertising identifiers, change browsers (including upgrading certain browsers), or use a different device, any opt-out cookie or tool may no longer work, and you will need to opt out again. We do not respond to Do Not Track signals at this time.
YOUR RIGHTS AND CHOICES
If you are a Hilton Honors member, you may review and update the information you provided to us at the time of enrollment at any time by signing in to your Hilton Honors account . You may also make changes to your information by contacting Hilton Reservations and Customer Care at +1 888-4HONORS (888-446-6677) (US and Canada). Customers located outside of the US and Canada can review our global phone numbers. You may also complete a support form .
Depending on where you live, you may be able to request that we inform you about the personal information we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your personal information. You can see your rights based on residency by visiting datarights.hilton.com. We process your request within the time specified by applicable law and as required by law. When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Such requests may be submitted by accessing the Data Subject Rights Requests Portal at datarights.hilton.com or in writing to DataProtectionOffice@hilton.com or Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA.
In addition, in some circumstances you may request that we cease sharing personal information about you with our business partners or that Hilton cease using personal information about you by contacting us using the email or mailing address above.
If you are in an eligible location and would like to opt out of the sale of your personal information or sharing/processing it for targeted ads, you may submit a request by clicking the "Your Privacy Choices | Cookie Information" link at the bottom of the Hilton.com website when you access that site from an IP address that indicates your presence in a state that has enacted a privacy law. Please note that when you opt out of cookies, tags, and pixels, that opt out only pertains to the device and the browser that you are using when you opt out. If you wish to opt out for other devices or browsers, you must opt out again when you are using those devices or browsers. In addition, residents in those states may request that we no longer sell non-cookie based personal information or process it for targeted ads by making a Hilton Opt-out request.
In some circumstances you may have the option to submit a request on behalf of someone else as their legal representative. If you submit a request on behalf of someone else, then you may be asked to provide proof of authorization.
HOW WE PROTECT PERSONAL INFORMATION
We take reasonable measures to: (i) protect personal information from unauthorized access, disclosure, alteration, or destruction, and (ii) keep personal information accurate and up-to-date as appropriate.
Hilton employs a robust team of dedicated information security professionals who are responsible for managing Hilton’s security program. This team is responsible for, among other things, monitoring our systems for potential intrusions, responding to potential incidents, supporting property-level information security, regularly reviewing and updating the security controls Hilton uses to protect data, and providing training on Hilton’s information security program.
Hilton maintains a payment card industry (“PCI”) compliance program and an Information Technology compliance program. This compliance program generates audit reports concerning the adequacy and effectiveness of Hilton’s Technology internal controls, including a PCI Attestation of Compliance signed by an external PCI Qualified Security Assessor and a SSAE16/SOC1 report addressing the Technology general controls over systems that support certain accounting and financial reporting.
We require third parties with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information.
We will never ask you to send us confidential personal information or payment card information via email or text message.
In the event of a security incident, Hilton will notify regulators and/or consumers as required by applicable laws and regulations.
DISCLOSURE PURSUANT TO LEGAL OBLIGATIONS OR TO PROTECT THE SAFETY AND SECURITY OF PEOPLE AND PROPERTY
Hilton will disclose personal information as required by law. Examples of such disclosures include when countries require Hilton to collect personal data about visitors to properties in that country, when a law enforcement agency serves a valid subpoena on Hilton, and when a civil litigant serves a lawful discovery request on Hilton. Hilton may elect to share personal information with law enforcement, employers, those who host events with Hilton, or others as necessary to protect the safety and security of people and property, to pursue available remedies or limit the damages that we may sustain, and to respond to an emergency.
MARKETING COMMUNICATIONS CHOICES
We want to make you aware of the fantastic products we offer! To do so, we may send you communications via email, text message, push notifications, in-app alerts, direct mail, and social media. To enable us to send you such communications, your information may be disclosed to third party service providers who send out marketing communications on our behalf. If, depending on the circumstances, consent is required in your jurisdiction, we will obtain your consent before sending you such communications.
If you are a Hilton Honors member, you may change the communications you receive from us by logging on to your online account and managing your subscriptions; by writing to us (and including your email address) at Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA; or by emailing us at DataProtectionOffice@hilton.com.
If you prefer not to receive email marketing materials from us, you may opt-out at any time by using the unsubscribe function in any email you receive from us or by clicking this link: https://www.hilton.com/en/hilton-honors/guest/profile/subscriptions/, by writing to us (and including your email address) at Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA, or by emailing us at DataProtectionOffice@hilton.com. Opt-out requests can take up to ten business days to be effective.
To opt out of text messages, tell the hotel front desk that you do not want to receive text messages from the hotel or reply “STOP” to the message you received.
You may control whether our mobile apps send you push notifications by changing your notification settings on your mobile device. If we engage in sending you in-app messages, we will allow control for those in our apps’ settings.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
As a global company, we endeavor to provide you with the same level of service that you have come to expect at Hilton whether you are in San Francisco, London or Tokyo. To provide this service, you acknowledge that we may share your personal information among members of the Hilton Portfolio of Brands, our service providers, and other third parties, which may be located in countries outside of your own.
When you stay at a Hilton property outside the United States, the data controller for that property transfers the personal information relating to your reservation to Hilton in the United States pursuant to data transfer agreements when required by applicable laws or regulations. The data controller may also maintain a local copy of your personal information, and in some cases this is required by applicable laws or regulations. Although the data protection laws of various countries may differ from those in your own country, we will take appropriate steps to ensure that your personal information is handled as described in this Statement and in accordance with the law.
