Privacy Policy

Privacy Policy

This Privacy Policy (“Privacy Policy”) applies to Dusit Thani Public Company Limited, its subsidiaries¹ and all of the hotels and its related activities and other businesses (e.g. school, college, residential, restaurant, spa and fitness) specified in this Privacy Policy within Dusit Portfolio of Brands² (collectively, “Dusit”, “we”, “our”, “ours” or “us”) and takes the issue of safeguarding the privacy of guests seriously.

Our Privacy Policy describes the following:

The data or information we collect from guests, customers, villa owners, residence owners, investors, business partners, lessors, lessees, tenants, vendors, suppliers – including prospective or potential ones, students, and you – as well as visitors to our websites, domain names, DusitApp and other applications and/or third party websites or digital channels(referred to as “you”, “your” and “yours”)

The way we use this data or information to better serve the needs of yours.

This Privacy Policy does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies, agents and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or corporate customers.

Whilst this Privacy Policy broadly describes the practices we have adopted across other entities within Dusit globally, local laws vary and some jurisdictions may place restrictions on our processing activities (e.g. certain jurisdictions may require affirmative consent before sending marketing messages). Therefore, our actual practices in such jurisdictions may be more limited than those described herein, in order to enable us to comply with local requirements, including but not limited to Personal Data Protection Act of Thailand B.E. 2562 (2019) (“PDPA”).

¹The current subsidiaries are Dusit Worldwide Co., Ltd., Dusit Thai Properties Co., Ltd., Dusit Thai Properties Public Co., Ltd., Dusit Management Co., Ltd., Dusit Overseas Co., Ltd., Dusit Excellence Co., Ltd., Dusit Maldives Management Pvt., Ltd., Dusit Thani Philippines Inc., Dusit USA Management Inc., D&J Co. Ltd, Dusit Japan Godo Gaisha, Dusit Saudi LLC, Devarana Spa Co., Ltd., Dusit Hospitality Services Co., Ltd., Grace Me Co., Ltd., LVM Holdings Pte. Ltd. and Favstay Pte. Ltd. which are the data controllers for all guest data and operate marketing activities for Dusit Hotels and Resorts.

²Dusit Portfolio of Brands includes ‘Dusit Thani’, ‘Dusit Devarana’, ‘dusitD2’, ‘Dusit Princess’, ‘ASAI’, ‘DUSIT CENTRAL PARK’, ‘DUSIT RESIDENCES’, ‘Dusit RESIDENCE SERVICED APARTMENTS’, ‘DUSIT PARKSIDE’, ‘Devarana Spa’, ‘Namm Spa’, ‘Benjarong’, ‘Dusit Foods’, ‘Dusit Thani College’, ‘dusit hospitality management college’, ‘D dusit hospitality education’, ‘Dusit International’, ‘DUSIT THANI HOTEL SCHOOL’, ‘SOI’, ‘BAAN DUSIT THANI’ and ‘Khong Thai’. Dusit Portfolio of Brands also includes managed hotel and franchised hotels. A list of entities that operate managed hotels in other countries can be found [here]. Franchised hotels are operated by entities that are separate from Dusit. To determine the entity that operates a franchised hotel, please contact that hotel.

TABLE OF CONTENTS
WHAT IS PERSONAL INFORMATION
WHAT IS PERSONAL INFORMATION WE COLLECT AND WHY IS PERSONAL INFORMATION COLLECTED
Sensitive Data
Minors
CCTV and photographs

HOW AND WHERE WE COLLECT YOUR PERSONAL INFORMATION?
1. On Our Digital Channel
    A. Initially upon contact with our Digital Channel
    B. Whilst Browsing Our Digital Channel
    C. Making a Purchase on dusit.com or Out other Websites
2. When Making a Reservation
    A. On dusit.com, Our other Websites, DusitApp and Our other Applications
    B. Through Reservation Offices
3. When Using Our Services or Purchasing Our Products at Our Establishments
4. Regarding Residence Ownership
    A. When Enquiring about Residence Ownership
    B. As a Residence Owner
    C. During Your Stay at Your Residence

HOW DO WE RETAIN PERSONAL INFORMATION
1.            At the Establishment
2.            In Central Reservation System
3.            In the Owner's Residence Property Management Systems
4.            In Check-in Point of Using Our Facilities
5.            In Marketing Databases

WHAT INFORMATION IS NOT SECURE
If I have created a Customer Profile, how is my Personal Information treated?

HOW AND WHEN WE SHARE YOUR PERSONAL INFORMATION
Other Uses and Disclosures
Non-Dusit group entities

TRANSFER PERSONAL INFORMATION OUTSIDE OF THAILAND
DATA SECURITY MEASURE
HOW DO YOU ACCESS/REVISE YOUR PERSONAL INFORMATION
HOW LONG IS YOUR PERSONAL INFORAMTION RETAINED
HOW DO YOU KNOW IF THERE ARE CHANGES TO THIS PRIVACY POLICY
HOW IS PERSONAL INFORMATION AFFECTED BY BUSINESS TRANSFERS
WHAT LAWS APPLY TO THIS PRIVACY POLICY
YOUR CHOICE
YOUR RIGHT
TO WHOM DO WE DIRECT QUESTIONS OR CONCERNS REGARDING THIS PRIVACY POLICY

WHAT IS PERSONAL INFORMATION

The term of “Personal Information” refers to information about you as an individual who can be identified from that data or can be identified when combine with other information which we have or likely to have access.

