Privacy Policy
Effective and Last Updated June 11, 2024
Introduction
Fairmont Kea Lani (“Fairmont Kea Lani,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard your information. This Privacy Policy applies to individuals who access this website and our mobile applications (collectively, “Site”) and any of our online and, where required, offline services (collectively, “Services”).
From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.
This Privacy Policy covers the following topics:
- Scope and Relationship with Accor SA
- Personal Data We Collect
- How We Use Your Personal Data
- How We Share Your Personal Data
- International Data Transfers
- Universal Opt-Out Mechanisms
- Security
- Third-Party Links
- Children’s Privacy
- Your State Privacy Rights and Additional Disclosures
- Notice to California Residents
- Your Personal Data and Your Rights – Europe and the United Kingdom Only
- Accessibility
- How to Contact Us
1. Scope and Relationship with Accor SA
This Privacy Policy governs the handling of personal data by Fairmont Kea Lani while carrying on commercial business and activities. Most Accor branded hotels are operated under a franchise or management agreement between the hotel’s owner and Accor SA (or one of its subsidiaries across the world).
When staying in one of these hotels, your personal data will be processed by the hotel and by Accor SA, both acting as data controllers for their own, separate, purposes.
Accor SA will process your data because it manages a central booking engine, which allows Accor SA to collect the data necessary to organize your stay in hotels under an Accor brand and to communicate this data to the concerned hotels. Accor SA also manages a global database of clients who stay in hotels under an Accor brand and Accor SA also manages the ALL loyalty programs. To know more about data processing activities under Accor SA’s control, please see the Accor Personal Data Protection Charter.
2. Personal Data We Collect
We collect personal data from you through your use of the Site and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data:
Personal Data You Provide
Depending on how you interact with our Site and Services, we will collect the following personal data that you voluntarily provide to us for the following purposes:
- Create a Profile. If you create a profile, you will provide us with your email address and you will create a password for future login purposes.
- Book a Room. To book a hotel room reservation, you will provide us with your name, nationality, phone number, email address, physical address, and financial information. We also may collect other information such as your job title, employer name, hotel stay preferences, and number of children.
- Dining. To book a dining reservation online, you will provide us with your name, phone number, and email address. OpenTable provides our online restaurant reservation feature. OpenTable may collect, record, and store the information you provide in your reservation. Please review OpenTable’s privacy policy here.
- Book a Spa Treatment. To book a spa treatment, you will provide us with your name, phone number, email address, and financial information. You may also provide us with your gender. Book4Time provides our pool day pass and cabana reservation feature. Book4Time may collect, record, and store the information you provide in your reservation. Please review Book4Time’s privacy policy here.
- Book a Pool Reservation. To book a pool or spa day pass or cabana, you will provide us with your name, email address, phone number, financial information, and any additional information you provide in your reservation. ResortPass provides our pool day pass and cabana reservation feature. ResortPass may collect, record, and store the information you provide in your reservation. Please review ResortPass’s privacy policy here.
- Make a Purchase. If you make a purchase on our Site, you will provide us with your name, email address, physical address, and financial information. We may use a third party to process payments on our behalf.
- Contact Us. To contact us, you will provide us with your name, email address, phone number, and any other information you choose to include.
- Subscribe. To subscribe to our newsletter, you will provide us with your name and email address.
- Careers. If you apply for a job with us, you will provide us with your name, title, current position, employer name, physical address, phone number, email address, employment history, and any other information you choose to include. SmartRecruiters provides our online career application feature. SmartRecruiters may collect, record, and store the information you provide in your request. Please review SmartRecruiters’ privacy policy here.
Personal Data as You Navigate Our Site
We automatically collect certain personal data through your use of our Site and our use of cookies and other tracking technologies, such as the following:
- Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
- Device Information. For example, hardware model, operating system, application version number, and browser.
- Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
- Location Information. Location information from Site visitors on a city-regional basis.
For more information on our cookie usage see our Cookie Policy here.
Personal Data We Collect About You from Other Sources
In some cases, we may receive personal data about you from other sources. This includes government entities, advertising networks, data brokers, operating systems and platforms, mailing list providers, social networks and advertising and marketing partners.
