The Highest Standards of Data Governance
TLC DigiTech Private Limited (Formerly, TLC Relationship Management Private Limited) which includes group companies and their affiliates Goodtimes Marketing Pvt. Ltd, SLS Software Pvt. Ltd, TLC EMarketing Pvt. Ltd, TLC International Limited, Nairobi Kenya and TLC International W.L.L. Bahrain (hereinafter referred to as “TLC”), recognizes that privacy is important to its customers. We are transparent about how we collect, store, use and disclose data and make it easier for you (the “User”) to understand and exercise choices available to you in this regard.
• Through the software applications made available by us for use on or through computers and mobile devices (the “Apps”)
• Through e-mail messages, online directories, public databases and digital campaigns including on third party sites through Google, affiliate marketing, blogs, influencers, forums, internet search etc. that we use and through your communications with us (collectively, our “Digital Campaigns”)
• Through our various offline interactions including voice, print, direct at client sites - hotels, restaurants, RWAs, corporate presentations, events, retail malls, airports, public directories and others
• Whenever you enroll, use and access services linked to the membership programs we manage
• Whenever you enroll, use, access or subscribe to the products/services/experiences linked to our technology products or services including, ‘Memberships & Subscriptions’, ‘Table Reservations & Feedback’, ‘Experience Vouchers & Gifting’ and ‘Delivery & Takeaway’, through Websites and Apps owned and/or operated by us or software applications made available by us (collectively, our “Tech Products” and such websites and Apps, the “Tech Platforms”)
• Through inbound and outbound voice calls and customer services, emails, messages and all other form of communication received from you including details of references for memberships and your family details
• Data received through our business partners and third parties
• Any other data received from Internet Connect Devices.
If you fail to provide certain information when requested or withdraw the consent of use of your Personal Data or provide us incomplete or inaccurate information, we may not be able to perform the contract we or our partners/clients have entered into with you, and we may also be prevented from complying with our own legal obligations.
IDENTIFICATION: WHO WE ARE & WHAT WE DO
NAME OF THE COMPANY: TLC DigiTech Private Limited (Formerly TLC Relationship Management Private Limited)
REGISTERED OFFICE: 501, Salcon Aurum, Jasola District Centre, New Delhi-110 025, India
EMAIL: [email protected]
DATA PRIVACY OFFICER (DPO): Abdul Majid, Contact: [email protected]
TLC is in the business of inter alia, marketing and managing loyalty memberships for its clients and partners and providing other technology solutions (such as food delivery, table reservations, experience vouchers, etc.) through its Tech Products and Tech Platforms to its clients, customers and partners in the hospitality industry. Details of its various services and clients are available on www.tlcgroup.com. It has its own proprietary software, Tech Platforms and Apps to provide such products and services to its clients, customers and partners.
The information provided by User to TLC can be shared with the hotels, hotel companies, restaurant partners, and/or similar businesses or third parties whose products, services and/or membership programs are offered to you, each in relation to and for the purpose of facilitating fulfilment of the commitments made to you by the hotel, hotel companies, restaurant partners and/or similar businesses.
You have the right to withdraw your consent at any time while utilizing the Tech Platforms, Tech Products and/or any other Services. In case you decide to withdraw your consent or request your data to be erased from our system, at any time while utilizing our Tech Platforms, Tech Products and/or other Services, you should e-mail us at [email protected], following which we will delete all your Personal Data from our systems subject to any mandatory retention requirements under applicable laws, and have the right to stop providing you the Services for which the said information was sought.