WHAT IS PERSONAL INFORMATION WE COLLECT AND WHY IS PERSONAL INFORMATION COLLECTED

Core Activities	Categories of Personal Information	Purpose of collection your Personal Information
Hotel For more details on the privacy notice of hotel related services [click here EN/TH]	Personal details of guests, family members and companions: Full name, contact information (mailing address, email address, phone number), nationality, date of birth, gender, payment card information, DusitLife number, passport, visa or other government – issued identification card information, preferred language and Sensitive Personal Information (such as health information and food allergy) Accommodation Information: room preference, room selection and assignment, personal preferences (e.g. special anniversaries, type of activities you prefer to take part in when staying with us and your hobbies), arrival time, check-in and check-out information, additional guest name, corporate number and name, travel agent number and name, airline partner number and name, membership or loyalty program data (including co-branded payment cards, travel partner program affiliations), travel itinerary, tour group, or activity data, vehicle information, Online and Digital Information including the Use of IT System: internet or other electronic network activity information (including information regarding guests/customer's interaction with Dusit websites, applications or advertisements, IP addresses. booking engine, device information, social media information, description of a complaint that you make to us), profile photo and other data publicly, or data made available by linking your social media and loyalty accounts, family members and companions (such as names and ages of children), customer rating and survey responses, free form textual feedback, images and video and audio data via security cameras located in public area, such as hallways and lobbies, in our properties	Fulfill guest reservations Send guests communications relating to their reservations Administer membership and activity in the DusitLife loyalty program Provide customer service and support Verify identity Send marketing communications via email, direct mail, and social media Perform analytics in order to provide guests with personalized offers and content Respond to service concerns in order to better serve our guests Perform analytics to improve business operations Determine guests' eligibility for special or promotional rates Process payments Process transactions with partners Administer contests and sweepstakes Detect and prevent fraud Comply with applicable laws that require us to process certain Personal Information Comply with inspection, analysis and preparation of documents upon request of governmental organizations and regulatory bodies Better serve our guests and improve guest's experience Properly attribute reservations to travel agents Properly attribute points to guests who participate in airline loyalty programs Participate in our business partners loyalty program or scheme eligible to our guests Enable guests to park vehicle at our properties Show you targeted advertisements on media Support marketing efforts Troubleshoot and resolve website issues
Residential For more details on the privacy notice of residential related services [click here EN/TH]	Full name, email address, postal address, telephone and/or fax number, nationality, place of work, work history, copy of ID card/passport, proof of address, mortgage details Payment information (such as a credit and debit card) and bank account details, financial information, bank statements, payslips or income details, confirmation of income Recordings when you call our customer service line, Any other documents deemed relevant when buying, selling, letting or renting a property Details of anyone Authorized to act on your behalf if applicable monitor, record, store and use any telephone calls, CCTV recordings, email or other communication you provide Sensitive Personal Information such as health information Name and contact details of a guarantor Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.	Selling properties (either freehold or leasehold) Set up your user account Notify you of the sales/letting process To detect, investigate and report financial crime (e.g. Fraud) Check anti-money laundering Marketing communications to inform you of special offers, promotions, new lines and Sales. Provide you with online advertising Notify you about enhancements to our services, such as changes to the website and new services that may be of interest to you Contact you to undertake customer satisfaction surveys, invite you to provide product reviews or for market research Maintain network and data security Manage property i.e. housing, tenancy/lease and account on behalf of property owner Organise and assist community events Check any instructions given to us, for training purposes, and to improve the quality of our customer service Support any alteration/reparation made to the property you are living in Settle any arrears payments such as rent or other expenses Provide welfare, benefits and debt advice Proceed with a residential sale or purchase Keep in touch with customers to understand the needs and preferences Invite customer to events To process and perform our obligations under our contract with customer including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us Detect and prevent fraud Comply with applicable laws that require us to process certain Personal Information Comply with inspection, analysis and preparation of documents upon request of governmental organizations and regulatory bodies
Restaurant For more details on the privacy notice of restaurant related services [click here EN/TH]	Booking: Full name, email address (used for booking confirmation and post-dining feedback emails), home or work address, billing information taken for deposits, ticketing, or holding credit card information for use in the case of no-shows (where applicable), telephone number, company name, dietary requests, marketing preferences (whether you opt-in or opt-out), food preference and Sensitive Personal Information (i.e. health information and food allergies). At our restaurant: food preference and special categories of data (i.e. health information, food allergies), marketing responses (where applicable), survey responses, current and past restaurant reservation details, Payment information and associated contact information Access our site: device type (e.g. mobile, computer, laptop, tablet), cookies, operating system, IP address, browser type, browser information (e.g., type, language, and history), domain names, access times, settings, referring website addresses, other data about your device to provide the services as otherwise described in this policy.	Internal record keeping. Send you service emails (booking confirmation and post-dining feedback). Improve our products and services. Improve customer experience. Send marketing communications if you have opted in to receive them. Customise the website according to your interests. Protect the health of the guests Ensure the safety and security of guests
Fitness For more details on the privacy notice of fitness related services [click here EN/TH]	Full name; Correspondence address, and/or billing address; Payment details, including credit card and banking information; Contact details, including contact name and telephone number or email address Your image taken at our premises with a web cam or similar for visual identification Sensitive Personal Information (i.e. health information)	Consider and/or process membership application of customer Facilitate and manage member activities, including, (a) Granting access into the premises facilities; (b) Providing and arranging personal training programs and other fitness lessons; (c) Providing service or facilities status updates; (d) Administering personal training and other training/fitness packages; (e) Processing the payment of any other relevant charges; Carry out instructions or responding to any enquiry given by customer/guests Contact or communicating with member relating to: a) The status of membership; b) Any service or facilities status updates; c) Reminders for appointments and/or sessions that you have booked with us; d) Outstanding payments or membership fees Conduct research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities for member's benefit; Provide you marketing, advertising and promotional information, materials and/or documents relating to membership status Detect and prevent fraud Comply with applicable laws that require us to process certain Personal Information Comply with inspection, analysis and preparation of documents upon request of governmental
Spa For more details on the privacy notice of spa related services [click here EN/TH]	Full name, email address, telephone number, credit card information and possibly other information as defined by applicable law (i.e. health information). Website log about your visit including the date and time of your visit, the pages you visited, the address of the website you came from when you came to visit our website and the like your social media account	Send information and updates relating to reservations to guests/customers Provide services and/or products to guests, to send post cards and to make reservations. We may also send you news, updates, related product or service information, promotions, etc. enabling us to give you convenient access to products and services that may be of interest to guests/customers. Detect and prevent fraud Comply with applicable laws that require us to process certain Personal Information Comply with inspection, analysis and preparation of documents upon request of governmental Protect the health of the guests/customers Ensure the safety and security of guests/customers

