Last Updated:  March 2018



At Hilton, we take the protection of Personal Information relating to our customers, employees, independent contractors, and service providers very seriously. All individuals or organizations that provide goods or services (“Providers”) to Hilton Domestic Operating Company Inc., a Delaware corporation, or any of its direct or indirect subsidiaries, owned and managed hotels, partnerships or joint ventures (individually or collectively, “Hilton”), or through Hilton for the benefit of its franchisees, must abide by and comply with the principles set forth in these Service Provider Data Protection Standards (the “Standards”). These Standards form part of any agreement between Hilton and Provider that references these Standards, or to which these Standards are attached or incorporated (the “Agreement”). In the event of a conflict between these Standards and the Agreement, these Standards shall control with respect to its subject matter, unless the Agreement sets forth more stringent standards

在希尔顿,我们非常重视保护与客户、员工、独立承包商和供应商相关的个人信息。向特拉华州的Hilton Domestic Operating Company Inc.或其任何直接或间接子公司、拥有或管理的酒店、合作方或合资企业(单独或合称为“希尔顿”)或通过希尔顿为其特许经营商谋取利益而提供商品或服务的所有个人或组织(简称“供应商”),必须接受并遵守本供应商数据保护标准中规定的原则(简称本“标准”)。本标准构成希尔顿与供应商之间协议的一部分,该协议参考本标准或将本标准作为附件或包含本标准(简称“协议”)。如果本标准与协议之间存在冲突,则应以本标准的内容为准,除非协议规定了更严格的标准。

