希爾頓全球私隱聲明

最後更新日期：2024年12月4日

• 簡介
• 個人資料收集 – 一般事項
• 個人資料收集 – 收集時的聲明
• Reservations with Hilton Partner Accommodations
• Reservations with Hilton's Third-Party Partner
• Reservations with Hilton's Third-Party Operator
• Cookies and Other Technologies
• 分析及興趣為本的廣告
• 您個人資料的變更與存取
• 我們如何保護個人資料
• 依據法律義務或為了人員和酒店安全和保安而披露資料
• Marketing Communications Choices
• 個人資料的跨國傳送
• 資料保留期限
• 本聲明的更改
• 用於提出問題或疑慮的聯絡資料
• Additional Provisions Applicable to California Consumers
• Additional Provision Applicable to Nevada Consumers
• Additional Provision Applicable to French Residents
• Additional Provision Applicable to Hong Kong Consumers
• Additional Provision Applicable to Korean Data Subjects
• 附錄 A：Additional Provisions Applicable to Processing of Personal Information of Residents of Certain Countries and U.S. States
• 附錄 B：Additional Provisions Applicable to Processing of Personal Information of Data Subjects in Türkiye
• 附錄 C：Additional Provisions Applicable to Processing of Personal Information of China Residents/Citizens
• Appendix D: Additional Provisions Applicable to Processing of Personal Information of Brazil Residents or Citizens
• Appendix E: Additional Provisions Applicable to Processing of Personal Information of Data Subjects of Monaco

簡介

希爾頓的使命是成為全球最熱情好客的企業。我們全心全意提供無與倫比的絕佳住客體驗，並期待歡迎您光臨我們的酒店，從而讓您體驗真摯熱情的待客之道。

我們承諾提供一流的客戶服務，當中包括尊重您的私隱和保障個人資料。本私隱聲明（「本聲明」）詳述我們如何收集、使用和披露您的個人資料。

本聲明適用於希爾頓全球控股有限公司、其附屬公司，以及希爾頓酒店集團旗下品牌組合內的所有酒店（統稱為「希爾頓」、「我們」或「我方」）。Our Portfolio of Brands includes Waldorf Astoria Hotels & Resorts, LXR Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Signia by Hilton, Hilton Hotels & Resorts, Curio Collection by Hilton, DoubleTree by Hilton, Tapestry Collection by Hilton, Embassy Suites by Hilton, Tempo by Hilton, Motto by Hilton, Hilton Garden Inn, Hampton by Hilton, Tru by Hilton, Spark by Hilton, Homewood Suites by Hilton, Home2 Suites by Hilton, LivSmart Studios by Hilton, Graduate by Hilton, and NoMad.

只要您使用我們的任何產品或服務和／或同意本聲明（例如進行登記以使用我們的任何產品或服務時），即代表您了解並確認我們將收集和使用本聲明中所述的個人資料。

請注意，本聲明不適用於我們代替第三方和依照第三方指示的個人資料處理，第三方是指航空公司、租車公司和其他服務供應商、進行或提供全套旅行安排的公司、營銷合作夥伴或某些企業客戶。

¹ Hilton Domestic Operating Company Inc. 作為希爾頓實體企業，是所有住客資料的資料管理者，另亦負責希爾頓市場營銷活動及其他事項。Hilton Domestic Operating Company Inc. 是 Hilton Worldwide Holdings Inc. 的附屬公司。

The Hilton Portfolio of Brands includes managed, franchised, and joint venture hotels. 特許經營酒店由從希爾頓分離的實體經營。Joint venture hotels are operated by entities that are partially owned and/or controlled by Hilton. In addition to Hilton Domestic Operating Company Inc., those entities are also independent data controllers for guest data.

個人資料收集 - 一般事項

The following summarizes the categories of personal information we have collected in the past 12 months, the sources for those categories of personal information, the business or commercial purposes for which the information was collected, the categories of third parties with whom the information may have been shared, as permitted by law, and whether the information was sold to a third party for a business or commercial purpose within the past 12 months. Certain categories of personal information collected are required in order for us to provide you with the requested products or services, and if you choose not to provide us with such information, we may not be able to provide you with these products or services. If consent is required, we will obtain your consent before selling or sharing your personal information.

個人資料收集 – 收集時的聲明

瀏覽希爾頓網站

當您瀏覽希爾頓網站時，我們會收集以下各類與您相關的個人資料，以作下列目的：

如果您是希爾頓榮譽客會會員，並在瀏覽工作階段登入帳戶，我們將為下列目的而收集以下與您相關的資料：

訂房

當您預訂希爾頓酒店時，我們會收集以下各類與您相關的個人資料，以作下列目的：

註冊希爾頓榮譽客會

當您註冊希爾頓榮譽客會時，我們會收集以下各類與您相關的個人資料，以作下列目的：

在希爾頓酒店登記入住

當您在希爾頓酒店登記入住時，我們可能收集以下各類與您相關的個人資料，以作下列目的：

電子登記入住

當您利用電子登記入住時，我們會收集以下各類與您相關的個人資料，以作下列目的：

電子房卡

當您使用電子房卡時，我們會收集以下各類與您相關的個人資料，以作下列目的：

住客支援

當您聯絡住客支援部時，我們會收集以下各類與您相關的個人資料，以作下列目的：

Minors

Hilton does not knowingly collect, disclose, or sell personal information of individuals under the age of majority in their respective jurisdiction without permission from a minor’s parent or guardian. 在希爾頓網站或希爾頓榮譽客會應用程式上搜尋酒店訂房時，您可能要提供入住客房的任何未成年住客的年齡。Hilton collects this information for the purpose of determining room rates where applicable, such as at an “all-inclusive” property.

Closed Circuit Television (CCTV)

We use closed circuit television and other security measures at our properties that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies) for the protection of our staff, guests and visitors to our properties, in accordance with applicable laws that require us to collect information that is used to protect guests, employees, and visitors of the property. We retain CCTV in accordance with our data retention policies, as necessary to fulfill the purpose for which that information was collected, or as required or permitted by law. You may be able to request access to CCTV images within the time specified by applicable law and as required by law.

特許經營酒店由從希爾頓分離的實體經營。To request access to CCTV images from a franchised hotel, please contact that hotel. In addition to Hilton Domestic Operating Company Inc., those entities also are independent data controllers of CCTV images. 在法律允許下，我們還會收取合理費用以解決回應您請求的成本。Such requests may be submitted by accessing the Data Subject Rights Requests Portal at datarights.hilton.com or in writing to DataProtectionOffice@hilton.com or Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA.

Reservations with Hilton Partner Accommodations

When making a reservation with AutoCamp or Small Luxury Hotels of the World (SLH) through a Hilton channel, Hilton will provide AutoCamp or SLH with certain guest information for the exclusive purpose of fulfilling the reservation, as identified in this Statement. Hilton channels include Hilton’s website, Hilton Honors application, or Mini Programs. The guest information will be processed and retained in accordance with AutoCamp’s or SLH’s privacy policies and as permitted by applicable law. You can access AutoCamp’s privacy policy here. You can access SLH’s privacy policy here.

