Pimalai
Resort & Spa
-
-
4.8Based on
1,179 reviews -
TripAdvisor
5/5
Booking.com
9.5/10
Expedia
4.9/5
Privacy Policy
This website www.pimalai.com (“Website”) is made available to you by Pimalai Resort & Spa Co., Ltd. 99 Moo 5 Ba Kan Tiang Beach, Koh Lanta, Krabi 81150, Thailand hereinafter referred to as “Pimalai Resort & Spa”, “we” or “us”. We comply with data protection legislation such as the EU General Data Protection Regulation and the Personal Data Protection Act 2012 of Singapore, which regulates the processing of personal data relating to you and grants you various rights in respect of your personal data. The aim of this Privacy Policy is to inform you about how we will use your personal data you provide to us through this Website, in connection with hotel bookings, your stay at Pimalai Resort & Spa as well as personal data provided and/or collected by us through other channels. We also inform you about your rights under applicable data protection law with respect to the handling of your Personal Data by us. Before providing us with Personal Data we recommend that you read this Privacy Policy which also forms part of our Terms and Conditions that govern our hotel services.
I. What is Personal Data?
For the purposes of this Privacy Policy, “Personal Data” means any information provided by you when interacting with us, for example through our Website or when calling us, or data is collected about you through your use of our Website and allowing you to be identified personally, either directly (e.g. your name) or indirectly, because the data references an identifier such as your name, an identification number, location data, an online identifier (e.g. telephone number) as an individual person. We may also collect personal data about you in other instances which relate to your stay at Pimalai Resort & Spa.
II. When is what kind of data stored and processed for what reason?
1. Use of the Website
Whenever you navigate our Website, data about you is collected and processed. We collect the following data:
2. Interacting with us
Every time you interact with us (e.g. booking a room through our Website, by phone or through a third-party provider, posting a comment on our blog, signing up for our membership program) we may collect and process the Personal Data you provide to us.
a. Booking a room
When you book a room, we collect Personal Data, which includes:
We take the protection of your Personal Data very seriously and therefore have kept the mandatory required fields to a minimum.
b. PIMALAI RESORT & SPA membership/user account
You can create a PIMALAI RESORT & SPA membership/user account with us, which gives you added benefits, such as updating personal information and preferences; summary of past/future stays in any Pimalai Resort & Spa; member discounted rates in any Pimalai Resort & Spa *; special benefits and discounts in Pimalai Resort & Spa * (varies by PIMALAI RESORT & SPA membership level); and local experiences* which can be redeemed at Pimalai Resort & Spa. If you set up a PIMALAI RESORT & SPA membership/user account, we ask you to provide the following Personal Information:
*For further information on PIMALAI RESORT & SPA, please see point 3.
For the web user account, you can deactivate your account at any time by loggin in to your membership account and selecting “Deactivate Account” button on your profile page; or sending an e-mail request to crm@pimalai.com
If you deactivate your account, your account will be set to inactive.
c. “Contact Us” functionality
You can get in contact with us via our Website by using the “Contact Us” functionality, or by telephone. To contact us you are required to provide the following information:
d. Communication Providers
You can also get in contact with us via different communication channels (such as Facebook, Instagram, Google Business Account, Tripadvisor, Line, WeChat, Weibo etc., hereafter referred to as "Communications Provider") if you have any enquiries which you would like us to address. You will find an overview of the respective Communications Provider through which you can get in contact with us (i) in our pre-arrival communications with you, (ii) on the landing page of our central communications hub (iii) on leaflets including this information, which we may provide to you on hotel level. Please kindly note that those Communications Provider independently control your Personal Data which is being communicated on these channels, i.e. how they process your Personal Data solely lies within their responsibility. We do not have influence on the collected data and data processing operations conducted by such Communications Provider. Information on the purpose and scope of data collection and its processing by the Communications Provider can be found in the respective data protection policies of these Communications Provider, where you will also find further information on your rights and options for privacy protection.
