Name: Phuket N.S. Trading Company Limited (“Access Resort & Villas").
Data Protection Officer: you can contact us via the following channels, addressing your message to the attention of Data Protection Officer:
E-mail: [email protected]
Address: 459, 2 Patak Rd, Karon, Mueang Phuket District, Phuket 83000, Thailand
Collectively, we refer to the above as our “Services.”
We use different methods to collect data:
Direct interactions: You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide online when you book accommodation, sign up for a newsletter, or participate in a survey, contest, or promotional offer. We collect personal data offline when you visit our properties, or use our Services such as restaurants, childcare services, and spas.
The data requested in the forms on the Website is mandatory (unless otherwise indicated in the relevant field) to perform services or fulfill your request. If you do not wish to provide the required personal information then we are unable to fulfill your request, but you can still see the content of the Website.
Automated technologies or interactions: As you interact with our websites, apps, or other pages, we will automatically collect technical data about your equipment, browsing actions and patterns. The information we may collect by automated means includes, but is not limited to:
We collect this personal data by using cookies, web beacons and other similar technologies.
Security Systems: When you visit our hotels, information may be collected about you through such properties’ closed-circuit television systems, electronic key cards and other security systems.
Third parties or publicly available sources: We will receive personal data about you from various third parties and public sources including business partners, hotels managed by us, travel agents and aggregators.
We use personal data to provide you with the Services, to develop new products and services, and to protect safety and security of our guests, team members, and properties.
Personal data provided through the Website will be processed by us for the following purposes:
Booking process: Fulfill and manage booking requests, including any modifications and cancellations, perform basket retrieval, send a reminder of the pending booking or Website searches, send transaction confirmation, mange payment or prepayment, or refer you to loyalty programs that can be used to receive benefits. In addition to the information provided on the reservation form, we will integrate certain data from your guest profile previously managed by Access Resort & Villas to provide you with a better service in our hotels. The legal basis for this processing activity is the contractual relationship with you.
Sending commercial communications and newsletters: If you have subscribed to our marketing communications, we will send you tailored promotional offers regarding our Services and Brands. You have the option subscribe or unsubscribe at any time via the link included in the email of reaching out to us. The legal basis for this processing activity is your consent.
Online Check-in (if applicable): Manage online check-in process, personalize our Services, and respond to requests. The legal basis for this processing activity is a contractual relationship.
User-generated content (UGC) on website and social media platforms: Display UGC on our Websites and our social media platforms for promotional purposes. The legal basis for this processing activity is your consent.
Social platforms log-in: If you register or sign in with your Facebook, Apple ID, Google or other third-party accounts to our Websites, you give such third-party service providers permission to share your personal information from those accounts (such as your registration and profile information). This information varies and is controlled by third-party service providers or as authorized by you via your privacy settings. The legal basis for this processing activity is your consent.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“Aggregate Data”).
We may collect, use, store and transfer different kinds of personal data about you which we have arranged according to the different purposes as follows:
We do not collect the following special categories of personal data about you: race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic, biometric data, and criminal convictions and offenses.
Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share personal data with the following parties:
We require all third parties to protect your personal data and to process it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may transfer your personal data across multiple jurisdictions. Insofar as it is necessary for the purposes, your personal data may be transferred to the Countries where our third-party service providers, advisors and consultants are located, which changes from time to time.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In order to determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the relevant country.
We determine the retention period based on the following considerations:
You can exercise your data rights under data protection laws by contacting us:
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances, and we will indicate the reason for refusal.
Time limit to respond
We try to respond to all legitimate requests within one month, or within the timeframe as specified by the applicable data protection legislation. Occasionally, it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
With your consent, we may send you direct marketing communications regarding our Services. If you have opted in to receive marketing communications, we may contact you by electronic messages (email, SMS, or website), by mail or other means that you share with us. You have the right to withdraw consent at any time by contacting us using the details provided in the Contact Us section or clicking unsubscribe link in our marketing messages.
Please note that if you choose to opt out of marketing emails, we will continue to send you transactional messages, such as information about your reservations or stays, including confirmation and pre-arrival emails, or account security updates.
If you wish to exercise any of the rights set out above, please contact us.
Email: [email protected]; or
Post: 459, 2 Patak Rd, Karon, Mueang Phuket District, Phuket 83000, Thailand
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
This Website is not intended for children, and we do not knowingly collect data relating to children.
You will be liable for any false or inaccurate information provided, and for direct or indirect damage caused to us or to third parties.
It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.