Privacy Notice

 

Privacy Policy

Great China Millennium (Thailand) Co., Ltd. (The Berkeley Hotel Pratunam) (hereinafter referred to as “we”) have taken the appropriate measures to protect your personal information. In the content of this document, we will ensure that your personal information is handled in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) or other relevant laws.

1. Definition

Any statement or term used in this Privacy Notice shall have the definitions stated as follows:

– Personal Data : Is defined in accordance with Section 2 “Types of Personal Data We Collect”.

– Data Controller : Means a person and/or juristic person who has the authority to make decisions about the collection, use, or disclosure of personal data.

– Data Processor : Means a person and/or juristic person who processes, collects, uses, or discloses personal data on the order or on behalf of the Data Controller. However, the person or juristic person undertaking this is not a Data Controller.

– Data Subject : Means any person whose personal data can identify that individual directly or indirectly.

– Person : Means a natural person.

– Business Partner : Means a person and/or juristic person that we control and/or are controlled by, or that is affiliated with and/or managed by us, including any juristic person to which we disclose, transfer, transmit, and/or receive personal data of such partners, such as legal consulting firms, telemarketing companies, business partners, banks, agency companies, employment agencies, external service providers (such as, suppliers, vendors, or outsourcing), and/or relevant government or regulatory authorities.

– Data Protection Officer : Means our data protection officer or team.

2. Types of Personal Data We Collect

Personal data means information about an individual that can be used to directly and/or indirectly identify the owner of the personal data. However, personal data does not include deceased and anonymous data.

Personal data includes:

  1. Identity Data : Data about a person, which can be used to identify a specific person either by direct and/or indirect means, such as name, surname, date/month/year of birth, identity card number, driver’s license number, passport number, and/or marital status.
  2. Contact Data : Such as Email and/or phone number information.
  3. Sensitive Data : Such as ethnicity, belief, religion, health data (including food allergy data and general allergy data) and/or biometric data, including criminal history data. In the event that we have received sensitive data inadvertently and we do not wish to collect, use, and/or disclose such data and such data is not intended to facilitate your stay at our hotels, we will not process your sensitive data.
  4. Financial and Transactional Data : Such as bank account numbers, credit and debit card numbers, monthly income, and/or payment information.
  5. Technical and Usage Data : Such as IP address data, login data, browsing information, cookie ID, and/or the type of device used to access platforms and other technologies used to access websites.
  6. Profile Data : Such as username and password, purchase history, interests, preferences, and/or survey response data.
  7. Marketing and Communication Data : Means preferences of the data subject to receiving marketing information from us and/or from third parties. This data includes contact information with us, such as tape recordings in cases where customers contact the call center and/or through other social media channels.

Personal data does not include:

  1. Personal data disclosed to the public at the time of collecting the personal data.
  2. Business contact data, such as company phone numbers and/or company address.
  3. Anonymous data.
  4. Deceased data.

In addition, we collect, use, and disclose aggregate data, such as statistical or demographic data, and the aggregate data may be obtained from your personal data. However, such data does not count as personal data because it cannot be used to personally identify you. For example, we may use of some of your data, such as anonymous data to calculate the rate of access to a website and/or make various statistical data. However, if the data can be returned for identification purposes, we will treat it as personal data and we will comply with this Privacy Notice.

3. Third-party Links

Our website may direct you to third-party websites where this activity may result in that third-party website being able to collect, use, and/or disclose your personal data. We cannot be held responsible for any data processing activities that occur on other websites. Therefore, we encourage you to read the Privacy Notice of every website you visit for the benefit of your own privacy.

4. Legal Basis

We will process your personal data in accordance with the following legal bases :

– Consent : We process personal data with your consent. In the event that you have given us your explicit consent, we will process your personal data to the extent of the purposes for which we have informed you.

– Contract : We process personal d ata on a contract. We use this legal basis when personal data processing activities are necessary to perform a contract we have made with you and/or to fulfill your request prior to entering into a contract. For example, the processing of personal data is necessary for the provision of our products and services, as well as for the internal processes for the fulfillment of the contractual purposes.

– Legal Obligation : We process personal data for legal compliance, such as preventing and detecting unusual transactions that may involve illegal activities. For example, we have a legal obligation to report your personal data to the Revenue Department and/or other government agencies as required by law.

– Vital Interest : We process personal data if there are emergency situations where action is required to prevent and/or mitigate harm to a person’s life, body, or health.

– Legitimate Interest : We process personal data under the necessity of doing so for our legitimate interests, other persons, and/or juristic persons. This does not take precedence over your interests and/or the basic rights and freedoms of the data subject.

5. Purposes of Processing Personal Data

We collect, use, and/or disclose your personal data as our customer for the following purposes:

– To manage, procure, improve, and develop products and services.

– To carry out contracts with our business partners.

– To comply with the relevant laws and regulations.

– To provide any other benefits under your consent.

