PRIVACY STATEMENT


Last Updated: May 2018


At the COMO Group we take your privacy very seriously and we are committed to protecting your personal data.

This privacy statement (together with any terms of use or terms and conditions, which you can find on the relevant COMO Group Website (as defined below)) explains how the members of the COMO Group manage your personal data. It includes details of how we collect, store, use, record, hold, transfer and disclose your personal data. If you wish to contact us regarding this privacy statement, please see the contact details set out below.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.


• ABOUT THE COMO GROUP

• DISCLAIMER – COMO GROUP MEMBERS ARE NOT LIABLE TO YOU

• DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA

• HOW WE USE YOUR PERSONAL DATA AND THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

• MARKETING AND YOUR CHOICES

• HOW WE SHARE AND DISCLOSE YOUR PERSONAL DATA

• WHERE WE STORE YOUR PERSONAL DATA

• LINKS TO THIRD PARTY WEBSITES

• RETENTION OF PERSONAL DATA

• HOW WE STORE AND SECURE YOUR PERSONAL DATA

• YOUR LEGAL RIGHTS

• COOKIES

• CHANGES TO THIS STATEMENT

• QUERIES, COMMENTS, REQUESTS AND COMPLAINTS

• CONTACT US

• LANGUAGES


ABOUT THE COMO GROUP

This privacy statement is issued by the COMO Group, but applies to the handling of personal data by each member of the COMO Group.

The members of the COMO Group who could be “data controllers” in relation to your personal data are:


• Club 21 Pte Ltd

• Kids 21 Pte Ltd

• Culina Pte Ltd

• SuperNature Pte Ltd

• COMO Hotels and Resorts (Asia) Pte Ltd

• COMO Shambhala Pte Ltd

• COMO Foundation


as updated from time to time and referred to in this privacy statement as the COMO Group / we / our or us.


The websites and applications of the COMO Group include:

• Club21global.com;

• Club21global.com;

• Supernature.com.sg;

• kids21.com;

• blackbarrett.com;

• comohotels.com;

• comodempsey.sg;

• comoshambhala.com; and

• sg.club21global.com, my.club21global.com, th.club21global.com, hk.club21global.com, au.club21global.com, int.club21global.com,


each a COMO Group Website and together the COMO Group Websites.


There will typically be one member of the COMO Group to whom you have given your personal data. This entity would be a “data controller” in relation to your personal data. The term “data controller” broadly means the person who determines the purpose and means for which your data is processed. It is possible that you have given your data directly to more than one member of the COMO Group in which case each such member could be a data controller of your data in that context.


DISCLAIMER – COMO GROUP MEMBERS ARE NOT LIABLE TO YOU

NOTWITHSTANDING THAT THIS PRIVACY STATEMENT IS ISSUED ON BEHALFOF THE COMO GROUP, YOU ARE NOTIFIED THAT THE MEMBERS OF THE COMO GROUP ARE SEPARATE AND INDEPENDENT. YOUR USE OF THE RELEVANT WEBSITE IS SUBJECT TO THE RELEVANT TERMS AND CONDITIONS ISSUED BY THE RELEVANT COMO GROUP MEMBER IDENTIFIED AS TRANSACTING WITH YOU ON THE RELEVANT COMO GROUP WEBSITE.


MEMBERS OF THE COMO GROUP SHALL NOT HAVE ANY LIABILITY WHATSOEVER FOR ANY LOSS OR DAMAGE HOWESOEVER CAUSED WHETHER TO YOU OR ANYONE ELSE BY REASON ONLY THAT THEY ARE MEMBERS OF THE COMO GROUP AND/OR THAT THEY ARE IDENTIFIED AS A MEMBER OF THE COMO GROUP IN THIS PRIVACY STATEMENT OR ELSEWHERE ON THE RELEVANT COMO GROUP WEBSITE.


DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA

Your personal data includes any information that you provide to us, that we collect or that we are provided with by third parties and that identifies you, or from which you are identifiable, whether directly or indirectly

We may collect, use, store and transfer the following personal data about you:


• Data you give us.

   o when you place an order or make a booking on a COMO Group Website or otherwise;

   o when you create an account on a COMO Group Website;

   o when you join a COMO Group loyalty program;

   o when you stay at one of our COMO Hotels & Resorts;

   o by filling in forms on a COMO Group Website;

   o by downloading or registering with a COMO Group mobile app;

   o when you use a COMO Group Website;

   o when you sign up to receive email updates from us;

   o when you ask us to provide you with marketing communications such as newsletters, updates or information

   about special events or promotions;

   o if you ask us to keep in touch with you or provide you with personalised content (such as targeted advertising);

   o if you contact us or correspond with us (for example, by phone, email or otherwise) for any reason; or

   o when you provide us with comments, opinions and/or feedback about the COMO Group.


• Data we collect about you when you visit or use a COMO Group Website.

   o technical information, including the type of device (and its unique device identifier) you use to access the COMO Group Websites, the Internet protocol (IP) address used to connect your device to the Internet, your unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, your device and component serial numbers, your login information, browser type and version, time zone setting, browser plug in types and versions, operating systems, mobile network information and platform and details of any referring website or application; and

   o information about your visit to the COMO Group Websites including full Uniform Resource Locators (URL), clickstream to, through and from the COMO Group Websites (including date and time), pages you viewed, page response time, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.


• Data other COMO Group members collect about you. Any information you provide to a member of the COMO Group will be shared between us (for example, when you attend one of our COMO Hotels & Resorts this information will be shared with the other COMO Hotels & Resorts).

• Data we collect from or are provided with by third parties. We may be given information about you from third parties, such as social media platforms or anyone making a booking on your behalf at one of our COMO Hotels & Resorts. We may also collect information that is publicly available, for example, when we interact with you through social media.

The provision of certain personal data by you to us (such as your name, email address, contact information, credit card and such other information as may be indicated by the COMO Group) will be compulsory or obligatory in order for the COMO Group to perform the relevant services for the identified purposes. The COMO Group may not be able to perform the relevant services for the identified purposes if you fail to supply the relevant personal data.

Where personal data of a minor is submitted by you, you confirm that you have authority to provide such data to us on behalf of that minor to enable us to process their personal data as described in this privacy statement.


HOW WE USE YOUR PERSONAL DATA AND THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

The COMO Group uses the personal data for relevant purposes where we have a legal basis to use your personal data without consent, this privacy statement fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.

Where consent is required for our use of your personal data as described above, we will request your consent. Typically, we would collect your consent by you performing an action such as ticking the appropriate consent box or otherwise communicating your consent to us (for example, by email or by you providing us with non-mandatory information), you consent to our use of that personal data as set out in this privacy statement. For example, we will only process your personal data for marketing purposes if we have your consent to do so. Please see here for further information on this


MARKETING AND YOUR CHOICES

We will, if you have given us your consent and in line with your choices, provide you with information by post, telephone, email and SMS, which may be of interest to you in respect of the COMO Group. Where you have consented to receiving our direct marketing online this means that you could be presented with our advertisements while using the COMO Group Websites or the services of our online partners. For example, if you have given us this consent we may run a Facebook advertisement campaign, which could include our advertisements being presented to you while you are on Facebook. We may also personalize the content that you see using analytical or profiling tools.

We will only provide you with marketing communications if you would like us to. You will have the opportunity to clearly set out whether you wish to receive marketing messages from us by ticking the relevant boxes.


HOW WE SHARE AND DISCLOSE YOUR PERSONAL DATA

We may share or disclose your personal data in connection with the purposes described in this privacy statement. This may include sharing your personal data with the following:


• all companies within the COMO Group for marketing, business, administrative and legal purposes (for example, payment, verification or membership awards and points);

• Facebook, Twitter or Instagram (if you use your account with them to sign up / in with us), if applicable;

• service providers, business partners, suppliers, subcontractors or agents (for example, fitness, medical and healthcare professionals providing assessments for treatments, IT services, travel planning, reservation, booking, rewards management, customer relationship management, business development and marketing support services) who perform functions such as marketing, payment, fulfilment and delivery of orders, administration and processing of payments, as well as bookings and reservations;

• professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;

• vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, carrying out research and analysis, and personalizing individual COMO Group customer experiences. We do not allow these vendors to use this information or to share it for any purpose other than to provide services on our behalf;

• government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information;

• third parties, who acquire us or substantially all of our assets, in which case your personal data (including any sensitive personal data) will be one of the transferred assets (however, we will let you know before this happens); and

• analytics and search engine providers that assist us in the improvement and optimization of the COMO Group Websites.


