Privacy Notice
Centre Point Hotel ("We" or "Us") focuses on providing the best service to you ("Customers" or "You.") We want to thank you in trusting us with our services and in taking care of your personal data. We are aware of the importance of data protection, therefore, we have a system for data security and strict operating procedures. As well as applying appropriate measures for data security, in order to prevent unauthorized access, disclosure, use or alteration of personal data.
We would like to notify you about our process and procedure for your data privacy protection. In this privacy notice, you can find information regarding the purpose of the personal data we collected, including the details of method of collection, use, or disclosure of personal data. This also includes the security measures we take for personal data protection, retention periods, and rights of data subjects.
1. About Us
Centre Point Hotel is the number one Thai hospitality chain who provides the innovative service and heartfelt hospitality with remarkable Thai treat.
2. Personal Data Collected
Personal data refers to information about an individual from which that person can be identified whether by either a direct or an indirect means. However, personal data does not include information of deceased person and anonymous data.
We collect, use, and disclose your personal data received from you or from other reliable sources such as government agencies, business partners, group companies, and etc.
- Identity Data: data about individuals which can be used to identify specific individual, whether by a direct or an indirect mean such as name, surname, date/ month/ year of birth, gender, ID number, driving license number, Passport number, Marital status, and etc.
- Contact Data: data such as email address and phone number.
- Sensitive Data: such as ethnicity, beliefs, religion, health information and biometric data, including criminal history data.
- Financial and Transactional Data: data such as bank account number, credit card number, debit card number, payment information, and etc.
- Technical and Usage Data: data such as IP Address, login information, website browsing information, Cookie ID, device types and settings, platforms, and other technologies used to access our website.
- Profile Data: data such as username and password, purchase history, interests, likes, and information from survey responses.
- Marketing and Communication Data: data such as your preferences in receiving marketing materials from us, and from third party. This also include contact information you have with us, such as tape record when you contact us via contact center or from other social media channels.
We also collect, use, and disclose aggregated data, such as statistical, and demographic information. The aggregated data may be derived from your personal data; however, the data is not considered as personal data since it cannot be used to identify a specific individual. For example, we may use some of your information after the process of anonymization in order to create statistical information of people who make a reservation through our website. We are aware that the data used must not be able to revert to identifiable information. If the data is then able to be used to identify a specific individual, we will consider it as personal data and processed in accordance with this privacy notice.
Third-party Links
Our website may lead you to a third party when you click on the link; such action may allow other websites to collect, use, or disclose your personal data. We are not responsible for any processing activities of personal data occurred on other websites. Hence, we encourage you to read the privacy notices of every website you have visited, for the benefit of your data privacy.
3. Legal Basis
We will process your personal data under following legal basis:
Consent
We process personal data based on consensual basis. In the event that you have provided us explicit consent, we will process your personal data within the scope of the purpose we have informed you.
Contract
We process personal data under the contractual basis. We use this legal basis when the processing of personal data is necessary to fulfill the contract for which you are a part of, or to use in fulfilling your request prior to entering into the contract. For example, processing your personal data is crucial to our ability to provide products and services and internal processes in achieving contractual objectives.
Legal Obligation
We process personal data in accordance with legal compliance, such as the prevention and detection of irregular transactions which may involve with illegal activities. For example, we have legal obligation to report your personal data to the Revenue Department or other government affairs as required by law.
Public Task
We process personal data under the necessity to carry out the mission for the public, or perform duties as the government agency has assigned to us.
Legitimate Interest
- We process personal data under legitimate interest basis, such as for internal management which include the disclosure of information in the same business group, in order to improve our operations. The disclosure of your personal data will be in accordance with our privacy policy.
- For security and prevention of illegal actions which may include taking pictures and video surveillance in the hotel property and the office building areas.
- For maintaining customer relationships, such as complaints handling and offering benefits without marketing objectives.
However, if you do not provide personal data to us, it may affect our provision of products and services which may resulting in your inconveniences and incompliance with our contract. Furthermore, it may affect legal compliance which can result in certain penalties.
4. Purpose of Personal Data Processing
We collect, use, or disclose your personal data as our customers, for the following purpose;
- To manage and provide product and services upon your request. For example, if you register on our website, we will collect basic information such as first name, last name, email, telephone number, and your requests or comments regarding the services that you have provided, in order to process your request.
