PRIVACY POLICY

Holiday Inn Vana Nava Hua Hin Customer’s Privacy Policy

(Holiday Inn Vana Nava Hua Hin Privacy Policy)

[Latest updated: 4 May 2023]

 

Abstract

Vana Nava Co., Ltd. (“Holiday Inn Vana Nava Hua Hin”, “we”, “us” and “our”) processes personal data of Customer (collectively referred to as “Customer”, “you” and “your”) with the reasonable measures to act in compliance with the Thailand’s Personal Data Protection Act B.E. 2562 (“PDPA”). You may find the full version of Holiday Inn Customer’s Privacy Policy (“Privacy Policy”) through the attached QR code; however, the summary of the Privacy Policy is shown below.

Topic

Overview

What data do we process? 

We process collected personal data including, but not limited to, identity data, address / contact data, profile data, transactional data, health data, employment data, property data, financial data, IT data and supporting documents.

How do we use those data? 

We process personal data according to the purposes and scope of us, and with the legal bases as explained in our Privacy Policy.

Who do we transfer information to? 

In some circumstances, we may be required to disclose and/or transfer your personal data to third - party organisations, which are clarified in our vendors/partners list.

What are your rights as   a data subject?

As a data subject, you are entitled to the data subject rights which include, but not limited to, right of access, right to rectification and right to erasure.

Revision of the policy

Any revision made will be notified to all related parties under this Privacy Policy.

Privacy Policy

  1. Purposes and Scope of the Privacy Policy
  2. Personal Data We Process
  3. How We Collect Your Personal Data
  4. How We Process Your Personal Data
  5. Usage of Personal Data with Third-Party Organisations
  6. Transferring of Personal Data to Foreign Countries
  7. Security Measures for Personal Data Protection
  8. Time Period of Personal Data Storage
  9. Customer’s Personal Data Rights
  10. Policy Revision

 

1. Purposes and Scope of the Privacy Policy

This Privacy Policy applies to all Customer of us. In this regard, we mainly act as the data controller under the PDPA. Therefore, we are committed to collect and process
Customer’s personal data in accordance with the purposes and scope of us as specified herein this Privacy Policy.

Data Controller Contact Information

Holiday Inn Vana Nava Hua Hin

129/129 Petchkasem Road, Nong Kae Subdistrict, Hua Hin District, Prachuap Khiri Khan Province 77110

Tel.: +66 32 809 999

Email: hihh.info@ihg.com

Data Protection Officer (DPO) Contact Information

Holiday Inn Vana Nava Hua Hin

129/129 Petchkasem Road, Nong Kae Subdistrict, Hua Hin District, Prachuap Khiri Khan Province 77110

Tel.: +66 32 809 999

Email: hihh.info@ihg.com

This Privacy Policy covers data subjects who are our customer, including website visitors, application service users, participants, visitors (outsider)

As used in this Privacy Policy, the following terms shall have the meanings set forth below:

“process” means anything done with Customer’s personal data, including collection, storage, use, disclosure and deletion of personal data.

“legal bases” means justifiable reasons to process personal data in accordance with
Article 24 and Article 26 of the PDPA.

This Privacy Policy may be revised at any given time as notified to Customer through appropriate channel

 

2. Personal Data We Collect

We collect the following categories of Customer’s personal data;

  • identity data, including, but not limited to, full-name, passport number, national identification number;
  • address / contact data, including, but not limited to address, telephone number, email;
  • profile data, including, but not limited to age, date of birth, nationality;
  • transactional data, including, but not limited to credit card information, special requests, service use information;
  • health data, including but not limited to underlying disease, COVID-19 test report, allergen information;
  • employment data, including but not limited to company, job title, company address;
  • financial data, including but not limited to bank account;
  • property data, including but not limited to car registration number, car brands, colour of car
  • IT data, including but not limited to IP Address, Login Time / Logout Time, cookies
  • supporting documents, including but not limited to copy of national identification card, copy of passport, incident report

 

3. How We Collect Your Personal Data

In general, we will directly collect Customer’s personal data through these processes
(or channels) including, but not limited to;     

  • when Customer directly provide documents through telephone, email, Line, social media, company websites;
  • when Customer participate to marketing activities through social media, company websites, Line;
  • when Customer fills in relevant forms, such as pool disclaimer form, incident form, area entering form; and
  • when enter into agreement with Customer.