WHERE WE STORE YOUR PERSONAL DATA

The personal data that we collect from you may be transferred to, processed and stored, in different countries depending on the circumstances (including outside the European Economic Area).This includes any country where the COMO Group companies are located including in Singapore, Bhutan, Brunei, Macau, Malaysia, New Zealand, Hong Kong, Indonesia, Philippines, Thailand, Taiwan, Vietnam, United Kingdom, the United States and Australia, but also countries where our external service providers are based or hosting your personal data on our behalf.

Please note that your personal data may be transferred to and stored in countries which do not provide the same level of protection for personal data as under your local law. However, we will ensure that a similar degree of protection is afforded to it by ensuring that one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. To find out which countries are covered by this, please see here.

• Where there is no adequacy decision by the European Commission in respect of these countries, which means they are not deemed to provide an adequate level of protection to your personal data, we will still ensure that your personal data receives an adequate level of protection. We have therefore put in place the following measures to ensure that your personal data is treated by those third parties in a way that is consistent with EU laws on data protection:

   o EU-US Privacy Shield; and/or

   o EU standard contractual clauses.


As mentioned above, please note that the rights of governmental and law enforcement authorities to access your personal data may also differ depending on where your personal data is held.

If you would like to find out more about this, please contact us using the details set out below.


LINKS TO THIRD PARTY WEBSITES

The COMO Group Websites may contain links to other third party websites and microsites, whose privacy practices may differ from those of the COMO Group. If you submit personal data to any of those sites, your personal data is not subject to this privacy statement.

We encourage you to review the privacy policy of any site you visit. By clicking on or activating such links and leaving the COMO Group Website, the COMO Group does not exercise control over any data or any information which you give to any other entity after leaving the COMO Group Websites. Any access to such other sites or pages is entirely at your risk.


RETENTION OF PERSONAL DATA

Your personal data will only be retained for as long as it is necessary to fulfil the purposes for which it was collected as outlined in this privacy statement and for the purpose of satisfying our business (accounting and reporting) or legal requirements, but also to properly resolve disputes or to troubleshoot problems.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In addition, certain information may be stored indefinitely due to technical constraints, and will be blocked from further processing for purposes which are not mandatory by law.

Details of retention periods for different aspects of your personal data are available in the COMO Group Data Retention Policy, which you can request from us by contacting us using the contact details set out below.

If you choose to unsubscribe from our mailing list or should your access to any of your COMO Group memberships expire, your personal data will still be retained on our database to the extent permitted by law and in accordance with the COMO Group Data Retention Policy.


HOW WE STORE AND SECURE YOUR PERSONAL DATA

We are committed to taking appropriate measures designed to keep your personal data secure. Our technical and organizational procedures are designed to protect your personal data from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the Internet or any other public network can be guaranteed to be 100% secure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorized access or inadvertent disclosure.

The personal data that we hold about you will be stored either on our servers or using third party data storage providers in Singapore or if elsewhere, in compliance with applicable data protection laws.

We may post a notice on the relevant COMO Group Website, notify you by email or contact you otherwise if a security breach occurs and such breach presents a high risk to your rights and freedoms.


YOUR LEGAL RIGHTS

You have the following rights with regard to your personal data:

• Access. You have the right to access data we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

• Rectification or erasure. You have the right to request that we rectify or delete any personal data that we hold about you (unless we have the legal right to retain it). This right does not extend to non-personal data. Please note that your rights to request erasure may be limited by applicable law.

• Restriction. You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful or we no longer need to your personal data for the purposes for which we hold it.

• Data portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller if the legal basis for processing such personal data is consent.

• Object /change of preferences. You have a right to request that we stop processing your personal data where we are relying on a legitimate interest (or those of a third party). You have the right to object where we are processing your personal data for direct marketing purposes. For example, if you have given your consent to receive updates or other marketing communications, but have changed your mind, you have the ability to opt out from receiving such communications going forward by contacting us using the details provided below or by clicking the relevant link in any communications you receive.