DATA RETENTION PERIODS
We retain personal information about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
CHANGES TO THIS STATEMENT
We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site. You can tell when this Statement was last updated by looking at the date at the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site. Use of the site, any of our products and services, consenting to and/or having the opportunity to review the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.
CONTACT INFORMATION FOR QUESTIONS OR CONCERNS
If you have any questions or concerns, please contact us by sending an email to DataProtectionOffice@hilton.com, by sending a letter to Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, or by calling our toll-free number: (800) 413-7470.
ADDITIONAL PROVISIONS APPLICABLE TO CALIFORNIA CONSUMERS
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” as defined in the California Consumer Privacy Act (“CCPA”). We describe the categories of information we collect, our business purposes for collecting such information, the sources and uses of such information and the entities with which we disclose such information in the “Collection of Personal Information – Generally,” “Collection of Personal Information – Notice at Point of Collection,” “Cookies and Other Technologies,” and “Disclosure Pursuant to Legal Obligations or to Protect the Safety and Security of People and Property” sections of this Statement.
Sale or Sharing of Personal Information
We engage in targeted (or cross context behavioral) advertising on our services or on other sites and when we advertise our services elsewhere. In connection with such advertising, we may share the following categories of information with advertising networks and providers, advertisers, and social media networks, which may be considered a sale under California law and is the processing of personal information for targeted advertising: device information and identifiers, such as IP address, and unique advertising identifiers and cookies; hashed identifiers such as contact information, usage information, such as browsing history or app usage; location information, such as city; and inference data.
We do not “sell” or “share” personal information (as those terms are defined under the CCPA) if we have actual knowledge that the consumer is less than 16 years of age.
The Right to Know, the Right to Delete, and the Right to Opt-Out of the Sale or Sharing of Personal Information
In addition to certain rights described below in Appendix A (“Additional Provisions Applicable to Processing of Personal Information of Residents of Certain Countries and US States”), the California Consumer Privacy Act (“CCPA”) affords California consumers (1) the right to know what personal information we collect, use, disclose, and/or sell; (2) the right to request that we delete their personal information; and (3) the right to request that we no longer sell or share their personal information.
If you would like information about the personal information that we collect, or if you would like to make a request for us to correct or delete your personal information, please visit our website at datarights.hilton.com. You also may call our toll-free telephone number: (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102.
When the DPO receives your request, the DPO will first verify your identity. If you are a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, Hilton Honors account number, and the email address and phone number associated with your Hilton Honors account. If you are not a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, the email address and/or phone number associated with a past stay, and potentially a confirmation number from one of your stays at a Hilton property. Once the DPO has verified your identity, the DPO will promptly fulfill your request.
If you would like, you may designate an authorized agent to make a request on your behalf. To designate an authorized agent, please submit an order issued by a court, a document submitted by a barred attorney, or a formal certified document issued by an official governmental agency.
If you would like to opt out of the sale or sharing of your personal information, you may submit a request by clicking the "Your Privacy Choices | Cookie Information" link at the bottom of the Hilton.com website when you access that site from an IP address that indicates your presence in a state that has enacted a privacy law. Please note that when you opt out of cookies, tags, and pixels, that opt out only pertains to the device and the browser that you are using when you opt out. If you wish to opt out for other devices or browsers, you must opt out again when you are using those devices or browsers. Additionally, California residents can also turn on the Global Privacy Control (GPC) to opt out of the “sale” or “sharing” of your personal information that is browser based for each participating browser system that you use. Learn more at the Global Privacy Control website. If you use a cookie blocker such as Ghostery, it may block visibility of the Your Privacy Choices tool or link, including in your web footer. In addition, California consumers may request that we no longer sell or share non-cookie based personal information by making a Hilton Opt-out request.
Sensitive Personal Information
We limit the use of your sensitive personal information to that use which is necessary to perform reasonably expected services or as required by law, to which California’s right to limit the use and disclosure of sensitive personal information does not apply.
Direct Marketing / Shine the Light Disclosure
California consumers also may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes. Such requests must be submitted to us at one of the following addresses: CA_Privacy@Hilton.com or DataProtectionOffice@Hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102. Within thirty days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
The Right to Non-Discrimination
The CCPA prohibits a business from treating a consumer differently because the consumer exercised a right conferred on him/her by the CCPA. We welcome you to exercise your rights under the CCPA, and we will not discriminate against you for doing so.
Financial Incentive Notice
Hilton does not offer a financial incentive for the collection, sale, or deletion of personal information. As detailed in this Statement, Hilton primarily collects personal data from guests in order to fulfill guest reservations and from Honors members in order to operate the Hilton Honors loyalty program. Hilton also collects personal data for marketing and other purposes as permitted by applicable law.
As set forth in the Hilton Honors Terms and Conditions, Hilton Honors members have the ability to accumulate Points and access discounted rates. The ability to accumulate Points and to access discounted rates is not directly related to the value provided to the business of members’ data.
Removal of Content
If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to CA_Privacy@Hilton.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
Retention of Your Personal Information
Please refer to the section titled Data Retention Periods in the main body of this Statement.
Do Not Track (“DNT”)
California law requires us to let you know how we respond to web browser Do Not Track (“DNT”) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time.
ADDITIONAL PROVISION APPLICABLE TO NEVADA CONSUMERS
The Right to Opt-Out of the Sale of Personal Information
If you are a Nevada resident, you may request that we stop selling certain categories of personal information that we collect. To submit a request please visit our website at https://www.hiltoncom/en/hilton-honors/opt-out-request/. You also may call our toll-free telephone number (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102. When the DPO receives your request, the DPO will first verify your identity. If you are a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, Hilton Honors account number, and the email address and phone number associated with your Hilton Honors account. If you are not a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, the confirmation number from one of your stays at a Hilton property, and the email address associated with that stay. Once the DPO has verified your identity, the DPO will promptly fulfill your request.
