Central Plaza Hotel Public Company Limited recognizes the importance of the protection of personal data for you of our products and services. We know you care how information about you is collected, used, disclosed, and transferred outside of Thailand. The information you share with us allows us to provide the products and services you need and want appropriately tailored for you, not only from us but also those within Central Group's data ecosystem. We appreciate your trust that we will carefully and sensibly handle your personal data while giving you the very best personalized experience and customer services.
1. What Personal Data we collect
We may collect or obtain the following types of information which may include your Personal Data directly or indirectly from you or other sources or through companies in Centara Hotels and Resorts, our affiliates, subsidiaries, business partners or other companies. The specific type of Personal Data collected will depend on the context of your interactions with us, and the services or products you need or want from us and within Central Group and Centara Hotels and Resorts.
1.1. Personal details, such as title, full name, gender, age, occupation, qualifications, job title, position, business type, nationality, country of residence, date of birth, marital status, number of family members and children, ages of children, information on government-issued cards (e.g., national identification number, social security number, passport number, tax identification number, driver's license details or similar identifiers), immigration details such as arrival and departure date, signature, voice, voice record, photograph, facial features for recognition, CCTV records, workplace, education, insurance details, license plate details, house registration, household income, salary and personal income, any other personal details you provided to us;
1.2. Contact details, such as postal address, delivery details, billing address, telephone number, fax number, email address, LINE ID, Facebook account, Facebook ID, Google ID, Twitter ID, and other ID from social networking sites, your contact person's contact details (e.g., telephone number, contact data on any correspondence (e.g. written communication with you), and any other contact details you provided to us;
1.3. Membership details, such as account details, member card number, reward points, member ID (e.g. The 1 member card number, The 1 ID, Siebel ID, member ID, customer ID), member type, customer type, member join/registration date and month, membership period, bank account and payment details, service and product applications (e.g. membership application, insurance application), and any other membership details;
1.4. Financial details, such as debit/credit card or bank information, credit/debit card number, credit card type, issuance/expiration date, cycle cut, bank account details, payment details and records, your information regarding the risk profile for the business partner, credit rating and solvency, information in accordance with the declaration of suitability, and any other financial details;
1.5. Transaction details, such as details about payment to and from you, payment date and/or time, payment amount, details about refund, refund amount, points, date, and location of purchase, purchase/order number, appointment date for service, address/date and time for pick up or delivery, acknowledgment of receipt, recipient signature, warranty details, complaints and claims, booking details, rental details, transaction, transaction history, location, transaction status, past sales transaction, status, transaction status, purchasing behavior, and any other details of products and services you have purchased;
1.6. Technical details, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID, device model, and type, network, connection details, access details, single sign-on (SSO), log in log, access time and location, time spent on the page, login data, search history, browsing details, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on devices you use to access the platform, and any other technical details from the use on the platforms and systems;
1.7. Behavior details, such as information about your purchasing behavior and data supplied through the use of our products and services;
1.8. Profile details, such as your username and password, profile details and picture, purchases, historical orders, past orders, purchase history, items bought, item quantity, orders or product recalls made by you, orders via website, Cash On Delivery details, order ID, financial records, PIN, your interests, preferences, feedback and survey responses, satisfaction survey, social media engagement, participation details, loyalty programs, your use of discount codes and promotions, customer order description, customer service, attendance to trade exhibitions and events, trade exhibitions, litigation, testing and trials, and any other profile details;
1.9. Usage details, such as information on how you browse or use our websites, platform, application products and services, products in customer's cart, wish list record, remind me to flash sale record, follow-shop record, and timestamp of last click and Q&A record, and any other useful details;
1.10. Marketing and communication details, such as your preference in receiving marketing from us, companies in Central Group, affiliates, subsidiaries, business partners or other companies, your communication preferences, and any other marketing and communication details; and/or
1.11. Sensitive data, such as race, religion, political opinions, fingerprints, facial recognition, physical or mental health or condition, genetic data, medical history, disability, and criminal records.
We will only collect, use, or disclose sensitive data on the basis of your explicit consent or where permitted by law.
We only collect the information of children, quasi-incompetent persons, and incompetent persons where their parent or guardian has given their consent. We do not knowingly collect information from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. In the event, we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete it immediately or process only if we can rely on other legal bases apart from consent.
2. Why we collect, use or disclose your Personal Data
2.1. The purpose for which your consent would be required
Marketing and Communications: We collect, use and disclose your Personal Data to provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, Central Group, affiliates, subsidiaries and business partners which we cannot rely on other legal bases.
2.2. The purposes we may rely on any other legal grounds for processing your Personal Data
We may also rely on (1) contractual basis, for our initiation or fulfillment of a contract with you; (2) legal obligation, for the fulfillment of the legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or suppressing a danger to a person's life, body, or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.
