Strategic Hospitality Resources
Privacy Policy

Introduction

Privacy is imperative to Strategic Hospitality Resources (“SHR Group” or “we”). This Privacy Policy describes SHR Group’s web site and services (collectively, the “Service”). SHR Group (“SHR Group,” “we,” “us,” or “our”) and its wholly owned subsidiaries complies with the EU-US, the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, Personal Information Protection and Electronic Documents Act (“PIPEDA”) of Canada, General Data Protection Regulation (GDPR) of EU for use, and retention of personal information transferred from the Swiss and the European Union or Canada to the United States. Additionally, SHR Group has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (Privacy Shield active participant)

If you have questions, concerns, or believe there is an enforcement breech in regard to this Privacy Policy, you should contact our Privacy Officer at Stabrizi@shr.global.

Information Collection and Use

We collect the following personally identifiable information about our users: name, e-mail address, corporate web address, telephone number, business address, preferred means of communication, and other information voluntarily provided. This personally identifiable information is typically provided when users register for online services, subscriptions, communications, surveys, or to request information. We also collect information about users regarding web pages accessed, traffic patterns and site usage.

Cookies

Cookies are information components stored on your hard drive containing information about you. These pieces of information allow the Service to remember important information that will make your use of the Service more useful. You can choose to reject or turn off the cookies through your browser settings. If you reject or turn off the cookies, you may still use the Service.

Log Files

We use IP addresses to analyze trends, administer the Service, track users’ movements, and gather demographic information.

How We Use the Information We Collect About You

We, our service providers and our vendors may use any information collected by users: to operate the Service; to effect users’ transactions; to provide better services, products and opportunities to users; to notify users about services and opportunities that may be of interest to such users; to create and share reports about users’ transactions; and for other marketing purposes. We may also share your personally identifiable information with other third parties, including our business partners in order to continue to provide our services to you and only if business needs require it.

Email Confidentiality Policy

We have created this email Privacy Policy to demonstrate our firm commitment to your privacy and the protection of your information. The information in our e-mail and any attachment(s) is confidential and for the use of the addressee(s) only. If you received a mailing from us, (a) your email address is either listed with us as someone who has expressly shared this address for the purpose of receiving information in the future (“opt-in”), or (b) you have registered or purchased or otherwise have an existing relationship with us. We respect your time and attention by controlling the frequency of our mailings. We value your privacy, and we use security measures to protect against the loss, misuse and alteration of data used by our system. To unsubscribe or manage email communication preferences, visit the bottom of any email from SHR Group and click ‘Unsubscribe’ and/or ‘Manage Preferences’.

Minors

Minors (individuals below the age of 18) are not eligible to use the Service and no portion of the Service is directed towards minors. We do not knowingly solicit any information about minors or market to minors.

Disclosure Required by Law

We cooperate with law enforcement agencies in identifying those who use the Service for illegal activities. Therefore, we respond to subpoenas, warrants or other court orders regarding information concerning any users. We will, at our discretion, disclose information if we believe that we are required to do so by law, that such disclosure is necessary to protect us from legal liability or that we should do so to protect the integrity of the Service.

General Data Protection Regulation (GDPR)

As a leading Hospitality Resource platform and services provider, SHR Group, Strategy Hospitality Resources, has made the security and protection of your data a top priority by using state-of-the-art physical, technological, and procedural security safeguards.

The cornerstone to our platform is a rigorous security system that we—and by extension, you—can trust. We employ multiple safeguards and security protocols that are trusted in the industry with the singular goal of ensuring your data are protected.

We use multiple security measures, such as firewalls, Encryption, IDS/IPS, Physical/Logical security and Regular Security Audits (to name a few) to safeguard the confidentiality of our users’ personally identifiable information. Information we collect about our users is stored on secured servers.

If you should have any questions about the security of the Services or SHR Group environment, please inquire by sending an e-mail to GDPR@shr.global.

Resolution of Complaints

In compliance with the Privacy Shield principles, SHR Group commits to the resolution of complaints and our collection or use of your Information. We have also committed to resolve any complaints pursuant to the Privacy Shield Privacy Principles by European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SHR Group at: GDPR@shr.global.