ADDITIONAL PROVISION APPLICABLE TO FRENCH RESIDENTS
French residents: as disclosed in this Statement, we may collect your phone number to fulfill guest reservations, send guests communications relating to their reservations, provide customer service and support, verify identity, send marketing communications via SMS, process transactions with partners, share data with Hilton's Third-Party Partner, authenticate mobile accounts, send service-related SMS communications, detect and prevent fraud, and engage in sales activities for group bookings. We will not use your phone number for telemarketing. Nonetheless, if you would like to register on the list of opposition to telephone canvassing, you may do so at www.bloctel.gouv.fr .
ADDITIONAL PROVISION APPLICABLE TO HONG KONG CONSUMERS
If you are based in Hong Kong SAR, China, we will obtain your consent on or before sending you any marketing messages. You may opt out of receiving marketing messages from us at any time by using the unsubscribe link found in our marketing messages.
If you would like to access or correct your personal information, please contact the Data Protection Officer (“DPO”) at DataProtectionOffice@hilton.com, or by visiting our website at datarights.hilton.com. We may require further information from you in order to verify your identity before processing your request. In certain circumstances where permitted to do so under applicable law, we may refuse to fulfill your request.
APPENDIX A
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL INFORMATION OF RESIDENTS OF CERTAIN COUNTRIES AND US STATES
This Appendix provides additional information for individuals residing in countries and U.S. states that have enacted privacy laws giving certain additional rights to residents of those jurisdictions. Once effective, the U.S. states include, but are not limited to, California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Nevada, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. These countries include, but are not limited to, those in the European Economic Area (EEA), the United Kingdom and Switzerland, as well as Australia, Bermuda, Brazil, Canada, China, Korea, Hong Kong, Monaco, Israel, Japan, Nigeria, and Türkiye. This Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement.
Controller: Please refer to the Data Protection Office at DataProtectionOffice@hilton.com for the contact information of other entities that may receive your personal data.
Data Protection Officer: Hilton's Data Protection Officer may be contacted by email at DataProtectionOffice@hilton.com, or at the following address:
Attn: Data Protection Officer, 7930 Jones Branch Drive McLean, VA 22102 USA
Purposes and Legal Basis for Processing
Hilton processes your personal information for the purposes set forth in the section titled Collection of Personal Information – Generally and the section titled Collection of Personal Information – Notice at Point of Collection of the main body of this Statement.
The legal bases for Hilton’s processing activities include processing such information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests and others, for our legitimate business interests, and pursuant to your consent.
The particular legal basis for the processing of your personal information is based on the purpose for which such information was provided or collected:
Hilton Honors Participation: We process the personal information obtained in connection with your participation in the Hilton Honors program on the basis of our contractual relationship with you, consent if legally required, and for pursuing our legitimate business interests, including to personalize your use of our services and applications, to communicate news and promotional items, and to deliver personalized advertising and content.
Surveys: We may send post-stay surveys via SMS or email. Completion of surveys is voluntary – we process the information obtained from surveys on the basis of your consent and in furtherance of our business interests, including marketing, service improvements, and analytics.
On-Property Collection: When you make a reservation and when you stay at one of our hotel properties, we process your name, address, contact information, along with the details of your stay (arrival and departure day and time, vehicle information and information regarding others traveling or staying with you), on the basis of our contractual relationship with you.
We also process such data for pursuing our legitimate business interests, with your consent if legally required, including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in the sections referenced above of our Global Privacy Statement.
We collect certain additional personal information during registration/check-in at our properties (such as national ID or passport information), as necessary to comply with our legal obligations.
We use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies) for the protection of our staff, guests and visitors to our properties.
We process personal information in connection with on-property services (such as concierge services, health clubs, spas, activities, child care services, equipment rental, and our Digital Key functionality), in order to provide the services to you and for our business interests including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in the sections referenced above of our Global Privacy Statement.
Event Profiles: We process the personal information obtained in connection with your event on the basis of our contractual relationship with you and for pursuing our legitimate business interests, with your consent if legally required, including for marketing, service improvements, and analytics and service personalization, as described in the sections referenced above of our Global Privacy Statement.
Social Media: Participation in Hilton-sponsored social media activities and offerings is voluntary - we process information obtained from social media participation on the basis of your consent if legally required and for pursuing our legitimate business interests, including for marketing, service improvements, and analytics and service personalization, as described in the sections mentioned above of our Global Privacy Statement.
Promotions and Sweepstakes: Participation in sweepstakes, contests and other promotional offerings is voluntary – we process the information obtained from such participation based on your consent and as necessary to administer the offering. We also use certain data for our business purposes, including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in the sections mentioned above of our Global Privacy Statement.
Direct Marketing: We use your personal information to send you marketing messages on the basis of your consent. You may withdraw your consent for direct marketing communications at any time by contacting us at customer_privacy@Hilton.com or by following the unsubscribe instructions in the marketing message, or by logging in to your Hilton Honors account and updating your communication preferences.
Franchise and Ownership Opportunities: We process this information on the basis of our contractual relationship with you and for our related legitimate business interests, including maintaining and promoting the Hilton brand and facilitating direct communication between properties within the Hilton Portfolio of Brands.
WMBE Suppliers: Participation in Hilton's Supplier Diversity Program is voluntary – we process this information based on your consent and for our related legitimate business interests, including maintaining and enhancing our diversity program.
Retention: We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. Our retention policies reflect applicable statute of limitation periods and legal requirements.
