Privacy Policy

Aruntara Riverside Boutique Hotel

CD Place Company Limited (Hereinafter referred to as “Aruntara Riverside Boutique Hotel” or “Hotel” or “Company” or “We”) realizes and recognizes the importance of protection of your personal data and other information (collectively referred to as “Information”) to ensure to you that the Company is transparent and responsible for the collection, use or disclosure of your information out of your employment of the Company’s services. The Company appreciates your trust in us and we will carefully and reasonably handle your personal information so as to provide you the best personalized experiences and customer services.

This Privacy Policy (collectively referred to as “Policy”) applies to the collection, use or disclosure of customers’ information under the Company’s control within the hotel, website, social media channels, online communication channels, as well as other channels where your personal information is collected.

In this policy, “Personal Data” means information relating to a natural person, which enables identifying of such a person either directly or indirectly, but not including any personal information of a deceased person in particular, as stated in this policy.

The company reserves the right to update, revise or modify this policy as may be reasonable and will inform you through the website, www.aruntarahotel.com, with the effective date of each revised version indicated. However, the Company encourages you to regularly check for the new version of the Policy through the website or specific channel of activity, operated by the Company, particularly before you disclose your personal information to the company.

1.What types of personal data are collected by the Company?

The Company may collect the following types of personal information. This may include personal data of personal data subjects directly or indirectly from you. The nature of the personal data, collected by us, depends on the context of your communication and relationship with us.

(1) Personal Data, including title, name-surname, gender, age, nationality, country of residence, date of birth, marital status, number of family members and children, age of children, government-issued card information (e.g. ID Card No., Passport No., Taxpayer ID No., Driving License information, and identification documents with the same type, etc.), immigration details, including date of arrival and departure, signature, voice, audio recording, photograph, CCTV footage, license plate, and other information provided by you to the company.

(2) Contact information, including postal address, delivery information, address for invoices, Telephone No., Fax No., email address, Line ID, Facebook account and other social media website accounts, and other contact information provided by you to the company.

(3) Membership information, including member account details, Member Card No., loyalty points, membership code, customer code, membership type, customer type, date and month of joining or applying for membership, membership period, bank account and payment information, and other membership information provided by you to the company.

(4) Financial information, including credit/debit card information or bank information, Credit/Debit Card No., type of credit card, card issuance date/expiry date, billing cycle, account details, payment details and record, and other financial information provided by you to the company.

(5) Transaction information, i.e. details of payment to/from you, date and/or time of payment, amount of payment, details of refunds, balance, reward points, date and place of purchase, Purchase or Order No., service appointment date, address/date and time of pickup or delivery, recipient’s acknowledgment, end message in recipient’s email, product warranty information, complaints and claims, booking information, rental information, transaction, transaction record, location, transaction status, past sales transactions, status, transacting status, buying behavior, and other information of the products and services you purchase from the Company.

(6) Technical data, i.e. IP or Internet Protocol address (IP address), cookies, media access control (MAC) address, log, Device ID, device model and type, network, connection information, access information, single sign-on (SSO) access information, login log, duration and location of access, time spent on the page, login information, search record, browsing data, browser type and version, time zone setting and location, type and version of browser plug-in, operating system and platform, and other technologies on the device from which you access the platform, and other technical information for use on platforms and operating systems.

(7) Usage information, i.e. information of your searches or use of website, use of our products and services, shopping cart, wish list, notifications log of sale items, follow-shop record, timestamp of last click, and question-answer record and other usage information.

(8) Marketing and communications information, i.e. your preference on receiving of marketing information from the Company and your preferred communication style, and other marketing and communications information.

(9) Sensitive information, i.e. religion, information of health or physical or mental condition, genetic information, medical history and disability, etc.

2. Sources of personal information collected by the Company.

The Company collects or acquires various types of personal information from the following sources:

(1) Personal data, collected by the company from you directly through various service channels, such as room booking process, room registration, contract and document signing, survey completion, reservation of services, or other service channels, controlled by the Company, upon your communication with the Company at the office or through other communication channels, controlled by the Company.

(2) Information, collected by the company upon your access to our websites, products or other contracted services, such as tracking of behavior on our websites, products or services through cookies or software on your device, etc.