2. Nature of Data: Personal Information/Data
(i) Your full name and contact information
(ii) Date of birth
(v) Date of anniversary
(vi) Company / work details and GSTIN number
(vii) Spouse name, date of birth, and contact details (email and mobile)
(viii) User ID codes or Activation codes provided by us or changed by you
(ix) Geolocation data
(x) Membership program use and transaction information, including your dining details, food preferences, use of facilities like spa, pool and health club, the hotels where you have stayed, date of arrival and departure and related spend details
(xi) Goods and services purchased, special requests made, your service preferences, dining/food preferences
(xii) Your credit card, mobile payment and other payment details provided while making payments
(xiii) Any information necessary to fulfill special requests including under the membership program (for example, dining, leisure, travel and stay preferences)
(xiv) Your membership details
(xv) Your reviews, feedback and opinions about our programs and services
(xvi) Social media account ID, profile photo and other social media data publicly available, or data made available by linking your social media details and the loyalty membership and/or TLC accounts
(xvii) Data about family members and companions, such as names and ages of children
(xviii) Data provided by you of friends and family to be referred to our products and services, typically name, mobile number and email
(xix) Any other Personal Data you choose to provide to us
3. Sensitive Personal Data That We Do Not Collect
TLC as a matter of policy never seeks, collects, processes or retains any of the Special Categories of Personal Data as mentioned in the EU General Data Protection Regulation, which are data/information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
TLC also as a matter of policy never seeks, collects, processes or retains any of the sensitive personal data or information as defined under the applicable Indian Laws. Sensitive personal data or information of a person under Indian Information Technology law means such personal information which consists of information relating to;— (i) password; (ii) financial information such as bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
For the purpose of clarification, credit or debit card data or any financial information received by us to enable a transaction, example purchase of a membership program or to guarantee a reservation is used only for that transaction and is never stored by us. Further, if an activation code for a membership program is sent by us and converted into a changed password by the member, then that will be stored with us for the purpose of facilitating the access of the membership to that member. Activation codes and passwords are encrypted and collection of credit / debit card data follow PCI DSS certification.
4. How We Collect Personal Data
TLC collects Personal Data in a variety of ways:
(i) Online Services - We collect Personal Data when you sign up on our Tech Platforms, use our Tech Products or other Online Services or purchase a membership or a subscription, make a reservation, purchase goods and services from our Websites or Apps, communicate with us, or otherwise connect with us or engage with our Social Media Pages and Digital Campaigns, or sign up for a newsletter or participate in a survey, contest or promotional offer. We also collect data from publicly listed profiles on social media and through Internet search.
(ii) Offline Interactions - We collect Personal Data when you visit our client’s/partner’s properties or use on-property services and outlets, such as restaurants, concierge services, health clubs, child care services, and spas. We also collect Personal Data from public directories, when you attend presentations, promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.
(iii) Program Centers - We collect Personal Data when we communicate with you over the phone or email or chat (for example- App chat, WhatsApp, Facebook Messenger and others) for service related and promotional calls, or you communicate with us to place an order, make a reservation, communicate with us by email, fax or via online chat services or contact customer service. These communications, including voice calls may be recorded for purposes of quality assurance and training.
(iv) Enrolment on Membership Programs - We collect personal details as described above in Clause 2 when you enroll in a membership program with us.
(v) Strategic Business Partners - We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your experiences at our client/partner properties or that we believe will be of interest to you (“Strategic Business Partners''). Examples of Strategic Business Partners include credit card companies and other financial institutions, on-property outlets, travel and tour partners, timeshare partners, rental car providers, other membership programs, airlines and travel and dining booking and discovery platforms. Strategic Business Partners are independent from the TLC Group. Any information we collect from a Strategic Business Partner will depend on the privacy settings you have with that entity and we are not responsible or liable for: (i) the availability or accuracy of such information; and (ii) the content, products or services of such entity.
(vi) Other Sources - We may collect other Personal Data and/or Non-Personal Data from other sources, such as public databases, joint marketing partners, member referrals, internet search and other third parties. The information that we collect as a part of the Referral Program is used only for the purpose of marketing our products and services. We store the received referral details only if the referral shows interest and allows us to send further communication upon being contacted. If the referral opts out of receiving communication from us, we erase his / her data at the first instance.
