Policy and Guidelines for Personal Data Protection
of InterContinental Hua Hin Resort
——————————————————————————————————————————————–
In order to protect personal information that InterContinental Hua Hin Resort collects, uses or discloses, including data management according to the mission, duties and responsibilities of InterContinental Hua Hin Resort, in accordance with the personal data protection law, InterContinental Hua Hin Resort has issued this policy in order to protect personal data in accordance with the provisions of relevant laws.
Article 1 This policy is called “Policies and Practices on Personal Data Protection of InterContinental Hua Hin Resort B.E. 2566”
Article 2 Scope of application
This privacy policy and guidelines apply to the personal data of individuals currently associated with InterContinental Hua Hin Resort and that may be in the future, which are processed by InterContinental Hua Hin Resort. Employees, officers, clients and including contractors or third parties who process on behalf of or on behalf of InterContinental Hua Hin Resort under various products and services such as websites, applications, documents or other forms of services supervised by InterContinental Hua Hin Resort.
Persons having relationship with InterContinental Hua Hin Resort under the first paragraph shall include:
- employees, officers, clients, visitors and workers
- Applicants for recruitment.
- Service users of InterContinental Hua Hin Resort.
- Suppliers or venders, service provider to InterContinental Hua Hin Resort.
- Visitors to or use of websites, applications, devices or other communication channels under the responsibility of InterContinental Hua Hin Resort.
- Other persons that InterContinental Hua Hin Resort collects personal data, such as family members of employees or officers, etc.
Article 3 Definitions in this policy,
“Personal Data” means any information directly or indirectly relating to an identifiable natural person but does not include the information of the deceased in particular.
“Sensitive personal data” means information about race, ethnicity, political opinions, Doctrine religion or philosophy, personal behavior, Criminal record, Health information, Disability, union information, Genetic information, biological information or any other information that affects the data subject in the same manner as prescribed by the Personal Data Protection Committee.
“Processing of Personal data” means any action taken with personal data such as collecting, recording, copying, organizing, keeping, improving, changing, using, recovering, disclosing, transmitting, publishing, transferring, merging, deleting, destroying, etc.
“Data Subject” means a natural person who is the owner of the personal data that InterContinental Hua Hin Resort Collects, uses or discloses.
“Data Controller” means InterContinental Hua Hin Resort, a person or juristic person who determines the purposes and means of the processing of personal data.
“Data Processor” means InterContinental Hua Hin Resort, a person or a juristic person who processes personal data on behalf of the data controller.
Article 4 Sources of personal data collected by InterContinental Hua Hin Resort
InterContinental Hua Hin Resort will collect or obtain personal data from various types of sources as follows:
(1) Collecting personal data directly from the data subject in various service channels, such as application procedures, registration, job application, contract signing, documents, surveys, or use of products, services or other service channels controlled by InterContinental Hua Hin Resort or when the data subject communicates with InterContinental Hua Hin Resort at the office or through other contact channels supervised by InterContinental Hua Hin Resort, etc.
(2) Collect from the data subject’s access to websites, products or other services according to the contract or according to the missions of InterContinental Hua Hin Resort, such as tracking of user behavior on website, products or services of InterContinental Hua Hin Resort with the use of cookies or software on the data subject’s devices.
(3) Collect from other sources that the data source is authorized, lawful or consented by the data subject of personal data disclosing to InterContinental Hua Hin Resort, such as, data exchange digital services between IHG Hotels & Resorts and public organization providing services for the sole benefit of the data subject ,or data sharing within IHG entities supporting corporate procedures including the contractual duty to share personal data with contracting parties etc.
This also includes cases in which the data subject provides the Personal Data of a third party to the InterContinental Hua Hin Resort, in such case the data subject is responsible to the data subject for providing details in accordance with this Policy, or an announcement of such product or service including obtaining consent from that person when consent is legally required to disclose personal data to InterContinental Hua Hin Resort.
However, in the event that the personal data subject refuses to provide information necessary for the service of InterContinental Hua Hin Resort, this may result in the inability of part or all of the service providing to the data subject.