Sensitive Data
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Service or otherwise to us, any Sensitive Personal Information³.

We minimize our holding and use of sensitive categories of Personal Information but, given the services we provide, there are times when we use it to understand our guests/customers and their needs better, for example when providing accommodation for disabled persons or those with problems around substance abuse, resolving neighborhood disputes involving alleged criminal activity or when helping someone to access care services. We will usually be processing this information to allow us to comply with our legal obligations, act in the substantial public interest in relation to the services we provide, to provide you with social care, or to deal with any legal action. There may be times where we need to ask you for your consent to use this type of Personal Information, in which case we will always notify you and make this clear.

³Sensitive Personal Information includes racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data and biometric data.

Minors
Unless specified otherwise, we do not usually process data on minors. This website is not intended for children under 18 years of age. We do not seek to obtain, nor do we want to obtain personal information (i.e. personally identifiable information) directly from minors. We cannot, however, always determine that the people accessing and using our site are adults. As such, should a minor (as defined by applicable law) provide to us personally identifying information without parental consent, we request that the parent, guardian or other appropriate person contact us to help us remove the information.

CCTV and photographs
Our properties have CCTV and you may be recorded when you visit them. CCTV is used to provide security and to protect both our visitors and communities. CCTV will only be viewed when necessary (e.g. to detect or prevent crime), by authorized personnel only, and footage is stored for set period of time after which it is recorded over. Dusit complies with PDPA and we put up notices so you know when CCTV is used.

We may take photographs at our event, at our properties and in our communities to use for general marketing and publicity. However, photographs of individuals will only be used for those purpose with your consent, which is held within our Corporate Communication team.

HOW AND WHERE WE COLLECT YOUR PERSONAL INFORMATION

1. On Our Digital Channel
A. Initially upon contact with our Digital Channel
When you visit our digital channel, which includes dusit.com, our websites, domain names, social media accounts, DusitApp or other applications (collectively, “Digital Channel”), you are initially given a “cookie”, and your computer is assigned an ID number. A cookie is a commonly used piece of software that tracks an individual user’s preferences and is capable of enhancing your visit to the Digital Channel.

Cookies allow us to provide a customised experience without the visitor having to remind us of his or her preferences each time he or she visits. If you log in as a registered user, our cookies may collect personal information for marketing purposes and to create content on our Digital Channel that are more relevant and easier to use. Our Digital Channel cookies help enhance your experience with us and provide you with Dusit targeted advertising that may be of your interest.

We do not share your activity on our Digital Channel with other third parties, nor do we collect information from other websites you may visit, except (i) when we conduct our normal business, (ii) as required by applicable laws and (iii) with your consent and/or request from time to time.

We also use cookies to collect and maintain aggregate website data (such as the number of visitors to a particular site), which helps us see which areas are popular with our users and which are not. Amongst other things, this helps us improve and update our site, based on the total number of visitors and pages viewed and other data.

If you do not want to accept cookies, you can block them by adjusting the settings on your internet browser. Visitors should understand, however, that rejecting cookies will affect your ability to benefit from the conveniences you could enjoy if you chose to accept, and you will not be able to use certain customisation features associated with creating a user profile. Please note that because this is a setting on your browser, this adjustment may also block cookies from any other websites you visit.

Once you have visited our Digital Channel and accepted our cookie, an ID number is automatically assigned to your computer or mobile device whenever you visit. Despite the fact that you remain anonymous until you enter your personal information on our Digital Channel, your ID number allows us to log your session, so that we may better assist you should you need individualised service or support. Once you enter your Personal Information on our Digital Channel, we will associate your ID number with your contact information, so we can recognise you on any future visit. We will also use it to keep track of information that appears to be of particular interest to you.

For more information on [Cookie Policy].

B. Whilst Browsing Our Digital Channel
Whilst in the process of browsing our Digital Channel, you also provide us with information that does not reveal your personal identity, for example, what type of destination you seek. We use this aggregated, anonymous data mainly for editorial purposes, and not connect it to any Personal Information, such as your name or address.

As you explore our Digital Channel for information that interests you, you will provide your Personal Information when you create a profile or sign in to access an existing profile.
You may also wish to put in a specific “Information Request” about one of our establishments or participate in one of our online surveys or promotions. To respond to this request or participate in our various programmes, we may ask for your specific Personal Information, such as your name, zip/postal code, e-mail address, and phone number.