Data Subject Rights
Some regional, national, and state laws confer rights relating to personal data as indicated in the Personal Data Requests Portal. Residents of certain jurisdictions may have the following rights.
Access, Correction and Erasure Requests: You have the right to:
ask us to confirm whether we are processing your personal information and receive information on how your data is processed
obtain a copy of your personal information
request that we update or correct your personal information
request that we delete personal information in certain circumstances
Right to Object to Processing: You have the right to request that Hilton cease processing of your personal information: for marketing activities, including profiling
for statistical purposes
where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise or defense of a legal claim
Right to Restrict Processing: You have the right to request that Hilton limit the processing of your personal information:
while Hilton is evaluating or in the process of responding to a request by you to update or correct your personal information where such processing is unlawful and you do not want Hilton to delete your data
where Hilton no longer requires such data, but you want us to retain the data for the establishment, exercise or defense of a legal claim
where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request
Where we limit the processing of your personal information pursuant to your request, we will inform you prior to re-engaging in such processing.
Right to Opt Out of Sale and Sharing: You have the right to request that Hilton not sell or share your personal information. If you would like to opt out of the sale or sharing of your personal information, you may submit your request by visiting our website at Hilton Opt-out request, clicking the "Your Privacy Choices | Cookie Information" link that appears at the bottom of the Hilton.com website when you access that site from an IP address that indicates your presence in a region that has enacted a privacy law, or visiting datarights.hilton.com. You also may call our toll-free telephone number: (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@hilton.com, or send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102. Please note that when you opt out of Cookies, tags, and pixels, that opt out only pertains to the device and the browser that you are using when you opt out. If you wish to opt out for other devices or browsers, you must opt out again when you are using those devices or browsers. Note, if you have a legally-recognized browser-based opt-out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.
Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
Submitting Requests: Your requests may be submitted by accessing the Data Subject Rights Request Portal or in writing to DataProtectionOffice@hilton.com, or the Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA. You may also update your personal information as provided in section titled Your Right and Choices of the main body of this Global Privacy Statement.
We will take reasonable steps to verify your identity and requests, including by verifying your account information, residency or the email address you provide. If you are an authorized agent submitting a request on behalf of another individual, we may require proof of your written authorization before processing the request. We will not respond to any request unless we are able to appropriately verify the requester’s identity.
We will respond to all such requests within the time period permitted by law. Applicable law may further provide you with the right to not be discriminated against for exercising your rights. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws, such as information we retain for legal compliance and to secure our services. We may need certain information in order to provide the services to you; if you ask us to delete it, you may no longer be able to use the services. In addition, we may charge you a reasonable fee for subsequent copies of data that you request.
If you want to present a complaint or have concerns about our data practices or the exercise of your rights, you may either contact Hilton at DataProtectionOffice@Hilton.com or the supervisory authority in the Member State of your residence. For the EEA, the supervisory authorities are available here. For the UK, the supervisory authority is available here.
Additionally, Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, and Virginia residents may appeal the denial of a request by emailing us at DataProtectionOffice@hilton.com or mailing us at Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA.
Right to Withdraw Consent: You have the right to withdraw your consent to any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account). You may withdraw your consent to marketing activities by following the instructions on any marketing emails, or contacting customer_privacy@hilton.com. For any other activities for which you have previously consented, you may contact DataProtectionOffice@hilton.com to withdraw such consent.
Right to Object to Profiling and Automated Decision Making: You have the right to object to profiling and automated decision making. We use personal information to divide large groups of consumers into sub-groups of consumers (known as segments) based on some type of shared characteristics such as geography, behavior, or demographics.
With your consent, we make automated decisions, meaning without human interference, to offer you certain benefits based on your characteristics (such as discounted room rates or other special offers based on your geography, behavior, or demographics). For example, if you travel frequently during the week to hotels in France, we may send you special offers for Hilton hotels in France.
International Data Transfers: We may transfer the personal information we collect about you pursuant to the purposes described in this Statement to countries that have not been found to provide adequate protection of data pursuant to a country-specific law. In particular, we transfer your personal information to the United States.
We use appropriate safeguards for the transfer of personal information among our affiliates in various jurisdictions, and where required, we have implemented data transfer agreements, such as the European Commission standard contractual clauses or other similar safeguards for such purposes. To obtain a copy of theses clauses or additional information on transfers, you may send your request to privacy@hilton.com.
APPENDIX B
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL INFORMATION OF DATA SUBJECTS IN TÜRKIYE
For data subjects in Türkiye, this Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement, or Appendix A, as applicable.
Data Controller. Hilton Domestic Operating Company Inc. is the Hilton entity for all guest data and Hilton's marketing activities.
Your personal data may be processed by other Hilton entities in Türkiye who act as a data controller based on the Hilton property you stay at. In such cases, the relevant Hilton entity will act as the data controller for your personal data, who will provide you with a separate privacy notice, where necessary.
Data Controller Representative. You may contact our data controller representative in Türkiye by email or mail to handle questions and complaints in connection with the processing of your personal data if you are in Türkiye.
Esin Attorney Partnership
Akatlar Mah. Ebulula Mardin Cad. Gül Sok. No. 2
Legal bases for the processing your personal data. Hilton relies on the following legal bases while processing your personal data for the purposes indicated in the Global Privacy Statement in accordance with Article 5 of the Law No. 6698 on Protection of Personal Data (“Data Protection Law”):
processing of your personal data is necessary provided that it is directly related to the conclusion or fulfillment of the contract between you and Hilton;
processing is mandatory for Hilton to be able to comply with our legal obligations;
processing is mandatory for Hilton’s legitimate interests, provided that it does not violate your fundamental rights and freedoms; or
your explicit consent. (Please note that we rely on your explicit consent only when we require your consent for the processing and we do not rely on this legal basis if and when we rely on one of the other legal grounds above.)