Reservations with Hilton's Third-Party Partner

When making a reservation with Hilton Grand Vacations (HGV) through a Hilton channel, Hilton will provide the information you provided for your booking to HGV to fulfill your reservation. Hilton channels include Hilton's website, the Hilton Honors application, and the Hilton Honors Mini Programs. HGV may also process your personal information in accordance with HGV's privacy policies and as permitted by applicable law. You can access HGV's privacy policy here. Hilton may also share your personal data with HGV if you opt in to that sharing during the Hilton Honors enrollment journey.

Reservations with Hilton's Third-Party Operator

When making a reservation with Genting through a Hilton channel, Hilton will provide Genting with the information you provided for your booking to Genting to fulfill your reservation. Hilton channels include Hilton's website, Hilton Honors application, or Mini Programs. Genting may also process your personal information in accordance with Genting's privacy policies and as permitted by applicable law. You can access Genting's privacy policy here.

Cookies and Other Technologies

Like many other websites, our site may use "Cookies" or "Other Technologies" (such as "pixel tags," "web beacons," "clear GIFs," links in emails, JavaScript, device IDs assigned by Google or Apple, or similar technologies). Cookies and Other Technologies allow us and third parties to obtain information about your visits to the site, including to analyze your visiting patterns. 我們利用這些資訊處理您的訂房或要求，並為本公司及您特別感興趣的其他人傳送網上與手機廣告、簡訊和內容。Depending on your jurisdiction, prior consent for the use of non-essential Cookies may be required. If it is the case, we will obtain your consent before using Cookies on your device.

Cookie 是當您造訪網站時會儲存到您電腦或行動裝置（「裝置」）上的小型文字檔。光是使用 Cookie 並不會將您的個人身分透露給我們，但是在某些情況下，我們可能會將希爾頓或第三方的 Cookie 與您已提供給我們或我們從他處獲取與您相關的個人資料相連結。Cookies may be used on the site in order to improve your experience. For example, we will use Cookies to:

• 記住您的使用者名稱和密碼，方便您日後造訪時更加輕鬆快速地登入該網站；
• 記住您的語言與其他設定；
• 確保您取得您需要的一切資訊；
• 提供安全的網上交易服務；
• Track your response to advertisements and website or app content for analysis and the number of times we send you the same advertisement; Measure how many people use the site, and how they use it, so that we may keep it running quickly and efficiently; and
• 協助我們與他方提供與您感興趣和所在地點相關及呼應的通訊與內容。

Below we explain the different types of Cookies that may be used on the site.

• Essential Cookies – Essential Cookies are necessary for the site to work, and enable you to move around it and use its services and features. 停用這類 Cookie 將影響該網站的運作效能，並可能無法使用該網站的服務與功能。
• Functional Cookies – We use Functional Cookies to save your settings on the site—settings such as your language preference, or booking information you have previously used when booking a hotel with us. 我們也用功能 Cookie 來儲存您前次搜尋的酒店這類資訊，方便您下次造訪該網站時輕鬆找到這家酒店。Some Functional Cookies are essential to viewing maps or videos on our site.
• Session Cookies – These types of Cookies are stored only temporarily during a browsing session, and are deleted from your device when you close the browser. We use Session Cookies to support the functionality of the site and to understand your use of the site—that is, which pages you visit, which links you use and how long you stay on each page.
• Persistent Cookies – These types of Cookies are not deleted when you close your browser, but are saved on your device for a fixed period of time or until you delete them. Each time you visit the site, the server that set the Cookie will recognize the persistent Cookie saved on your device. We and others use persistent Cookies to store your preferences, so that they are available for your next visit, to keep a more accurate account of how often you visit the site, how often you return, how your use of the site may vary over time and the effectiveness of advertising efforts.
• Advertising Cookies – Allow us and other advertisers to show you the most relevant products, offers, and advertisements on the site and third-party sites, or through emails or other message platforms. 例如，有些廣告 Cookie 有助於我們的服務提供者與其他廣告商，根據您的興趣（包括透過網站、網上服務和應用程式且隨著時間所表達或推論而出的）選擇廣告。其他廣告 Cookie 則會防止相同的廣告不斷出現，These types of Cookies also help us provide you with content on the site that is tailored to your interests and needs. 如下所述，我們會使用一些分析專用 Cookie 及其他技術來推動廣告。
• Social Plug-In Cookies – Advertising Cookies also include Social Plug-In Cookies. Social Plug-In Cookies are used to share content from the site with members and non-members of social media networks such as Facebook, Twitter, YouTube and Pinterest. 這類 Cookie 通常是由社交網路提供者所設定，讓這類分享順暢無阻。
• Analytics Cookies – Collect information about your use of the site, and enable us to improve the way it works. These Cookies give us aggregated information that we use to monitor site performance, count page visits, spot technical errors, see how users reach the site, and measure the effectiveness of advertising (including emails we send to you).
• Other technologies may be used for the same purposes as our Cookies, to allow us and third parties to know when you visit the site, and to understand how you interact with emails or advertisements. 我們可能透過其他技術取得非個人資料或累計資訊（意即，您的作業系統、您的瀏覽器版本，以及您所登入的 URL），並用這類資訊來提升您的使用經驗和了解流量模式。

管理 COOKIE 與其他技術

若您在任何時候，想從您的裝置移除或封鎖 Cookie，可更新您的瀏覽器設定（請參照您瀏覽器的「說明」功能表，瞭解如何移除或封鎖 Cookie）。希爾頓不負責處理您的瀏覽器設定。You can find good and simple instructions on how to manage Cookies on the different types of web browsers at www.allaboutcookies.org.

請注意，拒絕 Cookie 可能影響您在該網站上進行某些交易的能力，以及我們在您前後造訪時辨識出您所使用的瀏覽器的能力。

分析及興趣為本的廣告

我們會與某些第三方服務供應商合作以收集資料，從而進行分析、審計、研究和報告。These third parties may use server logs, web beacons, tags, pixels, and similar technologies, and they may set and access Cookies on your computer or other device.

In particular, we use Adobe Analytics to help us understand how our customers use our websites. We also use Adobe Audience Manager to create audiences for personalizing content and advertising experiences. Read more about how Adobe uses your Personal Information in web browsers by Adobe Analytics.

We partner with Amazon Chat which supports our chat platform. We may use Amazon Chat for sharing dynamic content for authenticated users.

We use WhatsApp to help us send you personalized content and advertising experiences across multiple platforms. We may use WhatsApp for analytics, research, and reporting. Read more about how WhatsApp protects Personal Information here.

