Professional Documents
Culture Documents
Policy for the Use of Information Technology Resources
1. Introduction
......................................................................................................................
3
2. Purpose of the Policy
.......................................................................................................
4
3. Authorized Users and System Access
..............................................................................
5
4. Privacy
.............................................................................................................................
5
5. Specific Prohibited Activities
..........................................................................................
6
6. User Names and Passwords
.............................................................................................
9
7. Security
...........................................................................................................................
11
8. Mobile Device Security
.................................................................................................
13
9. Laptop Security
..............................................................................................................
14
10. Portable Storage and Memory Security
.......................................................................
16
11. Viruses
..........................................................................................................................
17
12. Encryption Software
.....................................................................................................
18
13. Electronic Mail Use Policy
..........................................................................................
18
14. Managing SPAM
..........................................................................................................
21
15. Internet Use Policy
.......................................................................................................
22
16. Miscellaneous
...............................................................................................................
23
17. Violations of the Policy
................................................................................................
26
18. Acknowledgment and Consent
.....................................................................................
26
Exhibit A – Designated Authorities for Corporate Data
For the purposes of the Policy, the term “Information Technology Resources” or
“IT Resources” means and includes, without limitation, all host computers, file
servers, application servers, communication servers, mail servers, fax servers, Web
servers, computers, standalone computers, laptops, software, printers, copiers,
kiosks, mobile telephones, portable memory devices, handheld devices and PDAs
(e.g., BlackBerry), point of sale workstations, data files and all internal and external
computer and communications networks (e.g., the Internet, commercial online
services, valueadded networks and EMail systems that may be accessed directly or
indirectly from our computer network).
For a detailed list of the IT Resources, or any questions regarding the application of
this Policy, please contact your local Information Technology Department. If you
are working in a hotel or office without a local Information Technology Department,
you should interpret any reference in this Policy to “your local Information
Technology Department” to mean the Information Technology Department at the
Corporate Office.
The Policy is intended to apply to all employees (including temporary employees, if
applicable), independent contractors and agents of Global Hyatt Corporation
(“Hyatt”), its affiliates and subsidiaries and the offices and hotels that use or are
connected to the IT Resources (those affiliates, subsidiaries, offices and hotels are
sometimes collectively referred to herein as “Connected Entities” and individually
as a “Connected Entity”) and other approved computer users (those employees,
independent contractors, agents and approved computer users are sometimes
collectively referred to herein as “Users” and individually as a “User”).
Please read the Policy carefully and sign the attached Acknowledgment and Consent
form. Please return the signed Acknowledgement and Consent form to your local
Human Resources Department. Questions regarding the interpretation and
2. Purpose of the Policy
Hyatt and the Connected Entities have committed a significant amount of capital to
acquiring and maintaining the IT Resources in order to assist you and your
colleagues in doing your jobs quickly and professionally. The Policy has been
created to ensure that all Users understand the rights, responsibilities and dangers of
using these powerful business tools.
The policies and procedures described in this Policy are mandatory and apply
to all Users of the IT Resources, wherever they may be located. This Policy
embodies rules and obligations that are essential to protecting the reputation,
goodwill, property and personnel of Hyatt and the Connected Entities from the
very real risks created by use or misuse of the IT Resources. Violations of this
Policy can also expose Hyatt, the Connected Entities and their respective
officers, directors and employees to civil and criminal liability. Therefore,
violations of this Policy will be taken very seriously and may result in
disciplinary action (up to and including the termination of your employment)
and civil and criminal prosecution.
The Policy is intended to supplement, not replace, the other policies of Hyatt and the
Connected Entities. If you find a conflict among the various policies, please bring it
to the attention (or ask your Department Head to bring it to the attention) of the
Human Resources or Legal Departments at the Corporate Office.
Technology tools will continue to grow and evolve over time, as will the use of them
and the other IT Resources by Hyatt and the Connected Entities. These policies and
guidelines are subject to change to reflect these new developments. If you have any
thoughts, concerns or ideas about how Hyatt and the Connected Entities might make
better use of this technology or how these policies and guidelines may better address
the realities of working with the IT Resources, please do not hesitate to bring them
to the attention of your local Information Technology Department.
