Privacy Policy per 1 June 2022

As hospitality management operators, it is the mission of Kata Rocks and Infinite Luxury Limited to deliver excellent service and satisfaction to all of our guests. Kata Rocks and Infinite Luxury Limited (here and after referred to as “the Company” or “we” or “us” or “our”) recognise the importance of protecting your personal information as a customer of our products and services. We respect the privacy of every customer, as well as every business partner. This privacy statement will inform you as to how we look after your personal data when you visit our website or use our services and tell you about your privacy rights and how the law protects you.

We need to collect, use and disclose personal information in order to perform our business functions and activities, including making and managing travel bookings on behalf of our customers. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care. We follow a strict policy regarding the collection, use and disclosure of all private information.

All personal information is kept strictly confidential as per the Personal Data Protection Act (PDPA) that came into effect on 1 June 2022 in Thailand. This Act follows the California Consumer Privacy Act (CCPA) as well.


Principle and reason

 We appreciate the importance of privacy of personal data, which is an important fundamental privacy right that is protected under the Personal Data Protection Act B.E. 2562. It includes all personal information for guests, suppliers, and employees. Personal data is defined as any information relating to a natural person, which enables the identification of the individual, whether directly or indirectly. Information of deceased individuals is not included under the definition of personal data.

Types of personal data we collect:

  • Personal information such as first names, family names, gender, age, occupation, nationality, country of residence, marital status, passport numbers, visa numbers and personal identification numbers.
  • Information of important dates, birthdays, anniversaries and special events.
  • Health information such as medical allergies and food allergies.
  • Contact information, such as a postal address, phone numbers, email addresses, and all forms of social media accounts. Profile pictures and other information made public or information obtained by linked social media accounts including contact information on other channels for any other correspondence you have provided to us.
  • Technical data such as Internet Protocol (IP) addresses, cookies, Media Access Control (MAC) addresses, web beacons, logs, device IDs, access data. login times and place of access including any other technical data arising from the use of our platform and systems.
  • Customer stay information includes the dates and duration of their stay, additional products or services that are ordered or any special request resulting in positive service satisfaction ratings.
  • Membership information, personal account information, special codes, and all personal details on travel companions.
  • Behavioral data, such as information on purchasing behavior and information obtained by using our products and services.
  • Marketing and communications information, such as your preferences regarding receiving marketing information from us, our affiliates, subsidiaries and business partners as well as outsiders and desired communication style.
  • Payment information such as credit card usage, debit card usage, or bank account information as well as personal signatures and payment history records.
  • Any information that forms your profile in order to help fulfill your special request.
  • Information about your opinions on the services of the hotel.
  • Information collected through closed circuit TV systems or various security systems.
  • Information of family members and accompanying travelers.
  • Sensitive personal data such as health information or disability information, information from identity documents (e.g. race, religion).

We will collect, use, or disclose sensitive personal information only with your consent and only if it is permitted by law.

The purposes for which we collect, use or disclose your personal information are as follows:

  • To provide you with the proper services as per your request, including facilitating your booking, guarantee and confirmation for the period of stay, identifying and verifying your identity for the duration of stay. To be able to respond to customer service requests and inquiries such as quotation, preparing and issuing vouchers, receipts, invoices, refunds, and payments. As well as providing customer service to you according to your preferences.
  • To market and communicate, by being able to provide special promotional offers, sale notifications, press releases and other information about products and services by and/or third parties on whom we cannot rely on any other legal basis.
  • To provide appropriate comfort and service to our customers or hotel guests (e.g. to prevent dust or food allergies, disabilities, race, religion).
  • For the purpose of crime prevention and security.
  • To provide privileges, special offers, updates, sales, offering promotional advice, advertisements, notifications, news, information and marketing communications about our products and services, which is in accordance with your legitimate interests or the preferences you have shown us directly or indirectly.
  • To track your satisfaction with our services, such as sending you a customer satisfaction survey and tailoring the services to your personal preferences.
  • To further develop our business, products in order to provide better services.
  • To securely maintain and monitor the system and the management of information technology, ensuring security for our customers, staff and contacts of our hotels and offices.
  • For all other service-related purposes, such as fulfilling inquiries for lost and found items.
  • To correctly settle and manage disputes, executing contracts and establishing, exercising or defending rights under various claims.
  • For the performance of legal duties.
  • To prevent or suppress a danger to a person's life, body or health.

