CUSTOMER PERSONAL DATA PROTECTION CHARTER

1. The Raffles Arcade's commitment to protecting privacy
2. Scope of application
3. Raffles Arcade's ten principles for protecting your personal data
4. What personal data is collected?
5. When is your personal data collected?
6. What purposes is your data collected for and how long do we retain it?
7. Conditions of third-party access to your personal data
8. Protection of your personal data during international transfers
9. Data security
10. Cookies
11. Your rights
12. Updates
13. Questions and contacts

    

    

1. THE RAFFLES ARCADE'S COMMITMENT TO PROTECTING PRIVACY

We consider you an important customer. Our first priority is to offer you exceptional shopping experiences throughout our Shopping Arcade.

Your complete satisfaction and confidence in Raffles Arcade is absolutely essential to us.

That's why, as part of our commitment to meeting your expectations, we have set up (and we had a privacy policy before the much anticipated GDPR - General Data Protection Regulation ;-)) a customer personal data protection charter. This charter formalizes our commitments to you and describes how the Raffles Arcade uses your personal data.

Top of page

    

    

2. SCOPE OF APPLICATION

In this charter, “Raffles Arcade” means:

  • Raffles Hotel Singapore, the Raffles Arcade parent company, with registered offices at 1 Beach Road, Singapore 189673.
  • Subsidiary or “family” companies of Raffles Hotel Singapore involved in the hotel businesses of Raffles Hotel Singapore; and
  • outlets/shops operating within Raffles Hotel Singapore. This list of restaurants and shops are regularly updated and can be viewed on rafflessingapore.com.

Good to know!

You probably don't know this, but the Raffles Arcade you are shopping in, is not owned by Accor SA or one of its family of companies. Most AccorHotels branded hotels do not operate an arcade or boutique.

Raffles Hotel Singapore has communicated the principles set out in this charter to all of the restaurants and shops of Raffles Hotel Singapore and their respective owners. We will do our upmost to ensure that all outlets comply with the applicable data protection laws and this charter in relation to the processing of your personal data.

Top of page

    

    

3. RAFFLES ARCADE’S SEVEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA

In accordance with applicable regulations, in particular the European General Data Protection Regulation, we have instituted the following ten principles throughout Raffles Hotel Singapore:

  1. Lawfulness: We use personal data only if:
    • we obtain the consent of the person, OR
    • it is necessary to do so for the performance of a contract to which the person is a party, OR
    • it is necessary for compliance with a legal obligation, OR
    • it is necessary in order to protect the vital interests of the person, OR
    • we have a legitimate interest in using personal data and our usage does not adversely affect the persons’ rights
  2. Fairness: We can explain why we need the personal data we collect.
    • Purpose limitation and data minimisation: We only use personal data that we really need. If the result can be achieved with less personal data, then we make sure we use the minimum data required.
  3. Transparency: We inform people about the way we use their personal data
  4. We facilitate the exercise of the people’s rights: access to their personal data, rectification and erasure of their personal data and the right to object to the use of their personal data
  5. Storage limitation: We retain personal data for a limited period
    • We ensure the security of personal data, i.e. its integrity and confidentiality.
    • If a third party uses personal data, we make sure it has the capacity to protect that personal data.
  6. If personal data is transferred outside Singapore, we ensure this transfer is covered by specific legal tools.
  7. If personal data is compromised (lost, stolen, damaged, unavailable…), we notify such breaches to the respective country’s responsible authority and to the person concerned, if the breach is likely to cause a high-risk in respect of the rights and freedoms of this person.

For any questions concerning the seven principles of Raffles Arcade’s data protection policies, please contact the Marketing Communications team for Raffles Arcade.

