Privacy Policy



Tai O Heritage Hotel (referred to herein as “Hotel”, “we”, “us”, or “our”) recognise that privacy is an important issue. This Privacy Policy informs you about our privacy policies and practices in relation to handling personal data, the type of personal data we collect, the third parties with whom we might share such information, and how you can review or change the personal data you provide to us. We are dedicated to respecting your privacy and safeguarding your personally identifiable information (“personal data”).


Providing your personal data to us is voluntary, however if you do not provide this information we may not be able to provide you with the products, services or information you have requested.


When disclosing personal data to us, please ensure that the data you provide is complete and accurate. You will notify us immediately of any changes to relevant personal data so that we can update our records. To the extent permitted by law, we may take any action with respect to your personal data that we deem necessary or appropriate if we believe that it may cause us, or any third party, to suffer any loss, liability or damage.


You agree that where you submit to us personal data relating to third parties, you will have their consent to submit and process such data for a specified purpose(s) and that you will be responsible for any claim they may have that their information has been misappropriated from them or provided to us without their consent. We may contact the third party to confirm their consent to the relevant purpose(s) for processing their personal data.


This Privacy Policy applies to our collection of personal data through various means such as via our website or by our documents and communications, to the fullest extent where applicable. Additional information about the terms of use of our website and the use of materials you submit to us through our website is available in our Site Usage Agreement. Please click here for further information.


Our website and on-line services are not intended for use by minors and children and we request them not to provide personal data to us on any of our website unless with the permission of their parent or guardian.




The information including personal data that we collect may include but not limited to:


1. Your name, gender, date of birth, marital status, occupation;
2. Your contact information such as telephone numbers, mailing addresses, e-mail addresses and fax numbers;
3. Your credit card or relevant payment information;
4. Your passport information including passport number, nationality, and a copy of your physical passport;
5. Booking and billing data that may be generated at the time you make an online booking via our website, or a third party partner website;
6. Your responses to market surveys and contests conducted by us or on our behalf.




Making Reservations:

When you make a reservation or purchase hotel accommodation, Hotel’s reservation system will request your name and address along with other information which personally identifies you to assist with your reservation and stay such as credit card information including its number and related details, date of arrival/departure, membership number (if any), and room preferences. We need to process your personal data in this way in order to perform our contractual obligations to you in relation to products and services you have requested, and to process your registration at our Hotel.


We also collect personal data in relation to the following services:-


Sweepstakes and Contests:

On occasion, we conduct sweepstakes and contests that offer the opportunity to win prizes. Each sweepstake has its own activity’s terms and conditions for your acceptance. Some sweepstakes require you to choose to enter and for others you will be entered automatically if certain conditions are met (e.g., making a reservation with a certain credit card). As part of entering a sweepstake, certain personal data such as name, credit card details and email address may be required. From time to time we may partner with other companies mentioned below to provide co-sponsored or co-branded promotions, products and services and may share your personal data with our co-sponsor. If you enter one of these sweepstakes or contests, you shall accept their related terms and conditions and we may share your personal data with our co-sponsor or the third party sponsor. We need to process your personal data in this way in order to perform our contractual obligations to you in relation to a sweepstake or contest. If you do not accept their related terms and conditions, we will not be able to offer these opportunities to you.


Contacting Us by E-mail with Questions or Comments:

When you send us an email or message us on our site, we may retain information such as the content (including any follow up questions you may have), your email address, and our response. We may use this information, for example, to measure how effectively we address customer concerns online, to personalise your experience, and to continuously improve our service to you. It is in our legitimate interest to process your personal data in this way, as it allows us to deliver the type of content and product offerings in which you are most interested, to better understand and meet your needs, and to enhance our relationship with you. It also enables us to maintain high levels of customer service and responsiveness.


Direct Marketing:

We intend to use your contact information (such as name, email address and phone number) to send marketing materials or make appropriate promotional offers to you.  The marketing or promotional materials may cover the following: (i) hotel and hospitality; (ii) catering, food and beverage; (iii) leisure and entertainment; and (iv) any products, services or facilities which we think may be of interest to you.  We may share your contact information with our marketing service providers to send marketing or promotional materials on our behalf.


We will only use your contact information for direct marketing or promotional purposes if you have provided your consent (or your indication of no objection) for us to do so. We will not send such messages to you if you have unsubscribed from receiving these messages (please see “Your Rights” below for further information).