- To improve and develop our services
- To carry out the contract with our third parties (suppliers, vendors, outsources) that we procures
- To comply with relevant laws and regulations and/or for any other benefits that you have given consent for.
In the case that you are our external service providers (suppliers, vendors, outsources), we will collect, use, or disclose personal data for the purpose of procurement and product quality inspection, or for services/products performance assessment.
However, the collection, use, or disclosure of personal data will be processed on legal basis. We may process your personal data on different legal basis, depending on the purpose of data processing.
Marketing
We are committed to providing you with choices regarding processing of personal data, especially in the field of marketing and advertising. Hence, we have established the following privacy control mechanisms.
Promotional Offer
We may process your identity data, contact data, technical and usage data, and profile data to help us understanding your needs, your perspective on areas of interests, and to support us to decide what products, services, and offers are right for you.
You can choose to not receive marketing materials through channels we have provided. Please find more details in the topic of “Opting Out from Marketing Materials” below.
Opting Out from Marketing Materials
You can choose not to receive any marketing materials from us via sending an email to dpo@centrepoint.com. This cancellation / denial will not affect your ability to receive our products, services, or any other transactions you have with us.
Cookies
Our website process encrypted cookies for the purpose of improving services and creating website visitor profile without accessing your hard drive.
You can manage the cookie function on the browser''s settings page, and choose to turn off certain types of cookies. If you want to know how to manage the cookie function, you can go to the help menu in your browser. However, disabling certain cookie function can affect the ability of the transaction and accessibility of some content on our website.
5. Personal Data Disclosure
We do not have policy to sell your personal data to third parties. We only disclose your personal data to business partners or our external service providers, for the purposes stated in topic 4 “Purpose of Personal Data Processing” to the following parties;
- Disclose personal data to group companies, business alliances
- Disclose personal data to external service providers (suppliers, vendors, outsources) that we have contract with. We have both domestic and international external service providers for example cloud computing, marketing activities, outsourcing companies, research companies, information technology development companies, and etc.
- Disclose personal data to government affairs or regulators in order to comply with the law.
6. Data Security
We understand the importance of data security with respect to your data privacy, as well as legal compliance. We classify your personal data as confidential information and apply various security measures. For example, we have organizational and technical security measure to prevent wiretapping, forging messages, or accessing and changing personal data without authorization. Furthermore we have information security and customer confidentiality policies as part of our security measures. In addition, our employees and external service providers are responsible for maintaining the confidentiality and safety of customer personal data in accordance to the agreements.
We have established procedures to handle data breach and will notify you according to legal requirement if your personal data has been compromised.
Even though there are strict security measures, we are unable to guarantee the security of the data you disclose on online platform. Hence, we are not responsible for any damages or losses incurred either directly or indirectly from unauthorized access to data that you provide on our website, unless we are found under negligence.
7. Data Retention
We will retain your personal data for as long as necessary to achieve the purposes we have collected it for. In the event that our business relationship is over, we will keep your information in accordance with our privacy policy for a minimum of 10 years, for the provisioning of products or services and for legal purposes. At the end of the retention period, we will dispose of your personal data.
8. Data Subject Rights
States below are your rights as data subjects under the Personal Data Protection Act that you should be aware of. You can file a request to exercise your rights via the communication methods provided in the section "1. About us." We will then process your request within 30 days or more depending on the volume and complexity of the request.
Right to Withdraw Consent
You have the right to withdraw your consent on which the collection, use, or disclose is based on at any time. As a result, we will stop the processing of your information as soon as possible and if we do not have another lawful basis which allow us to process your personal data, we will then delete your information.
Right to Access
You have the right to request access and to obtain a copy of your personal data related to you under our responsibility, or to request disclosure of the acquisition of the personal data obtained without your consent. Once we have received the request, will proceed to comply within 30 days.
Right to Rectification
You have the right to request correction and rectification on your personal data to ensure that the data is correct, up-to-date, and complete.
Right to Data Portability
You have the right to receive from us, or request us to send or transfer your personal data to different data controller. The method of transfer is either by an automated means, or request to directly obtain personal data in such formats that we sends or transfers to other Data controllers, unless it is impossible to do so because of the technical circumstances.
Right to Erasure
You have the right to request us to erase, destroy, or anonymized your personal data in the cases stated below.
- Personal data is no longer necessary for the purpose in which it is collected for.
