This Privacy Policy (the “Privacy Policy”) was last updated on [25th July 2022.
TP Surin Beach Hotel Limited (the “Company”, “we”, “us” or “ours”) as the operator of resorts and hotels consisting of
• TWINPALMS PHUKET
• TWINPALMS MONTAZURE
• WAGYU STEAKHOUSE
• CATCH BEACH CLUB
• KALIDO
• THE LAZY COCONUT
• SHIMMER BEACHFRONT RESTAURANT
• ORIENTAL SPOON
• BAKE
• LOVE NOODLES
• MY OLYMPIA
• PALM SPA & PALM FITNESS
(collectively referred to as the “Properties”)
and our website “https://www.twinpalmshotelsresorts.com” as well as our application “Catch” (collectively referred to as the “Site”).
The Company acknowledges, realizes and respects the importance of privacy of the data subjects (“you”, “your”, or “yours”) and we will strictly follow security policies when we collect, use, process, disclose and/or overseas transfer the personal data (the “Personal Data”) in accordance with the Personal Data Protection Act B.E. 2562 (2019) and all applicable subsequent regulations (collectively referred to as the “PDPA”).
This Privacy Policy applies to the Personal Data of the following data subjects:
• Hotel guests
• Properties tenants
• Any person who visits, reside, or stay at our Properties
• Any person who visits our Site and application or contact us via our call center, point of sales, events, or other channels.
This Privacy Policy informs you of our policies regarding the collection, use, processing, disclosure and overseas transfer of Personal Data we receive from you upon visiting our Properties and/or the Site. It is strongly recommended for you to thoroughly read this Privacy Policy so that you fully understand how we process your Personal Data and what rights you have under the PDPA. If you access the Site through any social networking sites, online communication channels or other websites, the privacy policy of the third party shall be applied. So, you must study and follow a Privacy Policy displayed separately on that access channel.
The Company may update and/or change this Privacy Policy from time to time pursuant to the terms specified herein. If you do not provide us the necessary Personal Data, we may not be able to take relevant actions which may affect our service or arrangement of activities for you. We will ensure that our collection, use, disclosure, processing, and overseas transfer of your Personal Data will be limited as necessary under a lawful purpose and basis as well as compliant with the PDPA.
1. YOUR PERSONAL DATA THAT WE COLLECT
We collect various types of data from you depending on how you interact with us and what services you need from us. The data we collect from you may or may not include:
a) Personal Details: title, name, surname, gender, age, occupation, nationality, date of birth, marital status, copy of national identification card or passport, driving license, address, signature, license plate details, vehicle details, photo;
b) Contact Information: address, telephone number, mobile phone number, business phone number, e-mail address, account of any social media;
c) Payment Details: credit/debit card details, bank account number, billing address, member types, payment slip, and other necessary payment and billing details;
d) Loyalty Program and Membership Details: member card number and privilege details (including copy of member card), partner program, your discount code and promotions;
e) Accommodation Details: date of checking-in and checking-out, room number, type of room and bed requests, any other special requests;
f) Communication Details: your feedback, questions, interests, history of contact and communication with us, and your communication preference;
g) Technical Details: IP address, log, devices, networks, connection details, access details and time, cookies, search history, log-in details, browsing details, time zone and location, computer system and platform, and operating system you use to access the Site;
h) Information concerning security: CCTV recording;
i) Sensitive Data: we also collect your sensitive data as necessary for residing in or staying at the Properties, using the Site and our services such as ethnicity, race, religion, health and medical data, disability, etc. Such sensitive data (the “Sensitive Data”) will be collected, used, disclosed and processed only after obtaining your explicit consent or when permitted by law.
2. PERSONAL DATA OF THIRD PARTIES
If third parties’ Personal Data is provided to us, you warrant and represent that you have valid authority to disclose such Personal Data to us and permit us to collect and use the same. Third Parties’ Personal Data disclosed to us will be collected and used in accordance with this Privacy Policy and the PDPA.
