Guests and Visitors

Cinnamon Hotels & Resorts respects your right to privacy. This privacy statement (“Privacy Statement”) details the way we collect, store, use and disclose your personal data (“Personal Data”) when you interact with our websites, applications and all other services. You are required to read through this statement before providing personal data of yourself, or others on their behalf, to Cinnamon Hotels & Resorts, which also forms part of our Terms and Conditions that govern our services. This statement does not apply to employees, Cinnamon Hospitality Academy (CHA) Students, or Vendors who are governed by their respective statements. This Privacy Statement may also be referred to as “Privacy Policy”.

  

1. Data covered by this privacy statement

This Privacy Statement governs the way Cinnamon Hotel Management Limited (“Company”) [company registration number PB 7] of No. 117, Sir Chittampalam A. Gardiner Mawatha, Colombo 02, Sri Lanka and the hotels it operates under the Cinnamon Brand (jointly “Cinnamon Hotels & Resorts) collects, uses, maintains and discloses information collected whilst providing services to guests (“Guests”) and from users (each, a “User”) of websites and applications operated by the Company (“Site”).

2. What We Collect as Personal Identifiable Information (PII)

We collect PII from Guests and Users in a variety of ways, including, but not limited to, when they visit our Site, through software applications, social media pages, email messages and visits to our properties.

We will be collecting Personal Data including but not limited to the following:

  • Name
  • Gender
  • Postal address
  • Telephone number
  • Email address
  • Financial information (such as credit and debit card number or other payment data)
  • Date and place of birth
  • Nationality, passport, visa, or other government-issued identification data
  • Dates: birthdays, anniversaries, and special occasions
  • Employer details (for business-related bookings)
  • Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts
  • Data about family members and companions, names, and ages of children
  • Images, video and audio data: security cameras located in public areas, such as hallways and lobbies and in our properties
  • We may also collect your “Personal Preferences,” that you wish to share with us to improve your experience and may include details of your special events (such as birthdays or anniversaries), your hobbies. who you usually travel with and their relationship to you.

Non-personal Identifiable Information

We may collect non PII about Guests or Users whenever they interact with our Site or interact with us through other channels. Non PII we collect may include your Global Hotel Alliance (GHA) membership number, language preferences, arrival details, age of children, room/bed type preferences, browser name, the type of computer, operating system, the internet service  provider and other similar information.

Children

For children younger than 18 years old, the use of any of our services is only allowed with the valid consent of a parent or a guardian. If we become aware that we process information of a child under 18 years old without the valid consent of a parent or guardian, we reserve the right to delete it.

   
3. How we use collected information:

We always process your personal information based on one or more of the following legal grounds: your consent, contractual necessity, legitimate interests, legal obligation, vital interests, or public interest. Some of these instances are detailed below.

Bookings and Reservations 

  • Facilitate reservations and bookings of hotel services
  • Pre-arrival communications
  • Collect payments and security deposits.

Hotel Stays

  • Check-in and check-out.
  • Collect payments and security deposits.
  • Provide personalised service and advice about the on-site services (based on past usage or expressed preferences).
  • Provide concierge, luggage storage and parking services.
  • Make arrangements with third-party providers on request of the guests (such as coordinating excursions).
  • Arrange taxi, shuttle and chauffeur services; and facilitating reservations and bookings at restaurants and events.
  • Administering and facilitating access to Wi-Fi, TV and other connectivity services (including access to business center amenities, such as fax and photocopying services) and entertainment systems (such as music players).
  • Facilitate in-room dining (including taking into account any dietary, health restrictions or other personal needs expressed by the guest).
  • Housekeeping services (including preferences for special pillows, duvets and other amenities) and dry-cleaning services.
  • Handling customer requests, inquiries and complaints.
  • Determining eligibility for age restricted goods and services (such as alcohol or tobacco).

Conferences & Events

  • Communicate with customers about conferences and other event planning (“Events”).
  • Facilitate reservation and bookings of Events.
  • Engage in pre-event communications (logistics, accommodations, changes, etc.)
  • Preparing for and coordinating Events in accordance with customer instructions, expectations and preferences; facilitating catering.
  • Communicate about billing and recovering amounts owed.
  • Processing of payments and security deposits.
  • Performing credit checks.
  • Handling customer requests, enquiries and complaints.
  • Communicating with participants during Events.

Internal Business

  • Administering customer care services to facilitate and address inquiries, comments, and complaints about any of our services (such as in person, through phone lines, email, or on social media).
  • Handling security and fraud prevention.
  • Administering online services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and the hosting of data).
  • Analyzing usage of services and using data analytics to improve services,
  • Facilitating mergers, acquisitions and other reorganisations and restructurings of our business (including prospective transactions).