No Visitor or Guest Access Permitted. Visitors should not be permitted to use or
access any IT Resource (other than Internet access or computer stations specifically
designated for use by visitors) without the knowledge of the local Information
Technology Department and without first executing the Policy. If you suspect that
an unauthorized user has access to the Information Technology, report it
immediately to your Department Head or your local Information Technology
Department.
4. Privacy
Hyatt and its Connected Entities reserve the right to enter, access, search and
monitor the computer, computer files and EMail messages and files of any User and
all other aspects of their use of the IT Resources in order to monitor the User’s
compliance with the Policy and otherwise in furtherance of the legitimate business
interests (e.g., monitoring work flow and productivity) of Hyatt and the Connected
Entities without further notice to the User, including, without limitation, monitoring
sites visited by a User on the Internet, monitoring chat groups and newsgroups and
reviewing material downloaded from or uploaded to the Internet by the User. Any
Passwords Do Not Imply Privacy. The use of unique User Names in combination
with corresponding passwords to restrict access to a computer, network, file or
message should not be interpreted by a User as creating an expectation of privacy in
the material they create, store, access, send, receive or do using the IT Resources.
Authorized personnel at Hyatt and the Connected Entities have access rights that
permit them to access all material that Users create, access, store, send, receive and
otherwise do using the IT Resources, regardless of whether such materials have been
saved to a file folder or a directory that is otherwise used exclusively by a particular
User.
5. Specific Prohibited Activities
Inappropriate or Unlawful Material. Material that is fraudulent, harassing,
sexually explicit, profane, obscene, defamatory, racist, sexist, or otherwise unlawful
or inappropriate may not be sent by EMail or other form of electronic
communication (such as bulletin board systems, newsgroups, chat groups) or
accessed using or displayed on or stored using the IT Resources. Users encountering
or receiving this kind of material should immediately report the incident to their
Department Head or local Human Resources Department. Users who send, receive,
access, store or display prohibited materials will be subject to immediate discipline,
up to and including termination of employment.
Prohibited Uses. Without prior written permission from your Department Head,
the IT Resources may not be used for dissemination or storage of commercial or
Mass Marketing EMail. Users are prohibited from using the company EMail
system for the purposes of sending out mass EMail communications for marketing
campaigns. Thirdparty systems are available to effectively manage EMail
communications for marketing purposes.
Large File Transfers. Users should schedule communicationsintensive activities
such as large file transfers, mass EMailings, and streaming audio or video for off
peak times (that is, before 9:00 a.m. and after 5:00 p.m., Monday through Friday).
Because audio, video, MP3 and picture files require significant storage space and
carry the risk of claims of copyright infringement, files of this sort should not be
downloaded unless they are businessrelated. All files that are downloaded must be
scanned for viruses and other destructive programs.
Access to Corporate Data. Users are prohibited from accessing, modifying, adding to
or deleting Corporate Data from outside the security and auditing controls of the
application(s) or systems(s) that maintains the data without the prior written approval
of the individual or category of individuals designated on Exhibit A to this Policy for
that type of Corporate Data. For the purposes of this Policy, the term “Corporate
Data” shall mean any and all business records belonging to Hyatt or a Connected
Entity concerning their past, present or future financial performance, customers and
sources of business (including without limitation individual guests, groups, corporate
accounts, travel agencies and agents) or employees that are created and maintained in
an electronic format in a centralized database with restricted access, including, without
limitation, any data maintained in the following types of systems or databases: central
reservations systems (e.g., RESERVE, Voyager), loyalty program databases (e.g., the
Gold Passport database and related applications), property management systems
(e.g., Fidelio, HyAdvantage, MSI, Encore), sales and catering systems and databases
Copies of Corporate Data. Users are prohibited from maintaining copies of
Corporate Data (in any form) on their local computers, laptop computers, portable
memory devices, or personally owned computers and/or portable memory devices
without the prior written approval of the individual or category of individuals
designated on Exhibit A to this Policy for that type of Corporate Data. In the event a
User obtains written approval to copy Corporate Data onto his or her company issued
local computer, laptop computer or portable memory device, that Corporate Data must
be deleted from the applicable IT Resource immediately after the completion of the
approved use.