3. PERSONAL DATA OF CHILDREN, QUASI-INCOMPENTENT PERSONS AND INCOMPETENT PERSONS
We will not collect any Personal Data of any children under 18 years old or quasi-incompetent persons, and incompetent persons without obtaining a consent from their parent or guardian. In case we discover that the Personal Data of children, quasi-incompetent persons and incompetent persons has been collected without consent from their parent or guardian when it is required, such collected Personal Data will be immediately deleted unless otherwise allowed or permitted under other legal grounds to process it.
4. HOW PERSONAL DATA IS COLLECTED, USED AND PROCESSED
4.1 The Personal Data is mainly collected, used and processed by us, and may also be collected by our staffs, affiliates, subsidiaries, contracted consultants or service providers or any third parties assigned and engaged by us.
4.2 We collect the Personal Data from you directly when you visit our Properties, use the Site or our services, or when you have communication or interaction with us at our Properties, the Site, application, call center, point of sales and events, and other locations where you contact us.
4.3 We also collect the Personal Data from other third parties or other sources such as Facebook, Google Analytics, your devices (computer and/or mobile device) used for access into the Site, Cookie, IP Address, and other social networking sites.
5. PURPOSES OF COLLECTION, USE, AND/OR DISCLOSURE OF PERSONAL DATA
The Personal Data is collected, use and disclosed for the following purposes:
5.1 Concerning the branded hospitality businesses under our management
(a) To accommodate and service you during your stay at our Properties
(b) To perform services under the branded hospitality businesses under our management: provide you available dates of stay and price quotes, reserve and manage your bookings, reservation, and consumption or use of our products and services, manage your payments and requests during your stay, observe your use of our products, services, restaurants, beach club and other facilities, manage customer services and customer relationship with you, manage your requests, feedback, claims, complaints, inquiries, and undertake and manage other branded hospitality businesses.
(c) To arrange necessary contracts and registrations as you are our resident and/or tenant, to provide you with the utilities such as water, electricity, phone, internet access, to provide any supports or services related to the premises and utilities, and to process the billing related to the rental and relevant services.
(d) To operate our business, conduct quality control and training, improve the efficiency of our operation, products and services as part of the managerial contractual obligations of the branded business entities.
(e) To conduct audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business activities relating to finance, tax or accounting.
(f) To assess and improve overall services and facilities in our Properties, restaurants, beach club and other outlets to meet your needs constantly and, in this regard, your feedback on your use of our services and facilities will be requested.
(g) To monitor and protect our Properties, resources, network, premises, and assets, including: to ensure the security and functioning of our Properties and systems, to protect our premises and physical assets, CCTV monitoring.
(h) To protect and defend our rights and interests and those of third parties, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
(i) To prevent or suppress any danger to a person’s life, body or health.
(j) To comply with any applicable laws and regulations of regulatory authorities such as Personal information Protection laws, Tax laws, Contagious diseases prevention laws, Immigration laws, and other laws concerning the operation of the hotels and resort and/or our properties.
(k) To comply with the order of the competent authorities such as court’s order, warrant, or legal execution order.
5.2 Concerning the Site
(a) To register and enable you to use the Site and to communicate with us; to run, develop, manage, maintain and improve the Site, IT system and security, data cleaning and matching, internal audit and/or our other social networking sites; to observe your use of the Site; and to update databased, platform, policies and procedures.
(b) To ensure the function and improve efficiency of the Site and system operation, to build relevant audience and traffic to the Site to generate product and service awareness and sales, and to customize contents on the Site, applications, the internet and elsewhere.
(c) To personalize and improve aspects of the Site, communications and make them as user friendly as possible.
(d) For compliance with legal obligations as imposed by applicable law, prevention of fraud and money laundering, tourism regulations, etc., and to detect any illegal activities to prevent fraud and crimes for cybersecurity purpose.
5.3 Other related purposes requiring consent
(a) To collect and use your sensitive personal data to service you according to your preference
(b) To assist you in the accident or incident occurs in our Properties which may relate to your health and to keep a necessary record or report in order to improve our services and prevent similar incidents in the future.