Additionally, to facilitate our reply and to communicate with you in real-time on the respective communication channel, your enquiries sent to us through this communications channel will be centralized in one central communication hub. We are responsible for the processing of your Personal Data on this central communication hub. This hub and your enquiries can be accessed by our relevant staff in charge. We use your information only to reply to your enquiry.
3. Membership Program; Pimalai Resort & Spa
The Pimalai Resort & Spa membership program is provided by a third-party provider. You can access its privacy policy here https://www.pimalai.com/tnc
III. Sharing Personal Data
Your Personal Data may be shared:
IV. Social Media Buttons
On our Website we use the following social media plug-ins: Facebook, Google+, Twitter, LinkedIn, Instagram, Weibo, WeChat. The plug-ins can be identified by the social media buttons marked with the logo of the provider of the respective social media networks.
We have implemented these plug-ins using the so-called 2-click solution. This means that when you navigate on our Website, Personal Data will initially not be collected by the providers of these social media plug-ins. Only if you click on one of the plug-ins will your Personal Data be transmitted: By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored by them (in the case of US providers your Personal Data will be stored in the USA). We neither have influence on the collected data and data processing operations conducted by the providers, nor are we aware of the full extent of data collection, the purposes or the retention periods.
Information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the respective data protection policies of these providers, where you will also find further information on your rights and options for privacy protection.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA:
https://www.facebook.com/privacy/explanation
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA:
https://www.google.com/policies/privacy/
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
https://twitter.com/privacy
Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA:
https://help.instagram.com/155833707900388
Weibo Corporation, No.8 Sina Plaza, Courtyard 10, the West, XiBeiWang E. Road, HaiDian District, Beijing 100080, China:
http://weibo.com.au/terms
Tencent International Service Pte. Ltd., 10 Anson Road, #21-07 International Plaza, Singapore 079903:
https://www.wechat.com/en/privacy_policy.html
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA:
http://www.linkedin.com/legal/privacy-policy
V. Integration of YouTube videos
We have included a link to our YouTube channel on our Website. The videos are stored on http://www.YouTube.com, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Your Personal Data will not be transferred to YouTube unless you play the videos. We have no influence on this data transfer. You will find further information with regard to the processing of personal data under YouTube’s privacy policy available at http://www.google.com/intl/en/policies/privacy/
VI. Cookies
We use cookies on our Website. Cookies are small text files sent by a web server to your web browser and saved locally on your computer. The cookie allows the server to uniquely identify the browser on each page. Cookies do not cause any harm to your computer and do not contain viruses.
We use the following categories of cookies on our Website:
Category 1: Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the Website and use its features. Without these cookies, services you have asked for such as remembering your login details or data provided for a booking cannot be provided.
Category 2: Performance Cookies
These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, booking experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.
Category 3: Functionality Cookies
These cookies remember choices you make such as the country you visit our Website from, language and search parameters such as number of guests, hotel, time of stay. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant.
Current versions of web browsers offer enhanced user controls regarding the placement and duration of both first and third-party cookies. Search for "cookies" under your web browser's “Help” menu for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our websites or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu/.
VII. Google Analytics
Our Website uses Google Analytics, which is a web analytics service provided by the third-party provider Google, Inc. (“Google”). Google Analytics is used for the purpose of evaluating your use of our Website, compiling reports on Website activity and other services relating to Website activity and internet usage. The information generated by the cookie about your use of the Website is usually transmitted to and stored by Google on servers in the United States. This transfer is covered by Google’s Privacy Shield certification and a separate data processing agreement that we have concluded with Google:
https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (information on Google Analytics and data privacy).
VIII. What kind of security measures for the compliance with data protection?
We strive to maintain the appropriate standards of security and we have put in place robust technical and organizational measures for the protection of your Personal Data in accordance with the current state of the art technologies, especially to protect the data against loss, falsification or access by unauthorized third persons. For the transfer of particularly sensible Personal Data via the internet, such as for example credit card details, we exclusively use encrypted transmission routes and we comply with the Payment Card Industry Data Security Standards (PCI DSS) which is a set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. However, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access. As far as third parties (i.e. external companies) are rendering data processing services for us, we have committed them to the compliance with our data privacy regulations. The external service providers are supervised by our Global Data Protection Manager in terms of compliance with these regulations.
