Please find below information on our Privacy Notice that provide measures on protecting your Personal Data. We shall ensure that your Personal Data is handled in accordance with the Personal Data Protection Act B.E. 2562 (2019) in Thailand and other applicable laws.
Terms and Definitions used in this Privacy Notice are set out in the details as below:
|Personal Data :
||means as specified in clause 2 “Types of Personal Data Collected”.
|Data Controller :
||means a natural or legal person who has powers and duties to make decision regarding the collection, storage, usage and disclosure of Personal Data.
|Data Processor :
||means a natural or legal person who proceeds the collection, storage, usage or disclosure of Personal Data according to the order or on behalf of Data Controller; however, such natural or legal person who proceeds such activities is not Data Controller.
|Data Subject :
||means any individual person who can be identified, directly or indirectly, via Personal Data.
|| means a natural person.
|Business Partners :
||means a natural or legal person who directly or indirectly controls us, is controlled by us, owns us, is owned by us, manages us, is managed by us; including any legal entities whom we discloses, transfers, or receives Personal Data, for example, consulting and law firms, telemarketing companies, co-brand partners, correspondent banks, recruitment agencies, business alliances, external service providers (suppliers, vendors, outsources) and/or government affairs or regulators in order to comply with applicable laws.
||Data Protection Officer.
2. Types of Personal Data Collected
Personal Data refers to information about an individual from which that person can be identified whether by either a direct or an indirect means, including but not limited to the data as shown below;
- Identity Data: such as name, surname, date/ month/ year of birth, gender, ID number, driving license number, passport number, marital status, email address, phone number.
- Financial and Transactional Data: such as bank account number, credit card number, debit card number, monthly income, payment information.
- Sensitive Data: such as ethnicity, beliefs, religion, health information (including food and general allergies) and biometric data, including criminal history data. In the event that we have accidentally received it and have no intention to collect such data, we will not use your sensitive data;
- Technical and Usage Data: such as IP Address, login information, website browsing information, cookie ID, device types and settings, platforms, and other technologies used to access our website.
- Profile Data: such as username and password, purchase history, interests, likes, and information from survey responses.
- Marketing and Communication Data: such as Data Subjects’ preferences in receiving marketing materials from us, and from third party. This also includes contact information Data Subjects have with us, such as a tape record when contact is made via contact center or from other social media channels.
3. Purpose of Personal Data Processing
We collect, use, or disclose your Personal Data for the following purposes;
- To manage, provide, improve and develop products and services.
- To carry out the relevant contract with our Business Partners .
- To comply with relevant laws and regulations.
- To provide any other benefits that you have given consent for.
- To provide the following marketing & communication activities such as promotion, opting out from marketing materials, cookies.
- To meet the purpose of procurement, product quality inspection and services/products performance assessment.
- In the event that we wish to process sensitive data other than to facilitate your stays at our hotels, we have to receive your explicit consent before or during the collection of such data.
In the case that you are our external service providers (suppliers, vendors, outsources), we will collect, use, or disclose your Personal Data for the purpose of procurement and product quality inspection, or for services/products performance assessment. However, the collection, use, or disclosure of your Personal Data will be processed on Legal Basis. We may process your Personal Data on different legal basis, depending on the purpose of data processing.
4. Legal Basis
We will process your Personal Data under following legal basis:
- Consent: We process Personal Data based on consensual basis. In the event that you have provided us explicit consent to us, we will process your Personal Data within the scope of the purpose we have informed you.
- Contract: We process Personal Data under the contractual basis. We use this legal basis when the processing of Personal Data is necessary to fulfill the contract for which you are a part of, or to use in fulfilling your request prior to entering into the contract. For example, processing your Personal Data is crucial to our ability to provide products and services as well as internal processes in achieving contractual objectives.
- Legal Obligation: We process Personal Data in accordance with legal compliance, such as the prevention and detection of irregular transactions which may involve with illegal activities. For example, we have legal obligation to report your Personal Data to the Revenue Department or other government affairs as required by law.