Creation and Maintenance of “Intranets” and Web Servers. Users are prohibited
from establishing intranets or web servers for use within their office or hotel without
permission and oversight from the Information Technology Department of the
Corporate Office. Unauthorized web sites are a significant security risk for Hyatt and
the Connected Entities. They also run the risk of degrading the performance of, and
increasing the maintenance costs associated with, other IT Resources
6. User Names and Passwords
User Names and Passwords are the rudimentary components of security for
applications and systems within our environment. They are the first level of access
control that we employ to help prevent unauthorized access to sensitive personal and
financial data and generally serve two purposes. First, they prevent unauthorized
individuals from accessing a computer or a particular file. Second, they link
activities conducted on the computer with a particular User.
Select Complex Passwords. Passwords should be obscure and a minimum of eight
characters in length. For best security, passwords must be complex, meaning that
they must include characters from three of the following four categories:
• English UPPER case characters (e.g., A..Z)
• English lower case characters (e.g., a..z)
• Base digits (e.g., 0..9)
• NonAlphanumeric Special Characters (e.g., “@”, “!”, “&”. “^”, “%”)
For example, you may want to consider substituting nonalphanumeric characters for
English chargers to create strong passwords. Using the password “HyattHotels”
could be “Hy@ttH0tel$”; or a phrase such as “Golden Rings” could be transformed
to “g0ld3n+r1n6s”.
You should never use a word related to your employer, department name, location, or
specific terms or names used in your department. You should never use common
sequences of numbers such as 12345678, the names of family members, children, or
pets. You should never use any information that may be personally identifiable you,
such as your name, telephone number, your date of birth, your automobile license
plate number or your address.
Password Upkeep. All passwords must be changed every sixty (60) days. Where
available, this will be enabled as an automated process controlled at the system level.
The applications or the servers will notify you when it is time to change your
password. Where automated password renewal is not available, the Users are
required to manually change their passwords within the systems and applications for
which they have access in order to be compliant with this policy. Users who do not
change their passwords within the time prescribed may be automatically locked out
of the system. Users are prohibited from creating automated means of entering User
Names and Passwords in order to log into IT Resources (i.e., through the use of
electronic scripts, shortcut buttons, etc.).
Divulging Passwords. Users are responsible for keeping their passwords secure.
Passwords should never be given out to anyone. Users that need to provide their
supervisors, subordinates or colleagues with access to their computers or other IT
If anyone asks for your password, refuse to give it and immediately report the
incident to your local Information Technology Department. If you suspect that your
password has been discovered, you should immediately change your password and
report your suspicions to your local Information Technology Department.
Password Reset Requests. Requests for password resets for IT Resources should be
directed to your local Information Technology Department. The Information
Technology Department may require the User to provide the secret word
(e.g. father’s middle name, favorite color) that was indicated by the User when
access to IT Resources was requested. The Information Technology Department will
only reset the password when the correct secret word is provided.
7. Security
The security of the IT Resources is everybody’s responsibility. No matter how much
technology is put into making the IT Resources secure, it will not work without the
cooperation and vigilance of all Users. Users should immediately notify their
Department Head or the Corporate Information Technology Department if they
become aware of any attempts to damage, interrupt or improperly alter, inhibit,
access, copy or transmit any IT Resources and/or related data files.
Accessing other Computers and Networks. A User’s ability to connect to other
computer systems through a network or by a modem does not imply the right to
connect to those systems unless specifically authorized by the operators of those
systems. Users are prohibited from accessing systems for which the operator of the
system hasn’t granted them access rights. Users that have questions concerning their
access rights should contact their local Information Technology Department.
Computer Security. Each User is responsible for ensuring that their use of outside
computers and networks, including the Internet, does not compromise the security of
the IT Resources. This duty includes taking reasonable precautions to prevent
intruders from accessing the networks of Hyatt and the Connected Entities without
authorization and to prevent introduction and spread of viruses. In the case of Users
accessing corporate data or IT Resources remotely, either using IT Resources or
personally owned computers or laptops (“Personal Resources”), it is the
responsibility of the User to ensure that the system has uptodate antivirus
protection and adequately configured firewall software to prevent hackers from
gaining control of their systems and stealing the data that is stored on those systems.
