This document is an electronic record in terms of (i) Information Technology Act, 2000; (ii) the rules framed there under as applicable; and (iii) the amended provisions pertaining to electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures.
1. WHAT DATA HOTEL OILFIELD COLLECTS FROM YOU
Hotel Oilfield may collect two (2) types of data about you: Personal and Non-Personal.
1.1. Personal Data
Personal Data refers to data that lets Hotel Oilfield know the specifics of who you are and which may be used to identify, contact or locate you (e.g. name, age, gender, mailing address, telephone number and e-mail address). Hotel Oilfield may collect Personal Data when you use the Hotel Oilfield including, without limitation, setting up account data, making bookings of hotels, filling out surveys, corresponding with Hotel Oilfield, or otherwise volunteering data about yourself.
1.2. Non-personal Data
Non-Personal Data refers to data that, by itself, does not identify you as a specific individual (e.g. demographic data or website visitations). Hotel Oilfield may collect Non-Personal Data through any of the methods discussed above as well as automatically through the use of industry-standard technologies described further below.
2. HOW HOTEL OILFIELD COLLECTS YOUR DATA
Subject to clause 7, which provides additional rights to European Residents, The Personal Data practices set forth apply to all Hotel Oilfield’s customers worldwide.
Prior to using one or more of the Hotel Oilfield, Hotel Oilfield may require certain Personal Data and Non-Personal Data to create an individual account (“Account”) or to enable features or functionality of the Hotel Oilfield. Failure to provide all required data required by Hotel Oilfield may prevent access to any or all Hotel Oilfield, and failure to maintain accurate data may result in suspension or termination of access to any or all Hotel Oilfield services.
2.2 Data Collected Through Technology
While you are able to visit the Hotel Oilfield and remain anonymous, Hotel Oilfield or its third-party service providers may still collect Non-Personal Data about your use of the Hotel Oilfield (e.g. your Internet browser, operating system, IP address, connection speed, and the domain name of your Internet service provider). Such data may be gathered by the following methods:
a) Cookies, including local shared objects, are small pieces of data that are stored by your browser on your computer’s hard drive which works by assigning to your system a unique number that has no meaning outside of the Hotel Oilfield. Cookies do not generally contain any Personal Data. Most web browsers automatically accept cookies, but you can usually configure your browser to prevent this. Not accepting cookies may make certain features of the Hotel Oilfield unavailable to you.
b) IP Address.You may visit many areas of the Hotel Oilfield Site anonymously without the need to become a registered User. Even in such cases, Hotel Oilfield may collect IP addresses automatically. An IP address is a number that is automatically assigned to your computer whenever you begin Services with an Internet services provider. Each time you access the Hotel Oilfield Site and each time you request one of Hotel Oilfield’s pages, the server logs your IP address.
c) Web Beacons.Web beacons are small pieces of data that are embedded in web pages and e-mails. Hotel Oilfield may use these technical methods in HTML e-mails that Hotel Oilfield sends to Users to determine whether they have opened those e-mails and/or clicked on links in those e-mails. The data from use of these technical methods may be collected in a form that is Personal Data.
d) Tracking Content Usage.If you use the Hotel Oilfield Services and you post audio visual materials including, without limitation, text, logos, artwork, graphics, pictures, advertisements, sound and other related intellectual property contained in such materials (collectively, “Content”) to your website or to a third party website, Hotel Oilfield tracks and captures Non-Personal Data associated with User accounts and the use of Content.
3. HOW HOTEL OILFIELD USES YOUR INFORMATION
If you are an EU resident, we are required to disclose the legal basis for processing your data under the GDPR.
Hotel Oilfield uses the data that you provide or that we collect to operate, maintain, enhance, and provide all of the features and services found on Hotel Oilfield as well as to track user-generated content and Users to the extent necessary to comply as a service provider.
If you are an EU resident, you can object to profiling and opt out of receiving any targeted marketing. For more information on this right, please refer to the para with the heading “Objection” under Section 7 below.