Disclosure of your personal information

We may disclose or transfer your personal information to the following parties:

  • Internally in various departments in the hotel, where your personal information may be accessed for the purposes set out in this Privacy Notice.
  • Our customers or other third parties for conducting business to facilitate the delivery of products and services to you.
  • Consultations, including a lawyer or a technical expert or auditors who help run our business and defend or claim any legal rights.
  • Government (enforcement) agencies in accordance with applicable laws in the conduct of their business.
  • Persons who live abroad depending on the destination country may have standards for personal data protection that are higher or equivalent to Thailand. We will ensure that there is an appropriate level of protection for the personal data being transferred.

Information collected by companies related to you will be kept secure with the company collecting your information by:

  • We will notify the owner when the company collects or requests the use of that information.
  • You have the ability to choose to receive marketing emails or unsubscribe from our email database at any time.

Third party links

We may permit third parties to link to our websites or to post a link to their site on ours. We do not endorse these sites and are not responsible for other websites or their privacy practices. We do not assume responsibility or liability of any nature whatsoever for the activities conducted or information contained in the third party websites.

Children’s privacy

We do not knowingly collect Personal Information from children under the age of 18, though we may collect Personal Information about a child as part of the guest registration process or to participate in activities on the websites or at the resorts but always with the consent of a parent or guardian.

Social media integrations

Our websites and mobile applications may use social media features and widgets (such as ‘Like’ and ‘Share’ buttons/widgets (SM features).

They are provided and operated by third party companies (e.g. Facebook) and either hosted by a third party or hosted directly on our website(s) or mobile application. SM features may collect information such as the pages you are visiting on our website(s)/mobile application, your IP address and may set cookies to enable the SM feature to function properly.

If you are logged into your account with the third party company, then the third party may be able to link information about your visit to and use of our website(s) or mobile application to your social media account with them. Similarly, your interactions with the SM feature may be recorded by the third party. Additionally, the third party company may send us information in line with their policies such as your name, profile picture, gender, friend lists and other information you have chosen to make available. We may share information with the third party company for the purpose of serving targeted marketing to you via the third party social media platform. You can manage the sharing of information and opt out from targeted marketing via your privacy settings on the third party social media platform. Your interactions with these SM features are governed by the privacy policy of the third party company. For more information about the data practices of these third party companies.


Cookies Policy

We use cookies to improve your experience on our websites and to recommend content that may be of interest to you. You can find out more below about what cookies are, the cookies we use and how to switch them off. You can indicate your acceptance to our use of cookies in accordance with this policy by continuing to use our website, you agree to our use of cookies.

What are cookies?

A cookie is a text file containing small amounts of information which is downloaded to your device when you access a website. The text file is then sent back to our server each time your browser requests a page from the server. This enables us to operate the websites more effectively and load the websites so that it reflects your personal preferences, based on your previous browsing on the websites as well as keywords we may be able to gather from URLs of other webpages from which you accessed the websites.

What cookies do we use?

When you visit the websites, the following types of cookies may be downloaded to your device:

  • Analytical and Performance Cookies

We may use analytics service providers for website traffic analysis and reporting. Analytics service providers generate statistical and other information about the use of the websites by using cookies. They allow us to recognize and count the number of visitors and to see how often visitors return to the websites, how long they stay and how visitors move around our websites when they are using them. This helps us to improve the way our websites work, for example, it helps users to find what they are looking for easily. The information generated relating to the websites may be used to create reports about the use of the websites and the analytics service provider will store this information.

  • Advertising and Targeting Cookies

These cookies record your visit to the websites, the pages you have visited and the links you have followed to other websites. We will use this information to try and make our websites and other sites that you visit more relevant to your interests. We may also share this information with other companies and carefully selected third parties, for this purpose. We work with technology partners to support our websites and to provide you with relevant information about the products and services of websites and on affiliated sites or sites within the advertising networks we work with. We may use cookies on our websites to help us to place relevant advertising on third party websites when you visit those sites. If you are not happy for us to do this, please see the section of this policy titled “How do I turn cookies off?” below.

  • Functionality Cookies

We may use functional cookies that allow us to remember choices you have made on the websites so as to provide you with a more enhanced user experience by delivering content specific to your interests.

  • Strictly Necessary Cookies

These are cookies that are required for the administration and operation of our websites. Some cookies that we use are necessary for our websites to function properly and to enable you to move around the websites and use its features.