However, we may collect additional personal data through third-party organisations which include;

  • travel agency;
  • social media, such as Facebook, Google, TikTok;
  • affiliates, such as InterContinental Hotels Group;

 

4. How We Process Your Personal Data

We process Customer’s personal data to carry out tasks per our scope and purposes of providing groups of activities.

Group of Activities

Group of PIIs

Legal Bases

Procurement Process

·       Identity data

·       Address / contract data

·       Employment data

·       Contract

Internet and System Logging ]

·       Identity data

·       Address / contract data

·       Employment data

·       Transactional data

·       IT data

·       Legal obligation

·       Legitimate Interest

Organizing public relations activities and promoting

·       Identity data

·       Address / contract data

·       Employment data

·       IT data

·       Contract

·       Consent

·       Legitimate Interest

Conducting Internal report 

·       Identity data

·       Address / contract data

·       Employment data

·       Transactional data

·       Employment data

·       Profile data

·       Health data

·       Property data

·       Contract

·       Legal obligation

·       Legitimate Interest

·       Consent

Drafting or approving documents/contract 

·       Identity data

·       Address / contract data

·       Profile data

·       Financial data

·       Employment data

·       Transactional data

·       Supporting documents

·       Contract

Legal documentation and business license

·       Identity data

·       Address / contract data

·       Profile data

·       Supporting documents

·       Employment data

·       Transactional data

·       Legal obligation

Tax operation 

·       Identity data

·       Address / contract data

·       Employment data

·       Transactional data

·       Financial data

·       Employment data

·       Supporting documents

·       Legal obligation

 

Area Security Management

·       Identity data

·       Address / contract data

·       Property data

·       Profile data

·       Employment data

·       Health data

·       Transactional data

·       Supporting documents

·       IT data

·       Legal obligation

·       Contract

·       Legitimate Interest

·       Consent

Conducting marketing

·       Identity data

·       Address / contract data

·       Employment data

·       Transactional data

·       IT data

·       Legitimate Interest

·       Consent

Drafting quotations and contracts for customers 

·       Identity data

·       Address / contract data

·       Financial data

·       Profile data

·       Transactional data

·       Contract

Conducting Internal Audit 

·       Identity data

·       Address / contract data

·       Financial data

·       Supporting documents

·       Employment data

·       Profile data

·       Property data

·       Legal obligation

·       Legitimate Interest

 

Hotel property management 

·       Identity data

·       Address / contract data

·       Employment data

·       Contract

Managing IT System

·       Identity data

·       Employment data

·       Transactional data

·       Legitimate Interest

Customer experiential management

·       Identity data

·       Address / contract data

·       Employment data

·       Transactional data

·       Contract

·       Legitimate Interest

·        

Cooperation and complaints handling process

·       Identity data

·       Transactional data

·       Profile data

·       Address / contract data

·       Health data

·       Financial data

·       Employment data

·       Legitimate Interest

·       Contract

·       Consent

Service payment or refund

·       Identity data

·       Address / contract data

·       Financial data

·       Supporting documents

·       Profile data

·       IT data

·       Employment data

·       Transactional data

·       Contract

Providing fitness center and kid's club service 

·       Identity data

·       Address / contract data

·       Profile data

·       Transactional data

·       Health data

·       Contract

Providing spa service

·       Identity data

·       Address / contract data

·       Transactional data

·       Profile data

·       Health data

·       Contract

·       Legal Obligation

 

Providing hotel accommodation service 

·       Identity data

·       Address / contract data

·       Financial data

·       Supporting documents

·       Profile data

·       Health data

·       Employment data

·       Transactional data

·       Contract

·       Legal Obligation

·       Consent

Providing food service

·       Identity data

·       Health data

·       Transactional data

·       Address / contract data

·       Contract

·       Legitimate Interest

·       Consent

Member accounts management 

·       Identity data

·       Address / contract data

·       Profile data

·       Transactional data

·       Contract

·       Legitimate Interest

 

       

We will process Customer’s personal data according to the stated purposes and scope. If there came upon a case where Customer’s personal data were to be processed for other purposes, and it is unlikely to rely on other legal bases, we would ask for new consent to process Customer’s personal data on such uses.

 

5. Usage of Personal Data with Third-Party Organisations

We may be required to disclose and/or transfer Customer’s personal data to third-party organisations, in order for such organisations to process personal data in accordance with agreements with us and/or legal obligations. These organisations may include;

  • Insurance companies, such as DHIPAYA LIFE ASSURANCE Co., Ltd (Public);
  • government agencies, such asthe Revenue Department, Ministry of Public Health; and
  • service providers, such as Crawford International Co., Ltd.

