Novotel Singapore on Stevens - Family & Business trip hotel - Data Protection Policy

At Novotel Singapore on Stevens and Mercure Singapore on Stevens (collectively referred to as “@Stevens”, “we”, “our” or “us”), we are fully committed to safeguarding the personal data you entrust to us in compliance with the Personal Data Protection Act 2012 (PDPA) of Singapore.

This Policy outlines how we collect, use, disclose, and manage personal data across all guest and user touchpoints, including websites, third-party platforms, loyalty programmes, mobile applications, Wi-Fi login portals, and on-site engagements.

 

1.       Collection of Personal Data

We collect personal data from you in the following circumstances, including but not limited to:

·         When you make a reservation, check-in, or use our hotel services

·         When you visit or interact with our websites or third-party booking sites

·         When you sign up for promotions, loyalty programmes, or marketing updates

·         When you submit feedback, enquiries, complaints or participate in surveys

·         When you connect to our in-room or property-wide Wi-Fi services

·         When we capture CCTV footage or security records on hotel premises

 

Types of Personal Data Collected May Include:

·         Full name, NRIC/passport number, date of birth, nationality

·         Contact details (email, phone number, address)

·         Credit card or payment details

·         Booking history, room preferences, dietary or accessibility needs

·         IP address, browser/device metadata, geolocation

·         Images, CCTV footage, or audio recordings for security purposes

We collect data directly from you or indirectly via authorised third parties such as OTAs (online travel agencies), travel agents, payment processors, or loyalty platforms (e.g., ALL – Accor Live Limitless).

 

2.       Purpose of Collection

We collect, use, and/or disclose personal data for the following legitimate business purposes:

·         To process, manage, and fulfil reservations and hotel stays

·         To verify your identity and conduct authentication or fraud checks

·         To personalise services and improve the guest experience

·         To administer payments, billing, and transactional records

·         To facilitate membership, rewards, and partner benefits

·         To handle enquiries, requests, and feedback effectively

·         To send service notifications and marketing communications (with prior consent)

·         To comply with legal, regulatory, audit, or risk management requirements

·         To protect our property, guests, staff, and business interests (e.g., via CCTV)

·         To conduct business analytics, reporting, and operational improvements

 

We shall not collect or use your personal data for purposes beyond what is stated without obtaining your explicit consent unless otherwise permitted by law.

 

3.       Online Bookings & Third-Party Platforms

Where bookings are made via third-party channels (e.g. Accor.com, Booking.com, Expedia), personal data may be transferred to us to facilitate your reservation. You are encouraged to review the privacy policies of those platforms independently.

We disclaim responsibility for the privacy practices of third-party websites unless expressly stated otherwise.

 

4.       Cookies, Tracking & Website Data

We use cookies and similar technologies to:

·         Enable core site functionality and authentication

·         Recognise user preferences for future visits

·         Measure site usage, engagement, and improve performance

·         Serve personalised content or ads (only with your consent)

By using our websites, you consent to the use of such cookies. You may adjust browser settings to disable cookies, though this may limit your user experience.

 

5.       Marketing & Consent Management

We will only send you promotional messages if you have explicitly opted in through our platforms or partner services.

You may withdraw your consent at any time by:

·         Clicking the unsubscribe link in our emails

·         Contacting our Data Protection Officer (details below)

We maintain records of your consent and withdrawal, in compliance with PDPA obligations.

 

6.       Disclosure of Personal Data

We may disclose your data to the following entities, strictly on a need-to-know and purpose-limited basis:

·         Authorised hotel staff and internal departments

·         Accor Group entities and loyalty programme partners

·         Payment processors, IT vendors, cloud service providers, CRM and marketing tools

·         Auditors, insurers, legal advisers, or regulatory bodies

·         Government authorities, if required under applicable law

All third-party service providers are contractually bound to protect your data and may not use it for any unauthorised purpose.

We do not sell, rent, or trade your personal data under any circumstances.

 

7.       Data Security Measures

We implement robust technical, administrative, and physical safeguards to secure your data, including:

·         Secure Sockets Layer (SSL) encryption for web transactions

·         Firewall, intrusion detection and antivirus protocols

·         Access controls based on role and data sensitivity

·         Periodic data audits and vulnerability assessments

·         CCTV, keycard access, and security personnel on premises

However, no method of transmission over the Internet or data storage system is completely secure. While we strive to protect your data, we do not warrant or guarantee absolute security.

 

8.       Data Retention & Disposal

We retain personal data only for the duration required to fulfil its purpose or for legal/regulatory retention periods, whichever is longer.

Upon expiry of the retention period, data is:

·         Anonymised for analytical use, or

·         Securely deleted, destroyed, or rendered inaccessible

Retention durations vary depending on nature of data and legal requirements (e.g. financial records retained for 5–7 years).

 

9.       Access, Correction, and Withdrawal of Consent

You have the right to:

·         Access the personal data we hold about you

·         Request correction of any inaccurate or outdated data

·         Withdraw your consent to specific uses of your data

Requests must be made in writing to our Data Protection Officer (DPO) and are subject to verification. A nominal administrative fee may apply for access requests. We reserve the right to reject any request that is frivolous, vexatious, or not compliant with PDPA.

 

10.   Limitation of Liability

By providing your personal data or accessing our services, you acknowledge and agree to the terms of this Policy. We shall not be liable for any unauthorised access, disclosure, or loss of personal data arising from events beyond our control, such as cyber-attacks, third-party negligence, or force majeure events.

 

11.   Policy Updates

This Policy may be updated periodically to reflect changes in legal, regulatory, or operational requirements. The latest version will always be available on our websites.

 

12.   Contact Us

For all data protection-related matters or to exercise your rights under PDPA, please contact:

Data Protection Officer (DPO)
Elsa Kimy Yue
Novotel & Mercure Singapore on Stevens

Contact us