SHR Group has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to the unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Correction/Updating Personally Identifiable Information

You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personally identifiable information, or if you no longer desire SHR Group’s services, we will endeavor to provide a way to correct, update or remove the data you provided to us. Please note that any such communication must be in writing by sending an e-mail to GDPR@shr.global. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.

Your Consent; Notification of Changes

By using the Service, you consent to SHR Group’s collection and use of the information described in this Privacy Policy. If we decide to change this Privacy Policy, we will post those changes via our homepage so our users are aware of what information we collect, how we use it, and under what circumstances we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify you by way of an e-mail. Please check this policy from time to time to make sure that you are aware of our latest Privacy Policy.

SHR Group’s full Standard Operating Procedure (SOP) for GDPR can be provided upon request by emailing GDPR@shr.global.

PCI-DSS

SHR Group being responsible for the security of cardholder data that it possesses, or otherwise stores, processes, or transmits on behalf of our clients, or to the extent that SHR Group could impact the security of the customer’s cardholder data environment; it will maintain the necessary technical and organizational measures needed to protect the security and availability of any Data created, collected, received or otherwise obtained to provide SHR Group services.

In particular, these technical and organizational measures control access to the premises where Data are Processed (physical access control), access to the IT systems via which Data are Processed (system access control), access to the Data themselves (data access control), the disclosure of the Data to other parties (data transfer control), when and how the Data are entered or modified (entry control), how subcontractors process Data (control of instructions), the availability of the Data (availability control), and the separate processing of the Data from other data, including other personal data (separation control).

All SHR Group client’s user accounts that provide access to cardholder data complies with all the requirements described by the PCI DSS V 3.2.1 guidelines, as well as comply with any future requirements or documents released by the PCI council as it applies to SHR Group and our clients’ environment.

A copy of SHR Group’s Attestation of Compliance (AOC) for PCI-DSS can be provided upon request by emailing Stabrizi@shr.global.

Privacy Shield Certification

SHR Group is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Additionally, SHR Group complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. SHR Group has certified to the Department of Commerce that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield, and to view SHR Group’s certification, please visit https://www.privacyshield.gov.

However, it is important to note that the Platform and its servers are operated in the United States and elsewhere. If you are located outside of the United States, please be aware your personal information will be transferred to, processed, and used in the United States and elsewhere. By using the Platform, you affirmatively consent to such transfer, processing, and use of your Personal Information in accordance with the EU-US Privacy Shield, the Swiss-US Privacy Shield, and this Privacy Policy. SHR Group accepts full accountability and responsibility for the protection of your Personal Information, according to the applicable privacy legislation and this Privacy Policy, during the course of these onward transfers to third parties.

SHR Group, as the processor of data for our clients/hotels (Processor of data according to GDPR), does collect Personally Identifiable Information (PII) during the room reservation process. However, the PII data collected is not shared with any other organization outside of the specific hotels that have taken the reservation, as they are the owners of the data (controllers of data according to GDPR).

SHR Group’s active membership can be viewed at Privacy Shield Active member list.

Personal Information Protection and Electronic Documents Act (PIPEDA)

SHR Group complies with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). PIPEDA sets out rules for the collection, use and disclosure of personal information in the course of commercial activity as defined in the Act.

SHR Group fully complies with the 10 principles of PIPEDA which are Accountability, Identifying Purposes, Consent, Limiting collection, Limiting Use Disclosure and Retention, Accuracy, Safeguards, Openness, Individual Access, Provide Recourse.

Complaints/Questions

Any questions or concern about SHR Group’s personal information handling practices may be directed to the Privacy Officer. Requests for access to information, or to make a complaint, are to be made in writing (via letter or email) and sent to the Privacy Officer at the address;

Privacy Officer

1334 Brittmoore
Suite 2410
Houston, TX 77043
Toll Free: +1 800 252 0522
or
Email address: PIPEDA@shr.global

If the hotel client is dissatisfied with the finding and corresponding action taken by SHR Group’s Privacy Officer, the hotel client may bring a complaint to the Federal Privacy Commissioner at the address below:

The Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario K1A 1H3
Toll Free +1 800 282 1376
Email: notification@priv.gc.ca
Website:  www.priv.gc.ca

SHR Group’s full Standard Operating Procedure (SOP) for PIPEDA can be provided upon request by emailing PIPEDA@shr.global.

Last Updated August 9th, 2022.