In the event you choose to provide us with such information, we will only use it for the specified purpose, including under this Privacy Policy. We will only email you if you want us to. Also, you can choose a number of alternate methods by which to receive a reply to a request. Transmittal of your personal information shall constitute your acknowledgment and agreement to the terms and conditions contained in this Privacy Policy. If you are uncomfortable providing this information over the internet, you can always call our Central Reservation Office for more details.

If you wish, you may also submit your email address to be placed on a subscription list or to receive other information about our products and services. You will be placed on our subscription list only when you indicate your desire to be included. In deciding whether or not to join such lists, please note that they are only used for internal purposes. We do not sell or rent our subscription lists to anyone. In the event you choose to join one of our lists, you may ask to be removed from that list at any time. You will always have the ability to opt-out from any form of communication from us any time through designated channels such as send an e-mail to customerservices@dusit.com or proceed through our website.

If you wish to receive information regarding any particular establishment of Dusit Hotels & Resorts, you can utilise the link on our Digital Channel to the affiliate and/or third-party websites or digital channels of that particular establishment or send a request through our Digital Channel. Upon using the link, you will be advised that you shall enter an affiliate and/or third-party website or digital channel and that any information you provide to the affiliate and/or third-party website or digital channel will be protected by the affiliate and/or third party in accordance with the affiliate and/or third party’s privacy policy.

C. Making a Purchase on dusit.com or Our other Websites
When making a purchase, you will be asked to complete a form that includes your contact information and payment information. The form is secure. Upon completing the form, your credit card number will be verified using a checking sequence, and once this is confirmed, we will authorise the payment for the amount shown on your order form. Once your transaction is confirmed, an e-mail confirmation will be sent within a few moments. Again, due to the personal nature of the information you provide when making a purchase through dusit.com or our other websites, the form is secure, such that your credit card number is protected with encryption technology. Purchasing transactions are assisted by third-party processors who are obligated by contract with us to protect the privacy of your Personal Information.

We retain a log file of transactions at dusit.com or our other websites, excluding your credit card information connected to your ID number. We will then use that information to assist in any enquiries about your transaction.

We also occasionally combine information from a number of web visitors in a way that does not identify any user, in order to identify user patterns.

2. When Making a Reservation
A. On dusit.com, Our other Websites, DusitApp and Our other Applications
You can search for rates and availability at our establishments without providing any Personal Information.
Visitors to dusit.com or our other websites or users of DusitApp or our other applications who elect to make reservations online will be required to complete a reservation profile the first time they book. When you create a reservation profile, you will be asked to provide specific Personal Information, including your name, address and contact information, as well as certain guarantee and deposit information to secure your reservation, such as your credit card number. The transmittal of your personal information shall constitute your acknowledgment and agreement to the terms and conditions contained in this Privacy Policy.

Your credit card number will be verified using a checking sequence, but we will not authorise any payment at this point, unless otherwise required by our booking condition. Once you indicate confirmation of your reservation, all of the reservation information that you submitted will be sent to us. From this point, the information is sent to the selected establishment in exactly the same way as if you called us directly or if your travel agent made the reservation.

Due to the personal nature of the information you provide when making a reservation through dusit.com, our other websites, DusitApp or our other applications, we employ encryption technology to keep your data secure. We also retain a copy of the reservation profile on dusit.com, our other websites, DusitApp or our other applications, excluding your credit card information connected to your ID number. We will then use that information to create a log into the database of dusit.com, our other websites, DusitApp or our other applications.

We may also combine information from a number of web visitors in a way that does not identify any user, in order to identify user patterns.

B. Through Reservation Offices
Reservations can also be made by contacting a particular establishment’s reservation office directly or by calling our other available reservation representatives. When you make a reservation, we may ask you for specific details about yourself such as your name, address, telephone number and method of payment. We may also obtain from you any room preferences or special requests. Personal information obtained will be sent in a secured communication to the relevant establishment. Confirmation of your reservation will be provided to you, generally by e-mail, directly from the establishment.

3. Whilst Using Our Services or Purchasing Our Products at Our Establishments
As you use our services or purchase our products, we will record your itemised spending to properly build your portfolio, which sets out room rate, purchase price and other expenses billed to you. We also record this information to comply with financial reporting requirements, including those imposed by auditors and government regulators. We may also collect certain information as required by local laws (e.g. passport number).

Information particular to your use of our services or purchase of our products (such as health issues, payment difficulties, special requests, service issues) may also be stored. This information specifically about your stay is stored in the property management system at the particular establishment where you used our services and/or purchased our products and is combined with information from your previous visits. Certain information regarding your service and/or product preferences is also stored centrally by us and may be made available to our other establishments through our guests’ database. You may advise the establishment if you do not want to share your personal preferences.

In addition, we may retain the content of any document (including letters, comment cards, electronic documents such as emails and other similar forms of communication) that you send us before, during, or following your usage and/or purchase. This information may be shared with employees of the establishment and within Dusit Hotels & Resorts. Finally, in preparation for your use of our services and/or purchase of our products, we may collect your photograph from publicly available sources so that we can recognise you in order to provide you with superior customer service.

Online Payment

When a guest reserves or purchase a room / product / service through dusit.com for which Dusit Overseas Company Limited (Suite 2401, 24/F, Citicorp Centre, No.18 Whitfield Road, Causeway Bay, Hong Kong) is the merchant of record with regards to all reservations involving more than one hotel, whether within the same country or multiple countries, regardless of location, except the transaction involves Dusit Thani Laguna Singapore.