We have collected personal data for the following purposes:
Your rights. You have the rights under Article 11 of the Data Protection Law and may exercise your rights by contacting us at: DataProtectionOffice@hilton.com or Data Protection Officer, Hilton, 7930 Jones Branch Drive, McLean, VA 22102, USA.
The requests found in your application will be resolved as soon as possible according to the nature of your request and within thirty days at the latest free of charge. However, if your request incurs additional cost to our company, then you may be charged over the tariff fee determined by the Turkish Personal Data Protection Board.
Amendments. The following sections of the Global Privacy Statement do not apply to individuals in Türkiye:
The following sentence at the second paragraph: By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal information as described in this Statement.
The following sentence in the International Personal Data Transfers section: To provide this service, you acknowledge that we may share your personal information among members of the Hilton Portfolio of Brands, our service providers, and other third parties, which may be located in countries outside of your own.
Language. This Statement is available in English and Turkish. If there is any inconsistency or different interpretation between the English and Turkish versions, the Turkish text shall prevail.
International Data Transfers. Hilton is required to transfer your personal data to its affiliates outside of Türkiye, which includes Hilton Domestic Operating Company Inc., all resident in the United States, as well as their in-country suppliers, in order to complete reservations, process Hilton Honors memberships and conduct promotion activities through its website, whose servers are located abroad. Without your consent, Hilton is unable to provide you with its services through this website. Therefore, we ask for your consent when you access this website for the cross-border transfer of your data.
This consent practice is only temporary, and Hilton is working on effecting an undertaking letter, which is one of the alternative legal mechanisms for cross-border data transfers. Accordingly, the consent practice will be terminated once the undertaking letter is prepared and approved by the Personal Data Protection Authority.
APPENDIX C
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL INFORMATION OF CHINA RESIDENTS OR CITIZENS
1. Introduction
For individuals who reside in the People's Republic of China (for the purposes of this Privacy Statement, excluding Hong Kong Special Administrative Region, Macau Special Administrative Region and Taiwan) ("China") or citizens of the People's Republic of China, we understand that privacy is important to you. Therefore, in this Appendix, we provide you with an introduction to how Hilton collects, uses, discloses, and otherwise processes your personal information (including sensitive personal information, where applicable) that we receive or collect from you. Please read this Statement carefully before using any of Hilton's services or products.
This Appendix does not replace the main body of this Statement, but supplements the main body of this Statement, and should be read together with the main body and Appendix A, as applicable. In the event of any conflict or inconsistency between this Appendix and the main body of this statement, this Appendix shall prevail.
“Personal Information” shall have the same meaning as defined in the Personal Information Protection Law of the People's Republic of China (as revised from time to time). Such information can be recorded electronically or in other ways and can identify the identity or reflect the activity of a specific natural person alone or in combination with other information, including sensitive personal information. "Personal Information" or "Information" used in the main body of this Statement and in this Appendix also includes sensitive personal information (where applicable). “Sensitive personal information” shall have the same meaning as defined in the Personal Information Protection Law of the People’ Republic of China (as revised from time to time). The sensitive personal information involved in this Statement may include passport or ID card information, payment card information, spending amount, accommodation information (such as arrival and departure time), interaction with Hilton websites, and precise positioning information. We only process your sensitive personal information where such processing is strictly necessary for the relevant purposes identified in the sections titled Collection of Personal Information – Generally and Collection of Personal Information – Notice at Point of Collection in the main body of this Statement. Our processing of your sensitive personal information will adhere to the safeguards mandated by applicable laws and regulations. However, depending on the specific type of sensitive personal information involved, such processing may result in various impacts, including potential harm to your reputation, property, or personal safety in the event of a data breach. You agree that the sensitive personal information will be processed in accordance with the purposes and methods set forth in this Statement.
2. Collection and Use of Personal Information
Regarding the following issues, please refer to the section titled Collection of Personal Information – Generally and Collection of Personal Information – Notice at Point of Collection in the main body of this Statement.
The types of personal information that we collect from you (including sensitive personal information)
How we collect and use your personal information, the purposes for which we use it, and how we share or disclose your personal information.
Hilton will not knowingly collect or disclose personal information from minors under the age of 14. When we collect personal information from an individual under the age of 14, we need to obtain consent from his / her parent or guardian, and we will process such information in accordance with the safeguards set out in applicable laws and regulations.
We will use your personal information with your consent or as otherwise required or permitted by applicable law (e.g. where the processing is necessary for concluding or performing a contract with you, where the processing is necessary to perform legal obligations, etc.). If we want to use your personal information for other purposes, we will obtain your further consent consent unless the further use without your new consent is required or permitted by applicable law. Where we rely on your consent to process your personal information and you refuse to give consent, we might not be able to provide all of our services.
3. Disclosure and Sharing of Personal Information
With your express consent, where required, we may share your personal information for the purposes described in this Statement with members of the Hilton worldwide brand portfolio, our service providers, and other third parties as follows:
Hilton Worldwide Holdings Inc. and its subsidiaries, and members of the Hilton brand portfolio, including franchised and managed hotels,
Service providers providing services on Hilton’s behalf,
Payment card providers and processors
Employers specified in the company agreements,
Advertising networks and analytics providers for Hilton’s website and mobile applications.
The processing of your personal information by members of the Hilton Portfolio of Brands, including purposes and means of processing and categories of personal information processed, is governed by this Statement. Please refer to the Data Protection Office at dataprotectionoffice@hilton.com for the contact information of other entities that may receive your personal data.
