The Den, Bengaluru serves as a Data Controller of Personal Data about you.
You are aware that your Personal Data as defined below, may be stored in The Den, Bengaluru’s database, and that providing the Personal Data is subject to your wish and your consent.
However, if you do not provide us with the Personal Data that we request, or prohibit us from collecting such data, we may not be able to provide you with the Services.
Collection of Personal Data and of Other Data
1. “Personal Data” means data that identifies you as an individual or relates to an identifiable individual. We collect Personal Data, such as:
1.1. Contact information (name, email address, mailing address, phone number, fax number, ID number and passport number);
1.2. Payment information (payment card: numbers and expiry date upon PCI DSS rules, billing address, and bank account information);
1.3. Demographic data (age, gender, country, and preferred language);
1.4. Data about family members and companions, such as names and ages of children;
1.5. Information related to your reservation, stay, or visit at The Den, Bengaluru (date of arrival and departure, goods and services purchased, preferences, phone calls executed);
1.6. Information necessary to fulfill your special requests and/or specific accommodations (preferences, leisure activities, accompanying guest name, and number of children and ages);
1.7. Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, services, and amenities of which you advise us or which we learn about during your visit;
1.8. Loyalty program member information;
1.9. Geographical position and other location-based information;
1.10. Images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our property (closed circuit television systems – CCTV and electronic card key).
2. “Other Data” means data that does not reveal your specific identity or does not relate to an individual directly. We collect Other Data, such as, browser and device data including IP address and data collected through cookies, pixel tags and other technologies, aggregated data relative to your stays, and responses to promotional offers and surveys.
3. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.
4. If you submit any Personal Data about other people to us or our service providers (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.
How We Collect Personal Data and Other Data
We collect Personal Data and Other Data in a variety of ways:
5. Online Services. We collect Personal Data when you make a reservation, purchase goods and Services, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer or submit a job application.
6. Visits and Offline Interactions. We collect Personal Data when you visit The Den, Bengaluru or stay as a guest at The Den, Bengaluru or use The Den, Bengaluru’s Services, when you attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event. We also collect Personal Data when you visit our properties, information may be collected about you through such properties’ closed circuit television systems (CCTV), electronic key cards, and other security systems.
7. Other Sources. We may receive Personal Data about you from other third parties. This may include information from your travel agent, loyalty programs, credit card, state authorities in order to meet legal requirements, surveys companies and our sub-contractors and services providers, as well as other third parties.
8. Automatic Information: When you use or interact with our website and/or use any apps that we may make available on our website, we receive and store information generated by your activity and information automatically collected from your browser or mobile device. For example, like many websites, we obtain certain information when your web browser accesses our website including your IP address, browser type, operating system, mobile network data, pages viewed and access times. This information helps us to communicate with our customers and provide them with our Services.
9. Customer Support & Call Centers. We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online chat services or contact customer service. These communications may be recorded for purposes of quality assurance and training.
10. Aggregated Data. We may aggregate data that we collect and this aggregated data will not personally identify you or any other user
Use of Personal Data and Other Data
11. We use Personal Data and Other Data for one or more of the purposes detailed below:
11.1. Fulfillment of reservation and other purchases: We may process information relating to transactions that you enter into with us and/or through our website ("Transaction Data"). The transaction data may be processed for the purpose of completing your room reservation, supplying the purchased goods and services, customizing our services to your preferences, seeking your feedback on your stay at our properties, and keeping proper records of those transactions.
11.2. Guest Relations: To offer hospitality services and goods based on your preferences, information collected during and prior your stays at one of our properties. The information may be used for future voluntary loyalty events operated by us or by our partners.
11.3. Response to inquiries: We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication (such as groups, meetings and events). The correspondence data may be processed for the purposes of communicating with you and record-keeping.
11.4. Internal Business Purposes: For our internal business purposes, developing new products, enhancing the website, improving our services, identifying usage trends and visiting patterns, determining the effectiveness of our promotions, evaluating Third Parties performance (such as Travel Agencies), predicating our yield and occupancy, and meeting contractual obligations.
11.5. Administrative and other communications: To send you important information regarding our website, changes to our terms, conditions, and policies, or other administrative information (e.g., information about your travel reservations, such as confirmation emails).
11.6. Marketing and promotions: To communicate news and promotions to you regarding The Den, Bengaluru related products and services we think may be of interest to you; including Spa & Gym, Bars and Restaurants.
11.7. Safety and security: To maintain your safety and security as well as that of other guests and staff, while you visit at The Den, Bengaluru.
11.8. Our legal duties: To comply with legal and regulatory requirements or demands in accordance with applicable law, regulations, or other legal process.