Article 5 Legal basis for processing personal data
InterContinental Hua Hin Resort determines the legal basis for processing personal information as appropriate and suitable with the nature of providing service within the scope of legal bases as follows: referring
| Legal basis | Description |
| To comply with a law | InterContinental Hua Hin Resort able to carry out its mission Duties and powers as prescribed by law, such as the Hotel Act BE 2547, Section 35, Section 36, Section 37. Ministerial Regulations prescribing types and criteria for hotel business operations, issue 1 and 2. Measures to promote and develop standards for certain types of hotel business operations. (Section 44) Health Establishment Act (Spa), etc. |
| To comply with the legitimate interest | To comply with the legitimate interest of the InterContinental Hua Hin Resort and the individual when the necessary to process of personal data is no less than individuals’ fundamental rights, example: Security Management of the premises of the InterContinental Hua Hin Resort or the processing of personal data for the internal affairs of the InterContinental Hua Hin Resort, etc. |
| To prevent/suppress danger to person’s life, body or health. | To prevent or protect danger to life, body or health of a person, such as providing an application service to monitor epidemics according to government policies, etc. |
| To perform contractual duty | In order for InterContinental Hua Hin Resort to be able to perform its obligations under the contract or take action necessary for entering into a contract between InterContinental Hua Hin Resort and contract parties such as service contracts room reservations, seminars and banquets, employment, outsourcing, memorandum of cooperation or other forms of contracts, etc. |
| A consent of Data Subjects | To collect, use or disclose of personal data where InterContinental Hua Hin Resort requires the consent of the data subject. The purpose of the processing must has been inform before or when collecting personal data. For example, collecting sensitive personal information for the purpose which is not in accordance with the exceptions to section 24 or 26 of the Personal Data Protection Act B.E. 2562, or the marketing of products and services provided by the contractual parties or business partners of the InterContinental Hua Hin Resort to the data subject, etc. |
In the event that InterContinental Hua Hin Resort is required to collect personal information in accordance with the legal basis mentioned above, and the data subject refuses to provide personal data or objects to the processing in accordance with the objectives of the activity, this may result in the inability of part or all of the proceeding or service providing by InterContinental Hua Hin Resort to the data subject as requested.
Article 6 Types of personal data collected by InterContinental Hua Hin Resort
InterContinental Hua Hin Resort may collect or obtain the following personal information. However, this depends on the service or the context of the relationship the data subject has with the InterContinental Hua Hin Resort, including any other considerations applicable to the processing of personal data.
| Type of Personal Data | Description and samples |
| Identity Data | Information specifying the name of the data subject or information from government documents that identify the personal information of the data subject, such as title, first name, last name, middle name, nickname, signature, identification number, nationality, driver’s license number passport number house registration information license number Professional license number (for each occupation), etc. |
| Profile Data | Detailed information about the subject of personal data, such as date of birth, gender, height, weight, age, marital status, military service status, photograph, language used, behavioral data, preferences, bankruptcy data Information on being incompetent or quasi-incompetent, etc. |
| Address/Contact Data | Information to contact the data subject, such as home phone number. mobile phone number fax number, e-mail address, postal address (home, office), user name in social networks ( Line ID, MS Teams ), map of accommodation location, etc. |
| Employment and Education Data | Employment details Including work history and education history ,such as, type of employment, occupation, rank, position, duties, and expertise. work permit status Reference taxpayer identification number Position history, work history , salary information, starting date, leaving date, assessment results, welfare and benefits Materials in the worker’s possession, works, bank account number educational institutions, educational qualifications, academic results, graduation date, etc. |
| Insurance Policies Data | Details of insurance policies, operators such as insurers, beneficiary, number of insurance Policy, category of insurance policy, insurance coverage and claim information, etc. |
| Social Relationship Data | Information on the social relations of the data subject, such as, political status, political office directorship or relationship with InterContinental Hua Hin Resort, information about being a contractor with the InterContinental Hua Hin Resort, information about being a stakeholder in business with InterContinental Hua Hin Resort, etc. |
| Transaction of Service Data relating to Holiday Inn Resort Vana Nava | Details about products or services of InterContinental Hua Hin Resort such as, guest registration, accommodation check-in record or other services (including spa, restaurant, event organizing,) user tracking (websites under the supervision of InterContinental Hua Hin Resort such as, huahin.intercontinental.com or various applications,) search history, cookies or Similar technologies, ID of devices (Device ID), type of devices, connection details, browser information, use of language and use of operating system, etc. |
| Sensitive Personal Data | Sensitive personal data of the data subject, such as information about race, religion, disability, political opinions. Criminal records , biometrics (facial recognition, fingerprints), health information, etc. |
The categories of personal data outlined above provide a general framework for personal data processing of InterContinental Hua Hin Resort, only for information related to the products or services used or related to the personal data subject will be applied.