In the event that you have provided personal information of third parties (such as emergency contacts, etc.) to the Company, i.e. name-surname, address, Telephone No., and other personal or contact information on emergency, please inform them of this Privacy Policy, and/or obtain consent from those persons in case that such consent on disclosure of data to the Company is needed.

However, in the event that you, as the owner of personal data, refuse to provide any information needed for the Company’s provision of services, it may result in the Company being unable to provide all or part of such services to you.

3. Objectives of the Company's Collecting of Personal Information.

The Company collects your personal information for the purposes of providing the Company’s services for the following activities:

(1) To provide and offer services to you; to enter into contracts and manage the contractual relationship between the Company and you; to support and carry out other activities related to such services or products; to successfully manage the reservation and to carry out financial transactions and payment-related services as well as to verify, confirm and cancel transactions; to process your purchase order, delivery, pickup and return of products, refunds and replacement of goods or services.

(2) Marketing and communication: to provide privileges and promotions, news, discounts, special offers, advertisements, notifications, news, information, marketing and communications in relation to the Company’s services.

(3) Registration and identity verification: to register, verify, confirm, identify and/or certify you or your identity.

(4) Operation of websites: to maintain, operate, monitor, observe and administer the website; to facilitate and ensure to you of the operation of the website being smooth, efficient and safe; to facilitate your usage of the website; to improve the plans and content of the website.

(5) Compliance with statutory duties: to proceed in accordance with the provisions of law, legal process or orders of relevant governmental agencies, and/or to cooperate with the courts, regulatory agencies, governmental agencies and law enforcement agencies. In the event that it is reasonable to believe that the Company shall do so in order to comply with the law and in the event that the Company is required to disclose such personal information, the Company shall disclose personal information as far as it is necessary and in a strict manner in accordance with the provisions of law, legal process or orders of governmental agencies, including provision and handling of VAT refund application services, issuing of tax invoices or a full tax return, recording and tracking of communications, disclosure to tax authorities, financial service regulatory agencies and other governmental regulatory agencies, and in favor of investigation or prevention of crime.

(6) Protection of the Company’s interests: to protect security within the Company’s area or to protect stability and business confidence of the Company; to exercise the rights or protect the Company’s interests as may be necessary and conformable to the law.

4.The Company’s Basis for Processing of Personal Data.

To process personal data of the Company for the purposes mentioned above,
the Company applies the following basis for processing of personal data.

Legal Basis for Data Collection	Description
Compliance with statutory duties	For the Company to be able to operate and comply with the laws governing companies; for example, – Hotel Act B.E. 2547 – Collecting of computer traffic data according to the Computer Crime Act B.E. 2560 – Taxation laws – Compliance with court orders.
As may be necessary for legitimate interests.	For legitimate interests of the Company and others. Such benefits are no less important than the basic rights in your personal data; for example, for security of the company’s premises or processing of personal data for the Company’s internal affairs, etc.
For contract performance.	For the Company to be able to perform its obligations according to the contract or take action as may be necessary for entering into a contract where you are a contracting party with the Company, such as room reservation, staying and reservation for various hotel services, etc.
As may be necessary for prevention or suppression of a hazard to life, body or health of a person.	To prevent or suppress any hazard to life, body or health of a person; for example, providing an application service in order to monitor epidemics according to governmental policies, etc.
Your consent.	For the company to collect, use or disclose your personal data in case it is necessary for the company to obtain your consent. The Company shall inform the purposes of collecting, using or disclosing any personal information, such as marketing through the Company’s news subscription or collecting of sensitive personal data for purposes not conforming to the exceptions of the Personal Data Protection Act B.E. 2562, etc.

In the event that it is necessary for the Company to collect your personal data for contract performance, compliance with statutory duties, or it is necessary to enter into a contract, if you refuse to provide any personal information or object to processing for purposes of any activity, such refusal may result in the Company being unable to perform or provide all or any part of the services you have requested.

5. Cookies and How to Use Cookies.

In the event that you access the Company’s website, the Company automatically collects your personal information through the use of cookies.