We may collect, use and disclose your Personal Data for the following purposes
- To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to support and perform other activities related to such services or products; to complete and manage bookings and to carry out financial transaction and services related to the payments including transaction checks, verification, and cancellation; to process your orders, delivery, and collections and returns; refund and exchange of products or services; to provide updates and on the delivery of the products, and to perform warehouse internal activities, including picking, packing, and labeling of packages; to verify warranty period; to provide aftersales services, including maintenance and facility reservation;
- Marketing and Communications: To provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, Central Group, affiliates, subsidiaries, and business partners.
- Loyalty programs, reward programs, prize draws, competitions, events: To allow you to participate in loyalty programs, reward programs, sweepstakes, prize draws, competitions, events, seminars and any related communications (e.g., sending you reminder emails). This includes to process and administer your account registration, gift registration, event registration; to process points collection, addition, exchange, earning, redemption, and transfer of points; to examine your entire user history, both online and offline; to provide and issue gift vouchers, gift cards, and invoices;
- Registration and Authentication: To register, verify, identify and authenticate you or your identity;
- To manage our relationship with you: To contact and communicate with you as requested by you or in relation to the products and services you obtain from us, Central Group, affiliates, subsidiaries, and business partners; to handle customer service-related queries, request, feedback, complains, claims, disputes or indemnity; to provide technical assistance and deal with technical issues; to process and update your information; to facilitate your use of the products and services;
- Personalization, profiling and data analytics: To recommend products and services that might be of interest to you, identify your preferences and personalize your experience; to learn more about you, the products and services you receive and other products and services you may be interested in receiving; to measure your engagement with the products and services, undertake data analytics, data cleansing, data profiling, market research, surveys, assessments, behavior, statistics and segmentation, consumption trends and patterns; profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use, how you like to be contacted; to know you better; to improve business performance; to better adapt our content to the identified preferences; to determine the effectiveness of the promotional campaigns, identify and resolve of issues with existing products and services; qualitative information development. For this purpose, we will collect, use and disclose your Personal Data for your interest and benefit and for legitimate interest and businesses of Central Group, affiliates, subsidiaries and our business partners where such interests and businesses are not overridden by your fundamental rights to personal data. We will request your consent where consent is required from time to time;
- To improve business operations, products, and services: To evaluate, develop, manage, and improve, research and develop the services, products, system, and business operations for you and all of our customers, Central Group, affiliates, subsidiaries, and business partners; to identify and resolve issues; to create aggregated and anonymized reports, and measure the performance of our physical products, digital properties, and marketing campaigns;
- Functioning of the sites, mobile application, and platform: To administer, operate, track, monitor, and manage the sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on the sites and platform; improve layout, and content of the sites and platform;
- IT Management: For business management purpose including for IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
- Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities' orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes to provide and handle VAT refund service; issue tax invoices or full tax forms; record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
- Protection of our interests: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example, to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our premises which includes our use of CCTV; to follow up on incidents; to prevent and report criminal offenses and to protect the security and integrity of our business;
- Fraud detection: To verify your identity, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud). This includes to perform sanction list checking, internal audits and records, asset management, system, and other business controls;
- Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your Personal Data to one or more third parties as part of that transaction;
- Risks: To perform risk management, audit performance, and risk assessments; and/or
- Life: To prevent or suppress a danger to a person's life, body, or health.
If you fail to provide your Personal Data when requested, we may not be able to provide our products and services to you.
3. To whom we may disclose or transfer your Personal Data
3.1. Central Group
3.2. Our service providers
We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to our service providers or third-party suppliers including, but not limited to (1) infrastructure, internet, infrastructure technical, software, website developer and IT service providers; (2) warehouse and logistic service providers; (3) payment service providers; (4) research agencies; (5) analytics service providers; (6) survey agencies; (7) auditors; (8) marketing, advertising media, and communications agencies; (9) call center; (10) campaign and event organizers; (11) sale representative agencies; (12) telecommunications and communication service providers; (13) payment, payment system, authentication, and dip chip service providers and agents; (14) outsourced administrative service providers; (15) data storage and cloud service providers; (16) verifying and data checking (Netbay and Department of Provincial Administration) service providers; (17) dispatchers; and/or (18) printing service, providers.
In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we ask them not to use your information for any other purposes.
3.3. Our business partners
3.4. Social networking sites
We allow you to login on our sites and platforms without the need to fill out a form. If you log in using the social network login system, you explicitly authorize us to access and store public data on your social network accounts (e.g. Facebook, Google, Instagram), as well as other data mentioned during the use of such social network login system. In addition, we may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.
3.5. Third parties required by law
In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligation. This includes any law enforcement agency, court, regulator, government authority or other third parties where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.
3.6. Professional advisors
This includes lawyers, technicians, and auditors who assist in running our business, and defending or bringing any legal claims.
We may transfer your Personal Data to other member associations, such as Thailand E-Payment Association (TEPA), Electronic Transactions Development Agency (ETDA), the Association of Confederation of Consumer Organization, Thailand (ACCOT), Foundation for consumers, the Thai Chamber of Commerce, Thai E-Commerce Association, Thai Retailers Association, Thai Shopping Center Association and the Ratchaprasong Intersection Group.