  1. 定义。
    1.  “Biometric Data” means Personal Information resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of an individual that allows or confirms the unique identification of that individual.“生物计量数据”是指与个人的身体、生理或行为特征相关的特定技术处理产生的个人信息,该信息是认可或确认该个人身份的唯一标识。
    2. Cardholder Data”  means: (i) with respect to a payment card, the account holder’s name, account number, security codes, card validation code/value, service codes (i.e., the three or four digit number on the magnetic stripe that specifies acceptance requirements and limitations for a magnetic stripe read transaction), PIN or PIN block, valid to and from dates, and magnetic stripe data; and (ii) information and data related to a payment card transaction that is identifiable with a specific account, regardless of whether or not a physical card is used in connection with such transaction.“持卡人数据”意味着:(i)跟缴款卡相关的,账户持有人的姓名、账号、密码、卡片验证码/值、服务码(即,磁条上跟特定的接受要求有关的,以及对磁条读取交易进行限制的三或四位数字码),PIN码或PIN数据块,使用起止日期,和磁条数据;以及(ii)对于一个可识别的账户,与它的缴款卡交易相关的信息和数据,无论该交易是否是使用实体卡片进行的。
    3. Data Protection Requirements” means, collectively, all laws and regulations relating to data privacy, data security, personal data, transborder data flow, and data protection that apply to Provider’s Processing of Personal Information, including without limitation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation (“GDPR”)).
    4. Data Safeguards” means the administrative, operational, organizational, technical, and physical safeguards described in Section 9 of these Standards, as modified in accordance with these Standards.
    5. “Genetic Data” means Personal Information relating to the inherited or acquired genetic characteristics of an individual that give unique information about the physiology or the health of that individual and which result, in particular, from an analysis of a biological sample from such individual.
    6. Health Data” means Personal Information related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health.
    7. “Malware” means computer software, code, or instructions that: (a) adversely affect the operation, security, availability, or integrity of a computing, telecommunications, or other digital operating or processing system or environment, including without limitation, other programs, data, databases, computer libraries, and computer and communications equipment, by altering, destroying, disrupting, or inhibiting such operation, security, or integrity; (b) self-replicate without manual intervention where such self-replication lacks functional purpose; (c) purport to perform a useful function but which actually perform either a destructive, harmful, or unauthorized function, or perform no useful function and utilize substantial computer, telecommunications, or memory resources; or (d) without authorization, collect and/or transmit to third parties any information or data, including such software, code, or instructions commonly known as viruses, Trojans, logic bombs, worms, and spyware.
    8. Personal Information” means any information (i) that can be used (alone or in combination with other information within Provider’s control) to identify, locate, or contact a specific individual, or (ii) related to an identified or identifiable individual. By way of illustration, and not of limitation, Personal Information consists of obviously personally identifiable data elements, such as name, address, and email address as well as less obvious information such as an individual’s personal preferences, hotel stay-related information, guest account information, location data, and online identifiers. Personal Information also includes (without limitation) factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of an individual. Personal Information may pertain to customers, employees, or others. Personal Information can be in any media or format, including computerized or electronic records as well as paper-based files, including all copies, fragments, and excerpts, whether or not such Personal Information has been intermingled with other information or materials. For purposes of these Standards, Personal Information only includes information: (i) provided to Provider by or on behalf of Hilton; or (ii) obtained, used, accessed, possessed, or otherwise Processed by Provider in connection with the provision of the Services.
    9. PCI Standards” means the data security standards for the protection of payment card information with which the payment card companies collectively or individually require merchants to comply, including, but not limited to, the Payment Card Industry Data Security Standards currently in effect and as modified during the term of the Agreement.
    10. Process”  means any operation or set of operations performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    11. Provider Processing Record” means a written record of all categories of Processing carried out in connection with the Services, which contains the following: (i) the name and contact details of Provider and any Subcontractors and, where applicable, the name and contact details of Provider’s data protection officer; (ii) the categories of Processing performed by the Provider for Hilton; (iii) the list of countries, if any, to which the Provider transfers Personal Data; and (iv) a description of the Provider’s Data Safeguards.
    12. Security Breach” means (i) any circumstance pursuant to which applicable Data Protection Requirements require action in response to such circumstance, including but not limited to notification of such breach to be given to affected parties or a regulator or data protection authority; or (ii) any actual, attempted, suspected, threatened, or reasonably foreseeable circumstance that compromises, or could reasonably be expected to compromise, either Physical Security or Systems Security (as such terms are defined below) in a manner that either does or could reasonably be expected to permit unauthorized Processing, use, disclosure, acquisition of, or access to any Personal Information. “Physical Security” means physical security at any location housing systems maintained by Provider or its agents or Subcontractors in connection with the Services or in the course of physical transportation of assets or physical media used by Provider or its agents or Subcontractors in performing the Services. “Systems Security” means security of computer, electronic, or telecommunications systems of any variety (including databases, hardware, software, storage, switching, and interconnection devices and mechanisms); security of networks of which such systems are a part or with which such systems communicate; and security of networks used directly or indirectly by Provider or its agents, or Subcontractors in connection with the Services.
    13. Sensitive Personal Information” is Personal Information which due to its nature has been classified by applicable Data Protection Requirements as deserving additional privacy and security protections, including (without limitation): (i) an individual’s name in combination with the individual’s: (A) Social Security number, Taxpayer Identification Number, information contained in a passport or other travel document, driver’s license number, or other identification number issued by a government or public body or (B) financial account number; (ii) an individual’s username which, in combination with a password, PIN, or access code would grant access to an online account; (iii) Cardholder Data; (iv) data about racial or ethnic origin; (v) data about political opinions, religious or philosophical beliefs, or trade union membership; (vi) Genetic Data; (vii) Biometric Data; (viii) Health Data; and (ix) data concerning a natural person’s sex life or sexual orientation.
    14.  “Services” means the goods and services provided by Provider to Hilton, or through Hilton for the benefit of its franchisees, as further described in the Agreement.
    15.  “Subcontractor” means an entity, including any Provider affiliate, engaged by Provider to perform Services for Provider that involve the Processing of Personal Information.


Provider will Process Personal Information in connection with the Services described in the Agreement and during the term of such Agreement, subject to compliance with the Data Protection Requirements and the Agreement. The type of Personal Information Processed by Provider is described in the Agreement. The Processing may involve Personal Information of employees of Hilton, customers and guests of Hilton, and business contact information of Hilton corporate customers, suppliers, and other business partners, as further described in the Agreement.


Hilton will have the exclusive right to determine the purposes for which the Personal Information is Processed. Provider will Process Personal Information for the sole purpose of providing the Services in accordance with the Agreement. At no time will Provider acquire any ownership, license, rights, or other interest in or to the Personal Information. As between Hilton and Provider, Personal Information will remain the proprietary information of Hilton at all times and Hilton shall be the “Controller” and Provider shall be the “Processor,” as such terms are defined in the GDPR.