Some of the third parties listed above may also process your personal information for their own purposes as data controllers, in which case their own privacy policies will apply, including as to the purposes and means of processing and categories of personal information processed.
To provide and optimize our services, third-party SDKs are embedded in our applications (including WeChat Mini Programs). The following lists the names of the third-party SDKs we currently embed, the types of personal information collected, and the purpose of collection and use. If you have questions about the collection of your personal information by the third parties through the SDKs, please refer to the privacy policies of such third parties.
Despite the above situations, we may disclose personal information to third parties to: comply with applicable laws or effective legal procedures; respond to enquiries of the governments or requests of the public and/or the government authorities; protect rights, privacy, security or property of Hilton, site visitors, guests, employees or the public; pursue or exercise our rights; or respond to emergencies.
4. Mobile and Location Services
We may collect your personal information if you download and use our mobile applications or use other digital platforms such as our WeChat Mini-Programs. We will obtain your consent and collect, use, disclose and otherwise process this information in accordance with this Statement. If you allow us to access the location information on your device to provide you with our application features and services, such information may include geolocation information. We also collect information device information, such as your phone brand, model, operating system, operating system version, to direct you to the appropriate APP store to download our mobile apps.
You can prevent or limit the collection of this information by changing the settings in the Hilton Honors APP or by changing the settings in your device.
5. Analytics and Interest-Based Advertisements
We also cooperate with third parties to serve targeted advertising based on your online activities across different websites, mobile applications, and devices over time. Our advertising partners may collect information about your activities related to our services on your current device and combine it with information about your activities on other websites, mobile applications, and devices. They may collect this information using server logs, cookies, web beacons, tags, pixels, mobile advertising IDs, cross-device linking and similar technologies. This may include your personal information.
You can opt out interest-based advertising and cross-device linking in the current browser or the web browsers and mobile apps on your device. We do not currently respond to "do not track" signals. For more information, please see the section titled Analytics and Interest-Based Advertising as well as the section titled Cookies and Other Technologies in the main body of this Statement.
6. Changing and Accessing Your Personal Information, and Deregistration of Accounts
You have the right to access, correct and/or (in certain circumstances) delete your personal information, withdraw consent to our processing of your personal information, deregister your membership account (if any), object to the use of your personal information in automated decision making and make complaints about how we process your personal information. You may have other rights under other applicable laws. Please see the contact information in Section 11 below, or the section titled Your Rights and Choices in the main text of this Statement, to learn how to contact us. We seek to handle these requests within the legally required period in accordance with the applicable laws. Particularly, we will respond to your request to deregister within 15 days of our receipt of the request, unless there are extenuating circumstances, in which we will inform you of the anticipated timeline if we expect our response to take longer than 15 days. Please note that if you request to deregister your membership account, you will no longer be able to enjoy any membership benefits from the date of deregistration. After you deregistered your membership account, your personal information will be deleted or anonymized unless the applicable laws require us to retain this information.
7. How We Protect Personal Information
We take reasonable steps to: (i) protect personal information from unauthorized access, disclosure, alteration, or destruction, and (ii) keep personal information appropriately accurate and current by using appropriate technical and organizational measures. For more information, please see the section titled How We Protect Personal Information in the main body of this Statement.
We are not responsible for the collection, use, disclosure, or otherwise processing of personal information by our third-party websites or applications. Please read the privacy policies and terms of use of these websites and applications. This applies to: (1) in-hotel internet services we may offer; (2) third-party websites and applications to which the links in our websites and mobile applications may direct; and (3) third-party digital messaging applications or platforms which we use to communication with you.
8. International Transfers of Personal Information
As Hilton operates globally, with your express consent where required, we may transfer your personal information (including your sensitive personal information, if applicable) to jurisdictions outside of China, including United States, Europe, and other jurisdictions where we, our service providers, and other relevant third parties conduct business. In particular, your personal data may be transferred to Hilton Domestic Operating Company Inc. for storage and processing in accordance with this Statement via Hilton's global centralized reservation system, which is deployed in the United States. The personal data stored in Hilton's global centralized reservation system may be further transferred to properties in different countries based on your reservations in accordance with this Statement. Please refer to the Data Protection Office at DataProtectionOffice@hilton.com for the contact information of other entities that may receive your personal data.
We will take appropriate steps to protect the integrity and confidentiality of your information and to ensure that your personal information is processed in accordance with the main body of this Statement and in accordance with the applicable laws.
9. Data Retention Period
We will retain personal information about you for as long as necessary to complete the purpose for which it was collected, or as required or permitted by the laws. We will destroy your personal information in accordance with our retention and records management procedures. For more information, please see the section titled Data Retention Period in the main body of this Statement.
10. Changes to This Statement
If we make material changes to this Statement, we will publish these changes. For more information, please see the section titled Changes to Statement Content in the main body of this Statement. If required by the local laws, we will notify you and/or seek your consent.
11. Contact Information for Questions or Concerns
You can contact us if you have any questions, requests, or complaints regarding the protection of personal information. You can contact our Data Protection Office at DataProtectionOffice@hilton.com, or, If you would like to get in touch with the contact in China, please contact: China_Privacy@hilton.com.
APPENDIX D
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL INFORMATION OF BRAZIL RESIDENTS OR CITIZENS
To the extent you are located within Brazil or are in any form subject to the Brazilian General Data Protection Law – Federal Law nº 13709/18 (“LGPD”), the provisions indicated below should be read and applied to the processing or your personal data accordingly. Unless stated otherwise in this Annex, the remainder of the Policy, including Appendix A as applicable, shall not vary and shall remain in full force and effect.
