Holiday Inn Resort Samui Bophut Beach (“the Hotel”) recognizes the importance of processing personal data in a lawful and appropriate manner. Therefore, this Personal Data Protection Announcement has been issued with the purpose of establishing a framework for processing personal data in various business operations of the Hotel, ensuring that the rights of data subjects are not unduly affected, in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”)
Section 1: Announcement and Effectiveness
This announcement is called the “Personal Data Protection Announcement” and shall come into effect from the date of its issuance. It applies to the processing of all personal data of all categories of data subjects handled by the Hotel, including but not limited to website users, customers, and external parties.
Section 2: Definitions and Types of Personal Data Collected, Used, or Disclosed
• “Personal Data” means information about an individual that can identify that person, either directly or indirectly, but does not include information about deceased persons specifically.
• “Sensitive Personal Data” means personal data that is considered sensitive and may pose a risk of unfair discrimination, such as race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal history, health information, disabilities, trade union membership, genetic data, biometric data, or any other data that similarly affects the data subject as prescribed by the Personal Data Protection Committee.
The types of personal data that the Hotel collects, uses, or discloses are as follows:
In cases where personal data is obtained from sources other than the data subject directly, such as names, surnames, addresses, phone numbers, etc.—for example, from emergency contact lists or other documents containing third-party personal data—the providers of such data must inform the data subjects about the hotel’s personal data processing and protection policy, or obtain consent from the data subjects.
Section 3: Key Principles for Personal Data Processing
The hotel shall process personal data based on specific purposes and lawful grounds for processing. This shall be strictly in accordance with the framework for personal data processing as prescribed under the Personal Data Protection Act (PDPA). The hotel will process personal data and sensitive personal data only to the extent necessary for performing its duties with each group of data subjects.Prior to collecting and processing personal data, the hotel shall inform each group of data subjects and/or obtain their consent in an appropriate manner, in compliance with the PDPA.
The purposes and lawful grounds for which the hotel processes personal data are as follows:
Section 4: Privacy of Minors, Persons of Limited Capacity, and Persons Incapable of Managing Their Own Affairs
Please note that the hotel does not intend to collect personal data of persons under 20 years of age, persons of limited capacity, or persons incapable of managing their own affairs. Therefore, such individuals are requested not to use this website or submit or transfer any information to it.
In the event that the hotel collects personal data of such individuals without obtaining consent from a parent, guardian, custodian, or legally authorized representative, the hotel will immediately delete such data or process only the portion of the data that can be lawfully processed on other legal grounds besides consent.
Section 5: Disclosure of Personal Data to External Parties
Please be advised that the hotel does not intend to collect personal data of individuals under the age of 20, persons of limited capacity, or persons incapable of managing their own affairs. Therefore, such individuals are requested not to use this website or submit or transfer any personal information to it.
If the hotel inadvertently collects personal data of such individuals without obtaining consent from a parent, guardian, custodian, or legally authorized representative, the hotel will promptly delete the data or process only the portion of the data that can lawfully be handled on other legal grounds besides consent.
Withdrawal of Consent for Use
If, after providing consent for the disclosure of personal data, you later decide that you no longer wish the hotel to disclose your personal data to external parties, you may exercise your rights under Section 10 of this policy. The hotel will take action within an appropriate timeframe, unless otherwise required by law.
Section 6: Transfer of Personal Data to Foreign Countries
The hotel operates through a global network of headquarters, reservation and service centers, data centers, and affiliated hotels. Therefore, it may be necessary to transfer your personal data (e.g., information related to reservations, stays at IHG-affiliated hotels, or participation in loyalty programs) to countries other than your country of origin for operational purposes or to facilitate service.
In cases where the hotel needs to transfer personal data of data subjects to foreign countries, it will do so in accordance with the legal requirements. If personal data is transferred outside the IHG Group, including to other service providers, the hotel will implement appropriate measures to ensure the protection of personal data (e.g., contractual requirements regarding the transfer of personal data).
Section 7: Retention Period of Personal Data
The hotel establishes a framework for determining the retention period of personal data based on the principle of necessity. The hotel specifies clear retention periods for personal data, and upon the expiration of such periods, it will delete, destroy, or anonymize your personal data. However, this does not apply if your relationship with the hotel has not yet ended, or if there is a legal requirement to retain your personal data.
Section 8: Personal Data Protection
The hotel aims to ensure that website visitors feel confident using the site for planning and booking accommodations. Accordingly, the hotel is committed to protecting the personal data it collects by implementing security measures to safeguard the data stored in its systems against unauthorized access.
The hotel has established server and site security measures, including data encryption, scrambling technologies, and industry-standard firewalls. When personal data is processed during booking or registration, it is protected using Secure Socket Layer (SSL) technology to ensure safe transmission of information.
In the event of a personal data breach under the hotel’s control, the hotel will notify the Personal Data Protection Committee without undue delay, and no later than 72 hours after becoming aware of the breach, to the extent reasonably possible—unless the breach poses no risk to the rights and freedoms of the data subjects.
If the breach presents a high risk of affecting the rights and freedoms of data subjects, the hotel will promptly inform the affected individuals and provide guidance on remedial actions.
Section 9: Use of Cookies
The hotel uses cookies that are necessary for the proper functioning of web browsers, allowing information to be tracked without requiring repeated input each time a user visits the website. Cookies may also help customize content to suit users.
Cookies are small text files containing unique identifiers that allow a web server to store information or small messages on a computer’s hard drive. These cookies do not disclose information to third parties, except in cases where certain cookies may be operated by external service providers.
The hotel collects and stores information from cookies (e.g., number of visitors) to analyze website usage and improve content while users browse the site. Users may provide anonymized information, such as browsing activity, which will be used solely for analysis and will not be linked to names, addresses, or personally identifiable information.
Occasionally, users may receive cookies from third-party organizations that are not affiliated with the hotel, such as when advertisements are placed on the hotel website or linked to other websites. Third-party cookies may collect personal data when users click on ads, content, or links from these third parties. This practice is standard in the internet industry due to the way the internet functions. The hotel cannot control data collection by these third parties, and such cookies are not governed by this privacy policy.
Section 10: Rights of Data Subjects
The hotel acknowledges and respects all legal rights of data subjects with regard to personal data under the hotel’s control. Data subjects may exercise their rights under the law, and the hotel will consider and act upon requests to exercise such rights within the timeframes prescribed by the Personal Data Protection Act (PDPA).
These rights of data subjects include the following:
• The right to access and receive a copy of personal data.
• The right to request personal data and to transfer personal data to another data controller.
• The right to object to the processing of personal data.
• The right to request the deletion, destruction, or anonymization of personal data.
• The right to request the suspension of the use of personal data.
• The right to request the correction of personal data to ensure it is accurate and up to date.
• The right to withdraw consent.
• The right to file a complaint with the Personal Data Protection Committee.
Section 11: Policy Amendments and Contacting the Hotel
The hotel reserves the right to modify this privacy policy at any time. Any changes will be communicated through appropriate channels.
If you have any questions regarding the hotel’s website privacy policy, please contact:
Holiday Inn Resort Samui Bophut Beach
8888 Moo.1 Bophut, Koh Samui, Surat Thani, Thailand 84320
Tel : +66 77 951 777
5
/5
(540 Reviews by Real Guests)
Read Reviews
Copyright © 2023. This hotel is independently owned by The Platinum Samui Co., Ltd. All rights reserved.