We partner with third parties to provide advertising services that are targeted based on your online activities across websites, mobile apps, and devices over time (commonly referred to as “interest-based advertising”). 我們的廣告合作夥伴可能在您目前的裝置收集與我方服務相關的活動資料，並將之與您在其他網站、流動應用程式及裝置的活動資料結合。它們可能使用伺服器日誌、Cookie、網絡信標、標籤、像素、流動廣告 ID（例如 Facebook Cookie 或 Google 廣告 ID）、跨裝置連結及類似技術來收集該等資料。例如，我們的廣告合作夥伴可能利用您到訪我方網站的資料，以讓您透過目前裝置或其他裝置使用其他網站及流動應用程式時看到針對性廣告。它們可能會在您利用多個裝置登入相同網上服務時，或是在您的裝置分享類似的屬性而這些屬性可證明為同一個人或同一使用者所使用時，找到與您匹配的瀏覽器或裝置。這代表您透過目前瀏覽器或裝置使用網站或應用程式的活動資訊，可能會與從您其他瀏覽器或裝置收集所得的資訊結合和使用。您可根據以下指示，在目前瀏覽器或裝置上的網絡瀏覽器和流動應用程式，拒絕使用興趣為本的廣告。

For more information about interest-based advertising and cross-device linking, please visit the Network Advertising Initiative (“NAI”) website and the Digital Advertising Alliance (“DAA”) website. We adhere to the DAA's interest-based advertising principles by providing you enhanced notice, transparency, and control of our digital marketing practices as stated at http://www.aboutads.info/principles/. You may opt out of interest-based advertising and cross-device linking in web browsers and mobile apps on your current browser or device by following the instructions below. 

• 網絡瀏覽器拒絕。 To opt out in web browsers, please visit http://optout.aboutads.info/ and http://optout.networkadvertising.org. To help preserve the choices that you make in the DAA's WebChoices page, you can install the DAA's “Protect My Choices” extension that is available at http://www.aboutads.info/PMC.
• Mobile Application Opt-Out.  To opt out in mobile apps, you can adjust the advertising preferences on your mobile device (for example, in iOS, visit Settings > Privacy & Security > Tracking, and in Android, visit Settings > Google > Ads > Opt out of interest-based ads). 您亦可下載應用程式和遵循指示而行，以就參與數碼廣告聯盟 AppChoices 工具的公司作出拒絕。如欲對在流動裝置拒絕了解更多，請查看這裡。

請注意，上述拒絕功能只適用於您拒絕時所用的特定瀏覽器或裝置，因此您將要在所有瀏覽器及裝置分別拒絕。如您刪除或重設 Cookie 或流動廣告識別碼、更改瀏覽器（包括升級某些瀏覽器）或使用另一部裝置，任何拒絕 Cookie 或工具都可能再也無法運作，而您將要再次拒絕。我們當前無法回應「請勿追蹤」訊號。

您個人資料的變更與存取

If you are a Hilton Honors member, you may review and update the information you provided to us at the time of enrollment at any time by signing in to your Hilton Honors account. You may also make changes to your information by contacting Hilton Reservations and Customer Care by completing a support form. If you are located in the United States or Canada, you can call customer care toll free by dialing + 1-888-4HONORS (888-446-6677). Customers located outside of the United States and Canada can review a list of customer care phone numbers here.

您可請求我們通知您我們持有您的哪些個人資料，並且在適當情況下，拒絕特定資料處理活動並/或請求我們更新、更正、刪除及/或停止處理您的個人資料。我們將在適用法規定及法律規定的時間內，進行所有要求的更新或更改。在法律允許下，我們還會收取合理費用以解決回應您請求的成本。Such requests may be submitted by accessing the Data Subject Rights Requests Portal at datarights.hilton.com or in writing to DataProtectionOffice@hilton.com or Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA.

除此之外，在部分情況下，您可使用上述電郵或郵寄地址聯絡我們，請求我們停止與我們的商業合作夥伴共用有關您的個人資料，或請求希爾頓停止使用有關您的個人資料。

我們如何保護個人資料

我們採取合理措施以：(i) 保護個人資料不受未經授權的存取、披露、竄改或銷毀，以及 (ii) 在合理的範圍內維持個人資料的正確性與最新狀態。

希爾頓聘用了由專用資訊安全專員組成的強大團隊，他們主要負責管理希爾頓的安全計劃。此團隊還負責監視我們的系統是否存有潛在入侵、應對潛在事件、支援屬性級資訊安全、定期檢視和更新希爾頓用以保護資料的安全控制程序，並提供有關希爾頓資訊安全計劃的培訓。

希爾頓設有付款卡行業（「PCI」）合規計劃及資訊科技合規計劃。該合規程式可產生與希爾頓科技內部控制的妥善性及有效性有關的審計報告，包括一份由外部 PCI 合格安全評估員簽署的 PCI 合規證明及一份 SSAE16/SOC1 報告，解決了對支援特定會計和財務報表的系統的科技常規控制。

我們要求獲我方分享個人資料的第三方盡合理努力，將個人資料保密。

我們絕對不會透過電郵或文字訊息，要求您向我們發送機密個人資料或付款卡資料。

如果出現安全事件，希爾頓將依照適用法律及規例的要求通知監管部門及／或消費者。

依據法律義務或為了人員和酒店安全和保安而披露資料

希爾頓將根據法律要求披露個人資料。舉例而言，此類披露包括國家／地區要求希爾頓收集該國家／地區的酒店訪客個人資料、執法機構向希爾頓送達有效傳票、民事訴訟人向希爾頓送達合法的資料透露要求。若然為了人員和酒店的安全和保安、尋求適用補救或限制我們可能承受的損害賠償，以及為應對緊急情況而有所必要，希爾頓可能選擇與執法機構、僱主、與希爾頓合辦活動者或其他方分享個人資料。

Marketing Communications Choices

我們希望讓您緊貼我方精彩產品！為此，我們可能透過電郵、文字訊息、推送通知、應用程式內提醒、直銷郵件及社交媒體向您發送通訊。In addition to traditional text messages, we offer the opportunity to receive transactional and promotional messages via text message by using a short code. A short code is a five-digit number that you can message to opt-in to receive such text messages. We may also send you marketing communications via WhatsApp. To enable us to send you such communications, your information may be disclosed to service providers who use such information solely to send out marketing communications on our behalf. Furthermore, short code opt-in data and consent will not be shared with any other third parties for their own marketing or advertising purposes. If, depending on the circumstances, consent is required in your jurisdiction, we will obtain your consent before sending you such communications.

If you are a Hilton Honors member, you may change the communications you receive from us by logging on to your online account and managing your subscriptions; by writing to us (and including your email address) at Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA; or by emailing us at DataProtectionOffice@hilton.com.

若您不想收到我們發出的營銷資料電郵，您可隨時透過以下方式拒絕：利用您從我方所收到的電郵中隨附的取消訂閱功能；點擊連結：https://secure.hilton.com/en/hhonors/optout/unsubscribe.jhtml?listid=0；寫信至 Hilton Data Protection Officer（希爾頓資料保護專員）, 7930 Jones Branch Drive, McLean, VA 22102, 美國（請同時附上您的電郵地址）；或發送電郵至 DataProtectionOffice@hilton.com。拒絕請求最多可能需時十個營業日才會生效。

To opt out of text or WhatsApp messages, reply “STOP” to the message you received or to opt out of text messages from a specific hotel, tell the hotel front desk that you do not want to receive text messages from the hotel .

