In the context of Even Hotels, who is considered the 'Controller' of Hotel Personal Data?

According to Even Hotels' 2025 Franchise Disclosure Document, the Hotel is considered an independent Controller of the Hotel Personal Data and the sole Controller of the Excluded Personal Data. IHG (InterContinental Hotels Group) is an independent Controller of the IHG Personal Data to the fullest extent permitted by the Privacy Laws and is the sole Controller of the IHG Marketing Data. Both IHG and the Hotel are responsible for complying with Privacy Laws regarding their respective Personal Data.

In practical terms, this means that as an Even Hotels franchisee, you are responsible for how you handle and protect certain personal data collected at your hotel, such as data stored in the property management system (PMS) and employee data. However, IHG maintains control over data related to their marketing and loyalty programs, as well as personal data collected through their reservation channels. It's important to understand the distinction between Hotel Personal Data, Excluded Personal Data, and IHG Personal Data to ensure compliance with data privacy laws.

This division of responsibility has implications for responding to data requests. If a customer or representative makes a request related to data processed by another party (either IHG or the Hotel), the recipient of the request is obligated to direct the individual to submit their request directly to the appropriate Controller. This ensures that each party handles requests pertaining to the data they control, maintaining accountability and compliance with privacy regulations. Franchisees must also implement security measures for processing IHG Personal Data, and report any data theft or loss to IHG immediately.