3. How We Use Your Personal Data
In addition to the purposes stated above, we may use all the personal data we collect in accordance with applicable law such as to:
- Maintain and improve our Site and Services;
- Protect the security and integrity of our Site and Services;
- Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, and to otherwise fulfill our legal obligations;
- Monitor compliance with and enforce this Privacy Policy and any applicable agreements and policies;
- Defend our legal rights and the rights of others;
- Fulfill any other purposes for which you provide it;
- For any purpose that is reasonably necessary to or compatible with the original purpose for which we collected the personal data as disclosed to you; and
- Comply with applicable law.
4. How We Share Your Personal Data
We may share the personal data that we collect about you in the following ways:
- With Accor, our parent, subsidiary and affiliated entities, and with our authorized employees and departments;
- With vendors who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
- To the extent that we are required to do so by law;
- In connection with any legal proceedings or prospective legal proceedings;
- To establish, exercise, or defend our or a third party’s legal rights, including providing information to others for the purposes of fraud prevention;
- With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal data;
- With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events;
- With any other person or entity where you consent to the disclosure; and
- For any other purpose disclosed by us when you provide the personal data or for any other purpose we deem necessary, including to protect the health or safety of others.
5. International Data Transfers
We operate internationally and transfer information to the United States for the purposes described in this policy. The United States may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. Your Personal Data can be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States.
For any transfers of Personal Data from the European Economic Area (EEA), Switzerland or the United Kingdom that we make to other entities as described in this Privacy Policy, we use appropriate safeguards to ensure for the lawful processing and transfer of the Personal Data, including, when appropriate, the use of standard contractual clauses approved by the European Commission. To obtain a copy of the safeguards, contact us at [email protected].
6. Universal Opt-Out Mechanisms
The Site recognizes the Global Privacy Control (“GPC”) signal. If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.
Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.
7. Security
We maintain commercially reasonable security measures to protect the personal data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.
8. Third-Party Links
The Site may contain links that will let you leave the Site and access another website. Linked websites are not under our control. We accept no responsibility or liability for these other websites.
9. Children’s Privacy
The Site and Services are not intended for children under 16 years of age. We do not knowingly collect, use, or disclose personal data from children under 16.
10. Your State Privacy Rights and Additional Disclosures
Depending on the state in which you reside, you may have certain privacy rights regarding your personal data. If you are a California resident, please see our “Notice to California Residents” section below. For other state residents, your privacy rights may include (if applicable):
- The right to confirm whether or not we are processing your personal data and to access such personal data;
- The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
- The right to delete personal data that we collected from and/or about you, subject to certain exceptions;
- The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;
- The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising; (2) the “sale” of your personal data (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
- If we are required by applicable law to obtain your consent to process sensitive personal data, the right to withdraw your consent; and
- The right not to receive discriminatory treatment by us for the exercise of your privacy rights.
We use cookies and other tracking technologies to display advertisements about our products to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under applicable privacy laws. When we engage in those activities, we sell personal data (i.e., information from cookies) to third-party advertisers and analytics companies. We do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.
To exercise your rights, please submit a request through our interactive webform available here or by calling us at 808-875-4100. If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting a request on behalf of another individual, please use the same contact methods described above. If we refuse to take action regarding your request, you may appeal our decision through our interactive webform available here or by calling us at 808-875-4100. If you would like to opt out of targeted advertising, you may alter your cookie preferences .
11. Notice to California Residents
The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.
The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”
Notice at Collection of Personal Information
We currently collect and, in the 12 months prior to the Last Updated Date of this Privacy Policy, have collected the following categories of Personal Information:
- Identifiers (name, alias, postal address, online identifier, Internet Protocol address, email address)
- Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; customer number, unique pseudonym or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device)
- Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (signature, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, as well as the categories listed in “Identifiers” category above)
- Characteristics of protected classifications under California or federal law (race, color, sex/gender (age (40 and older))
- Commercial information (records of products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies; or other commercial information)
- Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
- Geolocation data
- Audio, electronic, and visual information
- Inferences drawn from above information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
We collect Personal Information directly from California residents, from Accor and its business affiliates and subsidiaries, and from government entities, advertising networks, data brokers, operating systems and platforms, mailing list providers, social networks and advertising and marketing partners. We do not collect all categories of Personal Information from each source.