您也可以透過更改您流動裝置上的通知設定，藉以控制我們的行動應用程式是否向您發送推送通知。倘若我們對您發送應用程式內部訊息，我們也將允許您變更應用程式設定來控制這些服務。

個人資料的跨國傳送

由於我們是一家全球企業，我們竭力達到這項期許，不論您是在三藩市、倫敦或東京的希爾頓酒店，我們都將為您提供同樣高水準的服務。為提供這類服務，您同意我們可以在位於您所在國家之外的希爾頓酒店集團旗下品牌組合的酒店成員、我們的服務供應商及其他第三方之間共用您的個人資料。

當您在美國以外的希爾頓酒店住宿時，該酒店的資料收集者會依照適用法律或法規規定的傳輸協議，將與您住宿相關的個人資料傳輸至位於美國的希爾頓酒店。該資料收集者還會依照適用法律或法規的規定保存您個人資料的本地副本。雖然不同國家的資料保護法律可能與您所屬國家的法律不同，但是希爾頓仍將採取適當措施，以確保完全依照本聲明的規定及根據法律來處理您的個人資料。

資料保留期限

如為滿足資料收集目的而有所必要，或在法律要求或許可範圍內，我們會保留與您相關的資料。當我們銷毀您的個人資料時，會採用防止恢復或修復的銷毀方式。

本聲明的更改

我們可能不時修改本聲明。如果我們對本聲明作出重大更改，將會在本網站主頁上發佈經修訂聲明的連結。查看聲明頂部日期，即可得知本聲明的最近更新日期。已修訂的聲明一張貼在網站上時，對我們的聲明所做的任何修改立即生效。網站及我們任何產品和服務的使用，以及/或是提供同意書同意跟隨變更而更新的聲明，皆構成您接受已修定聲明立即生效的事實。

用於提出問題或疑慮的聯絡資料

If you have any questions or concerns, please contact us by sending an email to DataProtectionOffice@hilton.com, by sending a letter to Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, or by calling our toll-free number: (800) 413-7470.

Additional Provisions Applicable to California Consumers

The Right to Know, The Right to Delete, and the Right to Opt-Out of the Sale or Sharing of Personal Information

The California Consumer Privacy Act (“CCPA”) affords California consumers (1) the right to know what personal information we collect, use, disclose, and/or sell; (2) the right to request that we delete their personal information; and (3) the right to request that we no longer sell or share their personal information.

If you would like information about the personal information that we collect, disclose, sell and/or share about you, or if you would like to make a request for us to delete or to stop selling your personal information, please visit our website at datarights.hilton.com to submit your request. You also may call our toll-free telephone number: (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102, or complete a paper form available from the front desk at any of our hotels. In addition to these methods, California consumers may request that we no longer sell their personal information by completing a personal data request form.

當資料保護辦事處收到您的請求，會先核實身份。If you are a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, Hilton Honors account number, and the email address and phone number associated with your Hilton Honors account. If you are not a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, the email address and/or phone number associated with a past stay, and potentially a confirmation number from one of your stays at a Hilton property. Once the DPO has verified your identity, the DPO will promptly fulfill your request

您可選擇指定獲授權代理，以代表您提出請求。To designate an authorized agent, please submit an order issued by a court, a document submitted by a barred attorney, or a formal certified document issued by an official governmental agency.

If you would like to opt out of the sale of your personal information, you may do so by clicking on the banner that appears on any Hilton website when you access that site from an IP address that relates to California or by visiting our website at datarights.hilton.com or click the “Do Not Share or Sell My Information” link at the bottom of any Hilton website to submit your request. Please note that when you opt out of Cookies, tags, and pixels, that opt out only pertains to the device and the browser that you are using when you opt out. If you wish to opt out for other devices or browsers, you must opt out again when you are using those devices or browsers.

敏感個人資料

我們只會在履行合理預期服務所必需或法律規定的範圍內，才會使用您的個人資料。

直銷披露

加州消費者亦可就我們向第三方披露某些類別的個人資料以作其直銷目的，而索取資料。這類請求必須寄送至以下其中一個地址： CA_Privacy@hilton.com or DataProtectionOffice@hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102. Within thirty days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.

免受歧視的權利

CCPA 禁止企業因消費者行使其獲 CCPA 賦予的權利，而對其作出差別待遇。歡迎您運用根據 CCPA 獲享的權利，我們不會就此對您作出區別對待。

財務獎勵聲明

希爾頓不會就個人資料收集、銷售或刪除而提供財務獎勵。就如本聲明所詳述，希爾頓主要從住客收集個人資料以履行住客訂房，並從榮譽客會會員收集個人資料以營運希爾頓榮譽客會忠誠計劃。希爾頓亦會收集個人資料，以作營銷和適用法律許可的其他目的。

就如希爾頓榮譽客會條款及細則中所訂明，希爾頓榮譽客會會員能夠累積積分並獲享優惠房價。累積積分並獲享優惠房價的能力，並非與向會員資料業務帶來的價值直接相關。

移除內容

倘若您是 18 歲以下的加州居民，並且在任何適用於此政策的網站之登記用戶，那麼，加州商業及專業法第 22581 條允許您要求並取得移除您已公開發佈的內容或資訊的權利。如要作出該等請求，請將附有特定內容或資料詳細描述的電郵發送至 CA_Privacy@hilton.com。請注意，該等請求並不確保完整或全面移除您所發佈的內容或資訊，並且可能在某些情況下，即使提出請求，法律也不需要或允許其移除。

Additional Provision Applicable to Nevada Consumers

拒絕銷售個人資料的權利

如果您是內華達州居民，可請求我們停止銷售收集所得的某類個人資料。To submit a request please visit our website at datarights.hilton.com to submit your request. You also may call our toll-free telephone number: (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@hilton.com, send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102, or complete a paper form available from the front desk at any of our hotels. When the DPO receives your request, the DPO will first verify your identity. If you are a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, Hilton Honors account number, and the email address and phone number associated with your Hilton Honors account. If you are not a Hilton Honors member, the DPO will verify your identity by asking you to provide your name, the confirmation number from one of your stays at a Hilton property, and the email address associated with that stay. Once the DPO has verified your identity, the DPO will promptly fulfill your request.

Additional Provision Applicable to French Residents

法國居民：as disclosed in this Statement, we may collect your phone number to fulfill guest reservations, send guests communications relating to their reservations, provide customer service and support, verify identity, send marketing communications via SMS, process transactions with partners, share data with Hilton's Third-Party Partner, authenticate mobile accounts, send service-related SMS communications, detect and prevent fraud, and engage in sales activities for group bookings. 我們不會將您的電話號碼用於電話營銷。Nonetheless, if you would like to register on the list of opposition to telephone canvassing, you may do so at www.bloctel.gouv.fr.

Additional Provision Applicable to Hong Kong Consumers

If you are based in Hong Kong, we will obtain your consent on or before sending you any marketing messages. You may opt out of receiving marketing messages from us at any time by using the unsubscribe link found in our marketing messages.

If you would like to access or correct your personal information, please contact the Data Protection Officer (“DPO”) at DataProtectionOffice@hilton.com, or complete the paper form available from the front desk at any of our hotels. We may require further information from you in order to verify your identity before processing your request. In certain circumstances where permitted to do so under applicable law, we may refuse to fulfil your request.

