Peak Tramways Company, Limited and The Peak Tower Limited
Data Privacy and Security Policy
The websites we offer are not intended for children and minors and we do not knowingly solicit or collect Personal Data from children and minors. As a parent or legal guardian, please do not allow your children to submit Personal Data without your permission.
- 1 Personal Data we collect
- 2 How we use Personal Data
- 3 How we share Personal Data
- 4 How we transmit, protect and store Personal Data
- 5 Your rights
- 6 Contacting us
- 7 Cookies
- 9 Other Sites
1 Personal Data we collect
The term “Personal Data” refers to any personal data that can be used to identify you as an individual.
1.1 We may collect and process the following Personal Data about you.
- (a) Personal information about you
personal information that you provide to us, such as if you enrol for an account, or purchase merchandise or tickets for the Peak Tram, including your name, telephone number, e-mail address and address (residential and/or delivery address);
- (b) Our correspondence
if you contact us such as when you make enquiries, we may keep a record of that correspondence;
- (c) Survey information
we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey; and
- (d) Your use of our website and mobile applications
details of your visits to our website, mobile application and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
- (e) Do-not-track
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (DNT) mechanisms, we do not respond to web browser-based DNT signals at this time.
1.2 We may collect your Personal Data from you directly. We may also collect Personal Data from third parties including agents and online service providers that make reservations on your behalf, facilitate online payment or gift purchase or that are otherwise involved in the reservations process or delivering our services to you.
Special Categories of Personal Data
1.4 “Special Categories of Personal Data” are a subset of Personal Data, and include Personal Data relating to your health, political opinions, religious beliefs, ethnicity and race, sex life, trade union membership and in some cases, criminal activity.
1.5 As a general rule, we do not process Special Categories of Personal Data. We may however process health/medical information in order to handle medical incidents and/or claims as per paragraph 2.1(i) below. Where we process Special Categories to handle medical incidents, we do so in order to protect the vital interests of you or another person. Where we process Special Categories to handle claims, we do so on the basis of establishing, exercising or defending legal claims or whenever courts are acting in their judicial capacity.
In addition to paragraph 1.5 above, we may process Special Categories of Personal Data in limited circumstances where you have provided such Special Categories of Personal Data including health/medical information (e.g. allergies, disabilities, dietary requirements) so that we can provide our services safely to you.
1.6 Where we must process Special Categories of Personal Data mentioned at paragraph 1.4 above, we will only do so where you have given us your explicit consent for the collection, processing and disclosure of the Special Categories of Personal Data. Where you are providing Special Categories of Personal Data about a travel partner, you agree that you have procured their consent to our collection, processing and disclosure of their Special Categories of Personal Data.
2 How we use Personal Data
2.1 We may use your Personal Data in the following ways:
- (a) To administer your ticket bookings
to process your purchase requests, which may be made via our website, in person or through third parties and to confirm your purchase. We will send a confirmation via email.
Use justification: contract performance, legitimate interests (to enable us to perform our obligations and provide services to you);
- (b) To provide you with services
to provide and charge for any applicable and relevant special requests or assistance that you have asked for.
Use justification: contract performance, legitimate interests (to enable us to perform our obligations and provide services to you);
- (c) To customize our services and products to you
to assure your future comfort and attention to your individual needs, we collect and store specific basic information about you, such as your contact details and company affiliation. For example, if you are a repeat guest, we may store your Personal Data in our system to serve you better upon your return.
