Royal Cliff Hotels Group
Royal Cliff Hotels Group is committed to complying with the General Data Protection Regulation (GDPR), Personal Data Protection Act (PDPA), and the law related to it. At Royal Cliff, we take great care in protecting all personal information and data. The data that we collect includes personal data from our:
- Website visitors
- Relevant Stakeholders.
In this policy, you will get to understand why we collect these data, the process behind it, how data is utilized, how it is stored and how we protect it.
The personal information that is collected includes name, gender, contact details, postal address, nationality, date of birth, photo, passport information, e-mail address or phone number as well as visa information, credit card details, preferences and hotel stay. The amount of information we collect depends on your consent.
A. We Collect Personal Information for the Following Reasons:
- To be able to provide the services you need
- To understand your needs and preferences in order to serve you better with a more personalized level of service
- To anticipate the services that would enhance your future stays with us through surveys, feedback forms as well as sales and marketing promotions
- To improve our business operations and provide a personalized service to you
We will not collect, use or disclose any of your personal information for any purpose outside the realm above before we ask for your consent. Information collected will be kept as accurate and up to date as possible and will only be kept as long as necessary to provide you with the appropriate services that are requested.
B. How We Collect Personal Data
- Through making a hotel reservation
- Through answering surveys and feedback forms
- Through participating in marketing initiatives
- Through visiting our website
B1) Through making a hotel reservation
In order to fulfill your hotel reservation or process your request, we normally need information including your name, address, contact details such as phone number and email address, credit card number and expiration date, nationality and language preference. We also require your date of birth together with a personal identification upon check-in.
Your information will be kept confidential and will only be shared with Royal Cliff employees to the extent necessary for delivering the services to you.
As we also offer special deals from time to time to those who have qualifying criteria, we might use your personal information to send you pre or post stay communications, special offers and information about changes or updates with regards to Royal Cliff’s services. If you do not wish to receive such offers and information, all Marketing Communication sent to you will always contain instructions for unsubscribing to the emails. You may unsubscribe or opt-out by sending an email to [email protected], using the subject line “Unsubscribe”.
B2) Through surveys about guest stay’s or event feedback forms
The information provided in these channels will be used solely for the purpose of recording your comments, communicating with you about them, sharing them for review among the hotel staff, recognizing employees for service excellence and improving service standards. Your information will also be used to send you Marketing Communication emails from Royal Cliff should you have indicated or explicitly stated in the forms that you would love to receive further communication from us.
B3) Through participating in marketing initiatives
From time to time, Royal Cliff will be doing marketing campaigns and initiatives that would collect your data if you join. Your personal information which includes your email address, first name, last name, language preference and country of residence might be collected and used to send you notifications of special offers. You will always have the option to unsubscribe at any time using the link provided on every email message that you receive and you will no longer receive these email offers and promotions. Should you choose to do so, you may once again subscribe to receive these email offers in the future.
B4) Through visiting our websites
Royal Cliff normally uses “cookies” on our websites to recognize visitors when they return to any of our sites in order to help customize your online visit. Cookies are pieces of information that an Internet site transfers to your hard drive for record-keeping purposes. This is to provide you with a seamless user experience when you browse our site and allows us to improve its features.
We use Google Analytics to measure how visitors interact with content on our websites. We also use Facebook Analytics and Facebook Custom Audiences to ask Facebook to show you ads that are customized based on your interaction with our websites and measure how you interact with these ads. Additional information on how these services use such technologies can be found on Google’s website, Adobe’s website and Facebook’s website. The Google Analytics security and privacy principles summarize how Google protects information collected through Google Analytics. Facebook’s Data Use Policy describes how Facebook protects information collected through Facebook Custom Audiences.
C. Disclosing Personal Information
Personal information will be shared with hotel staff who are directly related in providing you with your required services.
- Personal information will be shared with a third party involved in supplying you with the services you have purchased or booked.
- Personal information might be shared with a third party which Royal Cliff has tasked to perform some functions on its behalf.
- Personal information may be shared with authorized persons who are booking a reservation on behalf of the guest or a legal authority.
- Personal information may be shared if we are compelled to do so by a court of law or lawfully requested by a governmental entity.
Should you request access to have your personal information, Royal Cliff Hotels Group will honor your request.
When disclosing a guest’s personal information to a third party, Royal Cliff Hotels Group will take appropriate steps in ensuring that disclosure will only be made on a confidential basis where the information will be used only for the purpose for which it has been disclosed. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR. The third-party will have to sign a non-disclosure agreement form.
D. Your Personal Data Protection Rights
At any point whilst Royal Cliff is in possession of or processing your personal data, all data subjects have the following rights:
- Right of access – You have the right to request a copy of the information that we hold about you.
- Right of rectification – You have the right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – In certain circumstances, you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – Where certain conditions apply, you have the right to restrict the processing.
- Right of portability – You have the right to have the data we hold about you transferred to another organisation.
- Right to object – You have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – You also have the right not to be subject to the legal effects of automated processing or profiling.
E. How Your Personal Information is Stored
We will take reasonable steps to keep your personal information secure once it has been transferred to our systems. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, and data stored on the website and associated database. We will only store your personal data for as long as it is necessary for the legitimate purpose for which it was supplied and it will be destroyed or deleted when it is no longer necessary for the Royal Cliff Hotels Group to hold it. You may ask us to delete all or some of your personal data at any time although this may have an effect on the benefits and services you get from our websites or other services. The data is stored in our servers located at the hotel and some will be stored on a cloud platform that only the CEO and the Data Protection Officer have access too.
We also ensure that your personal information is accurate and up to date. However, we rely on you to inform us of any changes or corrections to the information we hold about you. If your information has changed, please let us know as soon as possible.
F. You Can Request the Following Information:
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Royal Cliff Hotels Group (Hoteliers) Ltd or a third party such as one of its clients, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (Data Protection Regulator).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information on automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
G. Identification Requirement for Data Access
We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document are required. If Royal Cliff Hotels Group is dissatisfied with the quality, further information may be sought before personal data can be released.
H. Data Security
We have security measures in place which are designed to keep information that is stored in our systems protected from unauthorized access or use. We have highly qualified IT professionals on-site who are available 24 hours to keep all our information technology systems secure. In addition, we have installed industry-standard firewalls that block malware as well as the latest anti-virus software to aggressively protect our systems from being compromised. We also work with 3rd parties, who have no allowable access to our guests’ personal data, to help regularly check if our systems continue to be completely effective. In case there is a data breach, a staff report will be sent within 72 hours of becoming aware of the problem and immediate action will be taken to mitigate such a breach.
I. Withdraw Consent to Use Your Personal Information for Marketing Purposes
You may withdraw your consent with respect to the use of your personal information for marketing purposes at any time by emailing us at [email protected], using ‘Unsubscribe’ as the subject line, and providing us your Full Name and E-mail Address.
If you have questions, concerns or comments regarding our privacy practices or wish to make a request with regards to your personal information, please contact us via email at [email protected].