Railay Garden View Resort prioritizes the protection of personal data when using the resort’s official website (https://www.railaygardenview.com). To ensure that users are confident that their personal information provided to the resort is used in accordance with their intentions and complies with legal requirements, the resort has established this privacy and personal data management policy. This policy outlines the principles for collecting, storing, using, or disclosing users’ personal data to ensure security and reliability. The resort hereby announces its privacy policy as follows for your awareness:

Define

Personal Data: Refers to information about an individual that allows for the identification of that person, whether directly or indirectly, such as name, surname, email, Line ID, and phone number.

User: Refers to the owner of personal data who accesses services via the resort’s official website (https://www.railaygardenview.com) or utilizes any other electronic services provided by the resort.

Owner of Personal Data: Refers to the individual who owns the personal data and accesses services via the resort’s official website (https://www.railaygardenview.com) or utilizes any other electronic services provided by the resort.

Personal Data Collected by the Resort

The resort will collect the following personal data:

General Personal Information:

– Name, surname, phone number, email, Line ID
– Device or tool information such as IP address, MAC address, Cookie ID
– Logs used to track and monitor individual activities, such as log files and computer traffic data

Information that can be used to search for other personal data on the internet

Sources of Personal Data:

The resort may collect your personal data through one channel as follows:

1. Directly from You

The resort collects your personal data through the following service processes:

– From your use of the resort’s website via your browser’s cookies.
– From your communications with the resort through various communication channels between you and the resort.

Purposes of Data Processing

The resort collects your personal data for the following purposes:

– To offer any products or services of the resort.
– To fulfill your service requests.
– To comply with contracts and the terms of service of the resort.
– To facilitate communication related to services, quality control of service delivery, or customer care for improved efficiency.
– To manage after-sales services for your maximum benefit.
– To develop digital services.
– To enable participation in marketing activities and market research.

Personal Data Processing

When Personal Data is Collected from the Source

Once personal data is obtained from its source, the resort will proceed as follows:

Limited Collection of Personal Data

The resort collects users’ personal data in a lawful and fair manner, only as necessary for providing electronic services in line with the resort’s operational purposes and as required by law. Consent from users will be obtained via the resort’s website or other electronic methods prior to data collection, except in cases mandated by law and/or as specified in this policy. The resort will maintain the confidentiality of such data.

Use of Personal Data

The resort will use personal data in cases deemed beneficial to its operations and business activities to provide better services. Personal data will be used in accordance with applicable laws and regulations or to enhance service efficiency, improve information security standards, manage risks, detect and prevent activities potentially violating laws, terms of use, or related agreements.

This includes:

– Contacting users via phone, SMS, email, postal mail, or other means to inquire, notify, verify information, or conduct surveys.
– Informing users about related news, products, and services of the resort as necessary.

Disclosure of Personal Data

The resort may disclose your personal data to third parties to enhance service efficiency, provide seamless assistance, and facilitate transactions that you wish to complete. When disclosing personal data to such parties, the resort ensures they maintain the confidentiality of your data and prohibit its use or disclosure beyond the purposes for which it was collected, except in the following cases:

– For the benefit of the data owner when obtaining consent is not feasible at the time.
– For the benefit of the life, health, or safety of the data owner or other users.
– To fulfill contractual obligations and comply with the resort’s terms of service.
– For service-related communication to improve service quality or customer care.
– For investigative purposes or legal proceedings.
– To comply with the law.

Parties to Whom Personal Data May Be Disclosed

The resort may disclose your personal data to the following entities:

1.Internal personnel:

– Resort executives, employees, and staff who require access to personal data for their duties.

2.Affiliated entities:

– Shareholders and partners of the resort group.

3.Professional advisors:

– Financial advisors, legal consultants, auditors (internal and external).