3.1. System Administration
Hotel Oilfield may use Non-Personal Data for the purposes of system administration, assisting in diagnosing problems with Hotel Oilfield servers, monitoring Hotel Oilfield’s system performance and traffic on the Hotel Oilfield and gathering broad demographic data about Hotel Oilfield customers.
3.3 Notices to Registered Users
If you have registered for an Account, Hotel Oilfield may use your Personal Data to send e-mails regarding your registration, including confirmation to verify the accuracy of any data you have provided, and instructions on how to post Content. Hotel Oilfield may also send you e-mails to verify your identity or to notify you if Hotel Oilfield believes your use of Hotel Oilfield violates any applicable agreement for the use of the Hotel Oilfield.
3.4 Promotional E-mails
Hotel Oilfield may use your Personal Data to send you e-mails periodically listing promotions or events relating to the Hotel Oilfield or from Hotel Oilfield’s marketing partners or sponsors. You have the choice to opt out of receiving such promotional e-mails by sending an e-mail to firstname.lastname@example.org and/or following the instructions in such correspondence. Once Hotel Oilfield’ has processed your opt-out request, Hotel Oilfield will not send you promotional e-mails unless you opt back into receiving such communications.
3.5 Contact Data
If you contact Hotel Oilfield by telephone, e-mail or letter, Hotel Oilfield may keep a record of your contact data and correspondence. If you report a problem with Hotel Oilfield, Hotel Oilfield may collect this data in a file specific to you. You may contact Hotel Oilfield at email@example.com to request the removal of this data from Hotel Oilfield’s database.
4. HOW TO ACCESS AND CHANGE YOUR PERSONAL DATA
Upon request, Hotel Oilfield shall allow Users to update or correct Personal Data previously submitted, but only to the extent, that such activities will not compromise privacy or security interests. Additionally, upon request, Hotel Oilfield shall delete Personal Data from the database where such data is stored; however, it may be impossible to entirely delete a User’s entry without some residual data being retained due to the manner in which data backups are maintained. Requests to delete Personal Data shall be submitted to firstname.lastname@example.org.
To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your data. You are responsible for maintaining the secrecy of your unique password and account data at all times.
5. DISCLOSURE OF DATA TO THIRD PARTIES
Hotel Oilfield does not sell, trade or rent Personal Data collected through the Hotel Oilfield to any third party. Notwithstanding the foregoing, Hotel Oilfield shall: (1) fully cooperate with law enforcement agencies; and (2) may be required to disclose Personal Data upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation.
6. SAFEGUARDING YOUR PERSONAL DATA
6.1 Security Measures
Hotel Oilfield takes appropriate security measures to protect against unauthorized access, alteration, disclosure or destruction of Personal Data. These include, but are not limited to, internal reviews of: (a) Hotel Oilfield’s data collection & encryption; (b) storage and processing practices; (c) electronic security measures; and (d) physical security measures to guard against unauthorized access to systems where Hotel Oilfield stores Personal Data. All Hotel Oilfield employees, contractors and agents who access Personal Data are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution or unauthorized use or disclosure of Personal Data.
Hotel Oilfield infrastructure is primarily based on Cloud and its Core Systems are Software as Service (SaaS) in nature where its Customer Data is stored and accessed. Your data will be accessible to our offices and appointed agents, including agents, sales agents and contact Centre agents, in India and around the world in connection with our performance of the contract with you.
This means that Customer Data will be transferred to, and stored at, a destination outside of your country and outside the European Economic Area (“EEA”). If you are an EU resident, where we transfer Customer Data outside the EEA, this is done on the basis that it is necessary for the performance of the contract between you and Hotel Oilfield.
6.2 Third-Party Links
The Hotel Oilfield may contain links to third parties who may collect Personal Data and Non-Personal Data directly from you. Additionally, Hotel Oilfield may use third parties to provide components of the Hotel Oilfield. In either case, such third parties may have separate privacy policies and data collection practices, independent of Hotel Oilfield. Hotel Oilfield: (a) has no responsibility or liability for these independent policies or actions; (b) is not responsible for the privacy practices or the content of such websites; and (c) does not make any warranties or representations about the contents, products or services offered on such websites or the security of any data you provide to them.