1. Data Subjects Rights
Under certain circumstances, you have the following rights under the LGPD in relation to your personal data:
Right to Information: right to obtain clear, transparent and understandable information on how we use your personal data;
Right of confirmation and access: right to receive confirmation and access your personal data held by us about you;
Right of rectification: right to have your personal data corrected if they are outdated, inaccurate or incorrect and/or to complete them;
Right of anonymization, blocking or deletion: Anonymize, block or eliminate any unnecessary or excessive data or data processed in noncompliance with the applicable law;
Right to withdraw consent at any time for consent-based data processing: right to withdraw your consent to the processing of your personal data when such processing is based on consent;
Right to data portability: right to request copying, transferring your personal data to another database in accordance with further regulation of the local authority;
Right to receive information about public and privacy entities: right to receive information about public and private entities with which your personal data is shared;
Right to object: right to oppose any processing activity based on a legal basis other than consent in case there is violation of the LGPD;
Right to review automated decisions: right to review of decisions, whenever they are based only on automated processing of personal data, by a natural person, whenever it affects your interests;
Right to file a complaint with your local Data Protection Authority or consumer protection entities.
2. Legal Bases
Hilton usually relies on one of the following legal bases when processing your personal data for the purposes indicated in the Global Privacy Statement in accordance with Article 7 of the LGPD:
Data subject’s consent (art. 7, I);
For compliance of a legal or regulatory obligation (Article 7, II);
Whenever necessary for the performance of a contract or preliminary procedures relating to contracts in which the data subject is a party (Article 7, V);
Whenever necessary for the legitimate interests of the controller or of third parties, except in the prevalence of fundamental rights of the data subject (Article 7, IX).
However, depending on the concrete situation, other legal bases set forth in the LGPD may apply.
3. International Transfers
Where we transfer information that originates in Brazil to a country outside of Brazil, we will take steps to make sure such transfer is carefully managed to protect your privacy rights:
transfers within the Hilton Group of Companies may be covered by an agreement entered into by members of Hilton (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within Hilton in accordance with the LGPD;
where we transfer your data outside of the Hilton Group of Companies, including to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information, such as standard contractual clauses or binding corporate rules. In the lack of instructions from the local supervisory authority, we may follow the standard models adopted under the European Union or by other competent authorities until then;
we are also able to transfer personal information to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Brazil.
APPENDIX E
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL DATA OF DATA SUBJECTS IN THE PRINCIPALITY OF MONACO
For data subjects in the Principality of Monaco, this Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal data, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement or Appendix A, as applicable.
1. Legal Bases for the Processing Of Your Personal Data
Hilton relies on legal bases while processing your personal data for the purposes indicated in the main body of the Global Privacy Statement in accordance with Act No. 1.054 on the Protection of Personal Data ("Act No. 1.054").
2. Personal Data Access and Customer Rights
In accordance with Act No. 1.054, you have a right of access to and a right to the rectification, erasure and portability of your personal data as well as a right to object and restrict the processing of this personal data. With proof of your identity, you may exercise your rights by contacting the Data Protection Officer ("DPO") by email at Data ProtectionOffice@hilton.com. If, after contacting the DPO, you do not feel that your rights have been observed, you may make a claim with the Personal Data Protection Authoity ("APDP").
3. Personal Data Security
In case of breach of your personal data liable to pose a high risk to your rights and freedoms, Hilton shall inform you as soon as possible and take all necessary measures to limit the risks related to this breach. Whether your data is processed by Hilton or by its subcontractors and partners, the same security and privacy requirements apply to your personal data.
4. International Transfers of Personal Data
Hilton is required to transfer your personal data to its affiliates outside of the Principality of Monaco which includes Hilton Domestic Operating Company Inc., all resident in the United States, as well as their in-country suppliers, in order to complete reservations, process Hilton Honors memberships and conduct promotion activities through its website, whose servers are located abroad.
When a subcontractor or partner is located in a country that has not been recognized as having an adequate level of protection as the one offered by Act No. 1.054 (which is the case for the United States), Hilton must fulfill a transfer authorization form in order to comply with Act No. 1.054’s own requirements on the security and privacy of personal data and the subcontractors should ensure a satisfactory protection of your personal data.
5. Language
Statement is available in English and French. If there is any inconsistency or different interpretation between the English and French versions, the English text shall prevail.
APPENDIX F
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL INFORMATION OF NIGERIAN RESIDENTS
To the extent you are located within Nigeria or are in any form subject to the Nigeria Data Protection Act (NDPA) 2023, the provisions indicated below should be read and applied to the processing or your personal data accordingly. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement or Appendix A, as applicable.
1. Legal Basis for Processing
In accordance with the NDPA 2023, we process your personal information for the purposes indicated in the Global Privacy Statement based on the following legal grounds:
Consent: Where you have provided explicit consent for specific processing activities.
Contractual Necessity: To fulfill our obligations under a contract with you, such as processing reservations and providing requested services.
Legal Obligation: To comply with applicable Nigerian laws and regulatory requirements.
Legitimate Interests: To pursue our legitimate business interests, provided that such processing does not override your fundamental rights and freedoms.
2. Rights of Nigerian Data Subjects
As a resident of Nigeria, you are entitled to the following rights under the NDPA 2023:
Right to Access: You may request confirmation as to whether your personal information is being processed and, if so, access to that information.
Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal information.
Right to Erasure: You can request the deletion of your personal information under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to Restrict Processing: You may request that we limit the processing of your personal information in specific situations.
Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another data controller.
