TP Surin Beach Hotel Limited (the “Company”, “we”, “us” or “ours”) as the operator of resorts and hotels consisting of
• TWINPALMS PHUKET
• TWINPALMS MONTAZURE
• WAGYU STEAKHOUSE
• CATCH BEACH CLUB
• PALM SEASIDE
• THE LAZY COCONUT
• SHIMMER BEACHFRONT RESTAURANT
• ORIENTAL SPOON
• LOVE NOODLES
• MY OLYMPIA
• PALM SPA & PALM FITNESS
(collectively referred to as the “Properties”)
and our website “https://www.twinpalmshotelsresorts.com” as well as our application “Catch” (collectively referred to as the “Site”).
The Company acknowledges, realizes and respects the importance of privacy of the data subjects (“you”, “your”, or “yours”) and we will strictly follow security policies when we collect, use, process, disclose and/or overseas transfer the personal data (the “Personal Data”) in accordance with the Personal Data Protection Act B.E. 2562 (2019) and all applicable subsequent regulations (collectively referred to as the “PDPA”).
• Hotel guests
• Properties tenants
• Any person who visits, reside, or stay at our Properties
• Any person who visits our Site and application or contact us via our call center, point of sales, events, or other channels.
1. YOUR PERSONAL DATA THAT WE COLLECT
We collect various types of data from you depending on how you interact with us and what services you need from us. The data we collect from you may or may not include:
a) Personal Details: title, name, surname, gender, age, occupation, nationality, date of birth, marital status, copy of national identification card or passport, driving license, address, signature, license plate details, vehicle details, photo;
b) Contact Information: address, telephone number, mobile phone number, business phone number, e-mail address, account of any social media;
c) Payment Details: credit/debit card details, bank account number, billing address, member types, payment slip, and other necessary payment and billing details;
d) Loyalty Program and Membership Details: member card number and privilege details (including copy of member card), partner program, your discount code and promotions;
e) Accommodation Details: date of checking-in and checking-out, room number, type of room and bed requests, any other special requests;
f) Communication Details: your feedback, questions, interests, history of contact and communication with us, and your communication preference;
g) Technical Details: IP address, log, devices, networks, connection details, access details and time, cookies, search history, log-in details, browsing details, time zone and location, computer system and platform, and operating system you use to access the Site;
h) Information concerning security: CCTV recording;
i) Sensitive Data: we also collect your sensitive data as necessary for residing in or staying at the Properties, using the Site and our services such as ethnicity, race, religion, health and medical data, disability, etc. Such sensitive data (the “Sensitive Data”) will be collected, used, disclosed and processed only after obtaining your explicit consent or when permitted by law.
2. PERSONAL DATA OF THIRD PARTIES
3. PERSONAL DATA OF CHILDREN, QUASI-INCOMPENTENT PERSONS AND INCOMPETENT PERSONS
We will not collect any Personal Data of any children under 18 years old or quasi-incompetent persons, and incompetent persons without obtaining a consent from their parent or guardian. In case we discover that the Personal Data of children, quasi-incompetent persons and incompetent persons has been collected without consent from their parent or guardian when it is required, such collected Personal Data will be immediately deleted unless otherwise allowed or permitted under other legal grounds to process it.
4. HOW PERSONAL DATA IS COLLECTED, USED AND PROCESSED
4.1 The Personal Data is mainly collected, used and processed by us, and may also be collected by our staffs, affiliates, subsidiaries, contracted consultants or service providers or any third parties assigned and engaged by us.
4.2 We collect the Personal Data from you directly when you visit our Properties, use the Site or our services, or when you have communication or interaction with us at our Properties, the Site, application, call center, point of sales and events, and other locations where you contact us.
4.3 We also collect the Personal Data from other third parties or other sources such as Facebook, Google Analytics, your devices (computer and/or mobile device) used for access into the Site, Cookie, IP Address, and other social networking sites.