Top of page

    

    

4. WHAT PERSONAL DATA IS COLLECTED?

At various times, we may collect information about you and/or the persons accompanying you, including the following:

  • Contact details (for example, last name, first name, telephone number, email)
  • Personal information (for example, date of birth, nationality)
  • Information relating to your children (for example, first name, date of birth, age)
  • Your credit card number (for transaction purposes)
  • Information contained on a form of identification (such as ID card, passport or driver license)
  • Your membership number for the Raffles Arcade loyalty program or another partner program (for example, an airline loyalty programme) and information related to your activities within the context of the loyalty program
  • Your preferences and interests (for example, fashion, lifestyle, type of newspapers/magazines, sports, cultural interests, food and beverages preferences, etc.)
  • Your questions/comments, during or following an experience in one of the establishments located within Raffles Arcade or in Raffles Hotel Singapore.
  • Technical and location data you generate as a result of using our websites and applications.

The information collected in relation to persons under 16 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet). If such data is sent, you can contact the Marketing Communications team for Raffles Arcade to arrange for this information to be deleted.

In order to meet your requirements or provide you with a specific service (such as dietary requirements), we may have to collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health or sexual orientation. In this case, we will only process this data if you provide your express prior consent.

Top of page

    

    

5. WHEN IS YOUR PERSONAL DATA COLLECTED?

Personal data may be collected on a variety of occasions, including:

  1. Hotel activities:
    • Eating/drinking at the bar or restaurant within the Raffles Arcade during a stay
    • Shopping at the Raffles Arcade
    • Requests, complaints and/or disputes.
  2. Participation in marketing programs or events:
    • Signing up for loyalty programs
    • Participation in customer surveys (for example, the Guest Satisfaction Survey)
    • Online games or competitions
    • Subscription to newsletters, in order to receive offers and promotions via email.
  3. Transmission of information from third parties:
    • Tour operators, travel agencies (online or not), online shopping systems and others
  4. Internet activities:
    • Connection to Raffles Hotel Singapore’s and Raffles Arcade’s websites (IP address, cookies in accordance with our Policy about the use of tracers)
    • Online forms (online reservation, questionnaires, Raffles Hotel Singapore’s pages on social networks, social networks login devices such as Facebook login, conversations with chatbot, etc.).

Top of page

    

    

6. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?

The table below sets out why we process your data, the lawful basis for the processing and the associated retention period:

Purpose/Activity


Lawful basis for processing
including basis of legitimate interest

Retention period

Meeting our obligations to our customers.

Performance of a contract with you.

Necessary to comply with a legal obligation.

Necessary for our legitimate interest in running our business and providing you with requested products and services.

10 years from the booking in accordance with legal obligations.

Managing our relationship with customers before, during and after your visit:

  • Managing the loyalty program
  • Inputting details into the customer database
  • Segmentation analysis based on purchase history and customer shopping preferences with a view to sending targeted communications, subject to the requirements of the EU ePrivacy directive (2002/58/EC as amended in 2009)
  • Predicting and anticipating future customer behaviours
  • Developing statistics, commercial scores and carrying out reporting of the same
  • Providing context data for our marketing tools. This happens when a customer visits a Raffles Hotel Singapore or Raffles Arcade website or makes a purchase
  • Understanding and managing the preferences of new or repeat customers
  • Sending customers newsletters, promotions, tourist, shopping or service offers, offers from Raffles Hotel Singapore or its commercial partners, or contacting you by telephone subject to the requirements of the EU ePrivacy directive (2002/58/EG as amended in 2009)

Performance of our contract with you and for the management of your membership in the loyalty program.

Necessary for our legitimate interests in promoting our services, performing direct marketing activities (taking into account your commercial relationship with one of the Raffles Hotel Singapore entities) and improving our services.

3 years from the last date on which you have interacted with us in any way, if you are not a member of the loyalty programme.

6 years from the last date on which you have interacted with us in any way, if you are a member of the loyalty programme.

Improving our hotel service by:

  • Personalising your shopping experience, improving the quality of  service and customer experience, range of product offerings etc
  • Processing your personal data through our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes
  • Adapting our products and services to better meet your requirements
  • Customising the commercial offers and promotional messages we send you
  • Informing you of special offers and any new services created by Raffles Hotel Singapore or one of its subsidiaries or commercial partners.

Performance of contract with you in relation to the management of your membership in the loyalty program.

Necessary for our legitimate interests in promoting our services, performing direct marketing activities (taking into account your commercial relationship with Raffles Hotel Singapore) and improving our products and services.