Provider will Process the Personal Information only on behalf of Hilton and only as specifically instructed by Hilton in writing, including with regard to transfers of Personal Information to a third country or an international organization, unless required to do so by Data Protection Requirements to which Provider is subject; in such a case, Provider shall inform Hilton of that legal requirement before Processing, unless such Data Protection Requirement prohibits such information on important grounds of public interest. Hilton hereby instructs Provider to Process the Personal Information solely as necessary to provide the Services under the Agreement and subject to compliance with the Agreement, these Standards and the Data Protection Requirements. In no event may Provider: (a) use Personal Information to market its services or those of an affiliate or third party; (b) sell or rent Personal Information; or (c) otherwise Process any Personal Information for Provider’s, its affiliates’, or any third party’s own purposes. Provider shall immediately inform Hilton if, in its opinion, an instruction infringes any Data Protection Requirements.


a. Unless otherwise expressly permitted pursuant to the Agreement, Provider will not utilize Subcontractors in the performance of Services without the written consent of Hilton in each instance.

b. To the extent that the Agreement expressly provides for a general authorization for Provider to use Subcontractors, Provider shall: (i) provide Hilton a list of Provider’s Subcontractors involved in the provision of Services prior to the commencement of Services and promptly upon request by Hilton, with the identity of each Subcontractor, the Services performed by such Subcontractor, the location(s) from which such Subcontractors perform Services, and such additional information as may be reasonably requested by Hilton; and (ii) notify Hilton in writing in the event of any intended addition or replacement of any such Subcontractors (each, a “Subcontractor Change”). Hilton shall have a reasonable period of time to object to any Subcontractor Change. In the event of any such objection, Provider will not implement the Subcontractor Change unless Provider is able to address Hilton’s concerns to Hilton’s reasonable satisfaction. In the event of a Subcontractor Change involving Services provided in a “software as a service” or multi-tenant environment, where Subcontractor Changes cannot be implemented separately for a single customer and Provider is unable to address Hilton’s concerns to Hilton’s reasonable satisfaction, Hilton may terminate the Agreement or the applicable Services for cause and without liability (or payment of any termination or other fees). In the event of such a termination, Provider will promptly refund Hilton any pre-paid fees covering the remainder of the term of such Agreement or Services.
如果本协议明确规定了供应商使用分包商的一般授权,则供应商应: (i)在服务开始前,应希尔顿的要求,及时向其提供参与提供服务的分包商名单,包括各分包商的身份、该分包商提供的服务、该分包商提供服务的地点以及希尔顿可能合理要求的其他信息;并且(ii)如拟增加或更换任何该等分包商(均为“分包商变更”),请书面通知希尔顿。希尔顿应有合理的一段时间反对任何分包商的变更。如果出现任何此类异议,除非供应商能够满足希尔顿的合理要求,否则供应商不得实施分包商变更。如果分包商的变更涉及“软件服务”或多租户环境中提供的服务,而分包商的变更不能为单个客户单独实施,且供应商无法满足希尔顿的合理要求,希尔顿可终止本协议或适用的服务,无需承担任何责任(或终止支付或其他费用)。一旦终止,供应商将立即退还希尔顿在协议或服务剩余期限内的所有预付费用。

c. Where Provider engages a Subcontractor for carrying out specific Processing activities on behalf of Hilton, Provider shall impose on the Subcontractor the same data protection obligations as set out herein between Hilton and Provider. These obligations shall be imposed by way of a contract or other legal act under applicable Data Protection Requirements and shall require the Subcontractor to provide sufficient guarantees that it will implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of applicable Data Protection Requirements. Provider will remain at all times accountable and responsible for compliance with these Standards by its Subcontractors.


Provider will hold the Personal Information in confidence in accordance with the Data Protection Requirements, these Standards, and the Agreement. Provider will not disclose Personal Information to any of its affiliates or to any third party (including, without limitation, any Subcontractors) except as necessary to provide the Services. Prior to disclosing any Personal Information to any Subcontractor or other third party, Provider will have in place with such Subcontractor or other third party a written agreement that includes obligations that are at least as restrictive as those in these Standards. Provider further agrees, upon Hilton’s request, to provide a list of all affiliates and third parties to which Provider has disclosed Personal Information. Provider will remain at all times accountable and responsible for compliance with these Standards by Provider, Provider’s affiliates, and third parties to whom Provider discloses any Personal Information. Provider will ensure that its personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information and have executed written confidentiality agreements (or are under an appropriate statutory obligation of confidentiality). Provider will ensure that such confidentiality obligations survive any termination of employment of such personnel.