  • Third Party Cookies

Since we are active on various social networks, we strive to make it as easy as possible to share content and to determine what content is popular on these networks. We add buttons to allow people to easily share on social networks. When we include these social ‘plugins’, it gives those sites the flexibility to use their own cookies. They can not read any cookies we set from our websites, and we cannot read any cookies they set, but it allows them to do the same kind of traffic measuring that we do on the rest of the websites, and it also informs them whether you are logged into their site. For example, if you are logged in to Facebook, and want to converse via the chat widget, you can do that straight away without having to log in again – we never know whether you are logged in or not, as you communicate directly with Facebook, through their plugins on our websites. Other sites and services (including, for example, advertising networks, providers of external services like web traffic analysis services and content recommendation engines) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

How do I turn cookies off?

If you do not wish us to install cookies or you don’t agree with how we use these cookies, you can change the settings on your internet browser to reject them. For more information please consult the “Help” section of your browser or visit www.aboutcookies.org, www.allaboutcookies.org or http://optout.aboutads.info/#/. Please note that if you do set your browser to reject cookies, you may not be able to use all of the features on our websites.


Your personal data rights

 The PDPA of Thailand guarantees the following rights of data owners: Right to be informed (of the purpose of collection, data retention period, etc); right to access their personal data; right to rectification of inaccurate or misleading information; right to objection/withdrawal from inappropriate uses, at any time; right to restrict processing; right to erasure; and right to data portability.

  • The Right of access. You have the right to access or obtain a copy of the personal information we collected to be used or disclose about you.
  • The Right to be informed. You have the right to be informed of the purpose for which it was collected, which information is stored, the duration of its retention or to whom it was opened too, including the data of the data controller and methods of contact.
  • The Right to correct information. You have the right to request corrections of the personal data that we have collected, use or disclose about are accurate, up to date, complete and not misleading.
  • Data Transfer Rights. You have the right to obtain information that the data controller transfers to other parties, or request the data controller to transfer the data to another person by automatic means.
  • The Right to object. You have the right to object to the collection, use or disclosure of your personal information.
  • The Right to suspend the use of information. You have the right to request that the use of your personal data must be suspended in certain circumstances.
  • The Right to withdraw consent. You have the right to withdraw your consent at any time.
  • The Right to erase. You have the right to request that we take action on deleting your personal information that we collect.
  • The Right to file a complaint. You have the right to lodge a complaint with the competent authority in the event that you believe that our collection, use or disclosure of personal information is unlawful or inconsistent with applicable data protection laws.

Data storage, duration and destruction

We will securely store your personal information in separate, secured databases: Revinate and Opera. It is safely kept and stored as necessary for a reasonable amount of time, in order to use that information for the purposes we have outlined to you in this Privacy Policy. We may also need to store your personal information for a longer period if required to comply with applicable laws and regulations and we will remove the personal data in the proper way when the specified time is due.


Security of personal information

We have strict measures to maintain the security of your personal information, in order to prevent data loss or have unauthorized access, destroy, use, alter, modify or disclose personal information; which is consistent with the information security policy and practice of the company.

In addition, we have put in place this Privacy Policy to be viewed by the public via notices throughout the organisation, along with guidelines to ensure security within the collection, the use and disclosure of personal information by maintaining confidentiality (Confidentiality), accuracy, completeness (Integrity) and ready-to-use condition (Availability) of personal information. Our appointed Data Protection Officer (DPO) ensures the process is followed correctly. The privacy policy, including this announcement, is reviewed regularly by the company’s management.


Liability and Penalty

In case the data controller or data processor, or those who are responsible for the operation of any matter according to their duties neglects or does not perform or direct any one of its duties, which violates the announcements and practices regarding personal information and/or in accordance with the Personal Data Protection Act B.E. 2562. In this case, the responsible, including employees who violate the rules and regulations on Work Section 6 Disciplinary Actions will be taken due to causing a legal offense and/or damage. Such person shall be subjected to disciplinary action in accordance with the company’s regulations and shall be liable to legal penalties for the offense committed. If such offense causes damage to the hotel and/or any other person, the company will consider further legal proceedings.


Changes and amendments to this Privacy Notice

The company will review this “Privacy Policy” from time to time and will notify you of any changes. In essence, through appropriate channels, the company recommends that you check regularly for new announcements, especially before you disclose personal information.


Contact details

If you wish to exercise your rights in relation to your personal data or if you have any questions about your personal data under this Privacy Policy, please contact us at: info@katarocks.com.