7. EU DATA Subject Rights
If you are a resident in the EU, you may have certain rights in relation to the data we hold about you, which we detail below. Some of these only apply in certain circumstances where we are holding the authority of the data and legally/contractually allowed as per the local laws as set out in more detail below. We also set out how to exercise those rights.
These rights include:
(a) The right of access.
(b) The right of data portability.
(c) The right of rectification.
(d) The right of erasure.
(e) The right to restrict processing.
(f) The right to object.
Please note that we will require you to provide us with proof of identity and address before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us at email@example.com.
In the event that you wish to make a complaint about how we process your data, please contact us and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.
You have the right to know whether we process data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
If you require more than one copy of the data we hold about you, we may charge an administration fee.
We may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the data we hold about you would reveal information about another person) or where another exemption applies.
You have the right to receive a subset of the data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such data to another party.
The relevant subset of data is data that you provide us with your consent or for the purposes of performing our contract with you.
If you wish for us to transfer the data to another party, please ensure you detail that party and note that we can only do so where it is legally, contractually and technically feasible. We are not responsible for the security of the data, its transmission or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the data we hold about you would reveal information about another person).
You have the right to correct any data held about you that is inaccurate. We reserve the right to charge a reasonable administrative fee for this service. Please note that whilst we assess whether the data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
To exercise any of your rights, please contact us at firstname.lastname@example.org.
You may request that we erase the data we hold about you in the following circumstances:
(a) you believe that it is no longer necessary for us to hold the data we hold about you
(b) we are processing the data we hold about you on the basis of your consent and you wish to withdraw your consent and there is no other ground under which we can process the data;
(c) we are processing the data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such data;
(d) you no longer wish us to use the data we hold about you in order to send you promotions, special offers, marketing and lucky draws; or
(e) you believe the data we hold about you is being unlawfully processed by us.
Also, note that you may exercise your right to restrict our processing of the data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the data, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.
Where you have requested that we erase data that we have made public and there are grounds for erasure, we will use reasonable steps to try to tell others that are displaying the data or provide links to the data to erase the data too.
To exercise any of your rights, please contact us at email@example.com.
Restriction of Processing to Storage Only
You have a right to require us to stop processing the data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the data we hold about you where:
(a) you believe the data is not accurate, for the period it takes for us to verify whether the data is accurate;
(b) we wish to erase the data as the processing we are doing is unlawful but you want us to just store it instead;
(c) we wish to erase the data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
(d) you have objected to us processing data we hold about you on the basis of our legitimate interest and you wish us to stop processing the data whilst we determine whether there is an overriding interest in us retaining such data.
At any time you have the right to object to our processing of data about you in order to send you promotions, special offers, and marketing messages, including where we build profiles for such purposes and we will stop processing the data for that purpose.
You also have the right to object to our processing of data about you and we will consider your request in other circumstances as detailed below by contacting firstname.lastname@example.org referencing: Data Subject Rights.
You may object to where we are processing the data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.
Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or if we need to process it in relation to legal claims. Also, note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding interest.
9. SPECIAL NOTE REGARDING CHILDREN UNDER 12 YEARS OF AGE
Use of the Hotel Oilfield is not intended for minors under the age of 18 (“Minors”). Minors are not authorized to use the Hotel Oilfield, even if Minors set up an Account or accept the terms of any agreement for Hotel Oilfield. Parents or guardians may authorize Minors between the ages of 12 and 17 to use the Hotel Oilfield, provided they assume all responsibility and legal liability for the conduct of such Minor including, without limitation, monitoring the Minor’s access and use of the Hotel Oilfield. Hotel Oilfield does not intentionally collect nor maintain any personally identifiable data from Minors. If you discover your Minor child has submitted his/her data to Hotel Oilfield, you may request to have such data deleted from Hotel Oilfield’s database by sending an e-mail request to email@example.com together with the e-mail address that was submitted by the Minor. Upon receiving the request, Hotel Oilfield shall delete such information within 7 business days.