Use justification: legitimate interests (to allow us to provide customized services and products to you);
- (d) To provide marketing materials to you
to provide you with updates, offers, and subscriptions where you have chosen to receive these, or connected with us via social media platforms, such as WeChat. With your consent, we may send you information about ourselves and our group companies, namely The Peninsula Hotels and restaurants and residential clubs operated by our group companies, including news, offers and promotions about our hotels and arcades, food and beverage, spa, merchandise, branded residences, touristic services and special events by us or our arcade partners by post, e-mail, telephone and/or SMS. You may also see these offers, promotions and information on social media platforms through which you have connected with us. Please note that this is subject to the terms and conditions of use of the relevant social media platform. It is however our intention to only send you communications that you may want to receive. When you opt-in to receiving promotional material, for example by signing up on one of our websites and providing your details to us specifically and expressly in order to receive marketing communications specified above, we will periodically contact you via your preferred channel(s). We typically use third party e-mail service providers to send e-mails. These service providers are contractually prohibited from using your e-mail address for any purpose other than to send e-mails related to our group operations and any organised special events. Personal Data will not be shared with third parties for their own marketing purposes. We provide you with the ability to unsubscribe from all marketing communications. Every time you receive an e-mail, you will be provided with the choice to opt-out of future e-mails by following the instructions provided in the e-mail. You may also opt-out of receiving promotional materials by updating your account where applicable or contacting us as set out in Section 6 below.
Use justification: consent (which can be withdrawn at any time - please see paragraph 5.1 below;
- (e) For analytics and profiling
to tailor our marketing to you. In connection with our marketing activities, we analyse information that we collect about customers to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. You have the right to opt-out of such analysis of your Personal Data at any time. You can exercise this right by contacting us as set out in section 6 below.
Use justification: consent (which can be withdrawn at any time - please see paragraph 5.1 below);
- (f) To comply with our legal obligations
to comply with our legal obligations such as financial reporting requirements imposed by our auditors and government authorities, and to cooperate with law enforcement agencies, government authorities, regulators and/or the court in connection with proceedings or investigations anywhere in the world where we are compelled to do so.
Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities);
- (g) To handle incidents and process any claims we receive
to handle any accidents and incidents such as liaising with emergency services, and to handle any claims made by customers such as personal injury claims. Please note that this may also require the processing of Special Categories of Personal Data – please see section 1.5 for further information about this.
Use justification: vital interest (in relation to Special Categories of Persona Data), legal claims, legitimate interests (to ensure that incidents and accidents are handled appropriately and to allow us to assist our customers);
- (h) To improve our services and products
to assist in developing new services and products and to improve our existing services and products.
Use justification: legitimate interests (to allow us to continuously improve and develop our services);
- (i) To ensure our website and mobile application function correctly
to ensure that content from our website and mobile applications is presented in the most effective manner for you and for your computer.
Use justification: contract performance, legitimate interests (to allow us to provide you with the content and services on the Website); and
- (j) In connection with any reorganisation of our business
To analyse, or enable the analysis of, any proposed sale or reorganisation of our business.
Use justification: contract performance, legitimate interests (to allow us to continue providing services to you).
3 How we share Personal Data
3.1 We may share your Personal Data in the following ways:
- (a) Third party service providers who process Personal Data on our behalf to help us undertake the activities described in section 2
We may permit selected third parties such as service providers, agents, contractors, entities which may be the owners of the hotel belonging to our group, and other group companies to use your Personal Data for the purposes set out in section 2, including mail houses and e-mail service providers that we engage to send and disseminate promotional materials for PTC, data centre providers that host our servers and third party agents that process mailing, online bookings and purchases of gift cards on our behalf. These parties are contractually prohibited from using Personal Data for any purpose other than for the purpose specified in their respective contracts and will be subject to obligations to process Personal Data in compliance with the same safeguards that we deploy. We do not permit the sale of Personal Data to entities outside our group for any use unrelated to our group operations or use of Personal Data by third parties for their own purposes.
Use justification: contract performance, legitimate interests (to allow us to effectively provide services to you and to run and manage our business);
- (b) Law enforcement agencies, government authorities, regulators and the court in order to comply with our legal obligations or to handle incidents/ claims
We may disclose your Personal Data when required by relevant law or court order, or as requested by other government or law enforcement authorities to assist with proceedings or investigations. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. This also applies when we have reason to believe that disclosing the Personal Data is necessary to obtain legal advice, to identify, investigate, protect, contact, or bring legal action against someone who may be causing interference with our guests, visitors, associates, rights or properties, or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities); and
- (c) Third parties who require such data in connection with a change in the structure of our business
Use justification: contract performance, legitimate interests (to allow us to run and manage our business).