5. PURPOSES OF COLLECTION, USE, AND/OR DISCLOSURE OF PERSONAL DATA
The Personal Data is collected, use and disclosed for the following purposes:
5.1 Concerning the branded hospitality businesses under our management
(a) To accommodate and service you during your stay at our Properties
(b) To perform services under the branded hospitality businesses under our management: provide you available dates of stay and price quotes, reserve and manage your bookings, reservation, and consumption or use of our products and services, manage your payments and requests during your stay, observe your use of our products, services, restaurants, beach club and other facilities, manage customer services and customer relationship with you, manage your requests, feedback, claims, complaints, inquiries, and undertake and manage other branded hospitality businesses.
(c) To arrange necessary contracts and registrations as you are our resident and/or tenant, to provide you with the utilities such as water, electricity, phone, internet access, to provide any supports or services related to the premises and utilities, and to process the billing related to the rental and relevant services.
(d) To operate our business, conduct quality control and training, improve the efficiency of our operation, products and services as part of the managerial contractual obligations of the branded business entities.
(e) To conduct audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business activities relating to finance, tax or accounting.
(f) To assess and improve overall services and facilities in our Properties, restaurants, beach club and other outlets to meet your needs constantly and, in this regard, your feedback on your use of our services and facilities will be requested.
(g) To monitor and protect our Properties, resources, network, premises, and assets, including: to ensure the security and functioning of our Properties and systems, to protect our premises and physical assets, CCTV monitoring.
(h) To protect and defend our rights and interests and those of third parties, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
(i) To prevent or suppress any danger to a person’s life, body or health.
(j) To comply with any applicable laws and regulations of regulatory authorities such as Personal information Protection laws, Tax laws, Contagious diseases prevention laws, Immigration laws, and other laws concerning the operation of the hotels and resort and/or our properties.
(k) To comply with the order of the competent authorities such as court’s order, warrant, or legal execution order.
5.2 Concerning the Site
(a) To register and enable you to use the Site and to communicate with us; to run, develop, manage, maintain and improve the Site, IT system and security, data cleaning and matching, internal audit and/or our other social networking sites; to observe your use of the Site; and to update databased, platform, policies and procedures.
(b) To ensure the function and improve efficiency of the Site and system operation, to build relevant audience and traffic to the Site to generate product and service awareness and sales, and to customize contents on the Site, applications, the internet and elsewhere.
(c) To personalize and improve aspects of the Site, communications and make them as user friendly as possible.
(d) For compliance with legal obligations as imposed by applicable law, prevention of fraud and money laundering, tourism regulations, etc., and to detect any illegal activities to prevent fraud and crimes for cybersecurity purpose.
5.3 Other related purposes requiring consent
(a) To collect and use your sensitive personal data to service you according to your preference
(b) To assist you in the accident or incident occurs in our Properties which may relate to your health and to keep a necessary record or report in order to improve our services and prevent similar incidents in the future.
(c) To do direct marketing and provide the sales, advertisement and marketing communication, loyalty programs, rewarding programs special promotions and offers, tailor made packages, new products and services, and news which may be of your interest.
(d) To make strategical analytics to target potential customers to generate sales.
(e) To conduct data analytics either by us and/or by third parties. In case the data analytics are conducted by our contracted third party, your Personal Data will be disclosed to such third party.
(f) To transfer your Personal Data and Sensitive Data to a country which has or may not have sufficient data protection measures and where the consent is required by law.
6. DISCLOSURE/TRANSFER OF PERSONAL DATA
6.1 Disclosure of Personal Data
(a) Our data processor and its employees
(b) Third-party contractors, consultants and service providers
(c) Our affiliates, subsidiaries, business partners or shareholders
(d) Court or regulatory authorities
In order to comply with legal or regulatory obligations and/or to protect our and third parties’ rights, we may be required to disclose or share your Personal Data to legal enforcement agencies, courts, regulators, government authorities, or other government agencies.