Electronic Postcards and Forwarding to Friends:

From time to time, our website may offer a feature that allows you to send an electronic postcard or otherwise share a message with a friend. If you choose to do so, we will ask you for your name and e-mail address, and the recipient’s name and e-mail address, along with the text of any message you choose to include. It is in our legitimate interest to process personal data in this way in order to offer this type of interactive feature on our website, and thereby improve the overall appeal of our website to customers.


Online Surveys:

Occasionally, we may conduct online surveys of our services performance or heritage conservation activities. Your participation in these surveys is voluntary. Information collected by us when you participate in a survey may include name, street address and e-mail address.  



If you choose to apply for employment online, you will be required to provide your name, correspondence address, telephone number, email address, education background and employment history. You will also be asked to provide other relevant information for such purpose, e.g. to attach your resume to our electronic form. You will be asked to provide your email address if you choose to be notified of any future openings. It is in our legitimate interests to process personal data of online employment applications at the request of a data subject seeking to obtain employment (prior to the agreement of an employment contract) and to assess the suitability of the data subject for the opening.


Aggregating Website Data:

We aggregate statistics, responses to any surveys and questionnaires, traffic patterns and related site information and disclose such aggregate data to third parties for marketing, advertising or other promotional purposes but such aggregate data will not include any personal data. To enable us to monitor and improve our website, we gather and record on our servers certain aggregated information about you when you use it, including without limitation, details of your operating system, browser version, domain name and IP address, the URL you came from and go to and the parts of our website you visit. Such information is primarily used to provide you with an enhanced online experience. To the extent that such data is not fully anonymised and continues to constitute personal data, it is necessary for our legitimate interests to process this data in order to monitor and enhance our website offering, and ensure the website is functional and user-friendly.


Legal Grounds:

We will use and disclose your personal data when we believe in good faith that such disclosure is required by law, regulations, order or notice issued by a competent authority or is necessary or desirable to investigate or protect against harmful activities to guests, visitors, employees or others or to property (including this website) or to protect or enforce our rights under the contract or otherwise with you.




In the course of our operation and providing products and services to you, we may disclose the personal data that you voluntarily share with us to the following third parties:


1. Hong Kong Heritage Conservation Foundation, and related government departments participating in the Hotel’s “Revitalising Historic Buildings Through Partnership Scheme” project;

2. our business partners (“Partner Companies”) who may offer goods or services or information in relation to our operation (including hotels, travel, leisure and entertainment, food and beverage, conferencing, transportation, banking, telecommunication, insurance, and other consumer products and services);

3. agents, contractors, sub-contractors or third party service providers (including the company provide the system for running the programme or provide administrative, telecommunication, computer or other services to us in connection with our operation), and/or

4. other third parties who may offer goods or services or information we think may be of interest to you, to provide services and products, process reservations and other transactions you request and to provide you with customer service.


We also rely on third party service providers to help us deliver products and services and programmes, offer products and services, and provide services in connection with our website including communicating news and delivering promotional materials via e-mail and direct mail and administering sweepstakes and surveys.


Except as detailed in this Privacy Policy or Personal Information Collection Statement, Tai O Heritage Hotel will not disclose personal data to third parties without your consent.




In most instances personal data is processed in the territory where the hotel is located. Personal data may also be transferred to, and stored at, another jurisdiction outside Hong Kong. We will take steps that are reasonably necessary to ensure that your personal data is treated in accordance with applicable data protection laws, including, where relevant, entering into EU standard contractual clauses (or equivalent measures) with the party receiving the personal data.




If you enter or choose to leave our website via links to other non-Tai O Heritage Hotel sites, your visits to those sites are not covered by this Privacy Policy. We do not control and shall not be responsible for the collection of personal data by third party websites and these websites may have their own privacy practices. We accept no responsibility or liability for third party websites’ practices and policies. You should contact the relevant website administrator or web master directly to ask questions about their privacy practices and policies.




All internet users accept that there is an element of inherent security risk when dealing online over the internet, and we cannot guarantee the security of any personal data you disclose online. You accept the inherent security implications of dealing online over the Internet and will not hold us responsible for any breach of security unless we have been negligent and then only to the limits set out in the Site Usage Agreement. Nevertheless, we take reasonable steps and use appropriate technical and organisational measures to ensure appropriate security of the personal data we hold, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.


We will only retain your personal data for as long as is necessary for the purposes for which that personal data was collected or processed and to the extent permitted by applicable laws. When we no longer need to use your personal data, we will remove it from our systems/records or take steps to anonymise such information so that you can no longer be identified from it (unless we need to keep your personal data for a longer period to comply with legal or regulatory obligations to which we are subject).