(vii) Physical & Mobile Location Based Services - We collect Personal Data if you download one of our Apps or choose to participate in certain programs. For example, we may collect the precise physical location of your device by using satellite, cell phone tower, Wi-Fi signals, or other technologies. We will collect this data if you opt in through the App or other program (either during your initial login or later) to receive the special offers and to enable location-driven capabilities on your mobile device. If you have opted-in, the App or other program will continue to collect location data when you are in or near a participating property until you log off or close application (i.e., the App or other program will collect this data if it is running in the background) or if you use your phone’s or other device’s setting to disable location capabilities for the TLC group Apps or other program.
5. What Do We Do With The Data We Collect & How Long We Keep It
TLC collects your data, including Personal Data, to fulfill its obligations to its clients, customers and partners. TLC uses the Personal Data collected to acquire new customers and/or members and personalize and customize their loyalty membership programs and other user experiences and for enhancing the overall customer experience through life cycle management. The contact details are primarily used for passing on all kinds of information related to the User account or the membership account and it includes notifications, benefits, new offers, discounts, special packages and deals, renewals, post renewal offers, lapsed membership communication etc. that you are eligible to. We may contact you for administrative purposes, such as confirming a transaction you may have made, informing you of your account status, informing you of important product/service-related changes, or inviting you to reconsider your privacy preferences. We further use the Personal Data of a User and their family members (wherever applicable) to offer special services on their birthday, anniversary, etc. We further use the information provided by the Users pertaining to preferences/likings and interests to tailor-make and customize our offerings accordingly. Depending on the User’s request, the Personal Data collected will be processed by TLC in accordance with the following purposes:
(i) To inform you about products, services or membership programs you may be interested in
(ii) To manage our contractual relationship with you when you are a member under a loyalty membership program with us or a user of our Tech Platforms, Tech Products and other Services, because we have a legitimate interest to do so and/or to comply with a contractual or legal obligation
(iii) To manage and facilitate the deliveries, bookings and reservations made (including ones made in advance), confirmations or pre-arrival messages
(iv) To personalize the products and services according to your preferences
(v) To manage subscription to the newsletter and subsequent sending of the newsletters
(vi) To communicate with you about goods and services according to your personal preferences
(vii) To manage the user’s contact requests with TLC through the channels provided to this end
(viii) To manage surveys and/or evaluations regarding the quality of the services provided by TLC and/or the perception of its image as a company
We keep your Personal Data until the fulfillment of the purpose for which it was collected subject to any mandatory retention requirements under applicable laws. This means that we will keep your information for as long as you continue to be a User of our Services or our platforms or a member with any of our programs for fulfillment of the legal and contractual obligations entered into by you.
In case you cease to be a member or a User, we will retain your details for a further period of 36 months post expiration of the membership or your last transaction with us or deletion of your User account. This information would also help us communicate to you any new benefits, coupons, discounts, etc. that you may receive upon renewal of a hotel membership or renewal of your User account with us as well as allow you to easily rejoin when you wish to, within that period. Please note that you can always choose to opt-out from receiving such communications and also raise a request for removal of your information/data post expiry of your membership or deletion of your account by a click-through on each email you receive from us.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, disclose it to unrelated third parties or there is a change in our policies, we will notify you and we will explain the legal basis which allows us to do so.
6. Collection of Other Data
(i) Our web server collects the following access log information: click-stream data and HTTP protocol elements and also access logs containing this information. Further, our Apps also collect pixel data of Users. The data may be used by us and our agents for the following purposes
(a) Website and system administration
(b) Research and development
(ii) To administer our Apps, Websites, Tech Platforms and for our Email campaigns, we track and analyze anonymous usage and volume statistical information from our visitors and members. All data collected are owned and used solely by us and on behalf of our marketing partner. Such information is shared externally only on an anonymous, aggregated basis.
(iii) We use clear gifs, also known as "Web beacons": tiny graphics, with a unique identifier that help us to improve the visitor experience, to manage our site content, and to track visitor behavior.
(iv) In the event of registration and/or access through a third party account, TLC may collect and access certain information of the User’s profile from the corresponding social network solely for internal administrative purposes and/or for the purposes indicated above.