If Provider is requested or required (by oral questions, interrogatories, requests for information or documents in legal proceedings, subpoena, civil investigative demand, or other similar process) to disclose any Personal Information to a third party, Provider will not disclose the Personal Information without complying with applicable laws. Unless prohibited by applicable law, Provider will provide Hilton with written notice of any request or requirement to disclose Personal Information to a third party no more than seventy-two (72) hours after receiving the request but in any event prior to making any disclosure so that Hilton may, at its own expense, exercise such rights as it may have under law to prevent or limit such disclosure. Notwithstanding the foregoing, Provider will exercise commercially reasonable efforts to prevent or limit any disclosure of Personal Information and to preserve the confidentiality of Personal Information including, without limitation, by cooperating with Hilton to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded to any Personal Information that the Provider is required to disclose.


As provided in Section 4, Provider may only transfer Personal Information from one country to another upon the prior written consent of Hilton and in compliance with Data Protection Requirements. With respect to Personal Information originating from the European Union (“EU”) or Switzerland that is Processed by Provider in connection with the Services, (i) where Provider is located and receives such Personal Information within the EU or Switzerland, Provider agrees that it will not transfer any Personal Information outside the EU or Switzerland without the prior written consent of Hilton (which may be included in the Agreement) and shall follow Hilton’s instructions for implementing adequate safeguards for any such transfers under applicable Data Protection Requirements and shall ensure that any Subcontractors do the same; and (ii) where Provider is either (A) not located within the EU or Switzerland, or (B) initially receives such Personal Information from a country outside the EU or Switzerland (e.g., the Personal Information originating from the EU or Switzerland is sent to the Provider directly from the United States), (1) Provider agrees to provide at least the same level of privacy protection as is required by the EU-U.S. Privacy Shield Framework, located at, and as amended from time to time; and (2) at Hilton’s request, Provider and any of its agents and Subcontractors shall enter into a data processing agreement with Hilton that incorporates the European Commission Standard Contractual Clauses between Controllers and Processors, or any other similar clauses relating to other countries, to allow Personal Information to be transferred by Hilton to Provider and its agents, and Subcontractors. Without limiting the generality of the foregoing, Provider will not transfer Personal Information to any country (including for Processing by Provider’s agents or Subcontractors) unless Hilton has agreed, in writing, to that transfer.


a. Provider will adopt, implement, and maintain appropriate security procedures and practices to prevent the unauthorized access, acquisition, destruction, modification, use, or disclosure of Personal Information. Such procedures and practices will be compliant, at a minimum, with the Agreement, these Standards, and the Data Protection Requirements. All such procedures and practices will take into account the nature of the Personal Information and the commensurate risks associated with such Personal Information.

b. Consistent with the foregoing, Provider agrees:

i. to adopt, implement, maintain, and monitor a written information security program that contains administrative, technical, and physical safeguards to (A) prevent the unauthorized access, acquisition, destruction, modification, use, or disclosure of Personal Information; (B) ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and Services; and (C) ensure the ability to restore the availability of and access to Personal Information in a timely manner in the event of a physical or technical incident;

ii. to conduct periodic risk assessments to identify and assess reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of electronic, paper, and other records containing Personal Information and evaluate and improve, where necessary, the effectiveness of its safeguards for limiting those internal and external risks;

iii. to take reasonable steps to ensure the trustworthiness of all Provider employees, agents and Subcontractors who will be provided with access to Personal Information;

iv. to ensure that its information security program includes industry standard password, firewall, operating system, anti-virus, and Malware protections to protect Personal Information stored or otherwise handled on computer systems;


v. to encrypt, using industry standard encryption tools, all records and files (A) containing Personal Information that Provider transmits or sends wirelessly or across public networks; and (B) containing Sensitive Personal Information that Provider: (1) stores on laptops or storage media; (2) stores on portable devices; and (3) stores on any device that is transported outside of the physical or logical access controls of Provider; and to safeguard the security, confidentiality, and integrity of all encryption keys associated with encrypted Personal Information;

vi. to maintain an incident response program that specifies the actions to be taken by Provider when it has reason to believe that a Security Breach may have or has occurred;

vii. to implement such additional security measures as may be required under the Data Protection Requirements or specified in the Agreement.

