fbpx

Stay With Us

Privacy
Statement

Privacy Statement

Last Updated: October 2023

De Bloom Co., Ltd. d/b/a Corridor 2407 Hotel (the “Company,” “we,” “us,” or “our”) recognizes the importance of the protection of your personal data of our products and services. The information you share with us allows us to provide the products and services appropriately tailored for you. We appreciate your trust that we will carefully and sensibly collect, use, disclose, and transfer your personal data outside of Thailand.

This privacy policy applies to our websites, mobile applications, call center, social networking sites, online communication channels, and other locations where we collect your personal data. For the purpose of this Privacy Statement, “Personal Data” means any information relating to an identified or identifiable natural person.

We keep our privacy statement under regular review. At the top of this page, you will see the date on which the privacy statement was last revised, and it is also the date from which any changes will become effective. Your use of the Services following these changes means that you accept the revised privacy statement. In case any modification deprives your rights of sensitive data in relation to this Privacy Policy, the Company will first obtain your consent, except as otherwise permitted by law.

Scope of Privacy Statement

This Privacy Statement applies to the personal information we collect through:

  • Online services: websites owned or controled by us, web and mobile applications, social media pages, HTML-formatted email messages, Wi-Fi connectivity and other digital channels; and
  • Offline interactions: when you visit or stay as a guest at our property, attend events and activities hosted by us, reach out to our call center, or through other offline interactions.

Collectively, we refer to the above as our “Services”.

This Privacy Statement does not apply to the personal information that we collect about employees, business partners and other personnel related to their working relationship with us, or the personal information that we collect about applicants and candidates. We may also collect, generate, use and disclose aggregate, anonymous, and other non-identifiable data related to our Services, which is not personal information subject to this Privacy Statement.

How We Collect Your Personal Data

We use different methods to collect data:

 Direct interactions : You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide online when you book accommodation, sign up for a newsletter, or participate in a survey, contest or promotional offer. We collect personal data offline when you visit our properties or restaurants.

The data requested in the forms on the Website is mandatory (unless otherwise indicated in the relevant field) to perform services or fulfill your request. If you do not wish to provide required personal information then we unable to fulfill your request, but you can still see the content of the Website.

Automated technologies or interactions : As you interact with our websites, applications or other pages, we will automatically collect technical data about your equipment, browsing actions and patterns. The information we may collect by automated means includes, but is not limited to:

  • Information about the devices you use to access our Websites (IP address, MAC address, device, browser and operating system type);
  • Pages and URLs that refer visitors to our sites, also pages and URLs that visitors exit to once they leave our Websites;
  • Information about your visits (date and time) and actions taken on our Websites (such as page views, site navigation patterns or application activity);
  • A general geographic location (such as country and city) from which a visitor accesses our Websites; and
  • Search terms that visitors use to reach our Websites.

We collect this personal data by using cookies, web beacons and other similar technologies.

Security Systems : When you visit our hotels, information may be collected about you through our property’s closed-circuit television systems, electronic key cards and other security systems.

Third parties or publicly available sources : We will receive personal data about you from various third parties and public sources including business partners, travel agents and aggregators.

What Personal Data We Collect

We may collect or obtain the following types of information which may include your Personal Data directly or indirectly from you or other sources or through our affiliates, subsidiaries, business partners or other companies.

1.1. Personal details, such as title, full name, gender, age, occupation, qualifications, job title, position, business type, company name, nationality, country of residence, date of birth, marital status, number of family members and children, ages of children, information on government-issued cards (e.g. national identification number, photograph of the national identification, information on the national identification, control number on the reverse side of the national identification (Laser ID), social security number, passport number, tax identification number, driver’s license details or similar identifiers), immigration details such as arrival and departure date, signature, voice, voice record, photograph, facial features for recognition, CCTV records, work place, education, insurance details, license plate details, house registration, household income, salary and personal income;