- Public Task: We process Personal Data under the necessity to carry out the mission for the public, or perform duties as the government agency has assigned to us.
- Vital Interest: We process Personal Data under the necessity emergency medical situation to protect life and death of Data Subject or another natural Person.
- Legitimate Interest: We process Personal Data under the necessity to take steps for our legitimate interests or other individual or juristic persons which are not overriding your interests or fundamental rights and freedoms of the data subject.
- Research Objective: We process Personal Data under the necessity to achieve the purpose relating to the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics.
However, if you do not provide Personal Data to us, it may affect your inconveniences and may not be in compliance with our contract. Furthermore, it may affect certain legal compliance which can result in penalties.
5. Personal Data Disclosure
We may disclose your Personal Data to government agencies and our Business Partners for the purposes stated in clause 2 “Purpose of Personal Data Processing” and government affairs or regulators in order to comply with the law.
6. Data Retention
We will retain your Personal Data for a period according to the purpose for which it was collected and/or applicable laws.
7. Data Subject Rights
States below are your rights as Data Subject under the Personal Data Protection Act that you should be aware of.
- Right to Withdraw Consent: You have the right to withdraw your consent on which the collection, use, or disclose is based on at any time. As a result, we will stop the processing of your information as soon as possible and if we do not have other lawful basis which allow us to process your Personal Data, we will then delete your information.
- Right to Access: You have the right to request access and to obtain a copy of your Personal Data related to you under our responsibility or to request disclosure of the acquisition of the Personal Data obtained without your consent. Once we have received the request, we will proceed to comply within 30 days.
- Right to Rectification: You have the right to request correction and rectification on your Personal Data to ensure that the data is correct, up-to-date, and complete.
- Right to Data Portability: You have the right to request us to send or transmit your Personal Data to another Data Controller by the transmission that can be done with automatic means. You also have the right to receive directly your Personal Data in the format that we send or transfer to another Data Controller, except where it is not technically feasible.
- Right to Erasure: You have the right to request us to erase, destroy, or anonymized your Personal Data in the cases stated below:
- Personal Data is no longer necessary for the purpose in which it is collected for.
- Data Subject withdraw consent in processing Personal Data and we have no legal ground for further retaining or processing activity.
- Data Subject object processing of Personal Data for direct marketing purposes.
- Processing of Personal Data is unlawful.
- Right to Restriction of Processing: You have the right to restrict the processing of Personal Data if the stated conditions are met:
- Processing of Personal Data is no longer necessary but we can demonstrate that there is a compelling legitimate ground.
- Processing of Personal Data is unlawful but Data Subject wants to restrict the processing activity instead of deletion.
- Personal Data is under review for completeness and accuracy upon your request.
- Processing of Personal Data is carried out for the establishment, compliance, or exercise /defense of legal claims.
- Right to Object: You have the right to object the processing of Personal Data if the stated conditions are met:
- Personal Data is being processed for direct marketing purposes
- Personal Data is being processed for research purposes either in the field of science, history, or statistics, unless it is necessary to performance of a task carried out for reasons of public interest.
- Personal Data is collected for our necessity to carry out public tasks or for other legitimate ground. Unless we are able to demonstrate higher legitimate grounds, or the processing activity is to establish legal claims or compliance
- Right to Lodge a Complaint: You have the right to submit complaint to the relevant government agencies in the event that Company’s employees, vendors, contractors, of the company violate or fail to comply with the personal data protection requirements.
8. Data Security
We observe reasonable procedures to prevent unauthorized access to, and the misuse of Personal Data. We use appropriate business systems and procedures to protect the Personal Data you give to us. We also apply security procedures, technical and physical restrictions for accessing and using the Personal Data on our servers.
9. Contact Us
If you wish to exercise data subject rights or if you have any question or complaint, you can contact us via
ANDAMAN EMBRACE PATONG
2 Hadpatong Road, Patong Beach, Kathu, Phuket 83150 Thailand
Tel: +66 (0) 76 370 000
Fax: +66 (0) 7637 0001