6. To whom May the Company Disclose or Transfer your Personal Data?

Under the above purpose of the Company collecting personal information, the Company may disclose your personal information to the following persons:

Type of Recipient	Description
Governmental agencies, to which the Company is required to disclose information for purposes of legal proceedings or other important purposes (e.g. proceedings for public interest, etc.)	Governmental agencies for law enforcement or with supervisory powers or for other important purposes, e.g. Department of Provincial Administration, Revenue Department, Royal Thai Police, Courts, Public Prosecutor’s Office, Department of Disease Control and Local Administrative Organizations, etc.

7.Period of Storage of Your Personal Data.

The Company will retain your personal information for a period of time as may be reasonably necessary so as to attain the purposes for which the Company has obtained such personal information, and to comply with legal obligations, rules and regulations. However, the Company may retain your personal information longer as may be required by applicable laws.

8. Security of Personal Information.

The Company collects or acquires various types of personal information from the following sources:

9. Rights of Personal Data Subjects.

Under the provisions of the law and exceptions according to the relevant laws, you are entitled to proceed with personal data as follows:

(1) Right to request access to personal data: You are entitled to request access, obtain a copy and ask for disclosure of the source of the personal data, collected by the Company without your consent, unless the Company is entitled to deny your request due to legal grounds or court orders or when the exercise of your right may affect and cause damage to the rights and freedoms of others.

(2) Right to request rectification of personal data to be accurate, complete and up to date: If you find that your personal information is incorrect, incomplete or not up to date, you are entitled to request corrections to be accurate, up to date, complete and not misleading.

(3) Right to delete or destroy personal data: You are entitled to request the Company to delete or destroy your personal data or disable identification of the personal data subject from your personal data any further. In this regard, the exercise of the right to delete or destroy such personal data shall be subject to the conditions prescribed by law.

(4) Right to request suspension of use of personal data: You are entitled to request to suspend the use of your personal data in the following cases:

During the period when the Company performs any inspection upon request of the personal data subject to correct the personal data to be accurate, complete and up to date.
Personal data of any personal data subject is collected, used or disclosed unlawfully.
When the personal data of the personal data subject is no longer needed for retention in accordance with the purposes notified by the Company for collection, but the personal data subject wants the company to retain that data further for the exercise of certain statutory rights.
During the period when the Company is proving the legitimate grounds for collecting of personal data of the personal data subject or verify the necessity of collecting, using or disclosing of such personal data for public interest as a result of the personal data subject having exercised its right to object to the collection, use or disclosure of personal data.

(5) Right to object to processing of personal data: You are entitled to object to collection, use or disclosure of any personal information related to you unless the Company rejects the request for any legitimate reasons (e.g. the Company can demonstrate that such collection, use or disclosure of your personal information is based on more legitimate reasons, or for establishing of legal claims, compliance or exercising of legal claims or for public interest of the Company, etc.)

(6) Right to withdraw consent: In the event that you have given consent to the Company for collecting, using or disclosing of personal data. (Whether such consent was given before or after the Personal Data Protection Act B.E. 2562 came into force), you are entitled to withdraw your consent at any time throughout the period your personal data is retained by the Company unless there is a legal restriction requiring the Company to continue to retain such data or there remains an agreement between you and the Company that is beneficial to you.

(7) Right to obtain, send or transfer personal data: You are entitled to obtain from the Company your personal data in a readable or generally usable format with automated tools or devices and usable or disclosable with automated means, and may request the Company to send or transfer data in such format to other personal data controllers; however, exercising of such right shall be subject to the conditions prescribed by law.

10. Company Contact Details:

Should you wish to exercise your right in relation to your personal data or should you have any question about your personal data under this Policy, please contact:

Data Controller

Name: CD Place Company Limited

Address: 351/1, Charoen Prathet Road, Chang Khlan Sub-district,

Mueang Chiang Mai District, Chiang Mai Province 50100

Email: info@aruntarahotel.com

Data Protection Officer (DPO)

Name: Ms. Busara Masadorn

Address: CD Place Company Limited, No. 351/1, Charoen Prathet Road,

Chang Khlan Sub-district, Mueang Chiang Mai District, Chiang Mai Province 50100

Email: hm@aruntarahotel.com