viii. to comply with the PCI Standards with respect to Cardholder Data if the Provider Processes Cardholder Data in connection with the Services. Consistent with Provider’s obligations as set forth in the Agreement, Provider acknowledges its responsibility for the protection and security of Cardholder Data in connection with the performance of the Services. Provider further represents and warrants that it will not take any actions that will compromise Hilton’s ability to comply with the PCI Standards.

ix. where Provider, directly, or through any of its agents or Subcontractors, connects to Hilton’s computing systems and/or networks, that: (A) all Provider interconnectivity to Hilton’s computing systems and/or networks and all attempts at same will only occur through Hilton’s security gateways/firewalls; (B) Provider will not access, and will not permit any other person or entity to access, Hilton’s computing systems and/or networks without Hilton’s authorization; (C) if Hilton grants Provider permission to access its computing systems and/or networks, Provider will only access Hilton’s computing systems and/or networks as authorized; and (D) Provider’s systems connecting to Hilton’s systems or networks, and those Provider systems which, if compromised, could affect the security, confidentiality, integrity, or availability of Hilton’s computing systems or networks, will be actively protected by an industry standard Malware detection/scanning program with up-to-date anti-virus definitions, prior to and while accessing any of Hilton’s computing systems and/or networks. Provider agrees that Hilton may perform periodic assessments of Provider’s network. Should any assessment of Provider’s network reveal inadequate security by Provider or its agents or Subcontractors, Hilton, in addition to other remedies it may have, may suspend Provider’s, its agents’ or Subcontractors’ access to Hilton’s computing systems and/or networks until such security issue has been resolved to the satisfaction of Hilton.

c. Provider agrees that: (i) its employees and agents will be required, as a condition of employment or retention, to protect all Personal Information in Provider’s possession or otherwise acquired by or accessible to Provider; (ii) its employees and agents who will be provided access to, or otherwise come into contact with, Personal Information, will receive appropriate training relating to the protection of Personal Information; (iii) it will maintain appropriate access controls, including, but not limited to, limiting access to Personal Information to the minimum number of Provider employees and agents who require such access for purposes of providing goods and/or services to Hilton; and (iv) it will impose appropriate disciplinary measures for violations of its information security policies and procedures.
供应商同意: (i)作为雇佣或保留的条件,其员工和代理将被要求保护供应商拥有的、或供应商通过其他方式获得的或供应商可访问的所有个人信息;(ii)有权获取或以其他方式接触个人资料的雇员及代理人将接受有关保障个人信息的适当培训;(iii)保持适当的访问控制,包括但不限于将访问个人信息的权限限制在为希尔顿提供商品和/或服务而需要访问个人信息的供应商员工和代理的最低数量;以及(iv)将对违反其信息安全政策和程序的行为采取适当的纪律处分措施。

d. If Provider disposes of any paper or electronic record containing Personal Information, Provider will do so in an appropriate manner based on the sensitivity of the information in order to prevent unauthorized access to such information in connection with its disposal. Upon request, Provider will be required to certify to Hilton that all forms of Personal Information disposed of have been destroyed in accordance with these Standards. If Provider cannot so certify, Provider shall provide a written explanation for its inability to certify that it complied with this disposal requirement.

e. Provider shall review and, as appropriate, revise the Data Safeguards: (i) at least annually or whenever there is a material change in Provider’s business practices that may reasonably affect the security, confidentiality, or integrity of Personal Information; (ii) in accordance with prevailing industry practices; (iii) in accordance with any new, amended, or re-interpreted Data Protection Requirements, and (iv) as reasonably requested by Hilton. Provider agrees not to alter or modify its Data Safeguards in such a way that will weaken or compromise the security, confidentiality, or integrity of Personal Information.


