top of page

Privacy Policy

Corporate Privacy Policy

CHROMA HOSPITALITY, INC. is committed to ensuring the protection and security of the personal information and sensitive personal information (collectively referred to herein as “personal information”) provided to us by our guests and clients. As part of our commitment, we are dedicated in promoting the culture of privacy consistent with the Republic Act No. 10173 or the Data Privacy Act of 2012, its implementing rules and regulations, related administrative issuance and other applicable laws. We at CHROMA HOSPITALITY, INC. collect and process your personal information only in strict adherence to the principles of transparency, legitimate purpose and proportionality.

Data Collection

CHROMA HOSPITALITY, INC. collects your personal information from various channels. By voluntarily providing your personal information, you confirm your understanding of and agreement with the collection and processing of your personal information in accordance with this Privacy Policy Statement.
From our online bookings and reservations channels, to our sales representatives, to our registration forms all of which are designed to collect only the necessary information we need for us to provide the best and most personalized products and services for our guests and clients.

From our online bookings and reservations channels, to our sales representatives, to our registration forms all of which are designed to collect only the necessary information we need for us to provide the best and most personalized products and services for our guests and clients.
The personal information we collect, includes but are not limited to:

1. Full name;
2. Email address;
3. Valid government-issued ID (i.e., passport, driver’s license);
4. Special Requests or Preferences (i.e., dietary requirements);
5. Country of origin;
6. Complete residential and/or mailing address;
7. Contact information (e.g. mobile number and telephone number);
8. Information relating to minor companion / child details (for CRIMZONE members);
9. Special occasion being celebrated (e.g. birthday, anniversary, etc.)
10. Other information you might find helpful or necessary for us to provide you personalized services (remarks/notes); and
11. Payment Information (Credit Cards, Debit Cards, Bank Transfers).
12. Other information necessary to provide you personalized products and services

Aside from the general purpose for the collection of personal information mentioned above, your personal information is likewise collected and processed for the following related purposes:

Process your bookings, payments and transactions with us.
To identify you and your party during the duration of your stay with us.
To ensure your safety and security during the duration of your stay with us.

Sharing and Disclosure

CHROMA HOSPITALITY, INC. shall hold your personal information in strict confidence. However, CHROMA HOSPITALITY, INC. may disclose and share your personal information as may be reasonably necessary and only for the purposes set out in this Policy to the following third-party partners:

1. Subsidiaries and/or affiliates of CHROMA HOSPITALITY, INC. within the Filinvest Group;

2. Other hotels operated under the Chroma Hospitality portfolio;

3. Third party service providers such as but not limited to:

1. Manpower services/agencies

2. 2. Information Systems providers

3. 3. Security Agencies; and

4. Contractors and Sub-contractors.

To further protect and secure all personal information, CHROMA HOSPITALITY, INC. only shares and discloses personal information to entities that observe a high standard of confidentiality and data privacy protection, in compliance with the Data Privacy Act of 2012 and such other applicable laws.

Retention

CHROMA HOSPITALITY, INC. shall keep a copy of your personal information for a maximum of two (2) years after completion of our transaction with our guests and clients, unless we believe that further retention of such personal information is necessary to any ongoing or prospective legal proceedings or as may be required to do so by law or any government agency.

Use of Cookies

Our website uses “Cookies” to identify the areas of our website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to personalize the content that you see on our website. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access the full functionality of our website.

Protection and Security Measures

CHROMA HOSPITALITY, INC. is fully committed in protecting your personal information and sensitive personal information. As such, we have taken all the necessary technical, organizational and physical measures to protect the confidentiality and security of your personal information and sensitive personal information against accidental loss or destruction, and human dangers such as misuse, unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. Towards this end, we have put in place the following safeguards:

1. Storing physical documents containing your personal information, in a secure storage facility equipped with security tools;
2. Storing and processing your personal and sensitive personal information in secure operating environments that are not accessible to the public and is only accessible by authorized personnel;
3.Disposing documents containing personal and sensitive personal information through shredding or other similar methods of disposal that would ensure the impossibility of further processing, unauthorized access or disclosure of your personal information.

Additional Measures Added to Ensure the Safety and Security of Our Quests and Staff:

As of March 2020, Chroma Hospitality Inc. has implemented additional measures to ensure the health and safety of our staff and guests. A part of these additional measures is having our guests sign a "HEALTH AND TRAVEL DECLARATION SURVEILLANCE FORM". This form requires our guests to provide us the necessary information that allows us to ensure the health and safety of our guests and staff. The information are but not limited to:

1. Travel history with inclusive dates, such as country of origin and arrival dates here in the PHILIPPINES

2. Contact or interaction with people from their originating country/ies.

3. Arrival date/time here in the PHILIPPINES (with supporting document/s)

4. Contact or interaction with people who were PUls, PUMs and/or confirmed COVID- 19 cases.

a. IF YES, contact tracing information is also mandatory.

5. Pre-existing medical conditions, signs and/or symptoms relating to COVID-19

6. Medication/s taken for those declared above.

All information collected through these forms will only be for the use of ensuring the health and safety of our guests and staff. The information will only be shared to those government agencies identified by the DEPARTMENT OF HEALTH to handle any COVID- 19 related incidents.

You may also refer to the joint memorandum circular (DOH and NPC) for the guidelines for the processing and disclosure of COVID-19 related data:

To exercise your rights as a data subject to access, modify, erase and object to processing of your personal information, you may withdraw consent hereto; and send your request for the correction or deletion of your personal information to:

Data Privacy Manager

CHROMA HOSPITALITY INC.,
DPO@CHROMAHOSPITALITY.COM

Requests for Correction and Deletion of Your Personal Information:

FILINVEST GROUP
DPO.ALABANGOCRIMSONHOTEL.COM

DATA PRIVACY NOTICE

 

DATA PRIVACY POLICY STATEMENT

Welcome to Chroma Hospitality Inc

Chroma Hospitality Inc is committed to protecting the privacy of its guests, employees, and partners, and to ensuring the safety and security of all personal data in its possession and under its control.

