The On On Phuket Co.,LTD. (“the Company”) realizes the importance of the personal data protection and has compliance and management of Personal Data which are consistent with Personal Data Protection law and the related laws. The Company would like to notify you of the Company’s compliance with the Personal Data Protection Act, B.E. 2562 (2019) as follows:
In this document: “Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
“Sensitive Personal Data” means Personal Data pertaining to racial, ethnic origins, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data (such as fingerprints or facial recognition data) or of any data which may affect the data subjects in the same manner, as prescribed by the Personal Data Protection Committee
For the purposes of receiving services from the Company, customers may be required to provide Personal Data in the form of Company registration forms and/or legal identity documents (such as ID card and number) for the act of identity verification and registration with the hotel. The Company may need to process Personal Data in the form of paper documents, photos and/or electronic documents. The Personal Data and channels that the Company processes include:
The Personal Data collected varies depending upon the nature of your relationship with the Company, through which channels you engage with the Company, and the type of product or service you receive from The Company. For persons that interact with the Company as a representative for either a business or juristic person, the Company may process your Personal Data consistent with the nature of the interaction.
In the event that the Company collects, process or disclose Personal Data, the Company will ask for consent in circumstances when the law requires the Company to ask for consent. The subsequent processing of Personal Data by the Company will be done in accordance with the purposes as given by the owner of the Personal Data.
The Company may also collect and process Personal Data from indirect sources such as tour operators, travel agencies, booking websites and other public channels.
The Company respects Data Subjects’ right of their Personal Data and is also aware of the Data Subjects’ intention for the due protection of their Personal Data. Any Personal Data submitted to the Company will be used only for the stated purposes. The Company has security measures in place to not let unauthorized parties from accessing and using your personal data.
In the direct collection, use, and disclosure of your Personal Data, the company shall solicit your consent should it be legally required and shall use the Personal Data only as necessary and/or only in accordance with the Company’s specified purposes.
The Company may collect your Personal Data from any other sources, such as from various social media, but only in necessity and carried out in accordance with legal requirements.
The Company collects, uses, and discloses your Personal Data for the following purposes:
Some portions of Personal Data collected by the company in relation to the above-mentioned purposes are required in compliance with contractual obligations or in accordance with applicable laws. In case of refusal to provide the required Personal Data, it may be considered as an infringement of relevant laws or may cause the Company not to be able to manage or execute contractual obligations or facilitate services to the customer at full potential.
However, should any modifications to the stated purposes for the collection of Personal Data subsequently occur, the Company will duly inform you as well as fulfill other legal obligations, including the recording as evidence of the amendment of the purposes stated in this Policy.
The Company will retain your Personal Data only for the necessary duration, and will collect, use and disclose your Personal Data, as defined in this Policy, in accordance with the duration criteria, namely the period during which you are still related to the Company as a client, and may still retain your Personal Data as long as needed for legal compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and the internal regulations of the Company.
If it is not possible to specify the Personal Data retention period, the Company will retain the Personal Data as may be expected per data retention standards (such as the longest legal prescription of 10 years).
The Company has in place adequate and strict security measures, in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.
As a Data Subject, you have the rights as prescribed in the Personal Data Protection Act, B.E. 2562 (2019) and other rights as follows:
You have the right to withdraw consent for the processing of your Personal Data as submitted to the Company, but not if the consent withdrawal is restricted by law or by contract of benefit to you as a Data Subject. However, the withdrawal of consent shall not affect the processing of Personal Data to which you have already legally consented.
You are entitled to request access to and obtain a copy of your Personal Data, under the Company’s care and responsibility, as well as to request the disclosure of the acquisition of your Personal Data without your consent.
You have the legal right to request the Company to transfer your Personal Data.
You have the right to object to the processing of your Personal Data, namely the collection, use, or disclosure of your Personal Data as prescribed by law.
You have the legal right to request the Company to erase, destroy, or to anonymize your Personal Data.
You have the legal right to request the Company to suspend the use of your Personal Data.
Should you discover that your Personal Data kept by the Company is not correct or has been modified, you have the legal right to request the Company to correct them so that your Personal Data is accurate, up-to-date, complete, and will not incur any misunderstandings.
The Company may consider and modify as appropriate this Privacy Notice to ensure that your Personal Data is well protected.
You have the right to complain to authorized officials as prescribed by the Personal Data Protection Act, B.E. 2562 (2019) in case of the Company’s infringement or non-compliance with the Act.
In the event that the Data Subject lodges their request to exercise their rights as prescribed by the Personal Data Protection Act, B.E. 2562 (2019), upon reception of such request, the company will further proceed within the duration of time as prescribed by the Act. However, the Company reserves the right to deny or not to proceed with the request as prescribed by law in case that the Data Subject has chosen to provide to the Company only certain Personal Data which may cause the Company not to be able to provide full services. Moreover, the Company may not be able to collaborate with or to provide services to the Data Subject if they do not consent to the provision of information as required by the Company.
The Company may have the need to disclose Personal Data to its subsidiary or to other persons or business units that are strategic allies in Thailand or in a foreign country cooperating with the Company in the procurement of various products or services, or out of necessity as prescribed by terms and conditions of the Company, or in case of reorganization, merging or sales of the Company and may require the disclosure of the Personal Data to Thai authorities or Public Organizations concerned as prescribed by law or by court order or by the order of authorized officials for which the Personal Data will be kept confidential, either in paper form or electronic form, including during its transfer.
However, in case of an international transfer of Personal Data, the Company will strictly comply with the Personal Data Protection Act, B.E. 2562 (2019).
The Company has complied with the Personal Data Protection Act, B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) committee to review the Company’s collection, usage and disclosure of Personal Data for conformance with the Personal Data Protection Act, B.E. 2562 (2019) including other related laws.
Enquires or questions on the Personal Data Protection can be addressed to the following channels:
The On On Phuket Co., LTD.
Address: 123,125 Hongyokutid Road, Talad yai Sub-District, Wichit District, Muang, Phuket 83000, Thailand
Phone No: +66-76-363700
Data Protection Officer (DPO)
Address: 123,125 Hongyokutid Road, Talad yai Sub-District, Wichit District, Muang, Phuket 83000, Thailand
Email: [email protected]
The Company may, from time to time, review this Policy for compliance with the changing guidelines and relevant laws. In case of changes thereto, the Company will provide a public notification through appropriate channels