1.2. Contact details, such as postal address, delivery details, billing address, residential address, workplace address, address shown in the national identification card, telephone number, fax number, email address, LINE ID, Facebook ID, Google ID, Instagram ID, and other ID from social networking sites, your contact person’s contact details (e.g. telephone number, email address, contact data on any correspondences (e.g. written communication with you), and any other contact details you provided to us;

1.3. Financial details, such as debit/credit card or bank information, credit/debit card number, credit card type, issuance/expiration date, cycle cut, account details, bank account details, prompt pay number payment details and records, your information regarding the risk profile for the business partner, credit rating and solvency, information in accordance with the declaration of suitability, suitability of transaction and any other financial details;

1.4. Transaction details, such as details about payment to and from you, payment date and/or time, payment amount, details about refund, refund amount, points, date and location of purchase, purchase/order number, appointment date for service, address/date and time for pick up or delivery, acknowledgement of receipt, recipient email’s signature, warranty details, complaints and claims, booking details, rental details, transaction, transaction history, location, transaction status, past sales, transaction status, purchasing behavior, and any other details of products and services you have purchased, including but not limited to any information incurring from using of products or services provided on our platform, such as websites, online travel agencies, LINE OA, affiliated partners, etc.;

1.6. Technical details, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID (such as international mobile equipment identifier (IMEI), electronic serial number (ESN), mobile equipment identifier (MEID) and serial number (SN)), device model and type, formats of software and hardware of the device when it is activated in the system, network, connection details, access details, single sign-on (SSO), login log, access time and location, time spent on the page, login data, GPS, latitude, longitude and time spent on each webpage, login information, applications downloaded on a communication devices, search history, browsing details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on devices you use to access the platform, including any other technical information arising from the use of our platform and systems;

1.7. Behavior details, such as information about your purchasing behavior and data supplied through the use of our products and services;

1.8. Profile details, such as your username and password, profile details and picture, purchases, historical orders, past orders, purchase history, items bought, item quantity, orders or product recalls made by you, orders via website, order ID, financial records, PIN, your interests, preferences, feedback and survey responses, satisfaction survey, social media engagement, participation details, your use of discount codes and promotions, customer order description, customer service, attendance to trade exhibitions and events, trade exhibitions, litigation, testing and trials;

1.9. Usage details, such as information on how you browse or use our websites, platform, application products and services, products in customer’s cart, wish list record, remind me flash sales record, follow-shop record, and timestamp of last click and Q&A record;

1.10. Marketing and communication details, such as your preference in receiving marketing from us, our affiliates, subsidiaries, business partners or other companies, and your communication preferences; and/or

1.11. Sensitive data, such as race, religion, political opinions, fingerprints, facial recognition, person identity information (biometrics), face, information from the iris recognition, physical or mental health or condition, genetic data, medical history, disability and criminal records.

If you provide Personal Data of any third party to us, e.g., their name, family name, address details, and telephone number for emergency contact, family member income, or if you use the service on any of our platforms with your consent, we can access and collect third party personal information relating to you, such as information on name, picture and/or phone number, as well as personal and contact information of family, friends, emergency contact persons, recommended persons or referrals accessible from your mobile number, etc.; please provide this Privacy Policy for their acknowledgement and/or obtaining consents if necessary.

We will only collect, use, or disclose sensitive data on the basis of your explicit consent or where permitted by law.

We only collect the information of children, quasi-incompetent persons, and incompetent persons where their parent or guardian has given their consent. We do not knowingly collect information from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian’s consent. In the event we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete it immediately or process only if we can rely on other legal bases apart from consent.

 Why We Collect, Use or Disclose Your Personal Data

2.1. The purpose for which your consent would be required

Marketing and Communications: We collect, use and disclose your Personal Data to provide privileges and promotions, discounts, special offers, advertisements, notices, news, information and any marketing and communications about the products and services from us, our affiliates, subsidiaries and business partners which we cannot rely on other legal bases.

Please contact info@corridor2407hotel.com to manage your consent for marketing and communications.

