Pimalai Resort & Spa is comply to personal data protection legislation such as the EU General Data Protection Regulation, the Personal Data Protection Act 2012 of Singapore and the Personal Data Protection Act 2019 of Thailand, which regulate the processing of personal data relating to you and grants you various rights in respect of your personal data.
Categories for Personal Date Collection
Personal Data such as title, first name, surname, age, occupation, date of birth, gender, nationality, marital status, photo, video, signature, CCTV footage, and record of access to various sports facilities and other facilities within the Club.
Contact Data such as address on census, current address, office address, postal code, telephone number, business phone number, mobile number, email, social media account name (e.g. Line ID, Facebook, Instagram, Whatsapp, WeChat, Telegram and time available for contacting) and other electronic means of contact.
Government-issued Personally Identifiable Data such as citizen ID number, passport number, driver’s license number, census, and other similar information.
Demographic Data such as children and their ages, amount in family members.
Financial Data such as method of payment (e.g., cash or credit), cash card/credit/debit number, PromptPay ID, bank account number and account type.
Data Collected from Guests’ Electronic Devices such as IP address, time spent on our website, cookies, search history, browsing data, chat history on webpage and other applications, browser type and version, time zone and location settings, plug-in browser version and type, operating system, and other technologies on members’ device used to access the platform.
Other Data Provided by Using our services such as personal data provided in the questionnaires, surveys, member feedback forms, and other activities.
Personally Identifiable Information from CCTV Footage and Facial Recognition Devices such as CCTV cameras within the propperty, mounted cameras, temperature reading cameras.
Health information, such as body temperature reading and record of drug dispensation from the first aid rooms.
Where We Collect Personal Data
a. Booking a room
When you book a room, we collect Personal Data, which includes:
- Your stay period - Number of rooms in the reservation - Number of people in the reservation (adults and children) - Age of children - The rate/special offer selected - Any add-on packages selected - Your full name - Your address, including city and country - Your e-mail address, and - Your credit card details - Promo code
- Frequent Flyer Information - Arrival Information -Room, Bed type and/or other preferences - Telephone/mobile - Option to join the PIMALAI RESORT & SPA membership
We use this Personal Data to handle your reservation and to establish and fulfil our contract with you. This includes verifying your identity, taking guarantee and/or payment information, and sending stay-related and/or marketing communication.
We take the protection of your Personal Data very seriously and therefore have kept the mandatory required fields to a minimum.
b. PIMALAI RESORT & SPA membership/user account
You can create a PIMALAI RESORT & SPA membership/user account with us to receive member discounts and special benefits. If you set up a PIMALAI RESORT & SPA membership/user account, we ask you to provide the following Personal Information:
- Your full name and email address - Your date of birth
We use your Personal Data to send you your membership point balance, special offers exclusively for members and newletters.
For the web user account, you can deactivate your account at any time by loggin in to your membership account and selecting “Deactivate Account” button on your profile page; or sending an e-mail request to email@example.com. If you deactivate your account, your account will be set to inactive.
a) Both parties shall take reasonable precautions to protect the Confidential Information and the System and shall not use or disclose any such Confidential Information, including but not limited to guest stay information provided by the Customer to GHS from whatever sources, without the prior written consent of the disclosing Party of such Confidential Information.
b) All guests’ data remain the proprietary property of the Customer. GHS shall take appropriate technical and organizational measures against unauthorized or unlawful processing of the guests’ data or its accidental loss, destruction or damage. In the event that GHS receives notification of non-compliance with any data processing laws, GHS shall advise the Customer of the same and change the data processing instructions given to the Customer so as to ensure that no laws are infringed.
c. “Contact Us” functionality
You can get in contact with us via our Website by using the “Contact Us” functionality, or by telephone. To contact us you are required to provide the following information
- Your full name - Your e-mail address - Your mobile phone and your telephone - Your location
We use your information to reply to your enquiry.
We use the following categories of cookies on our Website:
Category 1: Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the Website and use its features. Without these cookies, services you have asked for such as remembering your login details or data provided for a booking cannot be provided.
Category 2: Performance Cookies
These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, booking experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.
Category 3: Functionality Cookies
These cookies remember choices you make such as the country you visit our Website from, language and search parameters such as number of guests, hotel, time of stay. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant.