4.Service providers:

– IT infrastructure and cloud storage providers.
– Marketing service providers, including those analyzing data and statistics.
– Advertising, public relations, and communication service providers.
– Payment system and network service providers.
– Identity verification providers.
– Debt collection agencies.
– Asset inspection service providers.
– Payment collection agents.
– Financial institutions and other third parties involved in delivering services.

5.Legal obligations:
– Entities as required by laws, regulations, or court orders, including governmental and supervisory bodies.

6.Transfer of rights and duties:
– In the event of a transfer of rights, duties, or business operations (e.g., mergers, acquisitions, or changes in ownership structure), the resort may disclose personal data to the transferee (or potential transferee), who will be subject to this policy.
Retention of Personal Data
The resort commits to securely retaining personal data, ensuring its integrity and confidentiality. Details about the retention period and security measures should be outlined in a subsequent section.
Collection and Purpose of Personal Data Storage
The resort collects and stores your personal data for the following purposes:
– Storage Formats: Data is stored in physical documents and/or electronic formats.
– Storage Locations: Data is stored in restricted-access locations, servers, or on the resort’s cloud service provider.
– Retention Period: Personal data will be retained as long as necessary while you remain a customer or maintain a relationship with the resort. Data will also be retained to fulfill the objectives outlined in this policy, or as required or permitted by law. For example:
– Retention under anti-money laundering laws.
– Retention for dispute verification purposes, for up to 10 years in accordance with the statutory limitation period.

Once the necessity for data processing has ended, or the specified retention period has lapsed, the resort will delete or destroy your personal data or anonymize it so it can no longer identify you.

Data Security

The resort ensures the security of your personal data in compliance with international standards, specifically ISO/IEC 27001:2013, to prevent unauthorized access or modification. Measures include encryption, physical safeguards, and access monitoring. Strict administrative procedures are enforced to prevent breaches and protect your data confidentiality.

Access to your personal data is limited to relevant resort personnel. In some cases, external individuals or entities acting on behalf of the resort may be granted access. These individuals are required to adhere to confidentiality measures, with violations potentially resulting in dismissal or legal action.

Data Subject Rights

As the data subject, you have the following rights:

1. Right to Consent

You have the right to choose whether to provide personal data requested by the resort and to consent to its collection, use, and disclosure. However, if you choose not to provide the required information or give consent, you may face restrictions on certain services or the resort may be unable to provide services essential to your needs.

2. Right to Withdraw Consent

You may withdraw consent for the processing of your personal data at any time while it is in the possession of the resort. Withdrawal of consent will not affect prior data processing based on earlier consent. However, such withdrawal may result in the resort being unable to continue providing services.

3. Right to Access Personal Data

You have the right to access your personal data, request copies of such data, or request the transfer of your personal data to yourself or another data controller (if the data format allows). You may also request information about the source of data collected without your consent.

4. Right to Rectification

You can request the resort to correct any inaccurate, outdated, or incomplete personal data stored about you.

5. Right to Erasure or Destruction

You have the right to request the deletion, destruction, or anonymization of your personal data if:

– You withdraw or object to the processing of your personal data.
– The data is no longer necessary for the purposes for which it was collected.
– The resort fails to comply with data protection laws.

6. Right to Restriction of Processing

You may request the temporary suspension of data processing while the resort reviews your concerns or objections. Alternatively, you may request restricted processing instead of deletion.

7. Right to Data Portability

You have the right to transfer your personal data to another controller or to yourself for certain purposes.

8. Right to Object to Data Processing

You may object to the processing of your personal data if it has been collected without your consent.

Data Protection Officer (DPO)

The resort complies with Thailand’s Personal Data Protection Act B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to oversee the resort’s compliance with data collection, use, and disclosure practices.

You may contact the DPO for data-related requests via:

Railay Garden View Resort

– Phone: +66 (0)88 765 04 84
– Website: https://www.railaygardenview.com

The resort will respond to your request within 30 days of receipt. However, the resort may refuse a request under legal provisions or if the data has been anonymized to prevent identification.