Provider agrees to notify Hilton at immediately upon becoming aware of a Security Breach, including the presence of Malware, if possible. If Provider is not able to notify Hilton immediately upon becoming aware of a Security Breach, including the presence of Malware, Provider will notify Hilton within twenty-four (24) hours of becoming aware of a Security Breach. After providing such notice, Provider will (i) promptly investigate the Security Breach, including by conducting a root cause analysis, and report its findings to Hilton, (ii) provide Hilton with a remediation plan, approved by Hilton in its sole discretion, to address the Security Breach and prevent any further incidents; (iii) remediate such Security Breach in accordance with the Hilton-approved remediation plan; (iv) conduct a forensic investigation to determine what systems, data, and information were affected by the Security Breach; (v) cooperate with Hilton as Hilton executes its security incident response plan and otherwise investigates the Security Breach; (vi) abide by any requests by Hilton for Provider to cooperate with any law enforcement or regulatory officials, credit reporting companies, or credit card associations investigating such Security Breach, and (vii) keep Hilton advised of the status of such Security Breach and all matters related thereto. Provider further agrees to provide all reasonable assistance requested by Hilton and/or Hilton’s designated representatives in the furtherance of any investigation, correction, and/or remediation by Hilton of any such Security Breach and shall reimburse Hilton upon Hilton’s demand for all reasonable Notification Related Costs incurred by Hilton arising out of or in connection with any such Security Breach resulting in a requirement for legally required notifications. If a notification to an individual is required under any Data Protection Requirement or pursuant to any Hilton privacy or security policies, then notifications to all individuals who are affected by the same event (as reasonably determined by Hilton) shall be considered legally required. Notification Related Costs shall include Hilton’s internal and external costs associated with addressing and responding to the Security Breach, including but not limited to: (i) the preparation and mailing or other transmission of legally required notifications; (ii) the preparation and mailing or other transmission of such other communications to affected individuals, agents, or others as Hilton deems reasonably appropriate; (iii) the establishment of a call center for up to twelve (12) months or such longer period as may be required pursuant to applicable Data Protection Requirements or is reasonable under the circumstances; (iv) the establishment of communications procedures in response to such Security Breach (e.g., customer service FAQs, talking points, and training); (v) fees for public relations and other similar crisis management services; (vi) legal, forensics, and accounting fees and expenses associated with Hilton’s investigation of and response to such Security Breach or presence of Malware; and (vii) costs for commercially reasonable credit reporting, credit watch, identity protection, identity remediation, and similar services that are associated with legally required notifications or are advisable under the circumstances for up to twelve (12) months or such longer period as may be required pursuant to applicable Data Protection Requirements or is reasonable under the circumstances. Unless otherwise required by applicable Data Protection Requirements, Hilton shall make the final decision on notifying Hilton’s employees, guests, service providers, regulatory authorities and/or the general public of such Security Breach, and the implementation of the remediation plan.
如果可能,供应商同意在发现安全漏洞(包括存在恶意软件)后立即通过ISC@Hilton.com通知希尔顿。如果供应商未能在发现安全漏洞(包括存在恶意软件)后立即通知希尔顿,供应商应在发现安全漏洞后二十四(24)小时内通知希尔顿。在提供此类通知后,供应商应(i)立即调查安全漏洞,包括采取根本原因分析,并向希尔顿报告其发现,(ii)向希尔顿提供由希尔顿自行决定批准的补救计划,以解决安全漏洞并防止任何进一步的事故发生;(iii)根据希尔顿批准的补救计划对此类安全漏洞进行补救;(iv)进行取证调查,以确定哪些系统、数据和信息受到了安全漏洞的影响;(v)配合希尔顿执行其安全事故响应计划,并对安全漏洞进行调查;(vi)遵守希尔顿对供应商的要求,与执法或监管官员、信用报告公司或信用卡协会合作,调查此类安全漏洞,并且(vii)随时向希尔顿通报此类安全漏洞的状况及所有相关事宜。供应商还同意提供所有希尔顿和/或希尔顿指定的代表请求的合理协助,促进调查、修正,和/或希尔顿对任何此类安全漏洞进行的补救,并应根据希尔顿的要求,偿还希尔顿因任何此类安全漏洞而产生的或与此类安全漏洞相关的所有法律要求的通知费用。如果根据数据保护要求或根据任何希尔顿的隐私或安全政策,需要向个人发出通知,则对受同一事件影响的所有个人(由希尔顿酌情确定)发出通知应被视为法律要求。通知相关费用包括希尔顿处理和应对安全漏洞相关的内部和外部费用,包括但不限于: (i)准备和邮寄或以其他方式发送法律要求的通知;(ii)准备、邮寄或以其他方式向受影响的个人、代理人或希尔顿认为合理适当的其他人发送此类通信;(iii)根据适用的数据保护要求或酌情合理的情况下,设立最长可达十二(12)个月或更长时间的呼叫中心;(iv)针对此类安全漏洞建立沟通程序(例如,客户服务常见问题解答、谈话要点和培训);(v)公共关系及其他类似危机管理服务费用;(vi)与希尔顿调查和应对此类安全漏洞或存在的恶意软件相关的法律、取证和会计费用;以及(vii)商业上合理的信用报告、信用监视、身份保护、身份补救费用以及与法律要求的通知相关的类似服务费用,或根据适用的数据保护要求或酌情判断为合理的在十二(12)个月或更长时间内是可取的费用。除非适用的数据保护要求另有要求,否则希尔顿应作出最终决定,通知希尔顿的员工、客人、服务商、监管机构和/或公众此类安全漏洞,以及补救计划的实施情况。


