Acceptable Use Policy

Information Technology Resources

Hyatt Proprietary & Confidential - Revised November 21, 2014

Page |

Acceptable Use Policy Information Technology Resources

Owner:

Hyatt IT

Version:
Last Revised:
Last Reviewed:
Effective Date:

3.0
11/21/2014
10/01/2014
12/01/2010

1. Introduction
To remain competitive and to better serve our customers, Hyatt and its subsidiaries provide their employees and the employees of
Hyatt-branded hotels access to various forms of Information Technology Resources. When used properly, these resources can greatly
enhance our ability to do business more efficiently and effectively. These services are integral to the operation of the organization,
and security and privacy laws and other institutional policies protect much of the information. Access to Hyatt data and information,
and access to IT accounts, systems, and applications, is based on your need for access and your confirmation that you will use that
access appropriately.
Read the information below carefully. It sets out your responsibilities. Although these general provisions apply to all Hyatt
information and IT accounts, systems, and applications, please be aware that managers of certain services or information types may
require you to complete additional agreements and/or training.
The use of the Hyatts IT Resources is a privilege, not a right, and as more fully explained herein, inappropriate use can result in a
termination or suspension of some or all of those privileges. Therefore, as a condition of being granted access, you must read and
follow these Acceptable Use standards, and you must preserve the security and corresponding confidentiality of information that you
access, in any form, including oral, print, or electronic formats.

2. Scope and Definitions

The Acceptable Use Policy for Information Technology Resources applies to all employees (including temporary employees, if
applicable), independent contractors and agents of Hyatt (Hyatt), its affiliates and subsidiaries, and the hotels that use or are
connected to the IT Resources (those affiliates, subsidiaries, offices and hotels are sometimes collectively referred to herein as
Connected Entities and individually as a Connected Entity) and other approved computer users (each of the above-mentioned
employees, independent contractors, agents and approved computer users are sometimes collectively referred to herein as Users and
individually as a User).
For the purposes of the Acceptable Use Policy for Information Technology Resources (AUP), the term IT Resources or
Information Technology Resources means and includes, but is not limited to, for each of the following (whether wired or
wireless), as may be provided by or controlled by Hyatt:

Stand-alone computer workstations (e.g., desktop, laptop, tablet, point of sale, kiosks)
Mobile Devices (e.g., BlackBerry, iPhone, iPad, Droid, Card Payment Device), including personal devices connected to IT
Resources
Servers (e.g., file, database, application, communication, mail, fax, Web)
Created, transferred, and stored Data (e.g., Guest, Employee, Company)
Communication Software and Hardware (e.g., instant messaging, telephones, Lync)
Hyatt Proprietary & Confidential - Revised November 21, 2014
Page |

Other Devices and Software (e.g., printers, copiers, modems, Opera, Microsoft Word, instant messaging software)
Internal and external computer and communications networks (e.g., the Internet, commercial online services, value-added
networks and Email systems that may be accessed directly or indirectly from Hyatts computer network)

This AUP will apply equally to any new IT Resources that are added after the effective date of this AUP, regardless of whether such
IT Resources are accessed from a Hyatt facility, from a Users home, or elsewhere.

3. Usage Responsibilities
Secure Usage
You are required to:
Never share your account password(s) or passphrase(s) with anyone including, but not limited to, friends, family, Hyatt
associates, or any other Users.
Select strong password(s) and passphrase(s), change them regularly and secure them properly (e.g., do not write them on a
paper left at your desk or workstation).
Select passwords that include (i) at least one UPPER case character (A-Z), (ii) at least one lower case character (a-z), (iii) at
least one number (1-9), and (iv) at least one special character (such as !, @, #, $, %).
Be mindful that different computer systems and applications provide different levels of protection for information, and seek
advice on supplemental security measures, if necessary. For example, a mobile laptop, tablet, or smartphone provides
inherently less protection than a desktop computer in a locked room. Therefore, the level of protection provided to
information accessed or stored using a laptop is to be supplemented by using additional safeguards such as encryption
technology, enhancing physical security, restricting file permissions, etc.
Respect Hyatt's IT Resources security procedures (e.g., never attempt to circumvent or "go around" security processes).
Make appropriate use of the tools provided (e.g., strong passphrase, virus detection, encryption software, encrypted
transmission, training, etc.) to uphold the confidentiality and security of Hyatts IT Resources.
Take steps to understand "phishing attacks," computer viruses, and other destructive software, and take steps to protect your
accounts from such threats (e.g., never reply to emails asking for account passwords or passphrases, never open unsolicited
email attachments, never click unknown links, use virus scanning software, apply system patches in a timely manner).
Maintain information in a secure manner to prevent access, viewing, or printing by unauthorized individuals.
Secure unattended computers (e.g., log off, lock, or otherwise make inaccessible), even if you will only be away from the
computer for a moment.
Take appropriate steps to secure information (e.g., password protection, encryption) on mobile storage devices (e.g., laptops,
tablets, USB drives, smartphones).
Immediately notify your local IT Manager or IT Service Desk if you believe your account credentials (e.g., user ID,
password, passphrase) have been compromised.
Immediately notify your local IT Manager or IT Service Desk if you have experienced any theft or loss of any IT Resource.
Immediately notify your local IT Manager or IT Service Desk if you encounter any other kind of security problem that
involves an IT Resource.
Not attempt to resolve any security problems on your own.