2.2. The purposes we may rely on any other legal grounds for processing your Personal Data

We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of the legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or suppressing a danger to a person’s life, body, or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.

We may collect, use and disclose your Personal Data for the following purposes

1) To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to support and perform other activities related to such services or products; to complete and manage bookings and to carry out financial transaction and services related to the payments including transaction checks, verification, and cancellation; to process your orders, delivery, and collections and returns; refund and exchange of products or services; to provide updates and on the delivery of the products, including picking, packing, and labelling of packages; to provide aftersales services, including maintenance and facility reservation;

2) Marketing and Communications: To provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, affiliates, subsidiaries and business partners.

3) Promotions, special offer, prize draws, competitions, and other offer promotions: To allow you to participate or earn promotions, special offers, sweepstakes, privileges, prize draws, competitions, and other offer/promotions (e.g. sending you reminder emails and transferring your Personal Data to business partners) to participate in activities and seminars, and all services related to advertising. This includes to process and administer your account registration, gift registration, event registration; for processing, collection, addition, exchange, earning, redemption, payment, and transfer of points; to examine your entire user history, both online and offline; to provide and issue gift vouchers, gift cards, and invoices;

4) Registration and Authentication: To register, verify, prove, affirm, identify, and/or authenticate you or your identity;

5) To manage our relationship with you: To contact and communicate with you as requested by you or in relation to the products and services you obtain from us, affiliates, subsidiaries and business partners; to handle customer service-related queries, request, feedback, complains, claims, disputes or indemnity; to provide technical assistance and deal with technical issues; to process and update your information; to facilitate your use of the products and services;

6) Personalization, profiling and data analytics: To recommend products and services that might be of interest to you, identify your preferences and personalize your experience; to learn more about you, the products and services you receive and other products and services you may be interested in receiving; to measure your engagement with the products and services, undertake data analytics, data cleansing, data profiling, market research, surveys, assessments, behaviors, statistics and segmentation, consumption trends and patterns; profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use, how you like to be contacted; to know you better; to improve business performance; to better adapt our content to the identified preferences; to determine the effectiveness of the promotional campaigns, identify and resolve of issues with existing products and services; qualitative information development. For this purpose, we will collect, use and disclose your Personal Data for your interest and benefit and for legitimate interest and businesses of Central Group, affiliates, subsidiaries and our business partners where such interests and businesses are not overridden by your fundamental rights to personal data. We will request your consent where consent is required from time to time;

7) To improve business operations, products, and services: To evaluate, develop, manage, and improve, research and develop the services, products, system, and business operations for you and all of our customers including but not limited to our business partners; to identify and resolve issues; to create aggregated and anonymized reports, and measure the performance of our physical products, digital properties, physical measurement of products performance, digital features and marketing campaigns as well as developing business models, model for loan consideration, insurance and debt collection model;

8) To learn more about you: To learn more about the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use from us, how you like to be contacted and so on;

9) Functioning of the sites, mobile application, and platform: To administer, operate, track, monitor, and manage the sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on the sites and platform; improve layout, and content of the sites and platform;

10) IT Management: For business management purpose including for IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;

11) Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes to provide and handle VAT refund service; issue tax invoices or full tax forms; record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;

12) Protection of our interests: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our premises which includes our use of CCTV; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;

13) Fraud detection: To verify your identity, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud). This includes to perform sanction list checking, internal audits and records, asset management, system, and other business controls;

14) Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your Personal Data to one or more third parties as part of that transaction;

15) Risks: To perform risk management, audit performance, and risk assessments; and/or

16) Life: To prevent or suppress a danger to a person’s life, body, or health.

If you fail to provide your Personal Data when requested, we may not be able to provide our products and services to you.