(c) To do direct marketing and provide the sales, advertisement and marketing communication, loyalty programs, rewarding programs special promotions and offers, tailor made packages, new products and services, and news which may be of your interest.
(d) To make strategical analytics to target potential customers to generate sales.
(e) To conduct data analytics either by us and/or by third parties. In case the data analytics are conducted by our contracted third party, your Personal Data will be disclosed to such third party.
(f) To transfer your Personal Data and Sensitive Data to a country which has or may not have sufficient data protection measures and where the consent is required by law.
6. DISCLOSURE/TRANSFER OF PERSONAL DATA
6.1 Disclosure of Personal Data
While your Personal Data will be kept in confidential, in certain circumstances, it may be necessary for us to provide or disclose your Personal Data (if required) to the following parties who process your Personal Data for any of the foregoing purposes on our behalf under the data processing clause or the data processing agreement as the case may be. Where we do so, we would merely disclose information that is necessary for the purpose of such disclosure and/or in accordance with this Privacy Policy.
(a) Our data processor and its employees
In case your Personal Data is collected, used and processed, on our behalf, by our engaged data processor or its employees to perform and fulfil its obligations under the agreements made with us, we will take reasonable actions to ensure that our data processor has adequate data protective measurement to protect your Personal Data collected, used or processed by it and its employees and only its limited responsible persons can access and use your Personal Data only for the purposes prescribed herein. In addition, we will ensure that its collection, use and processing of your Personal Data shall be strictly complied with this Privacy Policy, contractual obligations and the PDPA.
(b) Third-party contractors, consultants and service providers
We and/or our data processor also engage third parties to perform services on our behalf. Those third parties shall include with no limitation to contractors; consultants; legal advisors; accountants and auditors; infrastructure, software and website developers; IT service providers; data storage and cloud service providers; data cleaning and matching, data profiling and data analytics service providers; marketing and advertising agencies; campaign and event organizers; telecommunication and communication service providers; payment system service providers; outsourced administrative service providers; call center service providers; and/or other necessary service providers. Your Personal Data will be shared to those third parties on a necessity basis for the purposes specified herein. We will take reasonable steps to ensure that such third-party contractors’, consultants’ and service providers’ performance is compliance with this Privacy Policy, their contractual obligations, and the PDPA. We will make sure that such third parties will provide security measures to keep your Personal Data secure.
(c) Our affiliates, subsidiaries, business partners or shareholders
Your Personal Data may be shared to our affiliates, subsidiaries, business partners, shareholders, investors, assignee or transferee. We will ensure that the receiving parties will conform with this Privacy Policy, their contractual obligations, and the PDPA.
(d) Court or regulatory authorities
In order to comply with legal or regulatory obligations and/or to protect our and third parties’ rights, we may be required to disclose or share your Personal Data to legal enforcement agencies, courts, regulators, government authorities, or other government agencies.
6.2 OVERSEAS TRANSFER OF PERSONAL DATA
Your Personal Data may be transferred to third parties or servers located either in Thailand or overseas. We will take necessary steps to ensure that the destination has adequate security measures to protect the data received and the transfer is securely conducted in accordance with the PDPA.
7. RETENTION PERIOD OF PERSONAL DATA
Your Personal Data is securely handled, retained and stored for the length of time reasonably needed to fulfill the purposes specified herein, to comply with our legal and regulatory obligations, and as required or permitted by law. In most cases, we will retain your personal information up to 10 years after your relationship with us ends.
8. COOKIES
We use cookies and other tracking technologies (i.e. Google Analytics, Facebook Pixel Analytics, Facebook Ad Manager, web beacons, Twitter Advertising, etc.) to automatically collect information about your activities, such as your searches, page views, date and time of your visit, and other information about your use of the Site and/or or services, and to improve the Site and your experience. Cookies are small information files stored on your hard drive by a website. Cookies help to facilitate the Site’s visitors to remember your username and language preference in a safe way and to help the sites to work properly.