If Provider receives any complaint, notice, or communication which relates directly or indirectly to Provider’s Processing of Personal Information or either Hilton’s or Provider’s compliance with applicable laws or regulations in connection with Personal Information, Provider will promptly notify Hilton. At Hilton’s request, Provider will assist and support Hilton in the event of such a complaint or an investigation by a regulator or data protection authority or similar authority, if and to the extent that such complaint or investigation relates to Provider’s Processing of Personal Information. Such assistance will be at Hilton’s sole expense, except where the complaint or investigation arose from an allegation concerning or an investigation into Provider’s acts or omissions, in which case such assistance will be at Provider’s sole expense.


Provider will immediately inform Hilton in writing upon receiving any request for access to, correction, amendment, or deletion of any Personal Information from an individual who is (or claims to be) the subject of the data (“Data Subject Requests”). Unless otherwise required by laws or regulations or provided for in the Agreement, Provider will not respond directly to these requests unless explicitly authorized by Hilton to do so, other than as necessary to confirm that the request relates to Hilton. As part of the Services, Provider shall cooperate with and provide all reasonable assistance to Hilton in responding to and implementing Data Subject Requests.


Provider has appointed a data protection officer where required pursuant to Data Protection Requirements.


In addition to, and without limitation of, Provider’s other obligations under these Standards, and where applicable to the Services and the Processing, Provider shall assist and cooperate with Hilton, at Hilton’s request and as part of the Services: (i) in Hilton’s implementation of security measures applicable to Personal Information; (ii) in connection with any Security Breach notification required to be made to a supervisory authority or to Data Subjects; (iii) in connection with any privacy impact assessment related to the Processing; and (iv) in connection with any consultation with a supervisory authority conducted by Hilton in connection with the Processing.


Provider agrees to notify Hilton immediately of any material breach or violation of these Standards. Without limiting other remedies that may be available to Hilton for violation of these Standards, Provider agrees that Hilton may, at its discretion, immediately terminate Provider’s provision of goods and/or services under any or all agreements or arrangements between Provider and Hilton, without penalty, if Provider violates any requirement of these Standards. Further, Provider agrees to fully indemnify Hilton for all costs, fees, claims, or actions associated with any unauthorized Processing of Personal Information within Provider’s control, as well as any unauthorized access, acquisition, or use of Personal Information by agents, Subcontractors, or third parties.