- Data subjects withdraw consent in processing personal data and we have no legal ground for further processing activity.
- Data subjects object processing of personal data for direct marketing purposes.
- Processing of personal data is unlawful.
- Data subjects object processing of personal data (Other than objections regarding direct marketing), and we are unable to compelling legitimate ground in the processing activity.
Right to Restriction of Processing
You have the right to restrict the processing of personal data if the stated conditions are met.
- Processing of personal data is no longer necessary but we can demonstrate that there is a compelling legitimate ground.
- Processing of personal data is unlawful but data subjects wants to restrict the processing activity instead of deletion.
- Personal data is under review for completeness and accuracy upon your request.
- Processing of personal data is carried out for the establishment, compliance, or exercise /defense of legal claims.
Right to Object
You have the right to object the processing of personal data if the stated conditions are met.
- Personal data is being processed for direct marketing purposes
- Personal data is being processed for research purposes either in the field of science, history, or statistics, unless it is necessary to performance of a task carried out for reasons of public interest.
- Personal data is collected for our necessity to carry out public tasks or for other legitimate ground. Unless we are able to demonstrate higher legitimate grounds, or the processing activity is to establish legal claims or compliance
9. Contact Us
If you wish to exercise data subjects’ rights or if you have any question or complain, you can contact us via the following channels;
- Centre Point Thailand
- Email Address: dpo@centrepoint.com
10. Data Subject Rights
You have rights under the Personal Data Protection law that you should be aware of. You can make a request by using the contact channel provided in the section “11. Contact Us.” We will process your request as soon as possible, which may take up to 30 days or more, depending on the volume and complexity of the request.
- Right to Withdraw Consent: You have the right to withdraw your consent on which the collection, storage, usage, or disclosure is based on at any time. As a result, we will stop the processing of your information as soon as possible and if we do not have other lawful basis which allow us to process your Personal Data, we will then delete your information.
- Right to Access: You have the right to request access and to obtain a copy of your Personal Data related to you under our responsibility or to request disclosure of the acquisition of the Personal Data obtained without your consent. Once we have received the request, will proceed to comply within 30 days or more, depending on the volume and complexity of the request.
- Right to Rectification: You have the right to request correction and rectification on your Personal Data to ensure that the data is correct, up-to-date, and complete.
- Right to Data Portability: You have the right to request us to send or transmit your Personal Data to another Data Controller by the transmission that can be done with automatic means. You also have the right to receive directly your Personal Data in the format that we send or transfer to another Data Controller, except where it is not technically feasible.
- Right to Erasure: You have the right to request us to erase, destroy, or anonymized your Personal Data in the cases stated below:
- Personal Data is no longer necessary for the purpose in which it is collected for.
- You withdraw consent in processing Personal Data and we have no legal ground for further retaining or processing activity.
- You object processing of Personal Data for direct marketing purposes.
- Processing of Personal Data is unlawful.
- Right to Restriction of Processing: You have the right to restrict the processing of Personal Data if the stated conditions are met:
- Processing of Personal Data is no longer necessary but we can demonstrate that there is a compelling legitimate ground.
- Processing of Personal Data is unlawful but you want to restrict the processing activity instead of deletion.
- Personal Data is under review for completeness and accuracy upon your request.
- Processing of Personal Data is carried out for the establishment, compliance, or exercise /defense of legal claims.
- Right to Object: You have the right to object the processing of Personal Data if the stated conditions are met:
- Personal Data is being processed for direct marketing purposes.
- Personal Data is being processed for research purposes either in the field of science, history, or statistics, unless it is necessary to performance of a task carried out for reasons of public interest.
- Personal Data is collected for our necessity to carry out public tasks or for other legitimate ground. Unless we are able to demonstrate higher legitimate grounds, or the processing activity is to establish legal claims or compliance.
- Right to Lodge a Complaint: You have the right to submit complaint to the relevant government agencies in the event that our employees, vendors, contractors violate or fail to comply with the personal data protection requirements.
11. Contact Us
If you wish to exercise data subject rights or if you have any question or complaint, you can contact us via:
- Quality Houses Public Company Limited
- Q House Lumpini Building, 7th Floor, 1 South Sathon Road, Thungmahamek, Sathon, Bangkok 10120
- Email : dpo@centrepoint.com
Welcome to Centre Point Always Rewards