IX. Your Rights
In respect of the collection and use of your personal data, you may:
If you have any further questions on your personal data which has been stored with us or would like to exercise your rights please refer to our Global Data Protection Manager via the contact details stated below.
X. Retention and deletion of Personal Data
We will retain your personal data only for a limited period of time needed to fulfil the purposes of processing mentioned above. After that time your personal data will be erased. If we process your personal data based on your consent, we will retain your personal data for a limited period of time needed to fulfil the purposes of processing it.
Where we enter into a contract with you, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned and the technical requirements. Laws may require us to hold certain information for specific periods.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
In other cases, we may retain data for an appropriate period after any relationship with you ends, to protect ourselves from legal claims, or to administer our business.
XI. Updates
This Privacy Policy may be updated periodically. We will update the date at the top of its first page accordingly and encourage you to check for changes that we have made, which will be available at https://www.pimalai.com/tnc. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Policy, as required by applicable law.
XII. Who is the contact person for questions and/or problems relating to the data protection?
Please contact our Global Data Protection Manager at privacy@pimalai.com
I. What is Personal Data?
For the purposes of this Privacy Policy, “Personal Data” means any information provided by you when interacting with us, for example through our Website or when calling us, or data is collected about you through your use of our Website and allowing you to be identified personally, either directly (e.g. your name) or indirectly, because the data references an identifier such as your name, an identification number, location data, an online identifier (e.g. telephone number) as an individual person. We may also collect personal data about you in other instances which relate to your stay at Pimalai Resort & Spa.
II. When is what kind of data stored and processed for what reason?
1. Use of the Website
Whenever you navigate our Website, data about you is collected and processed. We collect the following data:
- Information related to the browser or device you use to access our website
- IP address
- Country you are browsing from
- Browsing habits, including sites visited
- Age
- Marital status, and
- Other demographics and statistical information
2. Interacting with us
Every time you interact with us (e.g. booking a room through our Website, by phone or through a third-party provider, posting a comment on our blog, signing up for our membership program) we may collect and process the Personal Data you provide to us.
a. Booking a room
When you book a room, we collect Personal Data, which includes:
- Your selected dates
- Number of rooms in the reservation
- Number of people in the reservation (adults and children)
- Age of children
- The rate/special offer selected
- Any add-on packages selected
- Your full name
- Your address, including city and country
- Your e-mail address, and
- Your credit card details
- Promo code
- Frequent Flyer Information
- Arrival Information
- Room, Bed type and/or other preferences
- Telephone/mobile
- Option to join the PIMALAI RESORT & SPA membership
We take the protection of your Personal Data very seriously and therefore have kept the mandatory required fields to a minimum.
b. PIMALAI RESORT & SPA membership/user account
You can create a PIMALAI RESORT & SPA membership/user account with us, which gives you added benefits, such as updating personal information and preferences; summary of past/future stays in any Pimalai Resort & Spa; member discounted rates in any Pimalai Resort & Spa *; special benefits and discounts in Pimalai Resort & Spa * (varies by PIMALAI RESORT & SPA membership level); and local experiences* which can be redeemed at Pimalai Resort & Spa. If you set up a PIMALAI RESORT & SPA membership/user account, we ask you to provide the following Personal Information:
- Your full name and email address
- Your date of birth
*For further information on PIMALAI RESORT & SPA, please see point 3.