In addition to the purposes stated above in the section “How We Use Your Personal Data” we currently collect and have collected the above categories of Personal Information for the following business or commercial purposes:
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
- Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes
- Debugging to identify and repair errors that impair existing intended functionality
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, or providing similar services
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service
- Advancing our commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction
Sale, Sharing, and Disclosure of Personal Information
The CCPA defines “sale” as the transfer of Personal Information for monetary or other valuable consideration. Although we do not “sell” Personal Information as that term may be commonly interpreted, we engage in online activities that may constitute a sale or a share of Personal Information under California law. This may include showing you advertisements on other websites.
The following table identifies the categories of Personal Information that we sold or shared to third parties in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the categories of third parties to whom we sold or shared Personal Information:
Category of Personal Information | Categories of Third Parties |
---|---|
Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; customer number, unique pseudonym or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device) | Advertising networks; data analytics providers |
We sold or shared Personal Information to third parties to advance our commercial and economic interests.
The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the categories of recipients to whom we disclosed Personal Information.
Category of Personal Information | Categories of Recipients |
---|---|
Identifiers (name, postal address, online identifier, Internet Protocol address, email address) | Online booking providers; payment processors; third-party activity vendors |
Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (telephone number) | Online booking providers; third-party activity vendors |
Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (bank account number, credit card number, debit card number, or any other financial information) | Payment processors; online booking providers |
Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (medical information) | Third-party activity vendors |
Commercial information (records of products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies; or other commercial information) | Online booking providers |
We disclosed Personal Information for the following business or commercial purposes:
- Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, or providing similar services
- Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service
We do not knowingly collect, sell, or share the Personal Information of consumers under 16 years of age. We do not use Sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations.
Retention of Personal Information
We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.
Your Rights
If you are a California resident, you have the following rights with respect to your Personal Information:
- The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
- The right to delete Personal Information that we collected from you, subject to certain exceptions;
- The right to correct inaccurate Personal Information that we maintain about you;
- If we sell or share Personal Information, the right to opt out of the sale or sharing;
- If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
- The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.
How to Submit a Request to Know, Delete, and/or Correct
You may submit a request to know, delete, and/or correct through our webform here or by calling us toll free at 808-875-4100.
If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California resident.
Our Process for Verifying a Request to Know, Delete, and/or Correct
We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.
Right to Opt Out of Sale or Sharing of Personal Information
If you are a California resident, you have the right to direct us to stop selling or sharing your Personal Information.
You may submit a request to opt out of sales or sharing by clicking . If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt out. Please see the “Universal Opt-Out Mechanisms” section above for more information.
Notice of Financial Incentive
From time to time, you may have the opportunity to provide Personal Information in exchange for discounts and price differences. For example, we provide discounts and price differences in exchange for you subscribing to our newsletter. Categories of Personal Information that we may collect when you subscribe to receive discounts and price differences include your name, email address, and country.
How to Opt-In and Right to Withdraw
Signing up for discounts and price differences is optional. By providing your name, email address, and country during the discount sign-up process, you affirmatively opt in to receiving the financial incentive and to joining our mailing list. You have the right to withdraw from the financial incentive at any time. If you opt out of receiving a financial incentive, we will not reduce the value of any financial incentives you previously received from us. If you wish to withdraw from receiving the financial incentive, you may submit such a request at any time by emailing us at [email protected].
How the Financial Incentive is Reasonably Related to the Value of Your Personal Information
The financial incentive or price difference is reasonably related to the value provided by your Personal Information. We take into consideration, without limitation, the anticipated revenue generated from such information, the anticipated expenses which we might incur in the collection, storage, and use of such information, and the anticipated expenses which we might incur related to the offer, provision, and imposition of any financial incentive or price difference. Based on this analysis, the value of your Personal Information that allows us to make these offers and financial incentives is the value of the offer itself.
Shine the Light Law
If you are a California resident and have an established business relationship with us, you may request that we do not disclose your personal information to third parties for the third parties’ own direct marketing purposes (as those terms are defined in California Civil Code § 1798.83). You may submit such a request by clicking .