Additional Provision Applicable to Korean Data Subjects

資訊及通訊服務的當地代理

附錄 A
適用於處理土耳其資料當事人個人資料
附加私隱條款

某些國家及美國州份已實施私隱法律，向該等司法管轄區的居民賦予某些額外權利，此附錄為該等個人提供附加資訊。Once effective, the U.S. states include, but are not limited to, California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nevada, Oregon, Tennessee, Texas, Utah, and Virginia. These countries include, but are not limited to, those in the European Economic Area (EEA), the United Kingdom and Switzerland, as well as Australia, Brazil, China, Korea, Hong Kong, Monaco, Israel, Japan, Nigeria and Türkiye. 此附錄概述了希爾頓有義務向您提供的某些附加資訊，以及在處理您個人資料時當地適用法律賦予您的特定權利。如出現與此聲明正文中任何條款相抵觸的情況，一律以此附錄為準。

收集者：Please refer to the Data Protection Office at DataProtectionOffice@hilton.com for the contact information of other entities that may receive your personal data.

數據保護官：Hilton's Data Protection Officer may be contacted by email at DataProtectionOffice@hilton.com, or at the following address:

收件人：Data Protection Officer 7930 Jones Branch Drive, McLean, VA 22102 USA

Purposes and Legal Basis for Processing

Hilton processes your personal information for the purposes set forth in the section titled Collection of Personal Information - Generally and the section titled Collection of Personal Information - Notice at Point of Collection of the main body of this Statement.

希爾頓處理活動的法律依據包括按需處理該資料以遵循我們的合約責任、遵循我們的法律責任、鑒於我們的正當商業利益並遵照您的意見，保護我們員工、住客及其他人員的安全。

處理您個人資料的詳細法律依據基於提供或收集該資料的用途：

參加希爾頓榮譽客會計劃：We process the personal information obtained in connection with your participation in the Hilton Honors program on the basis of our contractual relationship with you, consent if legally required, and for pursuing our legitimate business interests, including to personalize your use of our services and applications, to communicate news and promotional items, and to deliver personalized advertising and content.

問卷調查：完成問卷調查屬於自願性質行為。我們基於您的同意及商業利益，促成處理從問卷調查獲取的資訊，包括營銷、服務提升及分析方法。

在酒店的資料收集： 當您訂房及在我們的任何一間酒店住宿時，我們將依據我們與您的合約關係處理您的姓名、地址、聯絡資訊及住宿明細（入住和退房日期和時間、車輛資訊及與您一同旅行或住宿的他人相關資訊）。

• We also process such data for pursuing our legitimate business interests, with your consent if legally required, including for marketing, service improvements, administration of our e-Folio program, and analytics and service personalization, as described in the sections referenced above of our Global Privacy Statement.
• 在我們酒店（如國家身份證或護照資訊）登記/入住期間，我們會收集一些額外的個人資料，以遵守我們的法律責任。
• 我們也可能使用我們酒店內的閉路電視與其他保全措施，這些可能拍下或記錄住客與訪客在公共區域的影像，以及您在我們酒店內所在位置的相關資料（透過鑰匙卡與其他技術），以便於保護我們酒店內的員工、住客與訪客。
• 我們處理與酒店服務（如禮賓服務、健身俱樂部、水療、活動、兒童保健服務、設備租賃和我們的電子房卡功能）有關的個人資料，以為您提供服務，並滿足在我們全球私隱聲明中上列章節所述的商業利益，包括營銷、服務提升、電子帳單程式管理以及分析和服務個人化。

活動資料檔：We process the personal information obtained in connection with your event on the basis of our contractual relationship with you and for pursuing our legitimate business interests, with your consent if legally required, including for marketing, service improvements, and analytics and service personalization, as described in the sections referenced above of our Global Privacy Statement.

社交媒體：Participation in Hilton–sponsored social media activities and offerings is voluntary – we process information obtained from social media participation on the basis of your consent if legally required and for pursuing our legitimate business interests, including for marketing, service improvements, and analytics and service personalization, as described in the sections mentioned above of our Global Privacy Statement.

促銷和抽獎活動：參與抽獎、競賽和其他促銷活動是自願行為，我們根據您的同意和出於管理提供物品的需要，處理從這些參與中獲得的資訊。We also use certain data for our business purposes, including for marketing, service improvements, administration of our e–Folio program, and analytics and service personalization, as described in the sections referenced above of our Global Privacy Statement.

直銷：我們基於您的同意而使用您的個人資料，以便向您發送營銷訊息。You may withdraw your consent for direct marketing communications at any time by contacting us at customer_privacy@Hilton.com or by following the unsubscribe instructions in the marketing message, or by logging in to your Hilton Honors account and updating your communication preferences.

酒店特許經營和擁有機會：We process this information on the basis of our contractual relationship with you and for our related legitimate business interests, including maintaining and promoting the Hilton brand and facilitating direct communication between properties within the Hilton Portfolio of Brands.

婦女／弱勢經營事業供應商：Participation in Hilton's Supplier Diversity Program is voluntary – we process this information based on your consent and for our related business legitimate interests, including maintaining and enhancing our diversity program.

Retention: 我們通常在任何合同關係存續期限內，以及在法律要求或適用法律允許的任何時期內保留關於您的個人資料，以完成收集這些資料的目的。我們的保留政策反映了適用的時效期限和法律要求。

Data Subject Rights

Some regional, national, and state laws confer rights relating to personal data as indicated in the Personal Data Requests Portal. Residents of certain jurisdictions may have the following rights.

存取、改正和塗改要求：您有權：

• ask us to confirm whether we are processing your personal information and receive information on how your data is processed
• 獲得您的個人資料副本
• 要求我們更新或改正您的個人資料
• 要求我們在某些情況下刪除個人資料

反對處理的權利：您有權要求希爾頓停止處理您的個人資料：出於行銷活動，包括分析目的

• 出於統計目的
• 此類處理是出於我們的合法商業利益目的，但是我們能夠證明此類處理的強制性合法依據或者我們需要處理您個人資訊來確定，行使或辯護合法索賠的目的除外。

限制處理的權利：在如下情況下，您有權請求希爾頓限制處理您的個人資料：

• 當希爾頓正在評估，或在處理更新或糾正您個人資料的請求回應過程中，有關處理屬非法而您不希望希爾頓刪除您的資料
• 如果希爾頓不再要求此類資料，但是您希望我們為了確定、行使或抗辯合法索賠而保留資料
• 如果您在等待我們就此類請求作出回應期間，出於我們的合法商業利益目的，提交了反對處理請求

如果根據您的請求，限制我們處理您的個人資料，我們將在重新參與處理之前通知您。

Right to Object to Sale and Share: You have the right to request that Hilton not sell or share your personal information. Please visit our website at datarights.hilton.com to submit your request or click on the Do Not Share or Sell My Information link at the bottom of any Hilton website. You also may call our toll-free telephone number: (800) 413-7470, email the Data Protection Office (“DPO”) at DataProtectionOffice@hilton.com, or send a letter to the Data Protection Office at 7930 Jones Branch Drive, McLean, Virginia, USA 22102.