*For hotel reservation and any transaction involves Dusit Thani Laguna Singapore, Laguna Hotel Holdings Pte Ltd (11 Laguna Golf Green, Singapore 488047) shall be the merchant of record for using a Visa or Mastercard with payment in SGD and shall be fully and solely responsible and liable for all transactions in relation to Dusit Thani Laguna Singapore.”

4. Regarding Residence Ownership
A. When Enquiring about Residence Ownership
If you have indicated on asaihotels.com, dusit.com or dusitresidences.com, personal mailings or otherwise that you are interested in receiving information about services and promotions offered by Dusit Hotels & Resorts, you shall also receive information about Dusit Portfolio of Brands ’s residences. If you contact Dusit Hotels & Resorts to request further information about becoming an owner of one of our Residences, we will record your contact information. At your request, the personal information you have provided is forwarded to the third-party developer of your preferred Residence (or its authorized agent), who will contact you to provide you with the information you requested.

Any information provided directly to a third-party developer will be collected, stored and used in compliance with that developer’s own privacy policy, which is available on the developer’s website, and is accessible by clicking the appropriate link in the Residence pages on asaihotels.com, dusit.com or dusitresidences.com.

B. As a Residence Owner
Once you become a Residence owner, Dusit Hotels & Resorts as manager of the Residences will use your personal information to create an owner profile that is stored in Dusit Hotels & Resorts’ property management systems. This is used to keep track of your account and provide you with superior service throughout your ongoing relationship with us. The information recorded in your Residence Owner Profile includes your name, contact information, credit card number, details about your ownership and use of your Residence, preferences, and any special requests.

C. During Your Stay at Your Residence
When you stay at your Residence, Dusit Hotels & Resorts, as manager of the Residences, will record information about your use of the amenities and services offered by Dusit Hotels & Resorts (if applicable). Dusit Hotels & Resorts and/or the respective Dusit Hotels & Resorts’ property will use this information for the purpose of billing. Dusit Hotels & Resorts may also record any information you provide about your preferences, as well as information about any issues (health issues, payment difficulties, etc.) you may have encountered during your stay, so we could provide superior customer service to you as a Residence owner. We also record information about your stay to comply with financial reporting requirements, including those imposed by our auditors and government regulators. We may also collect certain information as required by local laws (e.g.passport number).

In addition, we may retain the content of any document (including comment cards, electronic documents such as emails and other forms of similar communication) that you send us. This information may be shared with employees of the Residences or with Dusit Hotels & Resorts. Finally, in preparation for your stay, we may collect your photograph from publicly available sources so that we can recognise you and provide you with superior customer service.

HOW DO WE RETAIN PERSONAL INFORMATION?

Your Personal Information may be stored, used and transferred for processing in all jurisdictions where it is necessary. If required by local laws, your personal information may be accessed by the courts, law enforcement and national security authorities with or without your knowledge.

1. At the Establishment
Each Dusit establishment stores the Personal Information in a secure location, be it a database or filing cabinet. Furthermore, we take steps to ensure that only designated individuals have access to the Personal Information. Dusit, as manager of all establishments within the group of Dusit, may use your Personal Information to create a Guest Profile, which will be stored in our property management systems. The stored Guest Profile information may include the guest’s name, address, phone numbers, email and credit card number. The Guest Profile may also include certain information regarding a guest’s service preferences.

2. In Central Reservation System
To serve you better, we also store your Guest Profile in our Central Reservation System (CRS), a platform located in a data centre in Thailand. When you make a reservation or purchase directly to any establishment, this information becomes available to that establishment.

We store other transaction information in CRS, including the number of stays and details of products purchased you have had, including the number of nights of each stay and details of products purchased. This information is available to each of our establishments when you make a reservation or purchase at one of the establishments.

3. In the Owner’s Residence Property Management Systems
Personal Information related to you as a Residence owner will be stored at the respective Dusit Hotels & Resorts’ property management system, as well as in CRS and other secure databases.

The stored information includes your name, contact information, credit card number, information related to your Residence ownership and amenities, information related to your stays at your Residence, other services offered at that Residence, historical billing records, and any information you may provide about your particular preferences.

4. In Check-in Point of Using Our Facilities
Each Dusit facility stores the Personal Information in a secure location such as a filing cabinet. Certain facilities such as spa and restaurant also maintain their own database or central system to store the Personal Information in order to improve guests and customers experience. Each facility takes steps to ensure that the Personal Information may be accessed by the authorized personnel only. The stored Personal Information may include the guest’s name, address, phone numbers, email, credit card number and guest’s service preferences.

5. In Marketing Databases
Dusit maintains databases of guests’ information, which are used for marketing, promotional and research purposes. Guests will only receive such information if they have provided permission on their registration cards, the Digital Channel, or in some other forms. Any information sent provides a clear notice of how to discontinue receiving promotional materials.

WHAT INFORMATION IS NOT SECURE?

We endeavour to protect the privacy of your account and other Personal Information that we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information. Therefore, we endeavour to put adequate contractual protections in places where we cannot guarantee the security of any Personal Information in databases hosted by third parties.

When you login to complete or modify a Booking Profile, Guest Service Profile, your online interaction with us is protected from eavesdropping using the highest-level encryption technology based on the browser you use. To ensure your privacy and the protection of the information you choose to share with us, we allow only encrypted communications from all of our web forms.

It is important to note that any email communication is not secure. This is a risk inherent in the use of emails. Please be aware of this when requesting information or sending forms to us by email (for example, from the “Contact Us” section of our website). We recommend that you do not include any confidential information (e.g. credit card information) when using email. For your protection, our email responses to you will not include any confidential information as well.

Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion.

If I have created a Customer Profile, how is my Personal Information treated?
If you are invited and you elect to create a Guest Profile in our Digital Channel, you will be asked to furnish specific Personal Information. You will also be asked to provide a password each time you login. Once you have created a Guest Profile, we may add online session data to your Guest Profile on subsequent visits to our Digital Channel. When you provide information, including revised information to your Guest Profile, we may use the information you provided to update other databases maintained by us.

HOW AND WHEN WE SHARE YOUR PERSONAL INFORMATION

Hotel	Dusit: We disclose your Personal Information to other companies within Dusit for the purposes described in this Privacy Policy, such as providing and personalizing the Services, communication with you, facilitating the loyalty programs and to accomplish our business purposes. We share your Personal Information used for making a reservation with the applicable property and Dusit entity to fulfill and complete your reservation. Service Providers: We disclose Personal Information to third party service providers including, for example, companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. Franchisees: We disclose Personal Information to Franchisees of Dusit Portfolio of Brands' properties for the purposes described in this Privacy Policy. Franchisees have a limited right to use certain Personal Information for their own purposes and therefore qualify as independent data controllers for the following processing: Franchisees manage and coordinate your stay at hotels that they operate so they may use your Personal Information for that purpose. Franchisees may also use your Personal Information for complying with their own legal obligations, for compliance with their own legal obligations, including maintaining books & records. Property Owners: We disclose Personal Information to Property Owners of Dusit Portfolio of Brands' properties for the purposes described in this Privacy Policy. Property Owners have a limited right to use certain Personal Information for their own purposes and therefore qualify as independent data controllers for the following processing: Property Owners may use your Personal Information for complying with their own legal obligations, including maintaining books & records. Property Management Companies: We disclose Personal Information to Property Management Companies and their service providers for the purpose described in this Privacy Statement, such as providing, facilitating, and personalizing the Services, facilitating the loyalty programs and their own marketing. Authorized Licensees: Where allowed by law we disclose Personal Information to our Authorized Licensees, including, but not limited to, franchised hotels for the purposes described in this Privacy Policy, such as providing and personalizing the Services, fulfilling your requests and providing their own marketing. For example, this sharing enables you to purchase Dusit branded goods and services, including time share properties. On-Property and/or Travel Partners: We may share your information with spa, restaurant, health club, concierge and other outlets at our properties to provide you with services and for their own marketing when you stay at one of our properties. This sharing also enables us to provide you with a single source for purchasing packages that include travel-related services, such as airline tickets, rental cars and vacation packages. Strategic Business Partners: As allowed by applicable law, we disclose Personal Information with select Strategic Business Partners who provide goods, services and offers that we believe will be of interest to you. By sharing data with these Strategic Business Partners, we are able to make personalized services and unique travel experiences available to you. Third-Party Hotel: We may share your information with another hotel when it is necessary to provide you with an alternative accommodation place in a situation where we are not able to provide accommodation services to you for whatever reason. For example, in the case where our hotel is overbooked, we will notify you and request for your consent before sharing your information to such hotel. Linked Accounts and Promotional Activity: We partner with certain third parties that allow you to enroll in their services or participate in their promotions. For example, certain companies allow you to use your loyalty program number or Online Services login to receive or register for their services. These companies include airlines and credit card company, as well as sponsors of social events, sweepstakes and contests. Additionally, your social media account provider allows you to connect your social media account to your online services account or log into your Online Services account from your social media account. When you enroll in those services, we disclose your Personal Information and other information to those third parties. If you do not want us to share your Personal Information or other information in this way, do not provide your loyalty program number to third parties, do not use your online services login to register for third-party promotions, and do not connect your online services account with accounts on third-party services. Information shared in this way will be governed by the third party's privacy policy and not this Privacy Policy. Social Media Platforms: Where you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you through digital cookies they place on your device and other tracking mechanisms. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with their application. Please visit the social media companies' respective privacy policies to better understand their data collection practices and controls they make available to you. Financial Institutions: We may share Personal Information to any financial institutions, charge or credit card issuing companies, credit information or reference bureau, or collection agencies necessary to establish and support the payment of any services being requested. Personal data may also be disclosed to any person or persons that have a right under local law to gain access to such information provided they are able to prove their authority to access such information.
Residential	Service Providers/ Vendor: We may share your Personal Information to our third-party service providers, subcontractors and other associated organisations for the purposes of carrying out a task in accordance to the contract we have in place with you. However, when we share your Personal Information with third parties, we disclose only the Personal Information that is necessary to deliver the service and we have a contract in place that requires them to keep your Personal Information secure and only for the duration it is required to carry out that specific task. Such third-party companies may fall under the following categories; referencing companies, deposit protection, cleaning, inventory, maintenance, building management etc. We work closely with various third-party vendors to bring you a range of quality and reliable products and services designed to meet your needs. When you enquire about or purchase one or more of these products, the relevant third-party vendors will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. In some cases, they will be acting as a data controller of your data and therefore we advise you to read their privacy notice. Such third-party companies may fall under the following categories; utility providers, mortgage providers, tax consultants, furnishing, financial advisors, rent protection, content protection, etc. Business Partners: As allowed by applicable law, we disclose Personal Information with select Business Partners who provide goods, services and offers for the purposes described in this Privacy Policy Government Authorities: We may share Personal Information to relevant government authorities to fulfill any legal obligations and/or requirement we may have. We may also share the Personal Information to relevant government authorities in order to fulfill our contractual obligation such as the local authorities for certain permissions and/or registrations. Financial Institutions: We may share Personal Information to any financial institutions, charge or credit card issuing companies, credit information or reference bureau, or collection agencies necessary to establish and support the payment of any services being requested. Personal data may also be disclosed to any person or persons that have a right under local law to gain access to such information provided they are able to prove their authority to access such information.
Restaurant	Dusit: We disclose your Personal Information to other companies within Dusit for the purposes described in this Privacy Policy, such as providing and personalizing the Services, communication with you, facilitating the loyalty programs and to accomplish our business purposes. We share your Personal Information used for making a reservation with the applicable property and Dusit entity to fulfill and complete your reservation. Service Providers: We engage vendors to perform functions on our behalf such as: website hosting, software development, data storage, content management, database management, technical integration, marketing automation, analytics, site optimization, conducting customer surveys, shipping and payment processing and providing other business services. There are limited circumstances in which the service provider collects data directly from you when their privacy policies may also apply. Social Media Platforms: Where you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you through digital cookies they place on your device and other tracking mechanisms. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with their application. Please visit the social media companies' respective privacy policies to better understand their data collection practices and controls they make available to you. Third parties involved in advertising: We partner with third parties who assist us in serving advertising regarding the Services to others who may be interested in the Services. We also partner with third parties who use cookies to display interest-based advertising to you on the Services. These third parties may use tracking technologies on our website to collect or receive information from the Services and elsewhere on the internet and use that information to provide measurement services and target ads. While the Association will not share information that identifies you by name with unaffiliated third parties for their own uses, such third parties may, with sufficient data from other sources, be able to personally identify you. Business Partners: We share data with affiliates or clients with whom we have affinity programs or similar commercial relationships in order to market and provide products, goods or services that may be of interest to you. Financial Institutions: We may share Personal Information to any financial institutions, charge or credit card issuing companies, credit information or reference bureau, or collection agencies necessary to establish and support the payment of any services being requested. Personal data may also be disclosed to any person or persons that have a right under local law to gain access to such information provided they are able to prove their authority to access such information.
Fitness/ Spa	Dusit: We disclose your Personal Information to other companies within Dusit for the purposes described in this Privacy Policy, such as providing and personalizing the Services, communication with you, facilitating the loyalty programs and to accomplish our business purposes. We share your Personal Information used for making a reservation with the applicable property and Dusit entity to fulfill and complete your reservation. Service Providers: We engage vendors to perform functions on our behalf such as: website hosting, software development, data storage, content management, database management, technical integration, marketing automation, analytics, site optimization, conducting customer surveys, shipping and payment processing and providing other business services. There are limited circumstances in which the service provider collects data directly from you when their privacy policies may also apply. Financial Institutions: We may share Personal Information to any financial institutions, charge or credit card issuing companies, credit information or reference bureau, or collection agencies necessary to establish and support the payment of any services being requested. Personal data may also be disclosed to any person or persons that have a right under local law to gain access to such information provided they are able to prove their authority to access such information.