Article 7 Cookies
InterContinental Hua Hin Resort collects and uses cookies and other similar technologies on websites under the supervision of InterContinental Hua Hin Resort, includinghuahin.intercontinental.com or on the device or service that have been used by the data subject, in order to perform the security measures of the service of InterContinental Hua Hin Resort, and to provide users with convenience and the best user experience. Moreover, this information will support our endeavor to improve the website of InterContinental Hua Hin Resort to accommodating the data subject. The setting or erasure of cookies can be accomplished by data subject themselves via the setting of such web browser.
Article 8 Personal Information of Minor, Incompetent and quasi-incompetent
In the event that InterContinental Hua Hin Resort is aware that personal data, requiring consent, belongs to a person who is a minor, an incompetent or a quasi-incompetent person, InterContinental Hua Hin Resort will not collect such personal information until obtaining the consent from the parent who has the power to act on behalf of the minor or the guardian as the case may be. However, all complied with the law.
In the event that InterContinental Hua Hin Resort does not aware of the data subject being a minor, an incompetent person or a quasi incompetent, and found later that there has been personal data processed without authorized consent,and InterContinental Hua Hin Resort does not have any lawful basis to process such data, InterContinental Hua Hin Resort will promptly delete such personal information. Unless otherwise given consent by the data subject for the processing of such personal information.
Article 9 Objectives of Processing Personal Data
InterContinental Hua Hin Resort processes personal data for the following purposes; the objectives depend on the category of product or service or activity provided including the nature of the relationship between the data subject and the InterContinental Hua Hin Resort.
(1) To be used under the mission, duties and legal obligation subjected to InterContinental Hua Hin Resort
(2) For the execution of contracts between the InterContinental Hua Hin Resort and related persons;
(3) For conducting transactions of InterContinental Hua Hin Resort.
(4) To control, supervise, use, monitor, inspect and administer services to facilitate according to the intention of the data subject.
(5) To maintain and update information relating to the data subject Including documents that refer to the data subject.
(6) Prepare a record of the processing activities of personal data as required by laws.
(7) Data analysis Including solving issues related to the services of InterContinental Hua Hin Resort
(8) To take necessary actions relating to the management within the organization including job recruitment, procurement.
(9) To prevent, detect, avoid and investigate fraud, security breach, prohibited or illegal actions which may cause damage to the InterContinental Hua Hin Resort and the data subject.
(10) To identity authentication including verification and examination the information of the data subject when entering into the service of the InterContinental Hua Hin Resort or inquiring about services or exercising legal rights.
(11) To improve and develop the quality of products and services to be up-to-date.
(12) To conduct risk assessment and risk management.
(13) To send notification, order confirmation, corporate communication or information to the data subject.
(14) To prepare and deliver document with relevant and necessary information.
(15) To verify identity, prevent spam or unauthorized actions or illegal actions
(16) To inspect the access and use of services of InterContinental Hua Hin Resort, both as a whole and as an individual; for the purposes of researching conducting analysis.
