Introduction

Allora is SHR Group’s integrated suite of products and services. Privacy is imperative to Strategic Hospitality Resources (“SHR Group” or “we”). This Privacy Policy describes SHR Group’s web site and services (collectively, the “Service”). SHR Group (“SHR Group,” “we,” “us,” or “our”) and its wholly owned subsidiaries complies with the EU-US, the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, Personal Information Protection and Electronic Documents Act (“PIPEDA”) of Canada, General Data Protection Regulation (GDPR) of EU for use, and retention of personal information transferred from the Swiss and the European Union or Canada to the United States. Additionally, SHR Group has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (Privacy Shield active participant)

If you have questions, concerns, or believe there is an enforcement breech in regard to this Privacy Policy, you should contact our Privacy Officer at [email protected].

What Does This Notice Cover

This Website Privacy Notice applies only to your use of our website. Our site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

What Is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. If you do not provide us with your personal data, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or to comply with our legal obligations.

What Personal Data do we collect and how?

Our site collects certain information automatically, including your IP address, the type of browser you are using, and certain other non-personal data about your computer or device such as your operating system type or version, and display resolution. You can remove or reject cookies using your browser or device settings, but in some cases doing so may affect your ability to use our products and services.

We collect the following personally identifiable information about our users: name, e-mail address, corporate web address, telephone number, business address, preferred means of communication, and other information voluntarily provided. This personally identifiable information is typically provided when users register for online services, subscriptions, communications, surveys, or to request information. We also collect information about users regarding web pages accessed, traffic patterns and site usage.

How We Use the Information We Collect About You

We, our service providers and our vendors may use any information collected by users: to operate the Service; to effect users’ transactions; to provide better services, products and opportunities to users; to notify users about services and opportunities that may be of interest to such users; to create and share reports about users’ transactions; and for other marketing purposes. We may also share your personally identifiable information with other third parties, including our business partners in order to continue to provide our services to you and only if business needs require it.

Security and where we store your personal data.

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organization. We will continue to revise policies and implement additional security features as new technologies become available.

Personal data security is essential to us, and to protect personal data, we take the following measures:

Cookies

Cookies are information components stored on your hard drive containing information about you. These pieces of information allow the Service to remember important information that will make your use of the Service more useful. You can choose to reject or turn off the cookies through your browser settings. If you reject or turn off the cookies, you may still use the Service.

Log Files

We use IP addresses to analyze trends, administer the Service, track users’ movements, and gather demographic information.

Email Confidentiality Policy

We have created this email Privacy Policy to demonstrate our firm commitment to your privacy and the protection of your information. The information in our e-mail and any attachment(s) is confidential and for the use of the addressee(s) only. If you received a mailing from us, (a) your email address is either listed with us as someone who has expressly shared this address for the purpose of receiving information in the future (“opt-in”), or (b) you have registered or purchased or otherwise have an existing relationship with us. We respect your time and attention by controlling the frequency of our mailings. We value your privacy, and we use security measures to protect against the loss, misuse and alteration of data used by our system. To unsubscribe or manage email communication preferences, visit the bottom of any email from SHR Group and click ‘Unsubscribe’ and/or ‘Manage Preferences’.

What Are My Rights?

Under the General Data Protection Legislation, you have the following rights, which we will always work to uphold:

Do You Share My Personal Data?

We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:

Service Providers:

Carefully selected companies that provide services for or on behalf of us, such as companies that help us with IT support and website security. These providers are also committed to protecting your information.

Other Parties When Required by Law or as Necessary to Protect Our Services:

For example, it may be necessary by law, legal process, or court order from governmental authorities to disclose your information. They may also seek your information from us for the purposes of law enforcement, national security or other issues that are related to public security. We will challenge any such requests that are not valid.

Other Parties in Connection with Corporate Transactions:

We may disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy.

Other Parties with Your Consent or at Your Direction:

In addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you separately consent to or request such sharing. If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA and under the relevant Data Protection Legislation.

Retention of your personal data.

We will store your personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods (see ‘Contact Us’ below).

International Transfers.

Your use of our website may from time to time involve the transfer, storage, and processing of your personal data to other countries outside of the European Economic Area. We will take appropriate measures, in compliance with applicable law, to ensure that your personal data remains protected. Such measures include the use of Standard Contractual Clauses to safeguard the transfer of data outside of the EEA.
As stated in Part 7 above, we may be requested by law, legal process, or court order from governmental authorities to disclose your information. SHR Group also commit that if we are ever compelled by a valid and binding legal request to disclose visitor/customer data, we will disclose only the minimum amount of data necessary to satisfy the request.

Minors

SHR Group does not provide services for purchase by children, nor do we market to children. If you are under the age of 18, please do not submit any personal information through our website. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this Privacy Notice by instructing their children never to provide personal information via our website without their guardian’s consent.

Disclosure Required by Law

We cooperate with law enforcement agencies in identifying those who use the Service for illegal activities. Therefore, we respond to subpoenas, warrants or other court orders regarding information concerning any users. We will, at our discretion, disclose information if we believe that we are required to do so by law, that such disclosure is necessary to protect us from legal liability or that we should do so to protect the integrity of the Service.