These are the principal legal grounds that justify our use of your Personal Data:
|Consent: where you have consented to our use of your Personal Data (you will have been presented with a consent form in relation to any such use)|
|Contract performance: where your Personal Data is necessary to enter into or perform our contract with you.|
|Legal obligation: where we need to use your Personal Data to comply with our legal obligations.|
|Legitimate interests: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.|
|Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.|
|Vital interest: where we need to process your Personal Data to protect the vital interest of you or another natural person e.g. where you require urgent assistance.|
These are the principal legal grounds that justify our use of your Special Categories of Personal Data:
|Explicit consent: You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent by contacting us. Where you do so, we may be unable to provide a service that requires the use of such data.|
|Protection of vital interests of you or another person, where you are unable to consent: Processing is necessary to protect the vital interests of you or of another natural person where you are physically or are legally incapable of giving consent.|
4 How we transmit, protect and store Personal Data
Security of communications
4.1 It is important to note that no security system or system of transmitting information over the Internet is guaranteed to be secure. There is a risk inherent in the submission of information online, use of e-mail and facsimile. Please be aware of this when requesting information or sending forms to us online or by e-mail or facsimile, for example, from the “Contact Us” section. We recommend that you do not include any sensitive information including credit card details when submitting information online, using e-mail, facsimile or when using any public computers/public WIFI.
4.2 We maintain administrative, technical and physical safeguards designed to protect the personal data we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Despite such efforts, however, please note that no company can fully eliminate risks or guarantee the security of personal information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and we bear no liability for uses or disclosures of personal information or other data arising in connection with theft of the information or other malicious actions.
4.3 We store certain customer information and reservation details in our Customer Information System and Reservation System on our subcontractor’s secure servers. Our server resides behind firewalls to protect Personal Data collected from you against unauthorised or accidental access. Because laws applicable to personal information vary by country, our hotels or other business operations may put in place additional measures that vary depending on the applicable legal requirements.
Personal Data transmission across international borders
4.5 Your Personal Data will be accessed by staff or suppliers, transferred, and/or stored outside the European Economic Area (EEA) including to countries which may have a lower level of data protection than under EU data protection law. We must comply with specific rules when we transfer Personal Data from inside the EEA to outside the EEA. When we do this, we will use appropriate safeguards to protect any Personal Data being transferred. Where required, we will transfer your Personal Data subject to European Commission approved contractual terms that impose different data protection obligations directly on the recipient. Please contact us as set out in Section 6 below if you would like to see a copy of the specific safeguards we apply to the export of your Personal Data.
4.6 Your Personal Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.
4.7 Our retention periods are based on business needs and your Personal Data that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.
5 Your rights
Opt-out of marketing
5.1 You have the right to ask us not to process your Personal Data for marketing purposes at any time. You can exercise your right by checking certain boxes online or on the data collection forms, talking to us in person, or by contacting us as set out in section 6 below.
5.2 Subject to various exceptions and data protection laws in your country, you may have the following rights:
(a) Access: you can ask us to provide you with further details on the use we make of your Personal Data and a copy of the Personal Data we hold about you;
(b) Correction: you can ask us to correct any inaccuracies in the Personal Data we hold about you;
(c) Complaint: if you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you have the right to complain to the data protection authority in your country;
(d) Erasure: you can ask us to delete your Personal Data if we no longer have a lawful ground for use;
(e) Withdrawal of consent: where processing is based on consent (e.g. marketing, or certain uses of Special Categories of Personal Data), you can withdraw your consent to processing and we will stop that particular processing;
(f) Object to processing: you have the right to object to other types of processing (e.g. analytics and profiling activities carried out in relation to your Personal Data), unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
(g) Restriction: you can restrict how we use your Personal Data pending any investigation, for example whilst we are verifying the accuracy of your Personal Data or where we are verifying the grounds that we use as the basis of holding your Personal Data;
(h) Portability: where technically feasible, you have the right to ask us to transmit the Personal Data that you have provided to us to a third party in a structured, commonly used and machine readable form.
5.3 We will use reasonable endeavours to ensure that your Personal Data is accurate. In order to assist us with this, you should notify us of any changes to your Personal Data that you have provided to us by updating your details in your My Peninsula account or by contacting us as set out in section 6 below.