Data Protection Measures. Users are prohibited from attempting to circumvent the
data protection measures enacted by Hyatt and/or the Connected Entities or to
uncover security loopholes or bugs. Users are prohibited from gaining or attempting
to gain unauthorized access to restricted areas or files stored on the IT Resources.
Users are prohibited from tampering with any software protections or restrictions
placed on computer applications, files or directories.
Unattended PCs Must be Locked. Users are reminded that unattended computers
must be either logged off of the network, powered off, or locked using the Windows
Operating System “lock computer” feature. Any systems left unattended by a User
may result in the suspension of that User’s right to use the IT Resources.
8. Mobile Device Security
Mobile devices, such as mobile phones, the RIM BlackBerry, Palm Tungsten, and
HP PocketPC, empower their users with instant communications and improved
management of personal information. Users who are provided with a Mobile Device
by Hyatt or a Connected Entity must take all reasonable steps to ensure that the
device is protected from loss or theft.
• Any disregard for the security of a Mobile Device will result in the
revocation of the right to use a Mobile Device.
• In the case of the theft or loss of a Mobile Device, the User may be held
personally responsible for its loss, including the cost of its replacement.
Any theft or loss of a Mobile Device must be immediately reported to
your Department Head.
9. Laptop Security
Portable computers offer Users the ability to be more productive while on the move.
They offer greater flexibility in where and when Users can work and access
information, including information on our corporate network. However, network
enabled portable computers also pose the risk of data theft and unauthorized access
to our corporate network.
Certified Laptop Use. Any portable computer that is proposed for network
connection to the IT Resources, whether furnished by Hyatt or a Connected Entity or
the User’s Personal Property, must be reviewed, approved and certified by your local
Information Technology Department.
Personal Firewall Software. Users must ensure that a personal firewall is installed
on their laptop and that it is always active. Each laptop furnished by Hyatt or a
Connected Entity must be configured with personal firewall settings enabled. Your
local Information Technology Department can advise you of appropriate personal
firewall software to install on your personal laptop, but they will not install or
support such software on Personal Resources.
AntiVirus Software. AntiVirus software must be installed, kept up to date, and
must be active at all times. Each laptop furnished by Hyatt or a Connected Entity
will be configured with approved antivirus software. It is the User’s responsibility
for keeping their antivirus scanning software up to date. It is strongly
recommended that Users update their antivirus software before disconnecting from
the network. Your local Information Technology Department can advise you of
appropriate antivirus software for your Personal Resources, but they will not install
or support such software on noncompany owned computers.
PowerOn Passwords. All laptops furnished by Hyatt or a Connected Entity must
be configured with a poweron password set by the local Information Technology
Department. This password may not be changed by the User, and can only be set by
the local Information Technology Department. Users must assure that no passwords
for their system are written on or affixed to their laptops.
Use of Wireless Hotspots. At this time, the use of wireless (“WiFi”) “Hotspots” is
permitted for laptop Users when the properly configured antivirus and firewall
software is active. Your local Information Technology Department will properly
configure your companyowned laptop for proper use on WiFi networks. However,
Users should take extreme care when connecting to public Internet services as these
networks do not offer adequate protection for the User. Only recommended WiFi
services (such as TMobile’s HotSpot, StarHub, SwissCom) are considered safe with
a properly configured laptop. WiFi networks, if unsecured without adequate
personal firewall software, will leave the contents of your laptop exposed and
accessible by hackers. The data on your laptop can be stolen without your
knowledge. Any data stored on a laptop device that is particularly sensitive should
be protected by passwords in order to protect them theft. Wireless radios must be
disabled (turned off) when not in use.
Use of Bluetooth or Infrared Personal Area Networking. Bluetooth and Infrared
technologies, though different in their use, are both designed to be an inexpensive
wireless personal networking system for all classes of portable devices such as
laptops, PDAs (personal digital assistants), mobile phones and headsets. Bluetooth
can also replace cabling in a more static environment (i.e. between desktop
computers and printers). While providing a cordless way of connecting devices, it
can also be used to interconnect computers. Therefore, Users are reminded that
having Bluetooth or Infrared enabled on their laptops will leave them open for
potential intrusion by hackers. Bluetooth or Infrared features of a laptop should be
disabled when the User is not in a secured area.