For the web user account, you can deactivate your account at any time by loggin in to your membership account and selecting “Deactivate Account” button on your profile page; or sending an e-mail request to crm@pimalai.com
If you deactivate your account, your account will be set to inactive.
c. “Contact Us” functionality
You can get in contact with us via our Website by using the “Contact Us” functionality, or by telephone. To contact us you are required to provide the following information:
- Your full name
- Your e-mail
- Your mobile phone and your telephone
- Your location
- Your subject and
- Your message
- Recaptcha, to confirm you are an actual person, and not a robot
d. Communication Providers
You can also get in contact with us via different communication channels (such as Facebook, Instagram, Google Business Account, Tripadvisor, Line, WeChat, Weibo etc., hereafter referred to as "Communications Provider") if you have any enquiries which you would like us to address. You will find an overview of the respective Communications Provider through which you can get in contact with us (i) in our pre-arrival communications with you, (ii) on the landing page of our central communications hub (iii) on leaflets including this information, which we may provide to you on hotel level. Please kindly note that those Communications Provider independently control your Personal Data which is being communicated on these channels, i.e. how they process your Personal Data solely lies within their responsibility. We do not have influence on the collected data and data processing operations conducted by such Communications Provider. Information on the purpose and scope of data collection and its processing by the Communications Provider can be found in the respective data protection policies of these Communications Provider, where you will also find further information on your rights and options for privacy protection.
Additionally, to facilitate our reply and to communicate with you in real-time on the respective communication channel, your enquiries sent to us through this communications channel will be centralized in one central communication hub. We are responsible for the processing of your Personal Data on this central communication hub. This hub and your enquiries can be accessed by our relevant staff in charge. We use your information only to reply to your enquiry.
3. Membership Program; Pimalai Resort & Spa
The Pimalai Resort & Spa membership program is provided by a third-party provider. You can access its privacy policy here https://www.pimalai.com/tnc
III. Sharing Personal Data
Your Personal Data may be shared:
- Pimalai Resort & Spa establish and fulfil our contract with you or to the extent you consented to such sharing of data, for example. This includes verifying your identity, taking payments getting in contact and communicating with you.
- With our commercial partners in the event that you book an event or an activity organized by such commercial partners.
- With our third-party service providers who process your data on our behalf. Pimalai Resort & Spa’s third-party service providers hosting providers, and providers of data analysis, IT services, and other similar services requested by Pimalai Resort & Spa to provide the Website and other business-related services to you. Any data processing on our behalf complies with the applicable laws.
IV. Social Media Buttons
On our Website we use the following social media plug-ins: Facebook, Google+, Twitter, LinkedIn, Instagram, Weibo, WeChat. The plug-ins can be identified by the social media buttons marked with the logo of the provider of the respective social media networks.
We have implemented these plug-ins using the so-called 2-click solution. This means that when you navigate on our Website, Personal Data will initially not be collected by the providers of these social media plug-ins. Only if you click on one of the plug-ins will your Personal Data be transmitted: By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored by them (in the case of US providers your Personal Data will be stored in the USA). We neither have influence on the collected data and data processing operations conducted by the providers, nor are we aware of the full extent of data collection, the purposes or the retention periods.
Information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the respective data protection policies of these providers, where you will also find further information on your rights and options for privacy protection.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA:
https://www.facebook.com/privacy/explanation
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA:
https://www.google.com/policies/privacy/
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
https://twitter.com/privacy
Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA:
https://help.instagram.com/155833707900388
Weibo Corporation, No.8 Sina Plaza, Courtyard 10, the West, XiBeiWang E. Road, HaiDian District, Beijing 100080, China:
http://weibo.com.au/terms
Tencent International Service Pte. Ltd., 10 Anson Road, #21-07 International Plaza, Singapore 079903:
https://www.wechat.com/en/privacy_policy.html
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA:
http://www.linkedin.com/legal/privacy-policy
V. Integration of YouTube videos
We have included a link to our YouTube channel on our Website. The videos are stored on http://www.YouTube.com, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Your Personal Data will not be transferred to YouTube unless you play the videos. We have no influence on this data transfer. You will find further information with regard to the processing of personal data under YouTube’s privacy policy available at http://www.google.com/intl/en/policies/privacy/
VI. Cookies
We use cookies on our Website. Cookies are small text files sent by a web server to your web browser and saved locally on your computer. The cookie allows the server to uniquely identify the browser on each page. Cookies do not cause any harm to your computer and do not contain viruses.
