This Privacy & Cookie Policy explains our personal data practices and the choices you can make
about the way your personal data is used.
Muang Samui Spa Resort (“Muang Samui Spa Resort “, "us", "our" or "we") respects your
privacy, and is committed to protecting the privacy, confidentiality and security of the personal
data you provide to us or that we collect about you when you use our websites, social media
pages we control, software applications available on computers and mobile devices that include
a link to this Privacy Policy as well as when you provide your information on the telephone via
our call centers or in person (collectively the "Sites"). Our privacy practices may vary among the
countries in which we operate to reflect local practices and legal requirements. We are aware
of our responsibilities to protect your personal data, to keep it secure and comply with
applicable privacy and data protection laws.
You may be asked to consent to the terms of this Privacy Policy when making a reservation,
registering for events or promotions or otherwise corresponding with us via the Sites or if
required by applicable law. Otherwise your continued use of the Sites will constitute your
deemed consent to the terms of this Privacy Policy.
PERSONAL INFORMATION WE COLLECT
Personal Information You Provide
When using our Sites, you may voluntarily provide certain information about yourself or others,
such as when you create an account or book a reservation. We may collect Personal
Information (information that identifies you or relates to you as an identifiable person) that you
may provide through the Sites about yourself or others such as:
• Name, date and place of birth, passport and visa information;
• Postal address;
• Telephone number;
• Email address;
Information that allows us to provide specialized services to you or fulfill special requests, such
as accommodating health or dietary conditions, but we do not collect sensitive information
about you, such as health information, except as reasonably needed for us to provide services
to you;
• Credit or debit card number, expiration date and security code;
• Social media account information;
• Stay or trip information and preferences, such as your preferred location/facilities, dates
and number of people/children traveling with you;
• Demographic information (age, gender, country and preferred language);
• IP address; and
• Preferences for receiving communications from us or for surveys or promotional offers.
Automatically Collected Information
Our websites collect statistical information about users to ensure a welcoming and accessible
website. For this purpose, we may track your movement within the websites, the pages from
which you were referred, access times and browser types. We only use this information in
aggregate and do not link it to you personally. To gauge the effectiveness of our websites and
analyze site traffic, understand customer needs and trends, we do collect some generic
information about our visitors. Our web servers recognize and automatically log a visitor's
domain name, the web page from which a visitor enters our websites, which pages a visitor
visits and for how long, and the visitor’s IP address. We may use anonymous tracking
technologies to collect, store and sometimes track information for statistical purposes and to
improve the services we provide, including using it to evaluate and improve our website. We
also collect and store information automatically using cookies and similar technology as
described below.
This information does not constitute Personal Information. If we combine anonymized or
aggregated data with Personal Information, we will treat the combined information as Personal
Information according to this Privacy Notice.
HOW WE USE YOUR INFORMATION
We may use Personal Information you submit and non-Personal Information we automatically
collect for the purposes identified in this Privacy Policy for our business use and the legal bases,
including, for example:
• Processing, fulfilling and recording reservations and/or purchases;
• Billing your credit card for advance purchase reservations and advance deposits;
• Contacting you for confirmation or customer service after reservations and purchases
• are made or after you sign up for or participate in certain activities;
• Conducting statistical or demographic analysis
• Tracking reservations and corresponding resort stays;
• Sending you emails that relate to a resort stay;
• Sending you communications such as guest surveys or promotional offers and benefits;
• Communicating special offers, competitions and featured items if you choose to receive
such notices;
• Responding to your inquiries, complaints and other communications; and
• Providing for the safety and security of our guests and staff and meeting our legal and
regulatory compliance requirement.
DISCLOSING YOUR INFORMATION
As a hotel management company, we need to share information across numerous countries so
that we can provide you with services on a consistent basis. Accordingly, your Personal
Information may be shared as reasonably necessary and as set out in this Privacy Policy as
follows to:
• Any Muang Samui Spa Resort entity, hotel and/or other business managed by us;
• Tour operator, travel representative, personal assistant, employer or spouse that has
supplied us with your Personal Information;
• Third parties which we have received your consent;
• Trusted third partners to process it for us, based on our instructions and in compliance
with our Privacy Policy and any other appropriate confidentiality and security measures
including;
• Our marketing and advertising partners to provide you with more-relevant ads on our
websites and to encourage you to return to our websites and to as well as our supplier
who distribute our email communications. We contractually require these service
providers to keep your Personal Information safe and secure and they are only be
permitted to use your Personal Information for the purposes we specify.
• To third parties not affiliated with Muang Samui Spa Resort if we have a good-faith
belief that it is reasonably necessary to: (1) meet any applicable law, regulation, legal
process or enforceable governmental request; (2) enforce applicable terms of service,
including investigation of potential violations; (3) detect, prevent, or otherwise address
illegality, fraud, security or technical issues; and (4) protect against harm to the rights,
property or safety of Muang Samui Spa Resort, our users or the public as required or
permitted by law; and (5) to any third parties to the extent necessary with respect to a
sale of all or part of our business operations or assets and/or resorts that are no longer
managed or owned by Muang Samui Spa Resort.
OVERSEAS DATA TRANSFERS
By using and/or purchasing our goods and services, we may transfer your Personal Information
across multiple jurisdictions. Thus we may transfer and store your Personal Information:
• On our websites and servers located in USA;
• In Muang Samui Spa Resort where is located;
• To countries where our trusted third-party providers or advisors are located.