資料移轉請求：您有權要求我們以常用機器可讀格式，向您或協力廠商提供您所指定的個人資料。但是，請注意資料遷移權利只適用於我們直接從您那裡獲得的個人資訊，並且只適用於我們處理基於同意或合同履行的情況。

提交請求：Your requests may be submitted by accessing the Data Subject Rights Request Portal or in writing to DataProtectionOffice@hilton.com, or the Hilton Data Protection Officer, 7930 Jones Branch Drive, McLean, VA 22102, USA. You may also update your personal information as provided in section titled (Changing and Accessing Your Personal Information) of the main body of this Global Privacy Statement.

We will respond to all such requests within the time period permitted by law. 但是請注意，根據適用資料保障法律的規定，某些個人資料可能不會受到此類權利的限制。除此之外，除非我們能夠適當核實請求人的身份，否則我們不會對任何請求作出回應。我們可以就您要求的額外資料副本，向您收取合理的費用。

If you want to present a complaint or have concerns about our data practices or the exercise of your rights, you may either contact Hilton at DataProtectionOffice@hilton.com or the supervisory authority in the Member State of your residence. For the EEA, the supervisory authorities are available at the European Data Protection Board’s website. For the UK, the supervisory authority is available at ico.org.uk.

撤銷同意的權利：您有權撤銷我們完全基於您的同意（例如向您的個人電郵帳戶發送直銷資料）進行處理的權利。You may withdraw your consent to marketing activities by following the instructions on any marketing emails, or contacting customer_privacy@hilton.com. For any other activities for which you have previously consented, you may contact DataProtectionOffice@hilton.com to withdraw such consent.

Right to Object to Segmentation (also referred to as profiling) and Automated Decision Making: You have the right to object to segmentation or profiling and automated decision making. 我們使用個人資料，按照某種共同特徵，例如地理位置、行為或顧客特徵，將一大群顧客分為顧客子群（稱為類別）。

經過您的同意，我們會做出自動決策，這意味著在沒有人為幹預的情況下，基於您的特點，使用市場分類和/或您的個人資料提供一定的福利（比如基於您的地理位置、行為或人口統計提供打折的房間價格或其他的特別優惠報價）。例如，如果您在一週內經常出差到法國的酒店，我們可以向您提供法國希爾頓酒店的特別優惠報價。

International Data Transfers: 我們可以根據本聲明中所述的目的，將我們收集到的、與您的個人資料轉移至那些尚未被歐盟委員會發現的國家，以便於提供充分保護。尤其是，我們將您的個人資料轉移至美國。

我們在不同司法管轄區的關聯公司之間，使用適當的保護措施來轉移個人資料，並且已按需要為該等目的執行了資料轉移協議，例如歐盟委員會標準合約條款或其他類似的保護措施。若要獲得這些條款副本或與轉移有關的額外資訊，您可以將您的請求傳送至 privacy@hilton.com。

附錄 B
適用於處理土耳其資料當事人個人資料
INFORMATION OF DATA SUBJECTS IN TÜRKIYE

For data subjects in Türkiye, this Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement, or Appendix A, as applicable.

資料管理者。Hilton Domestic Operating Company Inc. is the Hilton entity for all guest data and Hilton's marketing activities.

Your personal data may be processed by other Hilton entities in Türkiye who act as a data controller based on the Hilton property you stay at. 在該等情況下，相關的希爾頓實體將擔任您個人資料的資料管理者，其會在必要時向您另行提供私隱聲明。

資料管理者代表 You may contact our data controller representative in Türkiye by email or mail to handle questions and complaints in connection with the processing of your personal data if you are in Türkiye.

• Esin Attorney Partnership
  info@esin.av.tr
  Akatlar Mah. Ebulula Mardin Cad. Gül Sok. No. 2

處理您個人資料的法律依據。希爾頓根據個人資料保護法（「資料保護法」）第 6698 號第 5 條處理您的個人資料作全球私隱聲明所列目的時，依賴下列法律基礎：

• 處理您的個人資料實屬必要，前提是其直接關乎您與希爾頓的合約締結或履行；
• 處理資料對希爾頓履行法律義務而言有所必要；
• 處理資料對希爾頓的合法利益而言有所必要，前提是並無違反您的基本權利及自由；或
• 經您明確同意。（請注意，只在我們需要經您同意才能處理資料時，我們才須依賴您的明確同意。若然建基於以上任何其他法律基礎，則不用依賴此法律依據。）

您的權利。您擁有資料保護法第 11 條下賦予的權利，可透過下列方式聯絡我們以行使權利：DataProtectionOffice@hilton.com 或 Data Protection Officer（希爾頓資料保護專員）7930 Jones Branch Drive, McLean, VA221102, 美國。

在您申請中的請求將根據請求性質盡快解決，最遲會在三十天內完成，費用全免。但如您的請求令本公司招致額外成本，則您可能要付土耳其個人資料保護委員會釐定的關稅費用。

修訂。The following sections of the Global Privacy Statement do not apply to individuals in Türkiye: 第二段中的下列句子：只要您使用我們的任何產品或服務和／或同意本聲明（例如進行登記以使用我們的任何產品或服務時），即代表您了解並確認我們將收集和使用本聲明中所述的個人資料。

國際個人資料轉移章節中的下列句子：為提供這類服務，您同意我們可以在位於您所在國家之外的希爾頓酒店集團旗下品牌組合的酒店成員、我們的服務供應商及其他第三方之間共用您的個人資料。

語言。本聲明設有英文及土耳其文版本。一旦英文與土耳其文版本之間有任何抵觸或不同詮釋，須以土耳其文為準。

國際資料轉移。Hilton is required to transfer your personal data to its affiliates outside of Türkiye, which includes Hilton Domestic Operating Company Inc., all resident in the United States, as well as their in-country suppliers, in order to complete reservations, process Hilton Honors memberships and conduct promotion activities through its website, whose servers are located abroad. 未經您同意，希爾頓無法透過本網站向您提供服務。因此，當您存取本網站時，我們會向您徵求同意，以跨境轉移您的資料。

這是為徵求同意而暫用的做法，希爾頓正在致力制訂承諾書，其為跨境轉移資料的替代法律機制之一。因此，當承諾書準備就緒且經個人資料保護局批核後，這種徵求同意的做法就會終止。

附錄 C
適用於處理土耳其資料當事人個人資料
有關中國居民或公民的資料

1. 簡介

For individuals who reside in the People's Republic of China (for the purposes of this Privacy Statement, excluding Hong Kong Special Administrative Region, Macau Special Administrative Region and Taiwan) ("China") or citizens of the People's Republic of China, we understand that privacy is important to you. 因此在本附錄中，我們會為您介紹希爾頓如何收集、使用、披露及以其他方式處理我們收到或向您收集的個人資料（包括敏感個人資料，如適用）。在使用任何希爾頓服務或產品前，請細心閱讀本聲明。

This Appendix does not replace the main body of this Statement, but supplements the main body of this Statement, and should be read together with the main body and Appendix A, as applicable. 倘本附錄及本聲明的正文之間有任何衝突或不一致之處，應以本附錄為準。