Sharing of Personal Data

Our goal is to provide you with the professional level of hospitality and Services, and to do so, we share personal data with the following parties:

  • Our Hotels: We disclose personal data to other subsidiaries within De Bloom Co., Ltd. for the purposes described in this Privacy Statement, such as providing Services and personalizing our communication with you.
  • Strategic business partners: We disclose personal data and other data to business partners who provide goods, services and offers that enhance your experience at our property. By sharing data, we are able to make personalized services and unique travel experiences available to you.
  • Service providers: We disclose personal data to third-party service providers for the purposes described in this privacy statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery and marketing,
  • Public administrations and police bodies: We disclose personal data to public administrations and police under requirement, in order to comply with obligations under the regulations, and to cooperate with these entities in the performance of their duties.

We require all third parties to protect your personal data and to process it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

As a hospitality company, we may transfer your personal data across multiple jurisdictions. Insofar as it is necessary for the purposes, your personal data may be transferred to the following locations:

  • Countries where our subsidiary offices are located;
  • Countries where our affiliated partner offices are located;
  • Countries where our third-party service providers, advisors and consultants are located, which changes from time to time.

Where personal data is transferred to a country with a lower level of data protection as compared to the country in which the information was collected, we take all reasonable steps to ensure that your information is protected in line with the applicable legal requirements. Whenever we transfer your personal data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We enter into a specific contract with third parties which enable the enforcement of the data subject’s rights, according to the applicable regulations.
  • We use your consent to transfer data if the applicable law requires it.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In order to determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the relevant country.

We determine the retention period based on the following considerations:

  • If personal data was collected for the purpose of contract performance, it will be stored for the entire duration of the contractual relationship, and once it has ended until the statute of limitations expire.
  • If personal data was collected for the purpose of compliance with legal obligations, it will be stored until the obligation is fulfilled.
  • If personal data was collected for the purpose of legitimate interest, it will be stored until the end of this interest.
  • If personal data was collected with your consent, it will be stored until consent is withdrawn. You can withdraw your consent at any time through the link provided in the communications.

Details of retention periods for different aspects of your personal data are available in our Retention Statement which you can request from us by contacting us.

Security of Your Personal Data

The Company recognizes the importance of maintaining the security of your Personal Data. Therefore, the Company endeavors to protect your information by establishing security measures for your Personal Data appropriately and in accordance with the confidentiality safeguard of Personal Data, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, rectification or disclosure; provided, however, that the Company will ensure that the method of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of the Company.

Your Rights as Data Subject

Subject to applicable laws and exceptions thereof, you may have the following rights to:

1) Access: You may have the right to access or request a copy of the Personal Data we are collecting, using or disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.

2) Rectification: You may have the right to have incomplete, inaccurate, misleading, or or not up-to-date Personal Data that we collect, use or disclose about you rectified.

3) Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) in the case where we are collecting, using or disclosing such data on the basis of your consent or to perform a contract with you.

4) Objection: You may have the right to object to certain collection, use or disclosure of your Personal Data such as objecting to direct marketing.

5) Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.

6) Withdraw Consent: For the purposes you have consented to our collecting, using or disclosing of your Personal Data, you have the right to withdraw your consent at any time.

7) Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.

8) Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use or disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.

Right to withdraw consent. Please note that you can withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Under certain circumstances where applicable law permits, you also have the right to lodge a complaint with a competent data protection supervisory authority.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances, and we will indicate the reason for refusal.

Time limit to respond

We try to respond to all legitimate requests within one month, or within the timeframe as specified by the applicable data protection legislation. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Contact us

If you wish to exercise any of the rights set out above, please contact us.

Corridor 2407 Hotel

Email: info@corridor2407hotel.com

Post: 31 Charoen Krung Road, Wang Burapha Phirom, Phra Nakorn, Bangkok 10200, Thailand

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Liability

This Website is not intended for children, and we do not knowingly collect data relating to children.

You guarantee that you have informed any third parties whose data you are providing, if you have done so, of the points covered in this privacy statement. In addition, you guarantee that their authorization has been obtained to provide their data to us for the indicated purposes.

You will be liable for any false or inaccurate information provided, and for direct or indirect damage caused to us or to third parties.

We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.