In compliance with Republic Act No. 10173, or the Data Privacy Act of 2012, its Implementing Rules and Regulations (IRR), and relevant issuances of the National Privacy Commission, Chroma Hospitality Inc shall collect from you, the data subject, personal data as outlined in this Data Privacy Notice. How this personal data will be collected, used, disclosed, and retained, is outlined as follows:

I DEFINITIONS

1. “Personal data” refers to all types of personal information, sensitive personal information, and privileged information under the Data Privacy Act and its IRR.

2. “Data subject” refers to an individual whose personal, sensitive personal, or privileged information is processed.

3. “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual.

4. “Sensitive personal information” refers to personal information: (i) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; (ii) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; (iii) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension, or revocation, and tax returns; and (iv) specifically established by an executive order or an act of Congress to be kept classified.

5. “Privileged information” refers to any and all forms of data or information, which under the Rules of Court and other pertinent laws constitute privileged communication.

II PRIVACY NOTICE

A. Data Collected

1. Full name, sex, nationality, birthdate, age, and civil status

2. Contact Information (e-mail, phone number, mobile number, address)

3. Payment Information and billing address

4. Identification documents (passports, airline tickets and itineraries)

5. Booking details

6. Preferences and special requests

7. For Corporate bookings: Employment details 

8. Additional information specific to special events and gatherings

9. Information relating to minor companion / child details (for CRIMZONE members)

B. Collection Method


Your Personal Data may be collected through online reservations, physical forms, our website, third-party booking platforms, or directly through our personnel.

C. Use of your Personal Data


We use your Personal Data for the following purposes:

1. To fulfill bookings, hospitality, and concierge services; 

2. To communicate with you regarding your stay;

3. To process payments and provide customer support;

4. To improve our services and customer experience;

5. To comply with regulatory, legal, or audit requirements;

6. To conduct guest satisfaction surveys and loyalty programs; and

7. To promote hotel-related offers, events, or services (subject to your consent)

D. Data Sharing


We hold your Personal Data in strict confidence. However, we may disclose and share your personal information as may be reasonably necessary and only for the purposes set out in this Policy to the following third-party partners

1. Our subsidiaries and/or affiliates within the Filinvest Group

“Affiliate” means, in relation to a party, any company, firm or legal entity which is directly or indirectly (i) owned or controlled by that party; (ii) owning or controlling that party; or (iii) owned or controlled

2. Legal and regulatory authorities as required by law

3. Partner hotels or third-party service providers bound by a Data Sharing Agreement

We ensure that any third party we share your data with comply with the Data Privacy Act of 2012 and implement appropriate safeguards. We do NOT sell or share your data for unrelated commercial purposes.

E. Storage and Transfer of Data

Your Personal data is securely stored in physical and digital formats in accordance with industry standards. We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, or disclosure. These measures include encryption, access controls, and regular security assessments

F. Retention Period

We shall keep a copy of your Personal data for a maximum of two (2) years after completion of our transaction with our guests and clients, unless we deem necessary to comply with any legal requirements or as may be required to do so by law or any government agency. After this period, your personal data will be securely deleted or anonymized.

G. Your Rights as Data Subject

As a data subject, you have the following rights in accordance with the Data Privacy Act, its IRR, and other relevant issuances:

 

1. to be informed that your personal data will be, are being, or were, collected and processed;

2. to obtain reasonable access to information relating to you that we have on our computer database and/or manual filing system;

3. to object if the personal data processing involved is based on consent or legitimate interest;

4. to suspend, withdraw, or order the blocking, removal, or destruction of your personal data;

5. to claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, considering any violation of your rights and freedoms as a data subject;

6. to file a complaint if you feel that your data privacy rights were violated;

7. to dispute and have corrected any inaccuracy or error in the data that we hold about you about you; and

8. to data portability of your personal data.

If you want to exercise any of your rights, or if you have any questions regarding the processing of your personal data, please contact our Data Privacy Officer through the following:
 

Email: dpo@chromahospitality.com
Address: 8th Floor Vector Two Building, Northgate Cyberzone Filinvest Corporate City, Muntinlupa, 1781 Metro Manila

III THIRD-PARTY WEBSITES AND PHISHING WARNING

Our Privacy Notice applies only to data collected by Chroma Hospitality Inc. External sites or booking platforms accessed via hyperlinks may have separate privacy policies and security measures.

We strongly advise you to exercise caution when clicking on links or entering your personal information on unfamiliar or suspicious websites. Chroma Hospitality Inc will never ask for your passwords, credit card information, or personal details via unsolicited emails, text messages, or pop-up links.

Beware of phishing attempts or fraudulent messages that may impersonate our company or staff. If you receive such communication, do not click any links or download attachments. Report it immediately to our Data Privacy Officer.

IV AMENDMENTS

​We reserve the right to right to update, amend, or supplement this Data Privacy Notice and Consent Form to comply with relevant laws and government regulations, to adopt new techniques relevant to the collection and protection of data, or for other legitimate purposes. Changes will be posted at www.chromahospitality.com/privacy-policy

Requests for Correction and Deletion of Your Personal Information:

FILINVEST GROUP
DPO.ALABANGOCRIMSONHOTEL.COM

Data Privacy Manager

CHROMA HOSPITALITY INC.,
DPO@CHROMAHOSPITALITY.COM

bottom of page