「個人資料」與中華人民共和國的《個人信息保護法》中的定義具有相同意思（會不時作修訂）。該等資料可以電子方式或其他方式記錄，且能單獨或與其他資料（包括敏感個人資料）綜合而識別出一名特定自然人的身份或反映其活動。"Personal Information" or "Information" used in the main body of this Statement and in this Appendix also includes sensitive personal information (where applicable). “sensitive personal information” shall have the same meaning as defined in the Personal Information Protection Law of the People’ Republic of China (as revised from time to time). The sensitive personal information involved in this Statement may include passport or ID card information, payment card information, spending amount, accommodation information (such as arrival and departure time), interaction with Hilton websites, and precise positioning information.We only process your sensitive personal information where such processing is strictly necessary for the relevant purposes identified in the sections titled Collection of Personal Information – Generally and Collection of Personal Information – Notice at Point of Collection in the main body of this Statement. Our processing of your sensitive personal information will adhere to the safeguards mandated by applicable laws and regulations. However, depending on the specific type of sensitive personal information involved, such processing may result in various impacts, including potential harm to your reputation, property, or personal safety in the event of a data breach. You agree that the sensitive personal information will be processed in accordance with the purposes and methods set forth in this Statement.

2。個人資料收集和使用

Regarding the following issues, please refer to the section titled Collection of Personal Information – Generally and Collection of Personal Information – Notice at Point of Collection in the main body of this Statement.

• The types of personal information that we collect from you (including sensitive personal information).
• 我們收集和使用您個人資料的方式、我們使用您個人資料的目的以及我們分享或披露您個人資料的方式。

希爾頓不會刻意收集或披露 14 歲以下未成年人的個人資料。當我們從未滿 14 歲的人士收集個人資料時，需要取得其家長／監護人的同意，且我們會按照適用法律及法規所訂明的保障措施處理該等資料。

We will use your personal information with your consent or as otherwise required or permitted by applicable law. (e.g. where the processing is necessary for concluding or performing a contract with you, where the processing is necessary to perform legal obligations, etc.). If we want to use your personal information for other purposes, we will obtain your further consent unless the further use without your new consent is required or permitted by applicable law. Where we rely on your consent to process your personal information and you refuse to give consent, we might not be able to provide all of our services.

3。披露及分享個人資料

With your express consent, where required, we may share your personal information for the purposes described in this Statement with members of the members of Hilton worldwide brand portfolio, our service providers, and other third parties as follows:

• Hilton Worldwide Holdings Inc. 及其子公司，以及希爾頓品牌組合成員，包括特許經營及管理的酒店；
• 代表希爾頓提供服務的服務供應商；
• 付款卡供應商及處理者；
• 公司協議中列明的僱主，
• 希爾頓網站流動應用程式的廣告網絡及分析資料供應商。

The processing of your personal information by members of the Hilton Portfolio of Brands, including purposes and means of processing and categories of personal information processed, is governed by this Statement. Please refer to the Data Protection Office at DataProtectionOffice@hilton.comfor the contact information of other entities that may receive your personal data.

Some of the third parties listed above may also process your personal information for their own purposes as data controllers, in which case their own privacy policies will apply, including as to the purposes and means of processing and categories of personal information processed.

To provide and optimize our services, third-party software development kits (SDKs) are embedded in our applications (including WeChat Mini Programs). 以下列出我們目前使用的第三方軟件開發套件、所收集個人資料的類型，以及收集及使用的目的。若您對第三方透過第三方軟件開發套件收集您的個人資料有疑問，請參閱該等第三方的私隱政策。

縱然具有上述情況，我們仍可能為以下目的而向第三方披露個人資料：遵循適用法律或有效的法律程序；回應政府查詢或公共及／或政府機關的要求；保護希爾頓、網站訪客、住客、員工或公眾的權利、私隱、安全或財產；尋求或行使我們的權利；或應對緊急情況。

4。流動和位置服務

如您下載和使用我方流動應用程式或使用其他數碼平台，例如我們的微信小程序，我們可能收集您的個人資料。我們將徵求您同意，並根據本聲明收集、使用、披露和以其他方式處理此資料。如您允許我們存取您裝置上的位置資料，從而為您提供我方應用程式功能及服務，則該等資料可能包括地理位置資料。我們亦可能收集裝置資料，例如您的手機品牌、型號、作業系統、作業系統版本，從而將您導向至適當的應用程式商店以下載我方流動應用程式。

您可以經由更改希爾頓榮譽客會應用程式設定或變更您裝置的設定，以防止或限制他人收集此類資料。

5。分析及興趣為本的廣告

此外，我們與第三方合作，以根據您於不同時間在不同網站、流動應用程式及裝置的網上活動投放針對性廣告。我們的廣告合作夥伴可能在您目前的裝置收集與我方服務相關的活動資料，並將之與您在其他網站、流動應用程式及裝置的活動資料結合。They may collect this information using server logs, Cookies, web beacons, tags, pixels, mobile advertising IDs, cross-device linking and similar technologies. 當中可能包括您的個人資料。

您可在目前瀏覽器或您裝置上的網絡瀏覽器和流動應用程式，拒絕使用興趣為本的廣告及跨裝置連結。我們目前無法回應「請勿追蹤」訊號。For more information, please see the section titled Analytics and Interest-Based Advertising as well as the section titled Cookies and Other Technologies, in the main body of this Statement.

6。更改和存取您的個人資料，以及註銷帳戶

您有權存取、糾正和／或（在某些情況下）刪除個人資料、撤回對我們處理您個人資料給予的同意、註銷會員帳戶（如有）、拒絕在自動決定程序中使用您的個人資料，並就我們處理您個人資料的方式提出投訴。您可能根據其他適用法律擁有其他權利。Please see the contact information in Section 11 below, or the section titled Changing and Accessing Your Personal Information in the main text of this Statement, to learn how to contact us. 我們致力在法律規定期限內根據適當法律處理此等請求。 尤其是，我們將在收到您的註銷請求後 15 天內作出回應；但如出現情有可原的情況，而我們預期需要超過 15 天來回應，則會向您告知預計所需的時間。請注意，如您請求註銷會員帳戶，將自取消註冊當日起再也無法獲享任何會員禮遇。在您註銷會員帳戶後，您的個人資料將會刪除或匿名化，除非適用法律要求我們保留有關資料則另作別論。

7。我們如何保護個人資料

我們採取合理步驟以：(i) 保護個人資料不受未經授權的存取、披露、竄改或銷毀，以及 (ii) 運用適當的技術及組織措施將個人資料保持為適當地準確的當前資訊。For more information, please see the section titled How We Protect Personal Information in the main body of this Statement.

對於我們第三方網站或應用程式的個人資料收集、使用、披露或另行處理，我們概不負責。請閱讀此等網站及應用程式的私隱政策及使用條款。此適用於：(1) in-hotel internet services we may offer; (2) third-party websites and applications to which the links in our websites and mobile applications may direct; and (3) third-party digital messaging applications or platforms which we use to communicate with you.