Remote Access and VPN Services. Where available, authorized Users may only
remotely access Hyatt’s network and IT Resources via an approved Virtual Private
Network (“VPN”) secured connection. For information regarding Remote Access
and VPN Services, please consult your local Information Technology Department.
All Users who have been given Remote Access and VPN Services capabilities must
have received, read, and submitted the Acknowledgement form for the Global Hyatt
Policy for the Use of Remote Access and VPN Services.
10.Portable Storage and Memory Security
The use of portable memory devices by Users present a number of risks, including
the theft or loss of proprietary information and the introduction of viruses and other
malicious computer code past our security systems and firewalls. Those devices
include: flash, thumb, or jump drives (also known as USB memory drives); MP3
and MPEG players (particularly iPods); PDAs and Smartphones; Digital Cameras;
Memory/Storage media (e.g. memory sticks, rewritable DVDs, CDs, and floppy
diskettes).
General Security Risks. While the use of portable devices is currently not
prohibited, Users are reminded of the specific security risks surrounding their use:
Loss Devices used to transfer or transport work files can
be lost or stolen.
Theft Proprietary data can be stolen.
Virus Users can inadvertently introduce viruses such as
Trojans to the network while loading infected files
from an unscanned memory device.
Copyright Software copied onto portable memory devices can
violate licensing agreements
Spyware Spyware or tracking codes can be introduced to our
network via portable memory media
Compliance Loss or theft of financial data could expose Hyatt
to the risk of noncompliance with various laws
and directives including VISA/CISP or other so
Password Protection. Proper use of devices will include the password protection of
individual files or the portable media device and the use of advanced portable media
devices where biometric security and encryption is enabled.
Corporate Data. Portable memory devices are not to be used for the transmission
or storage of Corporate Data.
Users must report any theft or accidental loss of any portable storage device to their
Department Head. The improper use of portable memory devices by others should be
reported to your Department Head, your local Human Resources Department or
Information Technology Department or the Information Technology Department in the
Corporate Office. Any misuse of portable memory devices will result in the
immediate revocation of the ability to use such devices and will include appropriate
disciplinary action, which may include the termination of your employment.
11.Viruses
Virus Detection. Viruses can cause substantial damage to the IT Resources. Each
User is responsible for taking reasonable precautions to ensure he or she does not
introduce viruses into the IT Resources. To that end, all material received on a
portable memory media and all material downloaded from the Internet or received
via EMail from computers or networks that do not belong to Hyatt or a Connected
Entity MUST be scanned for viruses and other destructive programs before being
placed onto the IT Resources. Users should understand that their home computers
and laptops might contain viruses. All media used to transfer data from these
computers to a Hyatt or Connected Entity network MUST be scanned for viruses
before being placed onto the IT Resources.
Accessing the Internet. To ensure security and avoid the spread of viruses, Users
accessing the Internet through a computer attached to a Hyatt or Connected Entity
network must do so through an approved Internet firewall. Accessing the Internet
directly by modem is strictly prohibited unless the computer you are using is not
connected to a Hyatt or Connected Entity network. Users are encouraged to
purchase and install appropriate antivirus and firewall software for their home
systems when working with Corporate Data or when using their personal resources
to connect to the IT Resources. Your local Information Technology Department can
12.Encryption Software
Use of Encryption Software. Users are prohibited from installing or using
encryption software on any IT Resource without first obtaining written permission
from the Information Technology Department at the Corporate Office. Users may
not use encryption keys that are unknown to their Department Head or their local
Information Technology Department.
Export Restrictions. The U.S. government and the governments of other countries
have imposed restrictions on export of software containing encryption technology
(such as Lotus Notes, that permit encryption of messages and electronic commerce
software that encodes transactions). Software containing encryption technology
shall not be placed on the Internet or otherwise sent or transmitted (e.g., via EMail
attachment, portable memory media) from one country to another without prior
written authorization from the Corporate Office Information Technology
Department and the Hyatt Legal Department.
Certified Software. Only software applications that have been certified by Hyatt or
a Connected Entity are supported for use with the IT Resources. Users are
prohibited from installing any other software on IT Resources, and no support will
be provided for systems that are not compliant with the current Certified Software
standards. Users requiring the use of software that is not certified in the manner
described above should seek written approval by their Department Head and the
Corporate Office Information Technology Department.
