Under the Even Hotels agreement, what constitutes 'Excluded Personal Data'?

According to Even Hotels' 2025 Franchise Disclosure Document, 'Excluded Personal Data' is defined as specific types of sensitive information. This includes any sensitive personal data as defined by applicable Privacy Laws, government-assigned identifiers (like social security numbers or driver's license numbers), health and/or medical data, and vehicle/parking data. This definition is important because it distinguishes between different categories of personal data and assigns different levels of control and responsibility to IHG (InterContinental Hotels Group) and the individual Even Hotels franchisee.

For a prospective Even Hotels franchisee, understanding this definition is crucial for compliance with privacy laws and data protection regulations. The franchisee is designated as the sole controller of Excluded Personal Data, meaning they have the responsibility for determining how this data is processed and protected. This includes implementing appropriate security measures and ensuring compliance with all applicable privacy laws.

The distinction between 'Hotel Personal Data' and 'IHG Personal Data' is also important. 'Hotel Personal Data' includes PMS (Property Management System) data for which the Hotel is an independent controller, as well as the 'Excluded Personal Data' for which the Hotel is the sole controller. IHG, on the other hand, controls 'IHG Marketing Data' related to their loyalty programs and certain PMS data, excluding the 'Excluded Personal Data'. This division of responsibility means franchisees must be particularly diligent in handling and securing the 'Excluded Personal Data' to avoid potential legal or financial repercussions.

In practical terms, an Even Hotels franchisee needs to establish robust procedures for handling sensitive personal data. This may involve implementing specific data security protocols, training staff on data protection practices, and ensuring that all systems and processes comply with relevant privacy laws. Franchisees should also consult with legal counsel to ensure they fully understand their obligations and liabilities related to 'Excluded Personal Data'.