• Complaints. If for any reason you are not happy with the way that we have handled your personal data, please see below for further information and contact us. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.

To exercise any of the rights mentioned above, please contact us using the contact details below. Where available, you may also be able to access, rectify, request the erasure, export and restrict the use of your personal data, as well as update your preferences by signing into your account and selecting “Update Profile”.

We will comply with your request to exercise the above mentioned rights, to the extent required by applicable law. However, if you ask us to stop processing your personal data in certain ways or erase your personal data, and this type of processing or data is needed to facilitate your use of the COMO Group Website or is required for us to provide you with a service (such as to manage your account), you may not be able to use the COMO Group Website or the service as you did before.

This does not include your right to object to the processing of your personal data for the purposes of direct marketing. You can exercise this right at any time without restrictions. Please allow at least 3 working days for your request to be actioned.

To protect your confidentiality and to comply with applicable data protection laws, we may need to confirm your identity before we can action your request (for example, we will respond to a request as long as the email address is identical to that you have registered with us or otherwise provided to us, we may ask for a scanned copy of your photo ID or for you to confirm details of your transaction history with us).

When contacting the Data Privacy Office (details of which you can find below), please state your name and provide valid contact details. As mentioned above, protecting your confidentiality and complying with applicable data protection laws is important to us, the COMO Group may therefore refuse to comply with any request unless it is supplied with such information as it may reasonably require to verify your identity.

We will respond to your requests within a reasonable time and in accordance with the applicable data protection laws.


COOKIES

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user and a “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity, which are also sometimes referred to as pixels and tags.

We use the following cookies:

• Strictly necessary cookies. These are cookies that are required for the operation of the COMO Group Websites. They include, for example, cookies that enable you to log into the COMO Group Websites.

• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the COMO Group Websites when they are using it. They also enable us to see how users use the COMO Group Websites. This helps us to improve the way the COMO Group Websites work.

• Functionality cookies. These are used to recognize you when you return to the COMO Group Websites. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

• Targeting cookies. These cookies record your visit to the COMO Group Websites, the pages you have visited and the links you have followed. We will use this information to make the website and the advertising displayed on it more relevant to your interests.


By clicking “agree” on the cookie consent box when you first access a COMO Group Website and by continuing to access and use such COMO Group Website you accept our use of the cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the COMO Group Website.

For more detailed information about cookies and how they can be managed and deleted, please visit www.allaboutcookies.org.


CHANGES TO THE PRIVACY STATEMENT

This privacy statement is in effect as of the date noted at the top of the statement. We may change our privacy statement from time to time. Any changes we may make to our privacy statement in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Please check back frequently to see any updates or changes to our privacy statement. By continuing to use a COMO Group Website or continuing to allow us to retain or process your personal data following any such changes to our privacy statement, you are deemed to have accepted such changes unless you expressly notify us otherwise in writing (except to the extent we are required to make such changes in accordance with applicable law). Where we need to seek updated, additional or different consents from you, we will, of course, do so.


QUERIES, COMMENTS, REQUESTS AND COMPLAINTS

If you have any questions, comments, requests or complaints about our collection, use or disclosure of personal data, or regarding this privacy statement, please contact us using the details below. Please also contact us if you would like to update or amend any of your personal data which you have provided to us or if you believe our records relating to your personal data are incorrect.

When contacting us please provide as much detail as possible in relation to your question, comment, request or complaint.

We would like to reassure you that we will take any privacy complaint seriously and such complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need (for example, your name and valid contact details, as well as proof of identity such as a scanned copy of your photo ID or details about your transactions with us). If we cannot reasonably satisfy ourselves of your identity, we may not be able to deal with your query, comment, request or complaint.


CONTACT US

Culina Pte Ltd Data Privacy Office

COMO House

6B Orange Grove Road

Singapore 258332

privacy@culina.com.sg


LANGUAGES

This privacy statement is published in the English Language (English Version) and in such other languages as set out below. In the event of any inconsistency in the terms of the privacy statement between the English Version and the other relevant versions, the terms of the privacy statement in the English Version shall prevail to the extent of such inconsistency.