8。個人資料的跨國傳送

As Hilton operates globally, with your express consent where required, we may transfer your personal information (including your sensitive personal information, if applicable) to jurisdictions outside of China, including United States, Europe, and other jurisdictions where we, our service providers, and other relevant third parties conduct business. In particular, your personal data may be transferred to Hilton Domestic Operating Company Inc. for storage and processing in accordance with this Statement via Hilton's global centralized reservation system, which is deployed in the United States. The personal data stored in Hilton's global centralized reservation system may be further transferred to properties in different countries based on your reservations in accordance with this Statement. Please refer to the Data Protection Office at DataProtectionOffice@hilton.comfor the contact information of other entities that may receive your personal data.

我們將採取適當步驟保障您的資料完整和機密，並確保根據本聲明正文及適用法律處理您的個人資料。

9。資料保留期限

如為達成資料收集目的而有所必要，或在法律要求或許可範圍內，我們將保留與您相關的資料。 We will destroy your personal information in accordance with our retention and records management procedures. For more information, please see the section titled Data Retention Period in the main body of this Statement.

10。本聲明的更改

如果我們對本聲明作出重大更改，將會發佈出來。For more information, please see the section titled Changes to Statement Content in the main body of this Statement. 如果當地法律有所要求，我們將通知您和／或向您徵求同意。

11。用於提出問題或疑慮的聯絡資料

若您對於個人資料保護有任何疑問、請求或投訴，可聯絡我們。You can contact our Data Protection Office at DataProtectionOffice@hilton.com, or, if you would like to get in touch with the contact in China, please contact: China_Privacy@hilton.com.

APPENDIX D
適用於處理土耳其資料當事人個人資料
INFORMATION OF BRAZIL RESIDENTS OR CITIZENS

To the extent you are located within Brazil or is any form subject to the Brazilian General Data Protection Law – Federal Law nº 13709/18 (“LGPD”), the provisions indicated below should be read and applied to the processing or your personal data accordingly. Unless stated otherwise in this Annex, the remainder of the Policy, including Appendix A as applicable, shall not vary and shall remain in full force and effect.

1. Data Subjects Rights

Under certain circumstances, you have the following rights under the LGPD in relation to your personal data:

• Right to Information: right to obtain clear, transparent and understandable information on how we use your personal data;
• Right of confirmation and access: right to receive confirmation and access your personal data held by us about you;
• Right of rectification: right to have your personal data corrected if they are outdated, inaccurate or incorrect and/or to complete them;
• Right of anonymization, blocking or deletion: Anonymize, block or eliminate any unnecessary or excessive data or data processed in noncompliance with the applicable law;
• Right to withdraw consent at any time for consent-based data processing: right to withdraw your consent to the processing of your personal data when such processing is based on consent;
• Right to data portability: right to request copying, transferring your personal data to another database in accordance with further regulation of the local authority;
• Right to receive information about public and private entities: right to receive information about public and private entities with which your personal data is shared;
• Right to object: right to oppose any processing activity based on a legal basis other than consent in case there is violation of the LGPD;
• Right to review automated decisions: right to review of decisions, whenever they are based only on automated processing of personal data, by a natural person, whenever it affects your interests;
• Right to file a complaint with your local Data Protection Authority or consumer protection entities.

2。Legal Bases

Hilton usually relies on one of the following legal bases when processing your personal data for the purposes indicated in the Global Privacy Statement in accordance with Article 7 of the LGPD:

• Data subject’s consent (art. 7, I)
• For compliance of a legal or regulatory obligation (art. 7, II)
• Whenever necessary for the performance of a contract or preliminary procedures relating to contracts in which the data subject is a party (art. 7, V)
• Whenever necessary for the legitimate interests of the controller or of third parties, except in the prevalence of fundamental rights of the data subject (art. 7, IX).

However, depending on the concrete situation, other legal bases set forth in the LGPD may apply.

3。International Transfers

Where we transfer information that originates in Brazil to a country outside of Brazil, we will take steps to make sure such transfer is carefully managed to protect your privacy rights:

• Transfers within the Hilton Group of Companies may be covered by an agreement entered into by members of Hilton (an intra-group agreement) which contractually obliges each member to ensure that your information receives an adequate and consistent level of protection wherever it is transferred within Hilton in accordance with the LGPD;
• Where we transfer your data outside of the Hilton Group of Companies, including to other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your information, such as standard contractual clauses or binding corporate rules. In the lack of instructions from the local supervisory authority, we may follow the standard models adopted under the European Union or by other competent authorities until then;
• We are also able to transfer personal information to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Brazil.

APPENDIX E
適用於處理土耳其資料當事人個人資料
DATA OF DATA SUBJECTS IN THE PRINCIPALITY OF MONACO

For data subjects in the Principality of Monaco, this Appendix outlines certain additional information that Hilton is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal data, pursuant to applicable local laws. This Appendix will control to the extent it conflicts with any provision in the main body of this Statement or Appendix A, as applicable.

1. LEGAL BASES FOR THE PROCESSING OF YOUR PERSONAL DATA

Hilton relies on legal bases while processing your personal data for the purposes indicated in the main body of the Global Privacy Statement in accordance with the Monegasque Law No. 1.165 of 23 December 1993 on Protection of Personal Data, as amended (the “Data Protection Law”).

2。PERSONAL DATA ACCESS AND CUSTOMER RIGHTS

In accordance with the Data Protection Law, you have a right of access to and a right to the rectification, erasure and portability of your personal data as well as a right to object and restrict the processing of this personal data. With proof of your identity, you may exercise your rights by contacting the Data Protection Officer (“DPO”) by email at DataProtectionOffice@hilton.com. If, after contacting the DPO, you do not feel that your rights have been observed, you may make a claim with the French Data Protection Authority (CNIL – Commission Nationale de l'Informatique et des Libertés) or the Monegasque authority, the Commission for Control of Personally Identifiable Information (CCIN.mc – Commission de Contrôle des Informations Nominatives).

3。PERSONAL DATA SECURITY

In case of breach of your personal data liable to pose a high risk to your rights and freedoms, Hilton shall inform you as soon as possible and take all necessary measures to limit the risks related to this breach. Whether your data is processed by Hilton or by its subcontractors and partners, the same security and privacy requirements apply to your personal data.

4。INTERNATIONAL TRANSFERS OF PERSONAL DATA

Hilton is required to transfer your personal data to its affiliates outside of the Principality of Monaco which includes Hilton Domestic Operating Company Inc., all resident in the United States, as well as their in-country suppliers, in order to complete reservations, process Hilton Honors memberships and conduct promotion activities through its website, whose servers are located abroad.

When a subcontractor or partner is located in a country that has not been recognized as having an adequate level of protection as the one offered by the Data Protection Law (which is the case for the United States), Hilton must fulfil a transfer authorization form in order to comply with the Data Protection Law’s own requirements on the security and privacy of personal data and the subcontractors should ensure a satisfactory protection of your personal data.

5。LANGUAGE

Statement is available in English and French. If there is any inconsistency or different interpretation between the English and French versions, the English text shall prevail.