11.9. We may use some or all of the Personal Data and Other Data in order to perform certain statistical calculations, some of which may be presented on the App, websites or other services; provided, however, that none of these calculations shall include any personally identifiable information or details.
12. The legal basis for processing your Personal Data is made up of one or more of the following reasons:
12.1. Your consent.
12.2. Providing the Services.
12.3. Compliance with applicable laws, regulations or other legal process.
12.4. Legitimate Business Interest.
Disclosure of Personal Data and Other Data
13. We share Personal Data and Other Data with the following:
13.1. The Den, Bengaluru and properties in order to provide a better hospitality experience based upon your preferences, use of our services and prior stays;
13.2. A representative or travel advisor that has supplied us with your personal information (for example, your travel agent, personal assistant, employer or spouse who has provided us with your details);
13.3. A service Providers and suppliers that assist us in providing services. Examples of such service providers and suppliers are IT service providers, legal advisers, accountants, suppliers of payment services etc.
13.4. Our marketing and advertisement partners to provide you with more relevant ads on our site and to encourage you to return to our site. These partners will not use your data for any other purpose than our legitimate interest of direct marketing and you will always have the right to object.
13.5. We may disclose or transfer your Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of The Den, Bengaluru business and assets (including any bankruptcy or similar proceedings).
14. We may also disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities, (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of The Den, Bengaluru, of you or of others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
15. As generally principal, data processing is held within Indian borders, data processing by third parties or cloud service providers may be held on servers around the world such as Microsoft Azure, Microsoft 365, Amazon AWS etc.
16. Notwithstanding, some information might be held on a cloud which might be held outside the borders of India. The operator of such services undertakes to comply with the General Data Protection Regulations provisions. In this specific case, be sure that we will verify that appropriate measures have been put in place to ensure that your Personal Data benefits from an adequate level of protection.
How You Can Access, Change, or Limit the Use of Your Personal Data
If you reside in India the following provisions will apply to you
17. The right to information on the processing of your Personal Data. We strive to provide you with concise, transparent, understandable and easily accessible information on the conditions for processing your personal data, in clear and simple terms.
18. The right to access, rectify, and delete your Personal Data. The right of access allows you to obtain from us confirmation that your Personal Data have or have not been processed as well as the conditions of such processing, and to receive an electronic copy.
19. The right to obtain from us the rectification of your Personal Data.
20. Subject to the exceptions provided by applicable law, you have the right to ask us to delete your Personal Data, when one of the following grounds applies:
20.1. Your Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed;
20.2. You wish to withdraw your consent on which the processing of your Personal Data was based and there is no other basis justifying such processing;
20.3. You consider and can establish that your Personal Data has been unlawfully processed;
20.4. Your Personal Data must be deleted in accordance with a legal obligation.
20.5. The right to restrict the processing of your Personal Data; The applicable regulations provide that this right may be invoked in certain cases, in particular the following:
20.6. When you dispute the accuracy of your personal data;
20.7. When you consider and can establish that the processing of Personal Data is unlawful but you oppose the deletion of Personal Data and demand instead that the processing be limited;
20.8. When we no longer need your Personal Data but they are still necessary for you to establish, exercise or defend your legal rights;
20.9. When you object to the processing that would be based on the legitimate interest of the controller, during the verification whether the legitimate grounds pursued by the controller prevail over those of the person in question.
21. The right to data portability.
21.1. When the processing is based on your consent or a contract, this right to portability allows you to receive the Personal Data you have provided to us with in a structured, commonly used format, and to transmit this Personal Data to another data controller without us hindering it.
22. The right to withdraw consent.
22.1. When we process your Personal Data on the basis of your consent, this latter may be withdrawn at any time using the means provided for this purpose (procedure indicated below of this Policy). On the other hand, and in accordance with applicable law, the withdrawal of your consent is only valid for the future and cannot therefore call into question the lawfulness of the processing carried out before this withdrawal.
23. The right to decide the fate of your Personal Data after your death
23.1. To organize the fate of your personal post-mortem data through the adoption of general or specific guidelines. We are committed to respecting these guidelines. In the absence of directives, we recognize the possibility for heirs to exercise certain rights, in particular the right of access, if it is necessary for the settlement of the deceased’s estate; the right to object to the closure of the deceased’s user accounts; and the right to object to the processing of their data.
24. The right to lodge a complaint with a supervisory authority. If, despite our effort to preserve the confidentiality of your personal data, you feel that your rights are not respected, you have the right to lodge a complaint with a supervisory authority. A list of control authorities is available on the Indian Commission’s website.
