As hospitality management operators, it is the mission of Kata Rocks and Infinite Luxury Limited to deliver excellent service and satisfaction to all of our guests. Kata Rocks and Infinite Luxury Limited (here and after referred to as “the Company” or “we” or “us” or “our”) recognise the importance of protecting your personal information as a customer of our products and services. We respect the privacy of every customer, as well as every business partner. This privacy statement will inform you as to how we look after your personal data when you visit our website or use our services and tell you about your privacy rights and how the law protects you.
We need to collect, use and disclose personal information in order to perform our business functions and activities, including making and managing travel bookings on behalf of our customers. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care. We follow a strict policy regarding the collection, use and disclosure of all private information.
All personal information is kept strictly confidential as per the Personal Data Protection Act (PDPA) that came into effect on 1 June 2022 in Thailand. This Act follows the California Consumer Privacy Act (CCPA) as well.
Principle and reason
We appreciate the importance of privacy of personal data, which is an important fundamental privacy right that is protected under the Personal Data Protection Act B.E. 2562. It includes all personal information for guests, suppliers, and employees. Personal data is defined as any information relating to a natural person, which enables the identification of the individual, whether directly or indirectly. Information of deceased individuals is not included under the definition of personal data.
Types of personal data we collect:
- Personal information such as first names, family names, gender, age, occupation, nationality, country of residence, marital status, passport numbers, visa numbers and personal identification numbers.
- Information of important dates, birthdays, anniversaries and special events.
- Health information such as medical allergies and food allergies.
- Contact information, such as a postal address, phone numbers, email addresses, and all forms of social media accounts. Profile pictures and other information made public or information obtained by linked social media accounts including contact information on other channels for any other correspondence you have provided to us.
- Technical data such as Internet Protocol (IP) addresses, cookies, Media Access Control (MAC) addresses, web beacons, logs, device IDs, access data. login times and place of access including any other technical data arising from the use of our platform and systems.
- Customer stay information includes the dates and duration of their stay, additional products or services that are ordered or any special request resulting in positive service satisfaction ratings.
- Membership information, personal account information, special codes, and all personal details on travel companions.
- Behavioral data, such as information on purchasing behavior and information obtained by using our products and services.
- Marketing and communications information, such as your preferences regarding receiving marketing information from us, our affiliates, subsidiaries and business partners as well as outsiders and desired communication style.
- Payment information such as credit card usage, debit card usage, or bank account information as well as personal signatures and payment history records.
- Any information that forms your profile in order to help fulfill your special request.
- Information about your opinions on the services of the hotel.
- Information collected through closed circuit TV systems or various security systems.
- Information of family members and accompanying travelers.
- Sensitive personal data such as health information or disability information, information from identity documents (e.g. race, religion).
We will collect, use, or disclose sensitive personal information only with your consent and only if it is permitted by law.
The purposes for which we collect, use or disclose your personal information are as follows:
- To provide you with the proper services as per your request, including facilitating your booking, guarantee and confirmation for the period of stay, identifying and verifying your identity for the duration of stay. To be able to respond to customer service requests and inquiries such as quotation, preparing and issuing vouchers, receipts, invoices, refunds, and payments. As well as providing customer service to you according to your preferences.
- To market and communicate, by being able to provide special promotional offers, sale notifications, press releases and other information about products and services by and/or third parties on whom we cannot rely on any other legal basis.
- To provide appropriate comfort and service to our customers or hotel guests (e.g. to prevent dust or food allergies, disabilities, race, religion).
- For the purpose of crime prevention and security.
- To provide privileges, special offers, updates, sales, offering promotional advice, advertisements, notifications, news, information and marketing communications about our products and services, which is in accordance with your legitimate interests or the preferences you have shown us directly or indirectly.
- To track your satisfaction with our services, such as sending you a customer satisfaction survey and tailoring the services to your personal preferences.
- To further develop our business, products in order to provide better services.
- To securely maintain and monitor the system and the management of information technology, ensuring security for our customers, staff and contacts of our hotels and offices.
- For all other service-related purposes, such as fulfilling inquiries for lost and found items.
- To correctly settle and manage disputes, executing contracts and establishing, exercising or defending rights under various claims.
- For the performance of legal duties.
- To prevent or suppress a danger to a person's life, body or health.
Disclosure of your personal information
We may disclose or transfer your personal information to the following parties:
- Internally in various departments in the hotel, where your personal information may be accessed for the purposes set out in this Privacy Notice.
- Our customers or other third parties for conducting business to facilitate the delivery of products and services to you.
- Consultations, including a lawyer or a technical expert or auditors who help run our business and defend or claim any legal rights.
- Government (enforcement) agencies in accordance with applicable laws in the conduct of their business.
- Persons who live abroad depending on the destination country may have standards for personal data protection that are higher or equivalent to Thailand. We will ensure that there is an appropriate level of protection for the personal data being transferred.