You may manage your consent via (i) our consent management solution or (ii) your browser so as to refuse all or some cookies, or to alert you when they are being used. However, please note that if you refuse cookies, you may be limited to use some or all features of the Site.
9. YOUR RIGHTS AND POSSIBLE EFFECT
9.1 Your Rights
Unless otherwise required by the applicable law and exceptions prescribed herein, you may, at any reasonable time, exercise any of the following rights:
(a) To withdraw consent: you can easily withdraw your consent if you do not want us to continue collecting, using disclose or otherwise process the Personal Data collected by us.
(b) To access to and obtain copy: you can request to access, review your Personal Data, and request for, in a readable form, a hard or electronic copy of information we held about you or under our responsibility. In addition, you can request for disclosure of the acquisition of the Personal Data we obtained without your consent. Please note that we may reject your request if it is permitted by law or in accordance with a court order if such request will adversely affect others’ rights and freedoms.
(c) To request for the data portability: you can freely request us to send or transfer your Personal Data that you have given us consent for collection, use or disclosure or the Personal Data we collected for the purpose of performance of contract, in the readable and commonly used format, to other data controllers if such transfer can be done by electronic means.
(d) To object the collection, use or disclosure: you can object our collection, use or disclosure of your Personal Data in certain circumstances such as direct marketing or statistic research, etc.
(e) To request for erasure or destruction or anonymity: if (i) your Personal Data is no longer necessary in relation to the purposes for which it is collected, used or disclosed; or (ii) you withdraw your consent or the Company has no other legal grounds to collect, use or disclose your Personal Data; or (iii) you object to the collection, use or disclosure where we cannot reject to such objection; or (iv) your Personal Data is unlawfully collected, used or disclosed. Provided however that we may not reject your request if we are obligated to comply with a legal obligation or to initiate or defend any legal claims.
(f) To restrict the use: you may request to restrict the use or processing of your Personal Data when your Personal Data is unlawfully collected, used or disclosed, or we are no longer necessary to retain or use your Personal Data for the purposes where such Personal Data is collected.
(g) To rectify or update: if you find out that your Personal Data, we retained is incorrect, out-of-date, incomplete, or misleading, you can request to correct, accurate or update your Personal Data.
(h) To file a complaint: you can file a complaint with a competent authority in case we violate or do not comply with the PDPA.
To exercise any of the above rights, please contact us as detailed in Section 12 hereof and we may request you to prove your identity before proceeding with your request.
9.2 Possible Effect
Your use of the Site or our services and facilities may be limited or restricted in case you exercise any of the above rights where the exercise of such rights affects our collection, use, disclosure, transfer or processing of your Personal Data.
10. PERSONAL DATA BREACH
We will, as soon as practicable after we have become aware of the Personal Data breach, notify and communicate with you (via email or other contact preferences) as well as a competent data protection authority if such data breach is likely to result in a risk to your and others’ rights and freedoms. In the case where the Personal Data breach is likely to cause a high risk to your and others’ rights and freedom, the details and impact of such breach, and the remedial measure will be notified. To determine the level of risk, various factors (such as the sensitivity of data, the persons who obtain the data and the nature of harm, and other elements as prescribed by applicable regulations) will be taken into account.
11. CHANGE TO THIS PRIVACY POLICY
We may, from time to time, change our practices and this Privacy Policy to accommodate changes to the Site and our services. If we change the way we handle your Personal Data, we will update this Privacy Policy and you will be notified for such update.
12. CONTACT US
If you want to contact us regarding your Personal Data, or if you wish to exercise any of your rights mentioned herein, or if you have any questions regarding to this Privacy Policy, please contact our responsible person(s) at:
Responsible Person: Mr. Jae Lee
Legal Department Manager
By Post: 106/46 moo 3, Cherngtalay, Thalang, 83110 Phuket, Thailand
By Phone: +66(0)76 316 500 between 09.00 a.m. – 05.00 p.m. [GMT+7] daily
By Email: [email protected]