13.Electronic Mail Use Policy
EMail is a quick and convenient way of communicating with other Users and with
outsiders. However, as with all types of communications, EMail has its good points
The policies and guidelines set forth below are intended to protect both the sender
and the recipient of EMail messages as well as Hyatt and the Connected Entities
from the pitfalls and hazards that accompany the widespread use of EMail. While
these policies and guidelines specifically address EMail, it is important to keep in
mind that EMail is just another form of corporate communication and is therefore
subject to all policies, guidelines and practices of Hyatt and/or the Connected
Entities relating to corporate communications in general.
Appropriate discretion should always be used when communicating any proprietary
or confidential information over any EMail system. Such information should not be
transmitted outside of Hyatt or a Connected Entity unless you are expressly
authorized to do so. If authorized, employees must take special care to ensure that
such information is properly communicated only to those authorized to receive such
information.
Communicating Confidential Information. Always keep in mind that EMail and
the Internet are public methods of communication. When you send information via
EMail, or make it available on the Internet, there is always a possibility that
unauthorized individuals will view the information. Never send confidential,
proprietary or trade secret information without first obtaining authorization from
your Department Head. This type of information is a valuable asset and each of us
must make sure that it is protected from unauthorized disclosure. EMail messages
can potentially be stored indefinitely on any number of computers, in addition to that
of the recipient. Copies of your messages may be forwarded to others
instantaneously at the intentional or mistaken click of your mouse. In addition,
EMail sent to nonexistent or incorrect User Names may be delivered to persons that
you never intended.
Sending Unsolicited EMail (“Spamming”). Users are prohibited from sending
unsolicited EMail to persons with whom they do not have a prior relationship or
with whom they have not received express permission to receive messages without
the express permission of their Department Head.
“Spoofing” or Otherwise Hiding Your Identity. Users are prohibited under any
circumstances from using “spoofing” or other means to disguise their identities in
sending EMail. Users must not alter the ‘From:’ line or other attributionoforigin
information in EMail, messages or postings. Anonymous or pseudonymous
Chain Letters, Joke Lists or Mass EMail. Every User is expected to use good
judgment when using the EMail system. Sending or forwarding chain EMail or
nonbusiness related mass EMail violates this standard and will not be tolerated.
Violations of the provision of this section should be reported to the User’s local
Human Resources or Information Technology Department. Users found to be
involved in sending chain EMail or nonbusiness related mass EMail may be
subject to disciplinary action, including revocation of EMail privileges. Repeated
violations of this policy may result in termination of employment.
Internet Disclaimer Tagline. All EMail messages sent to Internet destinations
must include the following “Internet Confidentiality Statement” tagline:
Please note that the EMail system will automatically append this disclaimer to all
Internet recipients.
Monitoring of EMail. As indicated above, EMail, like any employee business
communication, is subject to monitoring by Hyatt and/or the Connected Entities at
any time without further notification to the User or the recipient. Any messages sent
Personal EMail Access. Users desiring to send and retrieve personal EMail
messages on an occasional basis while at work are encouraged to use a personal
account with an online service such as Hotmail, Yahoo and AOL in order to make it
clear to the recipient of those messages that the content of those messages is
personal rather than business related. However, since those services are being
accessed using Corporate Resources, Users should remember that: (1) anything a
User creates, stores, sends, receives or does using such online services will be
subject to monitoring and review; (2) such limited use of Corporate Resources is
subject to all other provisions of the Policy; and (3) although you are using a third
party EMail service, your computer identification (IP Address), which identifies
you and Hyatt, is recorded for all your activity online and is sent with your EMail
address to the intended recipient.
Using your Corporate EMail Address for Personal Use. You should never use
your corporate Internet EMail address for personal use (i.e. for orders placed with
online merchants such as Amazon.com; joining web sites that request your EMail
address). By avoiding the use of your company issued EMail address on these web
sites, you will lessen the chances that the receipt of SPAM will burden the Hyatt IT
Resources.
14.Managing SPAM
Internet Junk Mail or “SPAM” is a growing problem for many people. While the
governments and other organizations crack down on offenders, there are few things
that you can do to help reduce your chances of getting SPAM. The most common
mistake is either replying to a piece of junk mail that you’ve received or clicking on
the “unsubscribe” link to try and remove your name from that EMail list. By
replying to the EMail sender, you are increasing your chances of receiving
additional SPAM by confirming that your EMail address is valid to the EMail
marketers that earn their living by sending SPAM to valid EMail addresses.