We use the following categories of cookies on our Website:
Category 1: Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the Website and use its features. Without these cookies, services you have asked for such as remembering your login details or data provided for a booking cannot be provided.
Category 2: Performance Cookies
These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, booking experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.
Category 3: Functionality Cookies
These cookies remember choices you make such as the country you visit our Website from, language and search parameters such as number of guests, hotel, time of stay. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant.
Current versions of web browsers offer enhanced user controls regarding the placement and duration of both first and third-party cookies. Search for "cookies" under your web browser's “Help” menu for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our websites or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu/.
VII. Google Analytics
Our Website uses Google Analytics, which is a web analytics service provided by the third-party provider Google, Inc. (“Google”). Google Analytics is used for the purpose of evaluating your use of our Website, compiling reports on Website activity and other services relating to Website activity and internet usage. The information generated by the cookie about your use of the Website is usually transmitted to and stored by Google on servers in the United States. This transfer is covered by Google’s Privacy Shield certification and a separate data processing agreement that we have concluded with Google:
https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (information on Google Analytics and data privacy).
VIII. What kind of security measures for the compliance with data protection?
We strive to maintain the appropriate standards of security and we have put in place robust technical and organizational measures for the protection of your Personal Data in accordance with the current state of the art technologies, especially to protect the data against loss, falsification or access by unauthorized third persons. For the transfer of particularly sensible Personal Data via the internet, such as for example credit card details, we exclusively use encrypted transmission routes and we comply with the Payment Card Industry Data Security Standards (PCI DSS) which is a set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. However, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access. As far as third parties (i.e. external companies) are rendering data processing services for us, we have committed them to the compliance with our data privacy regulations. The external service providers are supervised by our Global Data Protection Manager in terms of compliance with these regulations.
IX. Your Rights
In respect of the collection and use of your personal data, you may:
- ask us whether we process Personal Data about you, for which purposes, the categories of Personal Data concerned, to which categories of recipients the information has been disclosed, where possible, the envisaged period for which the personal data will be stored (or, if not possible, the criteria used to determine that period),
-
inquire with us about the appropriate safeguards relating to the transfer to a third party,
ask us for a copy of the Personal Data undergoing processing and ask to receive your Personal Data in a structured, commonly used and machine-readable format and to transmit those data to another controller without any hindrance from us. Via the link “My Profile”, you will be displayed all stored data relating to your person. In addition to that, you can also view your stored reservations via the link “Future booking”. We guarantee that no unauthorized persons are able to have access either to your profile or to your reservations, - have inaccurate data rectified,
- object against the further processing and request erasure of your Personal Data,
- request that the processing of your personal data is restricted by Pimalai Resort & Spa,
- request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
If you have any further questions on your personal data which has been stored with us or would like to exercise your rights please refer to our Global Data Protection Manager via the contact details stated below.
X. Retention and deletion of Personal Data
We will retain your personal data only for a limited period of time needed to fulfil the purposes of processing mentioned above. After that time your personal data will be erased. If we process your personal data based on your consent, we will retain your personal data for a limited period of time needed to fulfil the purposes of processing it.
Where we enter into a contract with you, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned and the technical requirements. Laws may require us to hold certain information for specific periods.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
In other cases, we may retain data for an appropriate period after any relationship with you ends, to protect ourselves from legal claims, or to administer our business.
XI. Updates
This Privacy Policy may be updated periodically. We will update the date at the top of its first page accordingly and encourage you to check for changes that we have made, which will be available at https://www.pimalai.com/tnc. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Policy, as required by applicable law.
XII. Who is the contact person for questions and/or problems relating to the data protection?
Please contact our Global Data Protection Manager at privacy@pimalai.com
