Privacy Notice

MBK Hotel & Tourism Limited

---------------------------------------------------------------------------------------------------------------

This Privacy Notice (“Notice”) is aimed at enabling you, as a customer or user of the services of MBK Hotel and Tourism Limited., in transactions, such as accommodation reservation, booking, guest check in and registration, use of outlets, providing service, guest check out, access to and use of the content, features, technology or functions appearing on our website or application (hereinafter referred to as “processing activities”) to acknowledge and understand the format we use for the collection, use and disclosure (“processing”) of the personal data that MBK Hotel and Tourism Limited. (hereinafter referred to as “we”, “us” or “our”) as a personal data controller, collected from you to carry out the processing activities.

We will process of collecting, using or disclosing of your personal date as follows:

1. Lawful basis for personal data collection

1.1. We rely on the following legal bases to collect, use or disclose your personal data.

❒ The need to perform under agreements that you have made with us, such as hotel registration forms, loyalty program, outlets spa fitness registration forms. If you, as the data subject, do not provide your personal data we need, we may not be able to provide services to you.

❒The need to perform our legal duties, such as submitting guest information to Department of Provincial Administration or remitting and withholding taxes under the Revenue Code.

❒ The need to fulfill our and your legitimate interests which are no less important than the fundamental rights to your personal data, for instance, processing to verify your identity, preventing fraud, performing our internal audits and controls.


2. Purpose of collecting your personal data

We collect your personal data for the purpose and the need to

identify the customer upon access to use services, to verify the customer service usage data according, to the safety and security standards, to contact the customer via social network, telephone, SMS, E-mail, to develop co-marketing with the companies in MBK Group, and to prevent or abate harm to the customer’s life, body, or health, and the customer’s property.

3. Personal data we collect and use

For the purposes described in Item 2, we collect your personal data as follows.

3.1 Data sources and items of personal data collected

Sources/methods of collection

Personal data item

We collect personal data directly from you from check-in, check-out activity and online activity that you used.

1. Personal details of guests, family members and companions, such as full name, contact information, nationality, date of birth, gender, payment card information, passport, and Sensitive Personal Data (such as health information and food allergy)

2. Accommodation Related Information such as Room preference, room selection and assignment, personal preferences, arrival time, check-in and check-out information membership or loyalty program data.

3. Online and Digital Information including the use of IT system such as Internet or other electronic network activity information.

3.2. Purpose of use of personal data

Purpose of using the data

Required personal data

To provide the overall of hotel service and related processes

1. Personal details of guests, family members and companions, such as Full name, contact information, nationality, date of birth, gender, payment card information, passport, and Sensitive Personal Data (such as health information and food allergy)

2. Accommodation Related Information such as Room preference, room selection and assignment, personal preferences, arrival time, check-in and check-out information membership or loyalty program data.

3. Online and Digital Information including the use of IT system such as Internet or other electronic network activity information.

4. Disclosure of your personal data

We may disclose your personal data to the following individuals or entities:

4.1 MBK group to communicate and provide the personalized products and services.

4.2 Service Providers: such as companies that provide website hosting, data analysis, payment processing and related infrastructure provision.

4.3 On-Property Partners and Travel Partners: to provide services and properties such as spa, restaurant, and other outlets the properties

4.4 Third-Party Hotel: to provide an alternative accommodation place in a situation For example, in the case where the hotel is overbooked.

4.5 We do not disclose your Personal Data without any consents or legal basis

5. Your rights under the Personal Data Protection Act, B.E. 2562 (2019)

The Personal Data Protection Act B.E. 2562 aims to put your personal information more in your control. You can exercise your rights under the Personal Data Protection Act B.E. 2562 as outlined below when the provisions with respect to the rights of data subjects take effect.

5.1 Right to access. You have the right to access and obtain a copy of personal data that we hold about you, or you may ask us to disclose the sources of where we obtained your collected personal data unless we are entitled to reject your request under the laws or court orders, or if your request will adversely affect the rights and freedoms of other individuals

5.2 Right to rectification. You have the right to rectify your inaccurate personal data and to update your incomplete personal data to make it accurate, up-to-date, complete and not misleading.

5.3 Right to restrict. You have the right to request us to restrict the use of your personal data in any of the following circumstances:

5.3.1 when we are carrying out an examination in accordance with your request to rectify your personal data to make it accurate, complete and up-to-date;

5.3.2 Your personal data is unlawfully collected, used or disclosed;

5.3.3 Your collected personal data is no longer necessary to be retained for the purpose for which it was collected which we have notified you, but you still have the necessity to request the retention for the purpose of exercising your legal claims.

5.3.4 We are pending verification to establish to you that we have legitimate grounds to collect your personal data or there is a need to collect, use or disclose your personal data for the public interest due to your exercise of the right to object to the collection, use or disclose your personal data.