(v) User Information: We collect the following user information: unique identifiers which may be used for
(a) completion and support of the current activity
(b) anonymous user analysis
(c) anonymous user profiling and decision making
(d) contacting visitors for the marketing of services or products (the user may opt out of this usage)
(vi) Such data is classified as “Non-Personal Data”, a type of data that generally does not reveal your specific identity or does not directly relate to an individual. To the extent non-personal data reveals your specific identity or relates to an individual, we will treat non-personal data as Personal Data. Other non-personal data mainly includes:
(a) Browser and device data
(b) App usage data
(c) Data collected through cookies, pixel tags and other technologies
(d) Demographic data and aggregated data
(e) Your IP address
(f) Google and Adobe analytics
(viii) You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Tracking Preferences” located at the bottom of our home page. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs. At this time, we do not respond to browser “Do-Not-Track” signals.
This non-personal data can help us, for example, in controlling access to certain content on our site and in alerting users to new site content and services. This information is shared externally only:
(i) in anonymous, aggregated form for generalized user analysis, or
(ii) to review whether users qualify for additional benefits, or
(iii) to enable us to send emails to you on our behalf.
7. Links to Third Party Sites
We may provide links to third-party websites which are not controlled or operated by us. Please be aware that we do not control and are not responsible for the information collection practices of such third-party websites that may differ from those of our Websites and Apps. We are not responsible for and have no control over the practices and content of such websites accessed using the links contained in our Online Services /Tech Platforms. We encourage you to review and understand the privacy policies of these other websites before accessing and providing any information to them.
Further, any information you choose to directly share with a hotel, hotel company, restaurant partner and/or similar businesses or their respective employees or affiliates (for instance when you make a reservation and pay at the restaurant or avail certain services at a hotel) may be used by the hotel/restaurant for their own purposes. We do not control the privacy practices or policies of our partners and clients.
8. Rights if Data Subjects: Information Access, Change and/or Deletion
You have a right to access, rectify, restrict, suppress, update, and/or erase any or all of the Personal Data you submit to us by contacting us at [email protected]. If you would like to receive an electronic copy of your Personal Data for purposes of reviewing or transmitting it to another company (to the extent this right to data portability is provided to you by law) you can contact us at [email protected]. Individuals are informed, in writing, of the reason a request for access or correction of their Personal Data was denied, the source of TLC’s legal right to deny such access, and the individual’s right, if any, to challenge such denial. You can unsubscribe from receiving our emails by a click through on each email. You may also unsubscribe from mailing lists or any registrations on the Websites and Apps. To do so, please follow the instructions on the page of the email.
However, we may disclose your information, including Personal Data, if we believe it is necessary to protect the property and/or rights of TLC, you, or a third party, to protect the safety of the public or any person, in the event of a legal dispute, or to prevent or stop an activity we believe may pose a risk of being illegal, unethical or in violation of the terms of service. In case of such an event, the right to have the Personal Data rectified or erased may also stand suspended. However, you would still be able to view your Personal Data.
9. Security Measures
TLC has implemented generally accepted standards of technology and operational security to protect Personal Data from loss, misuse, alteration, or destruction. Only authorized TLC personnel have access to the Personal Data, and these employees are required to treat this information as confidential. TLC also has an ISO:27701 and ISO: 27001 certification in relation to data security and governance.
We maintain appropriate physical, technological, and organizational safeguards to protect your Personal Data against loss, misuse, unauthorized access or disclosure, alteration and destruction. Only authorized personnel of TLC have access to member/User accounts and details. Although we use reasonable measures to protect your Personal Data, it is important that you understand that no website or database is completely secure or "hacker proof". If you believe the security of your account has been breached, please contact us immediately at [email protected] and [email protected]. Complaints and other disputes are escalated until they are resolved and a resolution is communicated to the individual in writing within a reasonable frame of time.
Our security procedures mean that we may occasionally request proof of identity before we disclose your Personal Data to you.