Emergency and Security

  • Ensuring the security of on-site services.
  • Responding to, handling, and documenting on-site accidents and medical and other emergencies (including facilitating in-house doctor services).
  • Actively monitoring properties to ensure adequate incident prevention, response and documentation (including CCTV).
  • Requesting assistance from emergency services.

Compliance

  • Complying with applicable laws.
  • Complying with legal processes.
  • Responding to requests from public and government authorities.
  • Meeting national security or law enforcement requirements.
  • Enforcing our terms and conditions.
  • Protecting our operations.
  • Protecting the rights, privacy, safety, or property of Cinnamon Hotels and Resorts, guests, visitors and other relevant individuals.
  • Allowing us to pursue available legal remedies and limiting the damages that Cinnamon Hotels and Resorts may sustain.

Spa and other Recreational Services

  • Facilitating reservations and bookings.
  • Determining eligibility for services.
  • Honoring disability or other health-related restrictions and providing appropriate and safe activities, services, and treatments.
  • Providing consistent and personalised service based on past usage and preferences expressed by the individual.
  • Processing payments.
  • Arranging requested professionals for specific treatments and services.
  • Handling customer requests, enquiries, and complaints.

Food & Beverage

  • Facilitating reservations.
  • Honoring dietary preferences.
  • Providing consistent and personalised service based on past usage and preferences expressed by the individual.
  • Processing payments.
  • Arranging reservations.
  • Handling customer requests, enquiries, and complaints.

Children

  • Facilitating babysitting and kids club.
  • Facilitating reservations and bookings.
  • Preparing for and coordinating hotel accommodations and services in accordance with guest preferences, instructions, and expectations.
  • Payment and billing services.
  • Child friendly Dining services

Communications

  • Communicate about products and services that may be of interest to guests.
  • Sending you surveys
  • Providing personalised advertisements for products and services on selected websites.
  • Facilitating contests.
  • Handling customer requests, enquiries, and complaints.

Membership and Loyalty Schemes

  • Registration for loyalty and client account programs and payment card programs.
  • Determining eligibility for various programs and related services.
  • Administering loyalty programs.
  • Providing consistent and personalized offers and services based on past usage and preferences.
  • Ensuring access to Online Services.
  • Processing payments.
  • Notifying members about changes to programs, terms and conditions.
  • Handling members' requests, inquiries, and complaints.

We may also collect “Other Data” that generally do not reveal your specific identity or do not directly relate to an identified individual. To the extent Other Data reveals your specific identity or relates to an individual, we will treat Other Data as Personal Data. Other Data includes

  • Your browser or device. We collect certain data through your browser or automatically through your device, such as your computer type (Windows or Apple), operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services you are using. We use this data to ensure that the Online Services function properly.
  • Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect browser type, time spent on the Online Services, pages visited, language preferences, and other aggregated traffic data. We use functional cookies to obtain the data for security purposes, to facilitate navigation, to display content more effectively, to collect statistical data, to personalise your experience while using the Online Services, and to recognise your computer to assist your use of the Online Services. We also gather statistical cookie data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions. Advertising cookies further allows us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services. We also use them to send marketing emails and to track responses to online advertisements and marketing emails.

Manage Cookie Preferences:

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Third Party Advertising:

We may use third-party advertising companies to serve advertisements regarding goods and services that may interest you when you access and use the Online Services. To serve such advertisements, these companies place or recognize a unique cookie on your browser (including through use of pixel tags).

  • Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Online Services.
  • Analytics. We collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyse data about use of the Services. These services collect data regarding the use of other websites, apps, and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/ partners/ and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout. You can learn more about Adobe and opt out by visiting http://www.adobe.com/privacy/opt-out.html.
  • Your IP Address. We collect your IP address, a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
  • Aggregated and Segmented Data. We may aggregate data that we collect, and this aggregated data will not personally identify you or any other user. We may also use both Personal Data and Other Data to divide customers into segments, or groups, to provide more relevant advertising.
  • Precise Location-based Services. With your consent, we may collect the precise physical location of your device by using satellite, cell phone tower, Wi-Fi signals, or other technologies. We will collect this data if you opt-in through the App or other programme (either during your initial login or later) to improve special offers and to enable location-driven capabilities on your device. If you have opted-in to share your location, the App or other programme will continue to collect location data based on how you chose to share the data.

4. How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures as reasonably possible to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

5. Sharing your personal information

Strategic Business Partners: We may share your personal data with our business partners to enhance your stay, such as spas, restaurants, and transport services.

