CUSTOMER PRIVACY Management Approach Yanlord is committed to implementing a comprehensive Privacy Policy that outlines the procedures for the collection, use, processing, disclosure, and protection of personal data acquired by or otherwise provided to the Group. This policy is accessible for review on our official website. List of Laws we comply with: PRC Personal Information Protection Law, Network Security Law, Data Security Law and Cybersecurity Law of the PRC Singapore Personal Data Protection Act 2012 Hong Kong SAR Personal Data Privacy Ordinance MANAGING CUSTOMER PRIVACY PRC In line with the principle of “data user is responsible”, Yanlord remains committed to safeguarding customers’ personal information by ensuring that all employees handle data securely and responsibly within their respective roles. Access to sensitive information, such as credit card details and guest identity data, is strictly limited to authorised personnel responsible for managing bookings and reservations. To prevent unauthorised disclosures, we enforce clear restrictions on the sharing of customer information beyond designated personnel and their authorised scope of work. Yanlord continues to reinforce the importance of customer privacy protection through comprehensive employee training programmes. In the hotels and serviced apartments business, all employees receive mandatory training on handling guests’ personal information during onboarding, with annual refresher courses conducted to reinforce best practices. Training topics include room entry procedures, guest confidentiality during check-in, and protocols for issuing duplicate room keys. To uphold the security of customer data, Yanlord follows strict internal procedures to ensure that access to personal information is restricted to authorised personnel only. We also implement secure data transfer and archiving measures to protect customer records, demonstrating our ongoing commitment to privacy and data security. SINGAPORE In Singapore, the Group’s Privacy Policy is applied consistently across all operations, including indirect subsidiaries, unless stated otherwise. Supporting this framework, the Group has implemented a Do Not Call Policy, a Data Breach Management Plan, and a Personal Data Protection Policy, all of which are aligned with applicable laws and regulatory requirements in Singapore. These policies provide clear guidance on the responsible handling, protection, and management of personal data across the Group’s Singapore operations. Selected subsidiaries, including O’Connor’s Singapore Pte Ltd, maintain recognised data protection certifications, such as the Data Protection Trustmark (DPTM) issued by the Infocomm Media Development Authority (IMDA), to demonstrate accountable data protection practices. To remain aligned with regulatory developments and industry best practices, the Group actively monitors changes in privacy and data protection requirements through participation in relevant seminars and reviews of industry publications. Employees are kept informed of key updates through ongoing internal communications and training. In addition, the Group’s Privacy Policy is periodically reviewed and updated to reflect regulatory changes, evolving legal requirements, and emerging industry trends. These measures support the continued effectiveness, compliance, and resilience of the Group’s data protection practices amid an evolving privacy regulatory landscape. Contents Introduction Approach to Sustainability Upholding Good Governance Caring for Our Customers Empowering Our People Preserving Our Planet Creating Shared Value for Our Society GRI Content Index YANLORD LAND GROUP LIMITED SUSTAINABILITY REPORT 2025 35
RkJQdWJsaXNoZXIy NTM2MDQ5