(17) To take necessary actions to perform duties assigned by InterContinental Hua Hin Resort to the public regulators, tax authority, or legal obligations of InterContinental Hua Hin Resort
(18) To take necessary actions bases on the legitimate interests of the InterContinental Hua Hin Resort or persons or juristic persons, involved in the operations of InterContinental Hua Hin Resort.
(19) To prevent or stop danger to life, body or health of a person, including surveillance of infectious diseases;
(20) To comply with applicable laws, announcements, regulations or litigation proceedings regarding information in accordance with subpoenas, including the request of data subject rights.
We will process personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes, and it is unlikely to rely on other legal bases, we would proceed regarding requirement under Personal Data Protection Act B.E. 2562 (2019.)
Article 10 Use of personal data
Under the objectives specified in Clause 9 above, the InterContinental Hua Hin Resort disclose personal information to the following outsiders;
| Type of recipient | details |
| Trade/contract counterparties, Commercial banks, and business partner | Insurance companies, government agencies i.e., Skill Development Institues, Student Loan Fund, Legal Execution Department, Social Security Office, and Police Station etc. |
| Service Providers | InterContinental Hua Hin Resort may assign other persons to provide service on behalf or support the operation of the hotel i.e., storage service providers (such as cloud provider), software or system or website developers, courier service providers, payment service provider, internet service provider, telephone operator, Digital ID service provider, social media service provider, risk management service provider, outsider consultant qnd transportation service provider, etc. |
| Other types of recipients | InterContinental Hua Hin Resort may disclose information to other recipients ,such as contact persons of InterContinental Hua Hin Resort, hospitals, educational institutes or other agencies, etc., However, specifically for the purpose of services of the InterContinental Hua Hin Resort including training, awards ceremony, merit making and donations, etc. |
| public disclosure | InterContinental Hua Hin Resort will disclose personal data publically, exclusively with the consent of the data subject of such personal data. |
The categories of data recipients listed above are the general disclosure framework for InterContinental Hua Hin Resort. In this regard, this policy will specifically apply for the recipient of personal information related to the product or service of InterContinental Hua Hin Resort.
Article 11 Cross-border Transferring of Personal Data
According to the scope and purposes specified herein this Privacy Policy, InterContinental Hua Hin Resort may be required to transfer personal data to foreign countries, including;
Overseas affiliates hotel:
In this regard, InterContinental Hua Hin Resort will transfer personal data exclusively when any of these requirements has been provided. The requirements include;
- the destination country has adequate personal data protection standards as prescribed by the Personal Data Committee;
- the international organization has in place a comprehensive data protection policy which has been certified by the Personal Data Committee;
- the international organization is obligated to follow a substantial personal data protection standard with sufficient remedial measure, in accordance with the procedures identified by the Personal Data Committee, including, but not limited to, standard contractual clauses and code of conduct
- a pre-requisite to the exercise of legal rights;
- consent has been obtained from data subject who is informed of the inadequate personal data protection standards of the destination countries or international organizations;
- a requirement for the execution of an agreement to which the data subject is a contractual party, or the fulfillment of a request the data subject made prior to entering into the agreement;
- a necessary task to carry out under a contractual obligation between InterContinental Hua Hin Resort and other persons or entities for the benefits of the data subject;
- to ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time; and
- a necessary task forthe public interest
Article 12 Retention of Personal Data
InterContinental Hua Hin Resort will store personal data throughout appropriate period according to scope and purposes, including other important matters, such as legal requirements, accounting and auditing purposes.