Other Uses and Disclosures
We will use and disclose Personal Information as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations, such as in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Dusit business, assets or stock (including any bankruptcy or similar proceedings); (f) to protect the right, privacy, safety or property of Dusit, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose other data for any purpose, except where we are not allowed to under applicable law.

Non-Dusit group entities
This Privacy Policy does not address, and we are not responsible for the privacy, data, or other practice of any entities outside of the Dusit group, including franchisees, owners, property management companies, authorised licensees, strategic business partners, or any third party operating any site or service to which the service link, payment service, loyalty program, or website that is the landing page of the high-speed internet providers at our properties. The inclusion of a link on the online service does not imply endorsement of the linked site or service by us. We generally have no control over, and are not responsible for, any third party’s collection, use and disclosure of any Personal Information. We are not responsible for the data collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organization through or the DusitApp or our social media pages.

TRANSFER PERSONAL INFORMATION OUTSIDE OF THAILAND

Dusit is a global organization and provides a global service. Sharing data cross-border is essential to the Service so that you receive the same level of service wherever you are in the world. As a result, we will, subject to law, transfer or share Personal Information collected in connection with the Service, to entities in countries where data protection standards may differ from those in the country where you reside. By making a reservation, visiting or staying at Dusit property or using Dusit brands service, you understand that we transfer your Personal Information globally. The data controller may also maintain a local copy of your personal information when so required by applicable laws or regulations. Although the data protection law of various countries may differ from those in your country, we will take appropriate steps to ensure that your Personal Information is handled as described in this Privacy Policy and in accordance with the law.

All transfers of Personal Information between countries will be subject to the terms of this Privacy Policy and in compliance with PDPA.

DATA SECURITY MEASURE

Dusit adopts the high-standard security system in both technology and procedures to prevent any possible data theft. Dusit implements various measures to protect its computer system (such as Network Firewall, Intrusion Detection, Threat Prevention, URL Filtering, Application Control, Email Security, Server and Endpoint Protection, Secure Socket Layer, Cookies), through substantial investments, effort and human resources as to ensure that Dusit achieves high-standard measures and your personal data remains safe.

Although Dusit makes its best efforts to protect personal data with our technical mechanism along with the management by our personnel to control access and keep personal data against unauthorized access, Dusit cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threat and unauthorized access. A data subject should regularly keep up with technology news, install personal firewall software to prevent his computer from threat or data theft.