Under the Hong Kong Personal Data (Privacy) Ordinance, you are entitled to access and make changes to any personal data relating to your profile held in our database. You should update the personal data held by us whenever there is a change.


If you want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your personal data is handled by us, you may contact:


Tai O Heritage Hotel

Shek Tsai Po Street, Tai O, Lantau Island, Hong Kong

Email: info@taioheritagehotel.com


We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws within a reasonable time, and at least within one month. We reserve the right to charge a reasonable fee for the processing of any such access request. As indicated above, all requests for access to your personal information must be submitted in writing. When communicating your request, please be sure to include your full name, address and telephone number so we can ascertain your identity, and specify clearly the type of enquiry and the original source of data collection. We may ask you to verify your identity in order to help us respond efficiently to your request.


In addition, in some circumstances based on applicable data protection laws, you may request that we cease sharing personal data about you with our business partners or that Tai O Heritage Hotel cease using personal data about you on the grounds that such personal data was acquired by unjust means or used in violation of law by sending your written request to our Data Protection Officer at email: info@taioheritagehotel.com. We will seek to honour those requests consistently with applicable data protection laws.


Personal Data Received from EU


For individuals in EU (“European Union”) from whom we collect personal data on our website, under applicable data protection laws (to the extent they apply to our website and to you) you shall have the following rights:


Access: You have the right to request a copy of the personal data we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information.


Rectification: You have the right to have incomplete or inaccurate personal data that we process about you corrected. Please note that you can always make certain adjustments to certain personal data directly through your online account.


Deletion: You have the right to request that we delete personal data that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.


Restriction: You have the right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.


Portability: You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.


Withdrawing Consent: If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.


Objection: Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.


Complaint: You have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. Please click here for a list of local data protection authorities in the other EEA countries.




We may automatically track and collect your IP address, domain server, the type of computer and type of web browser you are using and use “cookies” to (i) customise website content specific to your interests, (ii) ensure that you do not see the same advertisement repeatedly, (iii) store your password so you do not have to re-enter it each time you use the sites and (iv) improve and update the websites. Some of the websites operated on our behalf are hosted and managed by other companies which may also track and collect this information using cookies.


“Cookies” are small pieces of electronic information (specifically, a string of text) that your browser and your operating system store on your hard drive for record-keeping purposes. Cookies can store a user’s ID and password, personalise home pages, identify which parts of a site have been visited and / or keep track of previous website use, selections or purchases.


We will only use certain cookies if you have provided consent for us to do so the first time you visit our website (we may ask you to provide consent again in future).


At any time, you can choose whether to accept or deny cookies; your browser on your computer is often initially set to accept cookies. However, you can choose to deny cookies and continue browsing the sites.


You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
Essential website cookies:
These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.
Performance and functionality cookies:
These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality (like videos) may become unavailable.
Analytics and customisation cookies:
These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customize our Websites for you.
Advertising cookies:
These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Content Management cookies:
These cookies that used for the content management server of the Website to provide the traffic statistic to help us customize our Websites for you.


Cookie Name Purpose More information
Essential website SERVERID This cookie is used to assign the visitor to a specific server – this function is necessary for the functionality of the website Server Expires in session
Analytics and customerisation _ga It records a particular ID used to come up with data about website usage by the user. Google analytics View Service Privacy Policy Expires after 2 years
Analytics and customerisation _ga_# Used to distinguish individual users by means of designation of a randomly generated number as client identifier, which allows calculation of visits and sessions. Google analytics View Service Privacy Policy Expires after 2 years
Analytics and customerisation _gat Used to throttle request rate Google analytics View Service Privacy Policy Expires after 2 years
Analytics and customerisation _gid Keeps an entry of unique ID which is then used to come up with statistical data on website usage by visitors. It is a HTTP cookie type and expires after a browsing session. Google analytics View Service Privacy Policy Expires after 2 years


Most cookies (other than essential cookies) will expire within two years.




In the future, we may make changes to this Privacy Policy. The revised Privacy Policy will be dated and be displayed via a pop-up link on this website, and we will take any further action as required under applicable law, for example, obtaining your consent where we seek to process your personal data for a new purpose(s).


If you wish to opt out of receiving email communications from us, please click the “unsubscribe” link in each email you receive from us. Alternatively, and/or for any questions or concerns about this Privacy Policy, you may contact us at:


Tai O Heritage Hotel
Shek Tsai Po Street, Tai O, Lantau Island, Hong Kong

Email: info@taioheritagehotel.com


This Privacy Policy is written in the English language and may be translated into other languages. The English version shall prevail over the translated version in case of any consistency.


Effective Date: 1 Nov 2023