6.2 OVERSEAS TRANSFER OF PERSONAL DATA
Your Personal Data may be transferred to third parties or servers located either in Thailand or overseas. We will take necessary steps to ensure that the destination has adequate security measures to protect the data received and the transfer is securely conducted in accordance with the PDPA.
7. RETENTION PERIOD OF PERSONAL DATA
Your Personal Data is securely handled, retained and stored for the length of time reasonably needed to fulfill the purposes specified herein, to comply with our legal and regulatory obligations, and as required or permitted by law. In most cases, we will retain your personal information up to 10 years after your relationship with us ends.
9. YOUR RIGHTS AND POSSIBLE EFFECT
9.1 Your Rights
Unless otherwise required by the applicable law and exceptions prescribed herein, you may, at any reasonable time, exercise any of the following rights:
(a) To withdraw consent: you can easily withdraw your consent if you do not want us to continue collecting, using disclose or otherwise process the Personal Data collected by us.
(b) To access to and obtain copy: you can request to access, review your Personal Data, and request for, in a readable form, a hard or electronic copy of information we held about you or under our responsibility. In addition, you can request for disclosure of the acquisition of the Personal Data we obtained without your consent. Please note that we may reject your request if it is permitted by law or in accordance with a court order if such request will adversely affect others’ rights and freedoms.
(c) To request for the data portability: you can freely request us to send or transfer your Personal Data that you have given us consent for collection, use or disclosure or the Personal Data we collected for the purpose of performance of contract, in the readable and commonly used format, to other data controllers if such transfer can be done by electronic means.
(d) To object the collection, use or disclosure: you can object our collection, use or disclosure of your Personal Data in certain circumstances such as direct marketing or statistic research, etc.
(e) To request for erasure or destruction or anonymity: if (i) your Personal Data is no longer necessary in relation to the purposes for which it is collected, used or disclosed; or (ii) you withdraw your consent or the Company has no other legal grounds to collect, use or disclose your Personal Data; or (iii) you object to the collection, use or disclosure where we cannot reject to such objection; or (iv) your Personal Data is unlawfully collected, used or disclosed. Provided however that we may not reject your request if we are obligated to comply with a legal obligation or to initiate or defend any legal claims.
(f) To restrict the use: you may request to restrict the use or processing of your Personal Data when your Personal Data is unlawfully collected, used or disclosed, or we are no longer necessary to retain or use your Personal Data for the purposes where such Personal Data is collected.
(g) To rectify or update: if you find out that your Personal Data, we retained is incorrect, out-of-date, incomplete, or misleading, you can request to correct, accurate or update your Personal Data.
(h) To file a complaint: you can file a complaint with a competent authority in case we violate or do not comply with the PDPA.
To exercise any of the above rights, please contact us as detailed in Section 12 hereof and we may request you to prove your identity before proceeding with your request.
9.2 Possible Effect
Your use of the Site or our services and facilities may be limited or restricted in case you exercise any of the above rights where the exercise of such rights affects our collection, use, disclosure, transfer or processing of your Personal Data.
10. PERSONAL DATA BREACH
We will, as soon as practicable after we have become aware of the Personal Data breach, notify and communicate with you (via email or other contact preferences) as well as a competent data protection authority if such data breach is likely to result in a risk to your and others’ rights and freedoms. In the case where the Personal Data breach is likely to cause a high risk to your and others’ rights and freedom, the details and impact of such breach, and the remedial measure will be notified. To determine the level of risk, various factors (such as the sensitivity of data, the persons who obtain the data and the nature of harm, and other elements as prescribed by applicable regulations) will be taken into account.
12. CONTACT US
Responsible Person: Mr. Jae Lee
Legal Department Manager
By Post: 106/46 moo 3, Cherngtalay, Thalang, 83110 Phuket, Thailand
By Phone: +66(0)76 316 500 between 09.00 a.m. – 05.00 p.m. [GMT+7] daily
By Email: firstname.lastname@example.org