12. Your Personal Data and Your Rights – Europe and the United Kingdom Only
If you are in a country in the European Economic Area (EEA) or in the United Kingdom, you are entitled to the following explanation of the legal bases we rely on to process your Personal Data and a description of your privacy rights.
Legal Bases for Processing Your Personal Data
The legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
Consent
We may process your Personal Data based on your consent such as when you create an account or when you ask us to send certain kinds of marketing communications. You have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
Our Legitimate Interests
We may process your Personal Data if doing so is necessary for our legitimate interests and your rights as an individual do not override those legitimate interests. For example, when we process your Personal Data to carry out fraud prevention activities and activities to increase network and information security, to market directly to you, to expand our business activities and to improve our services and the content and functionality of our Site.
To Perform a Contract
We may process your Personal Data to administer and fulfill contractual obligations to you.
To Enable Us to Comply with a Legal Obligation
We may process your Personal Data to comply with legal obligations to which we are subject. This may include any requirement to produce audited accounts and to comply with legal process.
Necessary for the Exercise or Defense of Legal Claims
If you bring a claim against us or we bring a claim against you, we may process your Personal Data in relation to that claim.
If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Data for any specific processing activity, please contact us using the “How to Contact Us” section below.
Your Rights
Access Your Personal Data
You have the right to obtain from us confirmation as to whether or not we are processing Personal Data about you and, if so, the right to be provided with the information contained in this Privacy Policy. You also have the right to receive a copy of the Personal Data undergoing processing.
Rectify Your Personal Data
You have the right to ask us to rectify any inaccurate Personal Data about you and to have incomplete Personal Data completed.
Restrict Our Use of Your Personal Data
You have the right to ask us to place a restriction on our use of your Personal Data if one of the following applies to you:
- You contest the accuracy of the information that we hold about you, while we verify its accuracy;
- We have used your information unlawfully, but you request us to restrict its use instead of erasing it;
- We no longer need the information for the purpose for which we collected it, but you need it to deal with a legal claim; or
- You have objected to us using your information, while we check whether our legitimate grounds override your right to object.
Object to Our Use of Your Personal Data
You have the right to object to our use of your Personal Data where our reason for using it is based on our legitimate interests or your consent (rather than when the reason for using it is to perform an obligation due to you under a contract with us).
Delete Your Personal Data
You can ask us to delete your Personal Data if:
- We no longer need it for the purposes for which we collected it;
- We have been using it with no valid legal basis;
- We are obligated to erase it to comply with a legal obligation to which we are subject;
- We need your consent to use the information and you withdraw consent;
- You object to us processing your Personal Data where our legal basis for doing so is our legitimate interests and there are no overriding legitimate grounds for the processing.
However, this right is not absolute. Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities. We will retain information in accordance with the “How Long Is Your Personal Data Kept” section below.
If you do exercise a valid right to have your Personal Data deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).
Transfer Your Personal Data to Another Service Provider
You may request that we transfer some of the Personal Data you have provided to you or another service provider in electronic copy. This applies to Personal Data we are processing to service a contract with you and to Personal Data we are processing based on your consent.
To exercise any of these rights, please contact us as described in the “How to Contact Us” section below.
Make a Complaint
If you have any concerns or complaints regarding our processing of your Personal Data, please contact us as described in the “How to Contact Us” section below and we will do our best to answer any question and resolve any complaint to your satisfaction.
If, for whatever reason, you feel we do not meet the standards you expect of us, you are also entitled to make a complaint to your local supervisory authority:
EU Data Protection Authorities (DPAs)
Swiss Federal Data Protection and Information Commissioner (FDPIC)
Information Commissioner’s Office (United Kingdom)
How Long Is Your Personal Data Kept?
We will retain your Personal Data for as long as necessary to fulfill the purposes for which we collect it and as set out in this Privacy Policy and for the purpose of satisfying any legal, accounting, or reporting requirements that apply to us.
13. Accessibility
We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.
14. How to Contact Us
To contact us for questions or concerns about our privacy policies or practices please contact us at [email protected] or call us at 866-540-4456.