3.8. Assignee of rights and/or obligations
4. International transfers of your Personal Data
We may disclose or transfer your Personal Data to third parties or servers located overseas, in which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties have in place an appropriate level of protection standards or other derogations as allowed by laws. We will request your consent where consent to cross-border transfer is required by law.
5. How long do we keep your Personal Data
We retain your Personal Data for as long as is reasonably necessary to fulfill the purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.
6. Security of your Personal Data
The Company recognizes the importance of maintaining the security of your Personal Data. Therefore, the Company endeavors to protect your information by establishing security measures for your Personal Data appropriately and in accordance with the confidentiality safeguard of personal data, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure; provided, however, that the Company will ensure that the method of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of the Company.
Below we categorize the types of cookies we use to give you a better understanding of why we use these cookies or work with services that use these cookies. The information you share with us or with our partners through cookies allows us to provide the products and services you need and want, tailored for you. We appreciate your trust that we will carefully and sensibly handle your personal data while giving you the very best personalized experience and customer services.
7.1. What are cookies and why do we use them?
Cookies are small pieces of information or text placed on your computer when you visit a website. Some cookies are strictly necessary to enable the site to function properly. Other cookies allow us to enhance your browsing experience, gain a better understanding of your use of our website, tailor content to your preferences, and make your interactions with the site more convenient. In addition, cookies are used to help personalize your interactions with our content on other websites (translation: advertising) based on your behavior on our site.
7. 2. What types of cookies do we use?
We use the following types of 1st Party Cookies and 3rd Party Cookies, which are described below. To understand better about 1st and 3rd Party Cookies:
- 1st Party Cookies are cookies which are created by us, for reasons listed in the table below. The data will only be sent back to our website and servers.
- 3rd Party Cookies are cookies that are created by the partners we use. Cookie data will be shared with those partners to enable the features and services they provide.
|Type of Cookies||What does it do|
|1st Party Cookies|
|Strictly necessary cookies||These cookies are essential to enable you to move around the website and use its features, such as accessing secure areas of the website. We use strictly necessary cookies to make sure our digital services work securely, correctly, and perform their basic functions.|
|Security cookies||We use security cookies to make your interaction with our services faster and more secure. These cookies will help identify and prevent potential security risks.|
|Functionality cookies||These cookies allow the website to recognize you and remember your preferences (such as your language of choice or the region you are in) and provide a more personalized experience. These cookies can also be used to remember changes you have made to text size, fonts and other parts of the web pages that you can customize.|
|1st Party Cookies|
|Tracking cookies||We use tracking cookies to measure your behavior on our site. Behavior can be defined by such things as how you arrived at the website, what products you viewed, how deep in the website did you browse, how long did you browse, among other things. We use this information to enhance the performance of the website, improve our display of products and services, and overall improve your experience on the site.|
|Advertising cookies||These cookies are used to deliver relevant advertising to you based on your behavior on our website. They are also used to limit the number of times you see an advertisement, as well as help measure the effectiveness of our advertising campaigns. We share anonymized information about your browsing activity with our advertising and creative partners.|
|3rd Party Functionality||Some partners enable us to significantly improve website experience with minimal software development on our side. For example, partners may help with enabling chat functions on the website or enable coupons or messages to appear on the right pages. These partners will also need to place cookies to perform these services properly.|
7.3. How can you control cookies?
Most Internet browsers allow you to control whether to accept cookies, or you can download 3rd party "extensions" which give you precise control of your cookies. Due to the nature of some cookies, rejecting, removing, or blocking these cookies can affect your user experience and may block your ability to use some or all of the features or areas of our website. If you would like to delete any cookies or if you change your mind, please refer to your browser's settings or options page, or search for instructions using your favorite search engine. As mentioned before, because apps do not run in a browser, the way to control the data shared is different and different by your phone brand, model, or software. The two most common phone software, iOS and Android, have tools to enable you to control what is shared by apps, at an individual app level. Please refer to the settings of your phone to understand what control is available to you.
8. Your rights as a data subject
Subject to applicable laws and exceptions thereof, you may have the following rights to:
- Access: You may have the right to access or request a copy of the Personal Data we are collecting, using or disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
- Rectification: You may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data that we collect, use or disclose about you rectified.
- Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us and (b) if we are collecting, using or disclosing such data on the basis of your consent or to perform a contract with you.
- Objection: You may have the right to object to certain collection, use or disclosure of your Personal Data such as objecting to direct marketing.
- Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.
- Withdraw Consent: For the purposes you have consented to our collecting, using or disclosing of your Personal Data, you have the right to withdraw your consent at any time.
- Deletion: You may have the right to request that we delete or de-identify Personal Data that we collect, use or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
- Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use or disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.
9. Our Contact Details
- 1.Central Plaza Hotel Public Company Limited.
Corporate Risk Management
Address: 25th Floor, 999/99 Rama 1 Rd., Pathumwan, Bangkok 10330 Thailand
- 2. For Data Protection Officer
Data Protection Officer
Address: Data Protection Office, Central Group
22 Soi Somkid Ploenchit Road, Lumpini, Pathumwan, Bangkok, 10330 Thailand
Central Plaza Hotel Public Company Limited