10. Transfer & Sharing of Information
Personal Data collected may be transferred, from time to time, to TLC® offices or personnel or to third parties located throughout the world, and the Websites may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. TLC may store your Personal Data on the servers of Amazon Web services located in the USA, Salesforce located in India and Adobe Experience Cloud in Singapore. TLC has no control over, and is not responsible for, the performance, operation and security of such third party servers.
Cross border transfers are necessitated for providing seamless services to members/Users. For example, a member may travel outside the country of his ordinary residence and would want to avail benefits of our services abroad. To facilitate this, cross border transfer of information becomes necessary.
In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries will be entitled to access your Personal Data.
The Personal Data that TLC collects may be disclosed to:
(i) TLC group companies, for marketing and/or administrative purposes and/or for purposes indicated above.
(ii) TLC’s program partners, hotel/restaurant partners and clients, business partners, banks, retail companies and other collaborating partners of the TLC group for their own marketing purposes and fulfillment of aforementioned purposes.
(a) In some cases, we may act as data processors for hotels, hotel companies, our clients or partners or similar third parties, and in such cases, we will share your Personal Data with such third parties and take your specific consent that you agree to collection, storage, transfer and handling of your Personal Data in accordance with the respective privacy policies of such clients/partners. While we seek assurances from such third parties that they will process your information in accordance with applicable laws, we do not control their privacy practices or policies and are not responsible for how your Personal data is utilized by such parties. We encourage you to review and understand the privacy notices and policies of such clients before consenting to sharing your Personal Data.
(iii) Suppliers, vendors, Strategic Business Partners and other service providers of TLC for the adequate fulfillment of its legal obligations and/or the purposes previously indicated.
(iv) Social networking websites and applications, when you use our Services to connect with us on, or share your actions/comments/feedback in relation to our Services on, third-party social networking platforms. We cannot control the privacy or security of information you choose to make public or share with others on social-networking platforms.
11. Contact Us
If you have any questions about the Policy or our privacy practices, please write to us at [email protected].
12. Commercial & Promotional Communication: Do not Call
If you choose not to receive any promotional communications from us or from our partners/clients, we will not send you promotional messages and will not share your Personal Data with our partners/clients or other companies for marketing or advertising purposes.
In order to discontinue receiving promotional communications from us, please write to us at [email protected].
Any customer details collected on our Websites, Tech Platforms, Apps, through Social Media Pages, Digital Campaigns, emails, landing pages and other offline mediums, will allow TLC associates to, among others, call, SMS (regular and transaction related), Email, chat, send push notifications and WhatsApp the Users who have filled in their information. By dropping in details, the User explicitly allows and gives consent to TLC® and group companies to call him / her and such commercial & promotional communication would not be considered in violation of Do Not Call registration under TRAI’s Telecom Consumer Protection Regulations for such commercial & promotional communications.
13. User’s Responsibility / Declarations
(i) Guarantees that they are of legal age and are persons who can form a legally binding contract under the Indian Contract Act, 1872 and that the information furnished to TLC is true, accurate, complete and up-to-date. Any use or access of the Services by a minor i.e., a person under the age of 18 years, shall be strictly with the consent and involvement, and under supervision, of his/her parent or lawful guardian, who shall be responsible for the actions of such minor at all times. For these purposes, the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation.
(ii) Guarantees that he/she has informed third parties on whose behalf he/she has provided data, where applicable, of the aspects contained in this document. Also guarantees that he/she has obtained the third party’s authorization to provide their data to TLC for the purposes indicated.
(iii) Will be responsible for false or inaccurate information provided through the Websites and Apps and for damages, whether direct or indirect, that this may cause to TLC or third parties.
(iv) Accepts and agrees that there may be certain data that we may not allow you to review for legal, security or other reasons.
(v) In case of loyalty membership programs, when signing up for issuance of the add on card including the Spouse Card, and the add-on member accept and agree that they can seek and receive any information pertaining to the membership including any previous transactions and bookings made under the program by any of them.
Last updated: [18th August] 2023