5.4 Right to object. You have the right to object to the collection, use or disclosure of your personal data unless we have legitimate grounds to reject your request. For instance, we are able to demonstrate that we have compelling legitimate grounds to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise of legal claims, or for the reason of our public interests.

6. Sending or transferring your personal data overseas

We do not transmit or transfer your personal data overseas unless it is necessary for the performance of a contract or agreement. In this regard, we will proceed in accordance with the rules for the protection of the personal data sent or transferred to foreign countries as prescribed by the Personal Data Protection Committee except in the following cases:

6.1 The transfer is necessary for compliance with the law that requires us to send or transfer personal data abroad.

6.2 You have consented to the proposed transfer after having been informed of the inadequate standard of personal data protection in the destination country where the personal data is to be transferred pursuance to the list of the countries prescribed by the Personal Data Protection Committee.

6.3 The transfer is necessary to prevent or stop danger to a person’s life, body and health where you are incapable of giving consent or for important reasons of public interest.

7. Personal data retention period

We retain your personal data for a period of not more than 5 years from the contract end date or from the end of our service to you or for a period as required by law such as accounting and tax laws, including the prescription period for relevant statutory claims in the event of a legal claim being exercised or contested whichever is longer and as needed.

After the end of the said period, we will

- delete and destroy your personal data when the data is no longer needed; or

- anonymize your personal data for other uses, for instance, statistical analysis, performance improvements, important public interests.

8. Ensure security

We take appropriate and reasonable technical and organizational measures in line with our information security policy and guidelines to ensure of the required data security and to protect your personal data against loss, unauthorized access, destruction, use, modification, rectification or disclosure.

In addition, we have established a personal data protection policy by internal announcement along with guidelines to ensure security in the collection, use and disclosure of personal data while maintaining confidentiality, integrity and availability of personal data. The policy is subject to our review from time to time as we see appropriate.

9. Data subject participation

We may disclose personal data only upon request from the personal data subject, the data subject’s descendants, heirs, legal representatives, curator or legal guardian. The request can be submitted to us via MBK-HT Contact Center: (66) 2216-3700 ext. 20554 or email of the Company at [email protected]

In the case where the data subject, the data subject’s successor, heir, the legal representative or the legal guardian has objected to the collection, accuracy or any action such as notifying of the request to us to correct personal data, we will also record the objection as evidence.

Nonetheless, we may reject the objection request under paragraph two if it is so required by law or in the event that your personal data is anonymized or pseudonymized.

10. Responsibilities of personal data processor

We require that your personal data is accessible only to the authorized officers involved in the collection, use and disclosure of personal data for the purpose of the processing activities. We will ensure that the officers strictly comply with this Notice.

11. Changes to this Notice

We may update, change or amend this Notice as we deem appropriate. We will notify you of any such update, change or amendment on our website. We recommend that you check back frequently for the updated version, especially before you disclose your personal data to us.

By accessing the products or services for your processing activities, you agree and acknowledge the terms of this Notice. Please stop using the products or services if you disagree with any part of the terms of this Notice. If you continue to use the products or services after this Notice has been revised and posted in the above channels, you will be deemed to have been informed of such revision.

12. Contact us

If you have any questions on this Notice, please contact:

12.1 Data Controller

- MBK Hotel and Tourism Limited.

- 444, 9th Floor, MBK Tower Building, Phyathai Road, Wang Mai Sub-district, Pathumwan District, Bangkok 10330

- or MBK-HT Contact Center: (66) 2216-3700 ext. 20554

12.2 Data Protection Officer (DPO)

- Mr. Apichart Supadej

- 444, 8th Floor, MBK Center Building, Phyathai Road, Wangmai Sub-district, Pathumwan District, Bangkok 10330

- Tel: (66) 2853-9000

- E-mail: [email protected]

13. Notification of your right to lodge complaints with the supervisory authority

If you consider that we, our employees or staff have infringed or failed to comply with the applicable data privacy laws, you, as the data subject, have the right to lodge a complaint with the supervisory authority as follows:

Office of the Personal Data Protection Commission

Contact address: 7th Floor, Ratthaprasasanabhakdi Building, The Government Complex Commemorating His Majesty The King's 80th Birthday Anniversary, Chaeng Wattana Road, Thungsonghong Sub-district, Lak Si District, Bangkok 10210

14. Privacy policy

To find out more about privacy protection, security measures and data security, and your rights, please access our privacy policy at www.mbkhotels.com

Logo Brand

MAKE A RESERVATION

(age 12+)

“Children over 12 are welcome in accompany with an adult. Children under 0 - 11 years old cannot be accommodated at the hotel”

Getting Here: Tonsai Beach is part of the Railay peninsula and is only accessible by boat because the high mountains that surround it.