25. If you reside anywhere outside India your rights to review, edit or amend Personal Data held in our Databases will be governed by applicable Indian law, including the provisions of the General Data Protection Regulation (GDPR).
26. We implement reasonable administrative, organizational and technical safeguards and security measures to protect Personal Data from unauthorized access, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures.
27. When disclosure of data to third parties is necessary and authorized, we ensure that these third parties guarantee an adequate level of protection and require contractual guarantees so that the data are exclusively processed for the purposes you have previously accepted, and with the required confidentiality and security.
28. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact Us” section, below.
29. To the extent permissible by applicable law, we will retain your Personal Data for such period as necessary to satisfy or to fulfill the following:
29.1. The purposes for which that Personal Data was provided;
29.2. An identifiable and ongoing business need, including record keeping;
29.3. A requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings;
29.4. Comply with any applicable law, regulation, legal process, including, without limitation, court orders and/or compulsory disclosures required by governmental authorities;
29.5. Fulfill legitimate interests of The Den, Bengaluru and third parties, such as, defend in cases of legal procedures and etc.
30. Unless specifically requested, we ask that you not send us, or disclose, on or through the Services or otherwise, to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, administrative or criminal proceedings and sanctions).
Use of Services by Minors.
31. The Den, Bengaluru does not knowingly collect Personal Data from any person under the age of 18.
32. The Den, Bengaluru may collect Personal Data from people under the age of 18 as part of the guest registration process, but always with the consent of such person’s parent or guardian.
34. Like many other websites, in order to enhance your experience on our website, some of our web pages may use “cookies". Cookies, by themselves, do not tell us your personally identifiable information unless you choose to provide this information to us (by, for example, registering for one of our services). However, once you choose to furnish the site with your personally identifiable information, this information may be linked to the data stored in the cookie.
35. A cookie is a small text file containing small amounts of information that is placed by a website onto a computer or device. Cookies are designed to assist a computer or device to remember something the user has done within that website, for example remembering that the user has logged in, or which buttons have been clicked.
38. We may use various types of Cookies:
38.1. Session Cookies. These Cookies are stored only temporarily during a browsing session and are deleted from your device when you close the browser. We use Session Cookies to support the functionality of the site and to understand your use of the site, for example which pages you visit, which links you use and how long you stay on each page.
38.2. Essential Cookies. These cookies are necessary for the operation of the site and, for example, enable an e-dan member to log-in & enjoy member benefits.
38.3. Functional Cookies. We use Functional Cookies to save your settings on the site - settings such as your currency preference when looking at hotel prices on the site. We also use Functional Cookies to store data so that you can easily find it the next time you visit. Some Functional Cookies are essential to viewing maps or videos on our site. We also may use "Flash Cookies" for some of our animated content.
38.4. Persistent Cookies. These Cookies are not deleted when you close your browser but are saved on your device for a fixed period or until you delete them. Each time you visit the site, the server that set the Cookie will recognize the persistent Cookie saved on your device. We and others use persistent Cookies to store your preferences, so that they are available for your next visit, for example if you already logged into e-dan, these cookies will skip the log-in when you visit our site again.
38.5. Targeting and advertising Cookies. These cookies are used to collect information from you to help us to improve our products and services as well as serve you with targeted advertisements that we believe will be relevant to you. We use targeting cookies on our websites for various marketing initiatives and campaigns. We also may use some Analytics Cookies and Other Technologies to facilitate advertising.
38.6. Analytics Cookies. These cookies collect information about your use of the site, and enable us to improve the way it works. These Cookies give us aggregated information that we use to monitor site performance, count page visits, spot technical errors, see how users reach the Site, and measure the effectiveness of advertising & Targeted ads
39. The Website uses the following third-party cookies:
39.2. Facebook cookies. These cookies are used for interest-based advertising meaning ads you might like to see based on your activity on websites off of Facebook. These cookies collect information from your site visit and enables promoting your ads through Facebook platforms. To read more about interest-based ads from Facebook click here.
To unsubscribe from Facebook's interest-based ads, please follow Facebook's instructions here.
39.3. Bing cookies. Bing cookies are used to collect information about how visitors use our site & for marketing, advertising, and remarketing purposes these cookies enable to recognize visitors on the websites of our advertising partners and to address them with interest-related information or ads. To read more about Microsoft/Bing privacy click here.
Data Protection Officer (“DPO”)
40. In matters pertaining to Indian laws for the protection of privacy, our DPO is Mr. Dean Clyde Cooper.
Last updated on: 25/05/2018
Effective from: 27/01/2023