• Do not reply to any offers … you may end up getting more SPAM.
• Be cautious about sharing your EMail address when shopping online.
Do not use your company EMail account for any online shopping.
• Refuse promotional offers through EMail. Many online retailers will
have a checkoff (or optout) box allowing you to be effectively removed
from future mailings.
15.Internet Use Policy
Certain Users will be provided with access to the Internet to assist them in
performing their jobs. While the Internet can be an extremely powerful business
tool, it must be used in strict compliance with this Policy and its use must be
tempered with common sense and good judgment.
Disclaimer of Liability for Content Found on the Internet. The Internet is a
worldwide network of computers that contains millions of pages of information.
Users are cautioned that many of these pages include offensive, sexually explicit and
inappropriate material. Sometimes, even harmless search requests may lead to sites
with highly offensive content. In addition, having an EMail address on the Internet
may lead to the receipt of unsolicited EMail containing offensive content. Users
accessing the Internet do so at their own risk.
Blocking of Inappropriate Content and Services. From time to time, Hyatt and/or
the Connected Entities may use software to identify inappropriate or sexually
explicit Internet sites or to prevent access to such sites and services. Even if such
software is used, it is never foolproof, so in the event you nonetheless encounter
inappropriate or sexually explicit material while browsing on the Internet, you
should immediately disconnect from the site and for your own protection, you should
immediately notify your local Information Technology Department as to what
occurred.
Games and Entertainment Software. Employees may not use Internet connections
to play interactive online games, download games or other entertainment software,
including screen savers, MP3 files, or to play games over the Internet. Employees
may not use peering file share services (e.g., using Gnutella, KaZaa, Napster,
LimeWire and other applications or services) for the search and retrieval of MP3,
Internet Firewalls. To ensure security and avoid the spread of viruses, Users
accessing the Internet through a computer attached to a Hyatt or Connected Entity
network must do so through an approved Internet firewall. Accessing the Internet
directly, by modem, is strictly prohibited unless the computer you are using is not
connected to a Hyatt or Connected Entity network. Your local Information
Technology Department must approve all access to the Internet and may revoke
access at any time. Users are encouraged to purchase and install appropriate anti
virus and firewall software for their Personal Resources when using them to connect
to the IT Resources. Your local Information Technology Department can make
suggestions for appropriate software, but will not provide technical assistance with
your Personal Resources.
Using the Internet for Personal Business. Users using Corporate IT Resources to
transact personal business on an occasional basis (e.g., checking bank balances or
processing other online banking transactions, stock trading, purchasing items online)
do so at their own risk. Users are reminded that they should take special care when
transmitting credit card information or making electronic funds transfers over the
Internet that they are doing so over a secure connection. However, neither Hyatt nor
a Connected Entity is responsible for ensuring that Users have access to secure and
reliable connections to the Internet for their personal transactions, and neither Hyatt
nor a Connected Entity shall have liability to Users for any losses they incur as a
result of using (or not being able to use) IT Resources for their personal business.
Neither Hyatt nor a Connected Entity is also responsible for any loss, theft or other
compromise of your personal information while using the Internet.
16.Miscellaneous
EMail with Attorneys. In general, any communication between an employee and
attorneys employed by Hyatt or a Connected Entity concerning a legal matter
(whether the attorney is “inhouse” or is outside counsel) is considered confidential
and may be protected by the attorneyclient privilege. However, this protection may
be lost if the message is viewed by a nonattorney. This is true even if the person
reading the message is also an employee of Hyatt or a Connected Entity.
• Because of the risk of inadvertently waiving the Attorney/Client Privilege, Users
SHOULD NOT send EMail to inhouse or outside counsel over the Internet
without clearing it first with the Legal Department.
AttorneyClient Communications. EMail sent from or to inhouse counsel or any
attorney representing Hyatt or a Connected Entity concerning legal matters should
include this warning header on each page: “ATTORNEYCLIENT PRIVILEGED;
DO NOT FORWARD WITHOUT PERMISSION.” Communication from attorneys
may not be forwarded without the sender’s express permission.