Lawful Usage
You must:
Use IT Resources for legal purposes only.
Respect and comply with all copyrights and license agreements.
Never use your access to IT Resources to harass, libel, or defame others.
Never damage IT Resources belonging to others.
Never make unauthorized use of computer accounts, access codes, or devices.
Never monitor or disrupt the communications of others, except in the legitimate scope of your Hyatt duties and with
appropriate authorization.
Never reverse-engineer, disassemble or decompile software, except in the legitimate scope of your assigned Hyatt duties.
Never use spoofing or other means to disguise your identity in sending email or any form of electronic communication.
Report unauthorized access to, inadequate protection of, and inappropriate use, disclosure, and/or disposal of information,
immediately to your local IT Manager or IT Service Desk.

Hyatt Proprietary & Confidential - Revised November 21, 2014

Page |

Ethical Usage
You must:
Access Hyatt IT Resources only in the conduct of Hyatt business and only in ways consistent with furthering Hyatt's mission
of providing authentic hospitality by making a difference in the lives of the people we touch every day.
Never access or use organizational information (including public directory information) for your own personal gain or profit,
or the personal gain or profit of others, without appropriate authorization.
Respect the confidentiality and privacy of individuals whose records you may access.

General Usage
You must:
Never cause community or shared IT Resources to be inaccessible or unusable.
Never speak to the press or comment on behalf of Hyatt, unless specifically authorized.
Use shared IT Resources efficiently.
Regularly delete unneeded files and information from your accounts (if not required to retain them as outlined in organization
policy or records management schedules).
Avoid overuse of network bandwidth, information storage space, printing facilities, paper, processing capacity, or other
shared IT Resources.
Never send mass email (e.g., unsolicited bulk email or spam) without appropriate approval.
Never send or respond to chain email.
Never use obscene or inflammatory language, or threaten physical harm to another on any IT Resource.
Never engage in personal attacks on others, including prejudicial or discriminatory attacks prohibited by Hyatts antidiscrimination policies.
Never use your corporate email address for personal use (e.g., for orders placed online).
Follow the guidelines in the Attorney-Client Communications Policy.
We understand the need to use certain IT Resources for limited, appropriate personal use on an occasional basis; however, you do so
at your own risk. Your use must not: (1) interfere with your work performance; (2) interfere with any other Users work performance;
(3) have an undue impact on the operation of any IT Resource; or (4) violate any other provision of this AUP or any other policy,
guideline or standard of Hyatt and/or any other Connected Entity. Neither Hyatt nor a Connected Entity is responsible for ensuring
that you have access to secure and reliable connections. Neither Hyatt nor a Connected Entity is responsible for any loss, theft, or
other compromise of your personal information while using IT Resources. Users have the responsibility to use the IT Resources in
a professional, ethical, and lawful manner at all times.

4. Monitoring Notice
Hyatt and its Connected Entities reserve the right to enter, access, search and monitor the IT Resources of any User in order to
monitor the Users compliance with this AUP and otherwise in furtherance of the legitimate business interests (e.g., monitoring work
flow and productivity) of Hyatt and the Connected Entities without further notice to the User.
You should not have any expectation of privacy with respect to anything you create, store, access, send, receive or do using the
IT Resources, irrespective of whether you do so for business or personal use. Your personal files (including, but not limited to,
personal electronic mail messages and files maintained on any IT Resource) may also be discoverable in court or agency proceedings
and possibly elsewhere.
Routine maintenance and monitoring of IT Resources may lead to the discovery that a particular User has or is violating this AUP or
applicable law. Hyatt will cooperate as appropriate with local, state and federal officials in any investigation concerning or relating to
any illegal activities conducted through any IT Resources.
Except where prohibited by applicable law, Hyatt and its Connected Entities may use automated software to monitor material created,
accessed, stored, sent or received using IT Resources and other information concerning a Users use of IT Resources.