Current versions of web browsers offer enhanced user controls regarding the placement and duration of both first and third-party cookies. Search for "cookies" under your web browser's “Help” menu for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our websites or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu/.
e. Google Analytics
Our Website uses Google Analytics, which is a web analytics service provided by the third-party provider Google, Inc. (“Google”). Google Analytics is used for the purpose of evaluating your use of our Website, compiling reports on Website activity and other services relating to Website activity and internet usage. The information generated by the cookie about your use of the Website is usually transmitted to and stored by Google on servers in the United States. This transfer is covered by Google’s Privacy Shield certification and a separate data processing agreement that we have concluded with Google: https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (information on Google Analytics and data privacy).
Purposes for Collecting, Use and Disclose of Personal Data
- To contact and communicate with our guests such as coordinating, providing public relations services, promotional information, privileges, notifications, as well as to process, update and correct guests’ personal data and keep their status and profile current which includes various aspects related to service providing such as inquiries, requests, feedback, and complaints in order to provide assistance, troubleshoot technical problems, and to notify guests of the corrective action and to conduct surveys for their opinions and satisfaction with the services of Pimalai Resort and Spa for future improvement. Guests / members can unsubscribe from news at any time. - To maintain, operate, monitor, and manage the website and platform to facilitate and assure that they are operating smoothly, effectively, and securely. To facilitate guests and members’ usage and improve the planning and content of the website and platform. - To facilitate the overall security within Pimalai Resort and Spa's premises.
Rights of Data Subject
Guests can request Pimalai Resort and Spa to adjust incorrect or add incomplete data and may request to withdraw data which guests have not consented to. However, the request must be in accordance with the laws of Thailand.
Guests can request to unsubscribe from receiving news and public relations messages by notifying at firstname.lastname@example.org.
Sharing Personal Data
Your Personal Data may be shared with:
- Our commercial partners in the event that you book an event or an activity organized by such commercial partners. - Our third-party service providers who process your data on our behalf. Pimalai Resort & Spa’s third-party service providers hosting providers, and providers of data analysis, IT services, and other similar services requested by Pimalai Resort & Spa to provide the Website and other business-related services to you. Any data processing on our behalf complies with the applicable laws. - Government according to the laws.
We will not transfer your personal data to third-party recipients unless you consent to such transfer of data or such transfer is permitted under applicable law.
What kind of security measures for the compliance with data protection?
We strive to maintain the appropriate standards of security and we have put in place robust technical and organizational measures for the protection of your Personal Data in accordance with the current state of the art technologies, especially to protect the data against loss, falsification or access by unauthorized third persons. For the transfer of particularly sensible Personal Data via the internet, such as for example credit card details, we exclusively use encrypted transmission routes and we comply with the Payment Card Industry Data Security Standards (PCI DSS) which is a set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. However, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access. As far as third parties (i.e. external companies) are rendering data processing services for us, we have committed them to the compliance with our data privacy regulations. The external service providers are supervised by our Global Data Protection Manager in terms of compliance with these regulations.
In respect of the collection and use of your personal data, you may:
- ask us whether we process Personal Data about you, for which purposes, the categories of Personal Data concerned, to which categories of recipients the information has been disclosed, where possible, the envisaged period for which the personal data will be stored (or, if not possible, the criteria used to determine that period),
- inquire with us about the appropriate safeguards relating to the transfer to a third party,
- ask us for a copy of the Personal Data undergoing processing and ask to receive your Personal Data in a structured, commonly used and machine-readable format and to transmit those data to another controller without any hindrance from us. Via the link “My Profile”, you will be displayed all stored data relating to your person. In addition to that, you can also view your stored reservations via the link “Future booking”. We guarantee that no unauthorized persons are able to have access either to your profile or to your reservations,
- have inaccurate data rectified,
- object against the further processing and request erasure of your Personal Data,
- request that the processing of your personal data is restricted by Pimalai Resort & Spa,
- request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
If you have any further questions on your personal data which has been stored with us or would like to exercise your rights please refer to our Global Data Protection Manager via the contact details stated below.
Retention and deletion of Personal Data
We will retain your personal data only for a limited period of time needed to fulfil the purposes of processing mentioned above. After that time your personal data will be erased. If we process your personal data based on your consent, we will retain your personal data for a limited period of time needed to fulfil the purposes of processing it.
Where we enter into a contract with you, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned and the technical requirements. Laws may require us to hold certain information for specific periods.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
In other cases, we may retain data for an appropriate period after any relationship with you ends, to protect ourselves from legal claims, or to administer our business.
Who is the contact person for questions and/or problems relating to the data protection?