Illegal Copying and Copyrights. Users may not illegally copy material protected
under copyright law or make that material available to others for copying. Users are
responsible for complying with copyright law and licenses that apply to software,
files, documents, messages and other material they wish to download or copy. Users
may not agree to a license or download any material for which a registration fee is
charged, free, or “shareware” without first obtaining the express written permission
of your local Information Technology Department.
Compliance with Applicable Laws and Licenses. Users must comply with all
software licenses, copyrights and all other state, federal and international laws
governing intellectual property and online activities in their use of the IT Resources.
Other Policies Applicable. Users must observe and comply with all other policies
and guidelines of Hyatt and/or the Connected Entities in their use of the IT
Resources, including but not limited to the policy on Work Place Values.
Amendments and Revisions. This Policy may be amended or revised from time to
time as the need arises. Users will be provided with copies of all amendments and
revisions.
No Additional Rights. This Policy is not intended to, and does not grant, Users any
contractual rights.
18.Acknowledgment and Consent
By my signature below, I acknowledge that I have received a copy of the Global
Hyatt Corporation Policy for the Use of IT Resources dated May 2006. I have read
and hereby agree to comply with the terms of this Policy. I understand that a
violation of this Policy may result in disciplinary action, including termination, as
well as civil or criminal liability. Regardless of whether my use of the IT Resources
is for business or for my incidental personal use, I consent to the monitoring of my
usage of the IT Resources in the manner described in the Policy and I acknowledge
and agree that I have no expectation of privacy concerning anything that I do using
the IT Resources.
Signature:
Printed Name:
Department:
DESIGNATED AUTHORITIES FOR CORPORATE DATA
For any other system or data source not listed here, or if you have any questions, please
consult with your local General Manager.
GENERAL EMAIL ETIQUETTE
• Always use a salutation.
• Make your message short. EMail is not the medium for communicating long,
complicated messages. Save those for hardcopy memos or reports (although it
is fine to attach those to an EMail with a short introductory message). Strive to
limit your EMail to three paragraphs.
• Keep attachments to a minimum. Excessive and nonessential attachments can
overwhelm readers. Attach relevant excerpts – not entire documents – and refer
the reader to the specific paragraphs or section that should be read. If replying to
a message that had attachments in it, be certain to remove the attachment so as to
prevent the resending of files unnecessarily. Also, please note that the EMail
system has a limit of 6MB for incoming and outgoing EMail attachments.
• Take great care in using blind copies (BCC). You should avoid using the BCC
function to send blind copies of EMail messages as much as possible. However,
the use of the BCC function may be appropriate when sending an EMail
message to multiple recipients, or when it is necessary to shield the identify of
the recipients of a message from one another in order to comply with privacy
laws or principles. Please contact your local Information Technology
Department for guidance on the use of the BCC function.
• EMail is for business communication, not for advertising. Sending global E
Mail advertising garage sales, cookie sales or fundraisers is inappropriate.
• Never forget that EMail is not conversation. It is recorded and can be
duplicated at will. While it is generally less formal than a hard copy letter or
memorandum, it is far more permanent than speaking to someone on the phone.
• EMail does not convey emotion well. Use the telephone when appropriate.
• EMail is not an informal communications method. Therefore, the use of
abbreviations, slang, jargon and other informal language is discouraged.
• Use normal capitalization and punctuation. Typing a message in all capital
letters is the equivalent of shouting at the reader. You can, however, use capital
letters for emphasis.
• Spellcheck and reread your message. It may take a few more minutes, but it’s
well worth it. Incomprehensible and misspelled EMail turns people off, makes
you look uneducated, and makes it less likely that recipients will read your E
Mail in the future.
• Internal EMail Messages should always be closed with a proper signature that
includes a complimentary closing and your name. It is not necessary and it is
discouraged to include your full contact details for people whom you regularly
correspond with, or for people who are using the Hyatt EMail system. For
example:
Best regards,
John
Best regards,
Nancy Smith
Marketing Communications Manager
Global Hyatt Corporation
71 S. Wacker Dr.
Chicago, Illinois 60606
Telephone: +312-555-1212
Telefax: +312-555-1212
Visit us online at www.hyatt.com