Service Providers: We may share your personal data with third-party service providers who assist us in providing our services, such as website hosting, data analytics, payment processing, and customer service.  

Law Enforcement and Regulatory Authorities: We may share your personal data with law enforcement and regulatory authorities to comply with public security, legal obligations, prevent fraud and cooperate with investigations.   

Other John Keells Group Companies We may share your personal data with other companies within our corporate structure to provide our services and personalize your experience.

6. Your rights and Your Preferences

Rights of the Data Subject - You have the right to request from the Company, access to and rectification or erasure of Your Personal Data or restriction of processing concerning Your Data or to object to processing as well as the right to data portability. You also have the right to withdraw your consent for any use of Your Personal Data at any time, provided that any processing of Your Personal Data prior to the withdrawal of your consent shall not be rendered unlawful. Further, where applicable, you shall have the right to lodge a complaint with a supervisory authority in the event that there is a breach of the relevant data protection regulations with regard to Your Data.

7. Retention Period

Your Personal Data will be ordinarily stored by the Company for seven (7) years, but maybe extended for a further period due to legal, regulatory, business needs or public interest.

8. Disclaimer

Although we attempt to keep all information in the WWW servers accurate and up to date, the accuracy and timelines of the information provided cannot be guaranteed. We hope that you will find the information helpful and easy to use, but we provide all content for informational purposes only and make no representations or warranties of any kind regarding the same. The Company and its management and its owning company disclaims all liability of any kind whatsoever arising out of the use of, or inability to use, its WWW servers and the information contained on them unless there is negligence or fault on part of the Company. The Company’s WWW servers were designed to provide information about the Company, its products, and links to specific external Sites. Use of this system for any purpose other than that for which it was designed is unauthorised and prohibited.

9. Submitted Materials

All parties submitting materials to the WWW servers represent and warrant that the submission, installation, copying, distribution, and use of such materials in connection with the WWW servers will not violate any other party’s proprietary or legal rights.

10. Intellectual Property Rights

The material and content provided on the Site is strictly for your personal and non-commercial use only. However, you could save where expressly provided, and you agree not to by yourself or through or by way of assistance from any third party to distribute, copy, extract or commercially exploit such material or contents. Except as otherwise indicated, all materials on this Site, including, but not limited to text, information such as; customer or partner references, data, images and pictures, illustrations and written and other materials contained in this Site are protected by copyrights, database rights, trademarks and/or other Intellectual Property rights owned, or used with permission of their owners by us or our partners, affiliates or associates. This Site is protected by copyright and other intellectual property rights. All rights reserved.

11. Third Party Data

You confirm that any personal information or data you share on behalf of another with the Company has been obtained with the prior consent of such person and they are aware of this privacy statement.

12. Security

We seek to use reasonable, organizational and technical measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

13. Other Important Provisions

Unsolicited Personal Data
Unless specifically requested, we ask that you not send us Personal Data.


International Data Transfers
Cinnamon Hotels and Resorts provides a global service. Transferring data internationally is essential to the Services so that you receive the same high-quality service wherever you are in the world. As a result, we will, subject to law, transfer Personal Data and Other Data collected in connection with the Services, to entities in countries where data protection standards may differ from those in the country where you reside, including outside Sri Lanka or the European Union. By making a reservation, visiting, or staying at a Cinnamon branded property or using any Cinnamon Hotels and Resorts branded service, you understand that we transfer your Personal Data globally.

CINNAMON DISCOVERY membership

You can create a CINNAMON DISCOVERY membership with us which gives you added benefits. If you set up a CINNAMON DISCOVERY membership, we ask you to provide the following Personal Information:

  • Your full name and email address
  • Your date of birth
  • Your home address and phone number
  • Your language preference for email communication
  • Your email marketing preferences

The CINNAMON DISCOVERY loyalty program is provided by a third-party, which is Global Hotel Alliance (GHA).  

You can deactivate your account by sending an email to [email protected] 

14. Your Acceptance of these Terms

By submitting any Personal Data, you signify your acceptance of this Statement. If you do not agree to this Statement, please do not submit any Personal Data. Any submission of your Personal Data will be deemed your acceptance of this Privacy Statement.

15. Contacting us

If you have any questions, feedback, or complaints, please contact us at : [email protected]

16. UPDATES TO THE PRIVACY NOTICE

We reserve the right to amend, modify, vary or update this Privacy Statement, at our discretion from time to time, as and when the need arises. The most recently published Privacy Statement shall prevail over any of its previous versions. We have no obligation to directly inform you of any changes and you have a responsibility to periodically review https://www.cinnamonhotels.com/privacy-statement for any changes.