– To provide marketing and communication activities, such as promotional activities, opting out of receiving marketing information, or managing cookies of the website.

– In order to meet the objectives of procurement, product quality inspection and evaluation of the service, and product performance.

– In the event that we wish to process sensitive information other than to facilitate your stay at the hotel, we will make sure that we have your explicit consent before and/or during the collection of such data.

6. Disclosure of Personal Data

We may disclose your personal data to government agencies, regulatory authorities, and/or our business partners for the purposes set out in Article 5 “Purposes of Processing Personal Data” to comply with the law.

7. Transfer of Personal Data Abroad

We will not transfer personal data outside the Kingdom of Thailand unless the personal data transferred to a foreign destination is protected under the same and/or higher standards compared to this Privacy Notice. In the event that it is necessary for us to transfer and/or disclose personal data abroad, we will enter into a personal data protection contract with a counter party in that country.

8. Security Measures for Personal Data

We categorize your personal data as confidential and enforce various security measures to be responsible for the confidentiality and security of your personal data.

9. Period of Retention of Personal Data

The company will retain your personal data for as long as necessary to achieve the purposes for which it was collected. In the event that the customer has terminated the business relationship with the company, the company will keep your data in accordance with the company’s privacy policy for a period of at least 10 (ten) years for the purpose of providing products and/or services to you and/or for legal purposes, and at the end of the retention period, the company will destroy such personal data.

10. Rights of Data Subject

You have rights under the data protection laws that you should know. You can submit a claim using the contact methods we have provided in Section 11. “Contact Us.” The company will process your request as soon as possible, within 30 (thirty) days or more depending on the volume and complexity of the request.

– Right to Withdraw Consent : You have the right to withdraw your consent to the collection, use, and/or disclosure of your personal data at any time, and we will stop the processing activities of your personal data as soon as possible and if we do not have other legal bases to allow us to process your personal data, we will delete your data.

– Right to Access : You have the right to access and obtain a copy of personal data concerning you under our responsibility, and/or to request disclosure of the acquisition of personal data that we have obtained without your consent. When we receive a request, we will process it in accordance with this Privacy Notice within 30 (thirty) days or longer depending on the volume and complexity of the request.

– Right to Rectification : You have the right to request corrections and changes to your personal data to ensure that it is accurate, up-to-date, and/or complete.

– Right to Data Portability : You have the right to request us to transfer and/or transmit your personal data to another data controller by means of automatic transmission. In addition, you can request your personal data directly from us in the form we use and/or transfer it to another data controller, except where technically not feasible.

– Right to Erasure : You have the right to request that we erase, destroy, and/or anonymize your personal data.

– Right to Restriction of Processing : You have the right to the restriction of the processing of personal data.

– Right to Object : You have the right to the restriction of the processing of personal data.

– Right to Lodge a Complaint : You have the right to lodge a complaint with a government agency if you find that our employees and/or contractors have violated or failed to comply with the data protection provisions.

10. Rights of Data Subject

You have rights under the data protection laws that you should know. You can submit a claim using the contact methods we have provided in Section 11. “Contact Us.” The company will process your request as soon as possible, within 30 (thirty) days or more depending on the volume and complexity of the request.

– Right to Withdraw Consent : You have the right to withdraw your consent to the collection, use, and/or disclosure of your personal data at any time, and we will stop the processing activities of your personal data as soon as possible and if we do not have other legal bases to allow us to process your personal data, we will delete your data.

– Right to Access : You have the right to access and obtain a copy of personal data concerning you under our responsibility, and/or to request disclosure of the acquisition of personal data that we have obtained without your consent. When we receive a request, we will process it in accordance with this Privacy Notice within 30 (thirty) days or longer depending on the volume and complexity of the request.

– Right to Rectification : You have the right to request corrections and changes to your personal data to ensure that it is accurate, up-to-date, and/or complete.

– Right to Data Portability : You have the right to request us to transfer and/or transmit your personal data to another data controller by means of automatic transmission. In addition, you can request your personal data directly from us in the form we use and/or transfer it to another data controller, except where technically not feasible.

– Right to Erasure : You have the right to request that we erase, destroy, and/or anonymize your personal data.

– Right to Restriction of Processing : You have the right to the restriction of the processing of personal data.

– Right to Object : You have the right to the restriction of the processing of personal data.

– Right to Lodge a Complaint : You have the right to lodge a complaint with a government agency if you find that our employees and/or contractors have violated or failed to comply with the data protection provisions.

11. Contact Us

If you wish to exercise the rights of the data subject and/or have any questions or complaints, you can contact us:

Great China Millennium (Thailand) Co., Ltd. (The Berkeley Hotel Pratunam)

559 Ratchaprarop Road, Makkasan Subdistrict, Ratchathewi District, Bangkok Metropolis 10400

0-2309-9999 Ext. 3071, Email: [email protected]