Hyatt Proprietary & Confidential - Revised November 21, 2014

Page |

5.

Policies and Laws

You should be aware that Hyatt policies (e.g., IT Policies listed on HyattConnect), federal, state and local laws (including intellectual
property laws), and contractual obligations exist that provide further protections to certain types of information, or that may influence
how you handle IT Resources. Examples include:

Data Backup Policy

Data Classification and Protection Standard
Electronic Media Decommissioning and Disposal Policy
Confidential and Proprietary Information Policy
Guest and Employee Privacy Policy establishes the procedures and circumstances under which an individual's electronic
accounts and files may be accessed by others.

Invasion of privacy laws generally prohibit the unauthorized disclosure of different kinds of personal information about an individual.
Users must comply with all such policies, licenses, and laws. This AUP is not intended to modify the terms of Hyatts Global Privacy
Policy for Employees.
If and to the extent any provision of this AUP conflicts with applicable law in any jurisdiction where a User or IT Resource is located,
that provision of this AUP is not applicable, and the remaining provisions are not affected or impaired in any way.

6. Violations
Regardless of whether or not the Acceptable Use Policy for Information Technology Resources specifically identifies disciplinary
action above, violations of the Acceptable Use Policy for Information Technology Resources may result in suspension or termination
of access privileges, as well as other disciplinary action, up to and including the termination of your employment, and civil and
criminal prosecution. In addition, some activities may lead to risk of legal liability, both civil and criminal, both for the individual
User and, in some cases, for Hyatt.

7. Acknowledgement
To be entrusted with access to Hyatt data and information, and access to IT accounts, systems, and applications, new or continuing
Users must follow these responsibilities and standards of acceptable use. You must follow these rules in all of your interactions with
Hyatt IT Resources. You understand that this AUP is not intended to, and does not grant, you or any other Users any contractual
rights. You also understand that this AUP may be changed or amended from time to time by Hyatt. You will be provided with a copy
of any changes or amendments.
By your signature below, you acknowledge that you have received a copy of the Hyatt Acceptable Use Policy for Information
Technology Resources. You have read and will comply with the terms of this policy. Regardless of whether your use of IT Resources
are for business or for your incidental personal use, Hyatt may monitor your usage of IT Resources in the manner described in the
Acceptable Use Policy for Information Technology Resources.
Signature:
Printed Name:
Department:
Location:
Date:

Hyatt Proprietary & Confidential - Revised November 21, 2014

Page |

8. Administrative
IT Review Records
Date
10/01/2014
10/01/2014
10/01/2014
10/01/2014
10/01/2014
10/01/2014
10/01/2014
10/01/2014

Organization
E-Commerce & Marketing
Systems Portfolio
Corporate Systems Portfolio
Property Systems Portfolio
Reservations & Sales Systems
Portfolio
CTO
Technology Strategic Sourcing
Technology Operations
Corporate Counsel

Reviewer
Ellen Lee

Approval
On File

Bhavana
Devulapally
Jeff Bzdawka
Brett Cowell

On File

Matt OKeefe
Paul Stinsa
Marshall Lancaster
Rebecca Piper

On File
On File
On File
On File

Name
Alex Zoghlin

Approval
On File

On File
On File

Approval Record
Date
10/01/2014

Title
Global Head of Technology

Document History
Date

Version

Changes

12/13/2007

1.0

Initial Policy

10/14/2009

2.0

2009 Annual Review with Bill Romba, Cheryl Munizzo, Marcia

Hoistad, John Prusnick

10/26/2009

2.0

2009 Annual Review with Cliff Tamplin

11/08/2010

2.1

Minor format changes and edits by John Prusnick / Bill Romba

11/14/2011

2.2

2011 Annual Review by Dave Malcom and Cliff Tamplin

12/06/2012

2.3

Annual Review

11/31/2013

2.4

Annual Review and Update

10/23/2014

3.0

Use of Information Technology Re-design

A glossary with key Information Technology terms is available on Hyatt Connect.

Hyatt Proprietary & Confidential - Revised November 21, 2014

Page |