3 years from the last date on which you have interacted with us in any way, if you are not a member of the loyalty program.

6 years from the last date on which you have interacted with us in any way, if you are a member of the loyalty program.

Use a trusted third party to cross-check, analyse and combine your collected data at the time of booking or at the time of your stay, in order to determine your interests and develop your customer profile and to allow us to send you personalized offers.

Necessary for our legitimate interests in promoting our services, performing direct marketing activities (taking into account your commercial relationship with one of the Raffles Hotel Singapore entities) and improving our services.

3 years from the last date on which you have interacted with us in any way, if you are not a member of the loyalty program.

6 years from the last date on which you have interacted with us in any way, if you are a member of the loyalty program.

Improving Raffles Arcade services, in particular:

  • Carrying out surveys and analyses of questionnaires and customer comments
  • Managing claims/complaints
  • Offering you the benefits of our loyalty program.

Performance of contract with you (for the management of your membership in the loyalty program)

Necessary for our legitimate interests in promoting our services, performing direct marketing activities (taking into account your commercial relationship with one of the Raffles Hotel Singapore entities)) and improving our services.

3 years from the last date on which you have interacted with us in any way, if you are not a member of the loyalty program.

6 years from the last date on which you have interacted with us in any way, if you are a member of the loyalty program.

6 years from the date of closure of your file in case of a claim or a complaint.

Securing and enhancing your use of Raffles Hotel Singapore websites (i.e. The Raffles Arcade site), applications and services by:

  • Improving navigation;
  • Maintenance and support; and
  • Implementing security and fraud prevention.

Necessary for our legitimate interests in running our business, provision of administration and IT services and network security to prevent fraud

13 months from the collection of the information.

Internal management of lists of customers having behaved inappropriately during their visit to the Raffles Arcade/Boutique (aggressive and anti-social behaviour, non-compliance with safety regulations, theft, damage and vandalism or payment incidents).

Necessary for our legitimate interests in running our business and to prevent fraud and the abuse of our property and staff.

Up to 122 days from the recording of an event.

Securing payments by determining the associated level of fraud risk. As part of this analysis, Raffles Hotel Singapore and Raffles Arcade may use the Raffles Hotel Singapore risk prevention service provider to refine their analysis.

Depending on the results of the investigations carried out, Raffles Arcade may take security measures; in particular Raffles Arcade may request the use of a different booking channel or for the use of an alternative payment method. These measures will have the effect of suspending the execution of the booking or, if the result of the analysis does not guarantee the safety of the order, of cancelling it. Fraudulent use of a means of payment leading to payment default may result in the entry of data in the Raffles Hotel Singapore incident file, which may lead Raffles Hotel Singapore to block future payments or carry out additional checks.

Necessary for our legitimate interests in running our business and to prevent fraud.

90 days to our database to allow for analysis and controls and then 2 years in a separated database used for improving the system.

In case of recording in the incident file, 2 years from recording or until regularization of the situation if earlier.

Securing properties and persons and preventing non-payments.

For these reasons, some hotels have a feature that allow them to include in the category of "ineffective" customers, any customer whose behaviour has been inappropriate in the following ways: aggression and rudeness, non-compliance with the hotel contract, failure to observe safety rules, theft, damage and vandalism, or payment issues. The status of “ineffective” may cause the hotel where this listing originated to refuse a customer's reservation/purchase when he/she returns to the same hotel.

Necessary for our legitimate interests in running our business, securing properties and persons and preventing non-payments.

122 days from registration.

Using services to search for persons staying in Raffles Hotel Singapore in the event of serious events affecting the hotel in question (natural disasters, terrorist attacks, etc.).

Protection of the vital interests of the guests.

For the duration of the event.

Conforming to any applicable legislation (for example, storing of accounting documents), including:

  • Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys
  • Managing data subject’s requests regarding their personal data.

Necessary to comply with a legal obligation.

As stipulated in the respective country’s legislation.