Information collected by companies related to you will be kept secure with the company collecting your information by:
- We will notify the owner when the company collects or requests the use of that information.
- You have the ability to choose to receive marketing emails or unsubscribe from our email database at any time.
Third party links
We may permit third parties to link to our websites or to post a link to their site on ours. We do not endorse these sites and are not responsible for other websites or their privacy practices. We do not assume responsibility or liability of any nature whatsoever for the activities conducted or information contained in the third party websites.
We do not knowingly collect Personal Information from children under the age of 18, though we may collect Personal Information about a child as part of the guest registration process or to participate in activities on the websites or at the resorts but always with the consent of a parent or guardian.
Social media integrations
Our websites and mobile applications may use social media features and widgets (such as ‘Like’ and ‘Share’ buttons/widgets (SM features).
They are provided and operated by third party companies (e.g. Facebook) and either hosted by a third party or hosted directly on our website(s) or mobile application. SM features may collect information such as the pages you are visiting on our website(s)/mobile application, your IP address and may set cookies to enable the SM feature to function properly.
What are cookies?
A cookie is a text file containing small amounts of information which is downloaded to your device when you access a website. The text file is then sent back to our server each time your browser requests a page from the server. This enables us to operate the websites more effectively and load the websites so that it reflects your personal preferences, based on your previous browsing on the websites as well as keywords we may be able to gather from URLs of other webpages from which you accessed the websites.
What cookies do we use?
When you visit the websites, the following types of cookies may be downloaded to your device:
- Analytical and Performance Cookies
We may use analytics service providers for website traffic analysis and reporting. Analytics service providers generate statistical and other information about the use of the websites by using cookies. They allow us to recognize and count the number of visitors and to see how often visitors return to the websites, how long they stay and how visitors move around our websites when they are using them. This helps us to improve the way our websites work, for example, it helps users to find what they are looking for easily. The information generated relating to the websites may be used to create reports about the use of the websites and the analytics service provider will store this information.
- Advertising and Targeting Cookies
- Functionality Cookies
We may use functional cookies that allow us to remember choices you have made on the websites so as to provide you with a more enhanced user experience by delivering content specific to your interests.
- Strictly Necessary Cookies
These are cookies that are required for the administration and operation of our websites. Some cookies that we use are necessary for our websites to function properly and to enable you to move around the websites and use its features.
- Third Party Cookies
How do I turn cookies off?
If you do not wish us to install cookies or you don’t agree with how we use these cookies, you can change the settings on your internet browser to reject them. For more information please consult the “Help” section of your browser or visit www.aboutcookies.org, www.allaboutcookies.org or https://optout.aboutads.info/#/. Please note that if you do set your browser to reject cookies, you may not be able to use all of the features on our websites.
Your personal data rights
The PDPA of Thailand guarantees the following rights of data owners: Right to be informed (of the purpose of collection, data retention period, etc); right to access their personal data; right to rectification of inaccurate or misleading information; right to objection/withdrawal from inappropriate uses, at any time; right to restrict processing; right to erasure; and right to data portability.
- The Right of access. You have the right to access or obtain a copy of the personal information we collected to be used or disclose about you.
- The Right to be informed. You have the right to be informed of the purpose for which it was collected, which information is stored, the duration of its retention or to whom it was opened too, including the data of the data controller and methods of contact.
- The Right to correct information. You have the right to request corrections of the personal data that we have collected, use or disclose about are accurate, up to date, complete and not misleading.
- Data Transfer Rights. You have the right to obtain information that the data controller transfers to other parties, or request the data controller to transfer the data to another person by automatic means.
- The Right to object. You have the right to object to the collection, use or disclosure of your personal information.
- The Right to suspend the use of information. You have the right to request that the use of your personal data must be suspended in certain circumstances.
- The Right to withdraw consent. You have the right to withdraw your consent at any time.
- The Right to erase. You have the right to request that we take action on deleting your personal information that we collect.
- The Right to file a complaint. You have the right to lodge a complaint with the competent authority in the event that you believe that our collection, use or disclosure of personal information is unlawful or inconsistent with applicable data protection laws.
Data storage, duration and destruction
Security of personal information
We have strict measures to maintain the security of your personal information, in order to prevent data loss or have unauthorized access, destroy, use, alter, modify or disclose personal information; which is consistent with the information security policy and practice of the company.
Liability and Penalty
In case the data controller or data processor, or those who are responsible for the operation of any matter according to their duties neglects or does not perform or direct any one of its duties, which violates the announcements and practices regarding personal information and/or in accordance with the Personal Data Protection Act B.E. 2562. In this case, the responsible, including employees who violate the rules and regulations on Work Section 6 Disciplinary Actions will be taken due to causing a legal offense and/or damage. Such person shall be subjected to disciplinary action in accordance with the company’s regulations and shall be liable to legal penalties for the offense committed. If such offense causes damage to the hotel and/or any other person, the company will consider further legal proceedings.
Changes and amendments to this Privacy Notice