Provider shall maintain, at all times during the term of the Agreement, and shall provide to Hilton, upon Hilton’s request and at no additional charge, complete and accurate records and reasonable supporting documentation regarding the Data Safeguards as well as business continuity and recovery facilities, resources, plans, and procedures, and such other records and documentation necessary to validate Provider’s compliance with these Standards, including the Provider Processing Record. Upon reasonable notice to Provider, Provider will permit Hilton, its auditors, designated audit representatives, and regulators, including data protection authorities, during normal business hours, to audit and inspect: (i) Provider’s facilities where Personal Information is Processed; (ii) any computerized systems used to Process Personal Information; and (iii) Provider’s security practices and procedures, data protection practices and procedures, and business continuity and recovery facilities, resources, plans, and procedures. The audit and inspection rights hereunder will be, at a minimum, for the purpose of (i) verifying Provider’s compliance with these Standards and the Data Protection Requirements, (ii) verifying the integrity of the Personal Information, and (iii) facilitating Hilton’s compliance with Data Protection Requirements.
在本协议有效期内,应希尔顿的要求,供应商应始终保留并向希尔顿提供完整、准确的记录及合理的支持文件包括数据保障、业务连续性和恢复设备、资源、计划和程序,以及证实供应商遵守本标准所需的其他记录和文件,包括供应商处理记录,且不收取附加费用。在合理通知供应商后,供应商应允许希尔顿、其审计人员、指定的审计代表和监管机构,包括数据保护机构,在正常营业时间内进行审计和检查: (i)处理个人资料的设备;(ii)用于处理个人信息的计算机系统;以及(iii)供应商的安全惯例和程序、数据保护惯例和程序、业务连续性和恢复设备、资源、计划和程序。本标准下的审计和检查权利至少将用于以下目的(i)核实供应商是否符合本标准和数据保护要求,(ii)核实个人信息的完整性,以及(iii)协助希尔顿遵守数据保护要求。


Hilton has the right, in its sole discretion at any time and from time to time, to restrict, discontinue, suspend, cancel, terminate, or modify Provider’s right to Process Personal Information. Upon the termination or expiration of the Agreement or Provider’s provision of Services, or upon Hilton’s request, Provider will, and will cause its agents and Subcontractors to, return in a manner and format reasonably requested by Hilton, or, if specifically directed by Hilton, destroy, any or all Personal Information in its possession, power, or control and delete any existing copies unless applicable Data Protection Requirements require storage of the Personal Information, and Provider will certify the same, each as described in Section 9(d) above.


Hilton can change these Standards in its sole discretion at any time and from time to time. Any changes to these Standards will be binding upon Provider when posted at; provided, however, that Provider will have a reasonable period of time to implement any change in the Policy (not to exceed any time period provided by applicable law, rule, or regulation to implement such change). Provider is obligated to check this URL regularly for any changes. The most recent changes to the Policy will appear at the bottom of the Policy in the section entitled “Material Revisions to Hilton’s Service Provider Data Protection Standards.”


Provider’s obligations under these Standards will survive the termination or expiration of its services or any related agreements and will continue for as long as Provider, or any of its agents or Subcontractors retain or have access to Personal Information. Provider acknowledges and agrees that each entity referenced in the definition of “Hilton” above is an intended third party beneficiary of Provider’s obligations and liabilities under these Standards, including without limitation Provider’s obligations with respect to Personal Information, and as such, each will have a right of its own to enforce these Standards.




Last Update: March 2018


March 2018 Changes:


  •  Updated defined terms to comport with the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, commonly referred to as the “General Data Protection Regulation”
  • Updating data safeguard requirements.
  •  Further limiting use of subcontractors.
  • Restricting cross-border transfers of data without approval from Hilton and agreement to any necessary data transfer agreement.

March 2017 Changes:

  • Changed the name of “Hilton” from “Hilton Worldwide Inc.” to “Hilton Domestic Operating Company Inc.” to reflect the updated corporate name.
    将“希尔顿”的名称从“希尔顿全球控股有限公司”改为“Hilton Domestic Operating Company Inc.”,以反映更新后的公司名称。
  • Changed the title of the document from Hilton’s “Privacy and Data Protection Policy for Service Providers” to Hilton’s “Service Provider Data Protection Standards.” Changed the references to this “policy” to these “standards.”
    将文件标题从希尔顿“供应商隐私和数据保护政策”改为希尔顿“供应商数据保护标准”。将此“政策”的引用更改为本 “标准”。
  • Changed the contact e-mail address for Security Incidents from to
  • Changed the term “Special Personal Information” to “Sensitive Personal Information.”
  •  Amended definition of “Sensitive Personal Information” to include an individual’s username in combination with password, PIN, or access code that would grant access to an online account
  • Changed Disclosure Under Legal Process section to reflect that Hilton should be notified within at least 72 hours of receipt of such requests, rather than 48 hours before a Provider intends to make a disclosure
  •  Added this “Revisions” section to the Policy. Added language to the Standards itself noting that the most recent changes will appear herein