HOW DO YOU ACCESS/REVISE YOUR PERSONAL INFORMATION

You may request to access/revise your Personal Information held by us by taking the following steps:

If you are a Dusit Gold Member:
Step 1:       Access your member profile account at www.dusit.com/loyalty, DusitApp or other applications
Step 2:       Enter email address as your ID and password registered with the Dusit Gold Programme
Step 3:       The system will take you to access your Personal Information held by us. This will take a few moments.
Step 4:       Once accessed, you may revise and update your Personal Information and choose to opt in or opt out of your newsletter subscription
Step 5:       You can contact our Dusit Gold Service Centre via email at gold@dusit.com

If you are non-Dusit Gold Member:
Step 1: Contact our Corporate Office:

Via e-mail at customerservices@dusit.com

Via letter with attention: Data Protection Officer, at the following address:

Dusit International,
319 Chamchuri Square Building, 29thFloor,
Phayathai Road, Pathumwan,
Bangkok 10330, Thailand

Mark as “Personal Information Request from a Guest” if you are a Guest at the hotel, restaurant, or spa, together with your first name and last name and telephone number

Step 2: Wait for our staff to contact you. This may take a few days.
Step 3: To identify you as the owner of the Personal Information requested

Our staff will require you to produce some form of photo identification (copy of a government-issued identification with signature, passport, driver’s license or Student ID Card), home or business address, phone number, information of your stay with Dusit Hotels & Resorts, and details of products purchased. You will also be asked to sign a request form.

If you are a Residence owner:
Please follow the above steps for hotel Guests. However, we cannot guarantee that your Personal Information held by us is the same or different from that stored or held by third-party developers of the Dusit Branded Residence(or the authorised agent).

The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your personal information.

Dusit Hotels & Resorts reserves the right to decline access to your Personal Information under certain circumstances. If your Personal Information is not disclosed to you, you will be provided with the reasons for non-disclosure.

HOW LONG IS YOUR PERSONAL INFORAMTION RETAINED?

We will retain your Personal Information as long as it is necessary for the purpose of data processing. After that, we will erase and destroy your Personal Information except as may be required, by applicable laws, or for protection of our interest. In general, your Personal Information will be kept for a maximum period of 10 years or otherwise longer if it is specifically provided by law.

HOW DO YOU KNOW IF THERE ARE CHANGES TO THIS PRIVACY POLICY?

Our Privacy Policy may change from time to time without prior notice. We will post the revised policy on our Digital Channel or other channel we normally contact you so you are always aware of how we treat Personal Information.

HOW IS PERSONAL INFORMATION AFFECTED BY BUSINESS TRANSFERS?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part. The new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your Personal Information is to be transferred in such a manner, you will not be contacted in advance and informed of the changes. (When contacted you will not, however, be given the choice to have your data deleted or withheld from the new owner or controller.)

WHAT LAWS APPLY TO THIS PRIVACY POLICY

Dusit does business worldwide as Dusit and is a Thai public company limited, incorporated under the laws of Thailand. As such, laws and regulations in respect of data privacy protection apply to our company. We uphold the requirements of these laws and regulations in handling all the Personal Information in whichever establishment they were received. We will take necessary precautions to ensure that collected Personal Information is accurate, complete and kept up to date. Each Dusit establishment, including its related activities such as fitness, spa and restaurant, Residences, Dusit Thani College and other educational institutes, also complies with the local privacy laws of the jurisdiction where the establishment is located.

YOUR CHOICE

We will not contact you for marketing purposes by email, phone or text messages unless you have given your prior consent. We will not pass your details to any third parties unless specified otherwise in this Privacy Policy. When we are processing your Personal Information based on your consent, you have the right to withdraw that consent at any time. This may affect the service that we can make available to you.

YOUR RIGHT

If you would like to request to access, ratify, delete, restrict the use of, or object to processing of you Personal Information that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Information or purpose of transmitting it to another company (to the extent these right are provided to you by law), please feel free to contact us as described in this Privacy Policy.

For your protection, we only fulfill requests for the Personal Information associated with the email address and/or loyalty account number that you identify in your request, and we may need to verify before fulfilling certain requests. When permitted by law, we may charge an appropriate fee to cover the costs of responding to your request.
Dusit acknowledges and respects our guests’ privacy and we will comply with your request as soon as reasonable and consistent with applicable law.

TO WHOM DO WE DIRECT QUESTIONS OR CONCERNS REGARDING THIS PRIVACY POLICY

Questions or concerns regarding this Privacy Policy should be directed to the Data Protection Officer by writing to the following address:
Attention to: Data Protection Officer
Dusit International,
319 Chamchuri Square Building, 29thFloor,
Phayathai Road, Pathumwan,
Bangkok 10330, Thailand

Mark as

“Question on Privacy Policy from a Guest” if you are a DusitLife Member or Guest at the hotel, restaurant, fitness or spa: together with your first name and last name and telephone number

Email: dpo@dusit.com

Dusit Overseas Co., Ltd.
Dusit Worldwide Co., Ltd.
Dusit Maldives Management Pvt.
Dusit USA Management Inc.
Dusit Japan Godo Gaisha
Dusit Saudi LLC,
LVM Holdings Pte. Ltd.

Thailand

Japan

Philippines

Maldives

Nepal

Bhutan

Vietnam

Guam - U.S.A.

Singapore

Greece

China

United Arab Emirates

Oman

Qatar

Egypt

Kenya

Thailand

Japan

Philippines

Maldives

Nepal

Bhutan

Vietnam

Guam - U.S.A.

Singapore

Greece

China

United Arab Emirates

Oman

Qatar

Egypt

Kenya

Privacy Policy