Notifications in the event of breach
5.4 In the unlikely event of a data breach, we are prepared to follow any laws and regulations which would require us to notify you of the disclosure of private information.
California Privacy Rights
5.5 Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of customer personal information which we share with our group companies, affiliates and/or third parties for marketing purposes, and providing contact information of such affiliates and/or third parties. If you are a California resident and would like a copy of this information, please submit a written request to the address details in Section 6.
6 Contacting Us
Data Privacy Team
Peak Tramways Company, Limited, c/o
The Hongkong and Shanghai Hotels, Limited
8/F St George’s Building
2 Ice House Street
Fax: +852 2147 3720
9 Other Sites
9.1 The website or mobile application may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.
31 August 2018
Peak Tramways Company, Limited and The Peak Tower Limited Cookies Policy
If you do not agree to the use of these cookies please disable them by following the instructions for your browser set out here. Please note that some of the services will not function so well if cookies are disabled.
Where the organisation setting the cookie provides an automated disabling tool in respect of its cookie(s) we list the name of that organisation, the category of cookies it sets together with a link to its automated disabling tool. In all other cases, we list the names of the cookies themselves and their source at the date of this Cookies policy so that you can easily identify and disable them if you want through your browser controls.
Some browsers make is possible for you to signal that you do not want your internet browsing activity to be tracked. Disabling tracking may interfere with some uses of the Website and the services provided on the Website.
After your initial visit to the Website we may change the cookies we use. This Cookies Policy will always allow you to know who is placing cookies, for what purpose and give you the means to disable them so you should check it from time to time.
What are cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating web domain on your subsequent visits to that domain. Most web pages contain elements from multiple web domains so when you visit the Website, your browser may receive cookies from several sources.
Cookies are useful because they allow a website to recognise a user’s device. Cookies allow you to navigate between pages efficiently, remember preferences and generally improve the user experience. They can also be used to tailor advertising to your interests through tracking your browsing across websites.
Session cookies are deleted automatically when you close your browser and persistent cookies remain on your device after the browser is closed (for example to remember your user preferences when you return to the site).
What types of cookies do we use?
We describe the categories of cookies we and its affiliates and its contractors use below.
Advertising cookies (or targeting cookies) collect information about the browsing habits associated with your device and are used to make advertising more relevant to you and your interests. They are also used by services provided by third parties on each Website, such as ‘Like’ or ‘Share’ buttons in addition to providing the requested functionality. Third parties provide these services in return for recognising that you (or more accurately your device has) have visited a certain website. These third parties put down advertising cookies both when you visit our Website and when you use their services and navigate away from our Website. Their privacy practices are set out below:
|Cookie Name||Source||Purpose||Further Information|
1P_JAR, AID, APISID, CONSENT, HSID, NID, SAPISID, SID, SIDCC, SSID, AID
These cookies are used to deliver advertisements for your interests on other websites and track transactions made by you on our website.
Persistent cookie and kept for up to 2 years
For further information on how Google uses your information, please refer to
HTML email web beacons
Our emails may contain a single, campaign-unique “web beacon pixel” to tell us whether our emails are opened and verify any clicks through to links within the email. We may use this information for purposes including determining which of our emails are more interesting to you, to query whether users who do not open our emails wish to continue receiving them. The pixel will be deleted when you delete the email. If you do not wish the pixel to be downloaded to your device, you should select to receive emails from us in plain text rather than HTML.
Use of IP addresses and web logs
We may also use your IP address and browser type to help diagnose problems with our server, to administer our Website and to improve the service we offer to you. An IP address is a numeric code that identifies your computer on the internet. Your IP address might also be used to gather broad demographic information.
We may perform IP lookups to determine which domain you are coming from (e.g. google.com) to more accurately gauge our users’ demographics.
Cookies Policy does not cover third party websites
Please note that this Cookies Policy does not apply to, and we are not responsible for, the privacy practices of third party websites which may be linked to a Website.
Changes to the Cookies Policy
We may update this Cookies Policy and we would encourage you to review the policy from time to time to stay informed of how we are using cookies. This Cookies Policy was last updated on 31 August 2018.