• Some of these countries may not offer the same level of privacy protection but we will
take all reasonable steps to ensure such transfers are taken with adequate security to
maintain your privacy.
EXPLAINING THE LEGAL BASES FOR PROCESSING
• The legal bases for collecting and processing your Personal Information includes:
• Consent - we collect and process your data with your consent e.g. when you tick a box
to receive marketing communication.
• Legal compliance - if required by applicable law, e.g. police, fraud investigations or court
orders, we may need to collect and process your data.
• Legitimate interest - to pursue our legitimate interests such as providing services and
products you have requested in a way which might reasonably be expected as part of
running our business and which does not materially impact your rights, freedom or
interests.
SECURITY
We use reasonable technical, administrative and physical measures to protect Personal
Information contained in our system against misuse, loss or alteration. While we strive to use
commercially acceptable means to protect your Personal Information, we cannot guarantee its
absolute security.
We cannot enforce or control the security of the computers, electronic devices, or electronic
communication method that you use to send e-mails and submit Personal Information to us
over the Internet. You are responsible for ensuring that the computers, electronic devices and
electronic communication methods you utilize will provide adequate security for
communicating with us. We are not responsible for the disclosure or interception of your
Personal Information before we receive it.
WITHDRAWING YOUR CONSENT
You do not have to provide us with your Personal Information. However, if you choose not to
provide certain Personal Information we request and/or require consent to its use and
disclosure, you will still be able to visit our Sites but you may be unable to access certain
options, products or services and in we may not, as a result, be unable to fulfil your booking.
We offer you the choice of how you receive communications from us. All marketing
communications we send to you will provide you with a way to withdraw your consent to
future marketing. If you no longer wish to receive marketing you may opt-out of receiving these
communications by clicking on the opt-out section of the marketing communication or
changing your account settings, this will remove you from our marketing lists. You have the
right to tell us to stop using your information for our direct marketing purposes. Please send
your written request, including your name and contact information to the address listed below
in "How to Contact Us". We will honor your request within 30 days of receiving it or sooner if
required by applicable law. Please note that if you unsubscribe from marketing communications
you will still receive operational and service messages from us regarding your booking and
responses to your enquiries made to us, and that we may hold your details so we do not send
you marketing communications in the future.
THIRD PARTY LINKS
We may permit third parties to link to our Sites or to post a link to their site on ours. We do not
endorse these sites and are not responsible for other sites or their privacy practices. We do not
assume responsibility or liability of any nature whatsoever for the activities conducted or
information contained in the third party websites.
CHILDREN'S PRIVACY
We do not knowingly collect Personal Information from children under the age of 18, though
we may collect Personal Information about a child as part of the guest registration process or to
participate in activities on the websites or at the resorts but always with the consent of a
parent or guardian.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
Whenever we collect or process your Personal Information, we will only keep it for as long as is
necessary for the purpose for which it was collected, active legal proceedings, an identifiable
and ongoing legal business need (such as record keeping) and to the extent permissible by
applicable law.
Where there is no sufficient justification to retain such Personal Information, such Personal
Information will be safely and securely deleted, disposed of, blocked and/or anonymized for
example by aggregation with other data so that it can be used in a non-identifiable way for
statistical analysis and business planning.
If you are contacting us to complain about an alleged breach of this Privacy Policy or our legal
privacy obligations, please provide us with as much detail as possible in relation to your
complaint and provide us with any relevant information. We take every privacy complaint
seriously and assess it with the aim of resolving all issues quickly and efficiently.
We are committed to keeping your Personal Information secure and will take all reasonable
precautions to protect it from loss, misuse or unauthorized access or alteration. However,
except to the extent liability cannot be excluded due to the operation of statute, we exclude all
liability (including in negligence) for the consequences of any unauthorized access to, disclosure
of, misuse of or loss or corruption of your Personal Information. Nothing in this Privacy Privacy
restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer
rights under any applicable law.
CHANGES TO THIS PRIVACY POLICY
From time to time and without notice we may make changes to this Privacy Policy. From time
to time, we may use customer information for new, unanticipated uses not previously disclosed
in our Privacy Policy. If our information practices change at some time in the future, we will
post the Privacy Policy changes to our Sites to notify you of these changes and provide you with
the ability to opt out of these new uses. Any revised Privacy Policy will only apply prospectively
to Personal Information or non-Personal Information collected or modified after the effective
date of the revised policy.
HOW TO CONTACT US
Your principal rights under the European Union General Data Protection Regulation are: (a) the
right to access; (b) the right to rectification; (c) the right to erasure; (d) the right to restrict
processing; (e) the right to object to processing; (f) the right to data portability; (g) the right to
complain to a supervisory authority; and (h) the right to withdraw consent. You may exercise
any of these rights in relation to your Personal Information or if you have any questions or
complaints regarding this Privacy Policy or privacy concerns by contacting our Data Protection
Officer by email at rsvn_msg@muangsamui.com
In order to ensure your request is dealt with expeditiously, please be sure to include your full
name, address and telephone number and a copy of a document evidencing your identity (such
as an ID card or passport) so we can ascertain your identity and whether we have any Personal
Information regarding you, or in case we need to contact you to obtain any additional
information, we may require to make that determination.
You may also direct your complaint/concern to the applicable data protection authority.