Right to Object: You can object to the processing of your personal information based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge Complaint: You have a right to lodge complaints with the Nigeria Data Protection Commission (NDPC).
3. Data Transfer and Sharing
We may transfer your personal information to third parties, including entities within the Hilton group and external service providers, for the purposes described in this Privacy Statement. When transferring personal information outside Nigeria, we ensure that appropriate safeguards are in place to protect your data in accordance with the NDPA 2023.
4. How We Protect Your Personal Data
We take reasonable steps to: (i) protect personal information from unauthorized access, disclosure, alteration, or destruction, and (ii) keep personal information appropriately accurate and current by using appropriate technical and organizational measures. For more information, please refer to the section titled How We Protect Personal Information in the main body of this Statement.
5. Data Retention
Your personal information will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by Nigerian law. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
6. Cookies and Other Technologies
Our site may use "Cookies" or "Other Technologies" (such as "pixel tags," "web beacons," "clear GIFs", links in emails, JavaScript, device IDs assigned by Google or Apple, or similar technologies). For more information, please refer to the section titled Cookies and Other Technologies in the main body of this Statement.
7. Contact Information
If you have any questions, concerns, or requests regarding the processing of your personal information under Nigerian law, please contact our Data Protection Officer at:
We are committed to addressing your inquiries promptly and in accordance with the NDPA 2023.
8. Changes to this Statement
We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site. You can tell when this Statement was last updated by looking at the date at the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site.
APPENDIX G
ADDITIONAL PROVISIONS APPLICABLE TO PROCESSING OF PERSONAL INFORMATION BY HILTON PREMIUM CLUB JAPAN PROGRAM
If you are a member of Hilton Premium Club Japan (HPCJ), including Hilton Dining Plus, the following information applies to the processing of your personal information in addition to the information disclosed in the remainder of this Statement.
We have collected the following categories of personal information in the past 12 months:
APPENDIX H
ADDITIONAL PROVISIONS APPLICABLE PROCESSING OF PERSONAL INFORMATION OF KOREAN DATA SUBJECTS
To the extent you are located within South Korea or is any form subject to the Personal Information Protection Act 2011 (as amended in 2023) (PIPA), the provisions below should be read and applied to the processing of personal information accordingly. In accordance with Article 30 of the PIPA, we establish and disclose the following personal information processing policy to guide data subjects on the procedures and standards for the processing and protection of personal information, and to ensure that grievances are promptly and accurately resolved. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement or Appendix A, as applicable.
Contact Information. In accordance with Article 32-5 of the Information and Communications Network Act, A domestic representative (local person) in charge of information and communication services is designated as follows:
Local Representative Agent. You may contact our Local Agent below by phone, email or mail to handle questions and complaints in connection with the processing of your personal data if you are in Korea.
Local Agent: Jung Byung-hyuk (Brad Jeong), Managing Director, Conrad Seoul
Telephone: 02-6137-7600
Email: Brad.jeong@conradhotels.com
Address: 10 Gukjegeumyuong-ro Yeouido, Seoul, 07326, South Korea
Data Protection Office. You may also contact Hilton’s Data Protection Officer.
Telephone: +1 (800) 413-7470
Address: 7930 Jones Branch Drive, McLean, VA 22102 USA
1. Items and Legal Bases for Processing Personal Information
We will use your personal information with your consent or as permitted by the PIPA. If we want to use your personal information for other purposes, we will obtain your consent unless the new use is permitted by applicable law.
Hilton does not knowingly collect, disclose, or sell personal information of minors under the age of 14.
We have collected personal data for the following purposes:
2. Data Retention
We retain personal information about you as necessary to fulfill the purpose for which that information was collected or as required or permitted by law.
When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
3. Rights of data subjects
As residents of Korea, you are entitled to the following rights under PIPA:
Right to be Informed
Right to Access
Right to Rectification
Right to Erasure
Right to Object/Opt-out
Right to Data Portability
Right to Contest Automated Decision-making
If you would like to exercise your rights, please visit our website at datarights.hilton.com to submit your request, email DataProtectionOffice@hilton.com, or send a letter to the Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA.
In some circumstances you may have the option to submit a request on behalf of someone else. If you submit a request on behalf of someone else, then you may be asked to provide proof of authorization.
4. Cookies and Other Technologies
Our site may use "Cookies" or "Other Technologies" (such as "pixel tags," "web beacons," "clear GIFs", links in emails, JavaScript, device IDs assigned by Google or Apple, or similar technologies). For more information, please refer to the section titled Cookies and Other Technologies in the main body of this Statement.
Behavioral Information
If you consent to the use of cookies and other technologies when you interact with our website or mobile application, Hilton will collect behavioral information related to such interactions. If you consent and are logged into your Hilton Honors account, such behavioral information will be associated with your account. Behavioral information is used to deliver personalized advertisements, optimize our website and mobile application, and support internal analysis. Behavioral information is retained as necessary to fulfill the purpose for which it was collected or as required or permitted by law.
If you want to remove or block Cookies from your device at any time, please refer to the section titled Managing Cookies and Other Technologies in the main body of this Statement.
5. International Transfers of Personal Information
We will transfer your personal information outside Korea, as necessary to fulfill your bookings and enable you to participate in the Hilton Honors program, if you so choose. We will seek your consent to transfer your personal information out of Korea for any other purposes, such as marketing.
6. How We Protect Personal Information
We take reasonable steps to: (i) protect personal information from unauthorized access, disclosure, alteration, or destruction, and (ii) keep personal information appropriately accurate and current by using appropriate technical and organizational measures. For more information, please refer to the section titled How We Protect Personal Information in the main body of this Statement.