General Data Protection Regulation (GDPR)

As a leading Hospitality Resource platform and services provider, SHR Group, Strategy Hospitality Resources, has made the security and protection of your data a top priority by using state-of-the-art physical, technological, and procedural security safeguards.

The cornerstone to our platform is a rigorous security system that we—and by extension, you—can trust. We employ multiple safeguards and security protocols that are trusted in the industry with the singular goal of ensuring your data are protected.

We use multiple security measures, such as firewalls, Encryption, IDS/IPS, Physical/Logical security and Regular Security Audits (to name a few) to safeguard the confidentiality of our users’ personally identifiable information. Information we collect about our users is stored on secured servers.

If you should have any questions about the security of the Services or SHR Group environment, please inquire by sending an e-mail to [email protected].

Resolution of Complaints

In compliance with the Privacy Shield principles, SHR Group commits to the resolution of complaints and our collection or use of your Information. We have also committed to resolve any complaints pursuant to the Privacy Shield Privacy Principles by European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SHR Group at: [email protected].

SHR Group has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to the unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Correction/Updating Personally Identifiable Information

You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personally identifiable information, or if you no longer desire SHR Group’s services, we will endeavor to provide a way to correct, update or remove the data you provided to us. Please note that any such communication must be in writing by sending an e-mail to [email protected]. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.

Your Consent; Notification of Changes

By using the Service, you consent to SHR Group’s collection and use of the information described in this Privacy Policy. If we decide to change this Privacy Policy, we will post those changes via our homepage so our users are aware of what information we collect, how we use it, and under what circumstances we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify you by way of an e-mail. Please check this policy from time to time to make sure that you are aware of our latest Privacy Policy.

SHR Group’s full Standard Operating Procedure (SOP) for GDPR can be provided upon request by emailing [email protected].

PCI-DSS

SHR Group being responsible for the security of cardholder data that it possesses, or otherwise stores, processes, or transmits on behalf of our clients, or to the extent that SHR Group could impact the security of the customer’s cardholder data environment; it will maintain the necessary technical and organizational measures needed to protect the security and availability of any Data created, collected, received or otherwise obtained to provide SHR Group services.

In particular, these technical and organizational measures control access to the premises where Data are Processed (physical access control), access to the IT systems via which Data are Processed (system access control), access to the Data themselves (data access control), the disclosure of the Data to other parties (data transfer control), when and how the Data are entered or modified (entry control), how subcontractors process Data (control of instructions), the availability of the Data (availability control), and the separate processing of the Data from other data, including other personal data (separation control).

All SHR Group client’s user accounts that provide access to cardholder data complies with all the requirements described by the PCI DSS V 3.2.1 guidelines, as well as comply with any future requirements or documents released by the PCI council as it applies to SHR Group and our clients’ environment.

A copy of SHR Group’s Attestation of Compliance (AOC) for PCI-DSS can be provided upon request by emailing [email protected].

Privacy Shield Certification

SHR Group is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Additionally, SHR Group complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. SHR Group has certified to the Department of Commerce that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield, and to view SHR Group’s certification, please visit https://www.privacyshield.gov.

However, it is important to note that the Platform and its servers are operated in the United States and elsewhere. If you are located outside of the United States, please be aware your personal information will be transferred to, processed, and used in the United States and elsewhere. By using the Platform, you affirmatively consent to such transfer, processing, and use of your Personal Information in accordance with the EU-US Privacy Shield, the Swiss-US Privacy Shield, and this Privacy Policy. SHR Group accepts full accountability and responsibility for the protection of your Personal Information, according to the applicable privacy legislation and this Privacy Policy, during the course of these onward transfers to third parties.

SHR Group, as the processor of data for our clients/hotels (Processor of data according to GDPR), does collect Personally Identifiable Information (PII) during the room reservation process. However, the PII data collected is not shared with any other organization outside of the specific hotels that have taken the reservation, as they are the owners of the data (controllers of data according to GDPR).

SHR Group’s active membership can be viewed at Privacy Shield Active member list.

Personal Information Protection and Electronic Documents Act (PIPEDA)

SHR Group complies with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). PIPEDA sets out rules for the collection, use and disclosure of personal information in the course of commercial activity as defined in the Act.

SHR Group fully complies with the 10 principles of PIPEDA which are Accountability, Identifying Purposes, Consent, Limiting collection, Limiting Use Disclosure and Retention, Accuracy, Safeguards, Openness, Individual Access, Provide Recourse.

Complaints/Questions

Any questions or concern about SHR Group’s personal information handling practices may be directed to the Privacy Officer. Requests for access to information, or to make a complaint, are to be made in writing (via letter or email) and sent to the Privacy Officer at the address;

Privacy Officer

1334 Brittmoore
Suite 2410
Houston, TX 77043
Toll Free: +1 800 252 0522
or
Email address: [email protected]

If the hotel client is dissatisfied with the finding and corresponding action taken by SHR Group’s Privacy Officer, the hotel client may bring a complaint to the Federal Privacy Commissioner at the address below:

The Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Toll Free +1 800 282 1376
Email: [email protected]
Website:  www.priv.gc.ca

SHR Group’s full Standard Operating Procedure (SOP) for PIPEDA can be provided upon request by emailing [email protected].