For the cases where personal data are being disclosed and/or transferred to third-party organisations, we will ensure that the minimum amount of personal data are being disclosed and/or transferred, and may consider anonymization and psuedonnymisation techniques for greater security. Further, the third-party organisations who will process Customer’s personal data for us will be required to have in place appropriate privacy policy. We do not permit these third-party organisations to use Customer’s personal data in a way that diverge from the agreed scope and purposes.

 

6. Transferring of Personal Data to Foreign Countries

According to the scope and purposes specified herein this Privacy Policy, we are currently not required to pass on personal data to foreign countries.

In this regard, we will pass on Customer’s personal data only when any of these requirements has been met. The requirements include;

  • the receiving foreign country has adequate personal data protection standards as certified by the Personal Data Committee;
  • the receiving organisation has in place a comprehensive privacy policy which has been certified by the Personal Data Committee;
  • the receiving organisation is obligated to follow a substantial privacy policy with sufficient remedial measure in accordance with the procedures identified by the Personal Data Committee including, but not limited to, standard contractual clauses and code of conduct.
  • a pre-requisite to the exercise of legal rights;
  • consent has been obtained from Customer who is well-aware of the inadequate personal data protection standards of the receiving countries or international organisations;
  • a requirement for the execution of an agreement to which Customer is a party of, or the fulfillment of a request Customer made prior to entering into the agreement;
  • a necessary task to carry out under a contractual obligation between us and other persons or entities for the benefits of Customer;
  • to ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time; and
  • a necessary task for the good of the public.

 

7. Security Measures for Personal Data Protection

We have implemented certain security measures to ensure the security of Customer’s personal data. In this connection, third-party organisations are required to carry out the processing of personal data in accordance with our security policy, and to ensure the security of Customer’s personal data.

 

8. Time Period of Personal Data Storage

We will store Customer’s personal data throughout appropriate period according to our scope and purposes, including other important matters such as legal requirements, accounting and auditing purposes.

 

9. Customer’s Personal Data Rights

Your personal data rights include:

  • right to revoke consent – for the case where we have obtained your consent in order to process your personal data;
  • right of access – you have the right to request a copy of all your personal data and assess if we are processing your personal data in accordance with relevant laws;
  • right to data portability – for the case where we have in place an automated platform allowing you to access your personal data automatically:
    • you have the right to ask for your personal data to be transferred automatically to other organisations, and
    • you have the right to request for your personal data in such a format that has been transferred from us to other organisations, except for the case where there is a technological limitation;
  • right to object – you have the right to object to any data processing activity of your personal data which has been relied on certain legal bases and/or processing purposes, including:
    • public task or legitimate interest
    • direct marketing purposes, and
    • scientific, historical or statistic research purposes, unless the processing is necessary for public task;
  • right to erasure – you have the right to request for data deletion or anonymization,
    in accordance to the following cases:
    • where processing required terms become expired
    • where consent has been withheld, and we cannot rely on other legal bases to process your personal data
    • where there is objection raised against data processing activity, and
    • where data processing activity is not in accordance with relevant laws;
  • right to restrict processing – you have the right to restrict any data processing activity in accordance with the following cases:
    • during pending examination process
    • for cases related to personal data which shall initially be deleted and/or destroyed, but was followed by an additional request of processing restriction instead
    • for cases where the data processing terms have passed, but you have requested for processing restriction due to legal reasons, and
    • during the process of data processing objection verification; and
  • right to rectification – you have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, we might not edit this ourself.

 

In the cases where we may not be able to carry out and support exercise of your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the right to retract your consent by emailing all related parties, we will therefore be required to terminate all processes as soon as possible. However, the retraction only applies to the data processing carried out thereafter. Any data processing activity carried out before the retraction will not be reversed.

Please be informed that we do record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available at: TDPG3.0-C5-20201224-1.pdf (chula.ac.th)

In the case where you have the intention to exercise your personal data protection rights, or to file complaint against your personal data processing, please contact our DPO
(contact details have been provided above). we will process this request in a secure and timely manner. Also, in case that we fail to preserve your rights under the PDPA, you can file complaint to the Office of the Personal Data Protection Commission (“PDPC”).

 

10. Policy Revision

This Privacy Policy applies to all our Customer and was last updated on [•]. We hold the rights to review and edit this Privacy Policy as we see fit. Any revision made will be notified to all related parties under this Privacy Policy.

Book now
oF / oC
Book now
oF / oC