Top of page

    

    

7. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA

The Raffles Hotel Singapore endeavours to provide you with the same and/or more improved services throughout your journey with us. Thus, we have to share your personal data with internal and external recipients subject to the following conditions:

a. We share your data with a number of authorized people and departments in Raffles Hotel Singapore in order to offer you the best experience in our outlets and shops. The following teams may have access to your data:

    • Hotel staff
    • IT departments
    • Commercial partners and marketing services
    • Legal services if applicable
    • Generally, any appropriate person within Raffles Hotel Singapore entities for certain specific categories of personal data.

In particular, the data related to your preferences, satisfaction and, if the case may be, your loyalty program membership is shared within the operations under the Raffles Hotel Singapore brand. This data is used to improve the quality of service and your experience in each of these outlets in the Raffles Arcade. In this context, your data is processed jointly by the Raffles Arcade and Raffles Hotel Singapore. In order to pursue this legitimate interest, whilst safeguarding your rights and liberties, a specific joint controllership agreement describes the obligations and responsibilities of Raffles Arcade and Raffles Hotel Singapore. You may, at any time, object to the sharing of this data between the hotel and Raffles Arcade by contacting the Marketing Communications department whose details appear in the clause "Your rights". You can also request a summary of the key points of the joint controllership agreement.

b. With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:

    • External service providers: IT sub-contractors, international call centres, banks, credit card issuers, external lawyers, dispatchers.
    • Commercial partners: Raffles Arcade may, unless you specify otherwise to the Marketing Communications department of Raffles Arcade, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyse and combine your data. This data processing will allow Raffles Arcade and its privileged contractual partners to determine your interests and customer profile to allow us to send you personalized offers.
    • Social networking sites: In order to allow you to be identified on the Raffles Arcade website without the need to fill out a registration form, Raffles Arcade may put in place a social network login system. If you log in using the social network login system, you explicitly authorize Raffles Arcade to access and store the public data on your social network account (e.g. Facebook, LinkedIn, Google, Instagram…), as well as other data stated during use of such social network login system. Raffles Arcade may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.

c. With local authorities: We may be obliged to send your information to local authorities if this is required by law or as part of an inquiry. We will ensure that any such transfer is carried out in accordance with local regulations.

Top of page

    

     

8. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS

For the purposes set out in clause 6 of this charter, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection.

Consequently, in addition to implementation of this charter, Raffles Arcade employs appropriate measures to ensure secure transfer of your personal data to Raffles Hotel Singapore entity or to an external recipient located in a country offering a different level of privacy from that in the country where the personal data was collected.

Top of page

    

    

9. DATA SECURITY

Raffles Arcade takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing.

Top of page

    

    

10. COOKIES

Raffles Arcade uses cookies or other tracers on its websites. To learn more about the way AccorHotels uses tracers and to configure them, please consult our Policy about the use of tracers.

Top of page

    

    

11. YOUR RIGHTS

You have the right to obtain information about and access your personal data collected by Raffles Arcade, subject to applicable legal provisions. Also, you have the right to have your personal data rectified, erased or have the processing of it restricted. Furthermore you have the right to data portability and to issue instructions on how your data is to be treated after your death (hopefully as late as possible!). You can also object to the processing of your personal data, in particular to the sharing of the data related to your preferences and satisfaction between the outlets operating in Raffles Arcade.

In the event that you wish to exercise any of your above rights, please contact the Marketing Communications department for the Raffles Arcade directly by sending an email to marketing.singapore@raffles.com or by writing to the address below:

Raffles Hotel Singapore
Marketing Communications Department
1 Beach Road, Singapore 189673

For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document is sufficient.

All requests will receive a response as swiftly as possible.

You may also exercise your rights in respect of your personal data that is stored and processed by a hotel as a data controller. To do this, you must contact the hotel directly.

You also have the right to lodge a complaint with a data protection authority. For your information,

You can contact Raffles Hotel Singapore’s data protection officer by writing to marketing.singapore@raffles.com or to the above postal address. 

Top of page

    

    

12. UPDATES

We may modify this charter from time to time. Consequently, we recommend that you consult it regularly.

Top of page

    

    

13. QUESTIONS AND CONTACTS

For any questions concerning the Raffles Arcade's personal data protection policy, please contact the Marketing Communications department for Raffles Arcade (See clause "Your rights").

Top of page