Article 13 Security of personal data
InterContinental Hua Hin Resort have put in place security measures for the personal information within protection of the organization. In addition, third parties that process our personal information must comply with our security measures and must agree to maintain the security of personal information. (See more details at https://huahin.intercontinental.com/privacy-policy)
Article 14 Data Subject’s Rights
Your personal data rights include:
- Right to revoke consent – for the case where InterContinental Hua Hin Resort has obtained your consent in order to process your personal data;
- Right of access – you have the right to request a copy of all your personal data and assess if InterContinental Hua Hin Resort is processing your personal data in accordance with relevant laws;
- Right to data portability – for the case where InterContinental Hua Hin Resort has in place an automated platform allowing you to access your personal data automatically: You have the right to ask for your personal data to be transferred automatically to other organizations, and you have the right to request for your personal data in such a format that has been transferred from InterContinental Hua Hin Resort to other organizations, except for the case where there is a technological limitation;
- Right to object – you have the right to object to any data processing activity of your personal data which has been relied on certain legal bases and/or processing purposes, including:
- public task or legitimate interest
- direct marketing purposes, and
- scientific, historical or statistic research purposes, unless the processing is necessary for public task;
- Right to erasure – you have the right to request for data deletion or anonymization,
- in accordance to the following cases:
- where processing required terms become expired
- where consent has been withheld, and we cannot rely on other legal bases to process your personal data
- where there is objection raised against data processing activity, and
- where data processing activity is not in accordance with relevant laws;
- Right to restrict processing – you have the right to restrict any data processing activity in accordance with the following cases:
- during pending examination process
- for cases related to personal data which shall initially be deleted and/or destroyed, but was followed by an additional request of processing restriction instead
- for cases where the data processing terms have passed, but you have requested for processing restriction due to legal reasons, and
- during the process of data processing objection verification; and
- Right to rectification – you have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, InterContinental Hua Hin Resort might not edit this ourselves.
In the cases where InterContinental Hua Hin Resort may not be able to carry out and support exercise of your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the right to retract your consent by emailing all related parties. InterContinental Hua Hin Resort will therefore be required to terminate all processes as soon as possible. However, the retraction only applies to the data processing carried out thereafter. Any data processing activity carried out before the retraction will not be reversed.
Please be informed that InterContinental Hua Hin Resort does record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available at: https://www.law.chula.ac.th/wp-content/uploads/2021/04/TDPG3.0-Extension-20210413-1.pdf
In the case where you have the intention to exercise your personal data protection rights, or to file complaint against your personal data processing, please contact InterContinental Hua Hin Resort’s DPO (contact details have been provided above). InterContinental Hua Hin Resort will process this request in a secure and timely manner. Also, in case that InterContinental Hua Hin Resort fails to preserve your rights under the PDPA, you can file complaint to the Office of the Personal Data Protection Commission (“PDPC”).
Article 15 Personal Data Protection Officer
InterContinental Hua Hin Resort has appointed a Personal Data Protection Officer to review, supervise and advise on the of personal data, including coordinating and cooperating with the Office of the Personal Data Protection Commission (OPDPC) to comply with the Personal Data Protection Act B.E.2562.
Article 16 Improvement of Personal Data Protection Policy
InterContinental Hua Hin Resort may consider updating, amending or modifying these policies and guidelines, in order to comply with the law and the operation of the InterContinental Hua Hin Resort, or to correspond with the opinions and suggestions from the subject. InterContinental Hua Hin Resort shall inform the commencement of operations or shall directly notify to the data subject through communication channels of the InterContinental Hua Hin Resort.
InterContinental Hua Hin Resort will review the policy and guidelines at least once a year or when there is a significant change to the procedure of InterContinental Hua Hin Resort.
Article 17 InterContinental Hua Hin Resort Contacts
If the data subject has any questions, suggestions or concerns about personal data processing of InterContinental Hua Hin Resort Hotel, or about this Policy, or request to exercise rights under personal data protection laws; the data subject can contact us at
(1) Data Controller
InterContinental Hua Hin Resort
Address 33/33 Soi Moobaan Nongkae, Petchkasem Rd, Nongkae, Hua Hin, Prachuabkirikhan
Tel. 032616999 Fax. 032616555
Website: huahin.intercontinental.com
email : ichh.rsvn@ihg.com
(2) Data Protection Officer : DPO
InterContinental Hua Hin Resort
Address 33/33 Soi Moobaan Nongkae, Petchkasem Rd, Nongkae, Hua Hin, Prachuabkirikhan
Tel. 032616999 Fax. 032616555
Website: huahin.intercontinental.com
email : ichh.rsvn@ihg.com
