Privacy Policy on CCTV Use
This Privacy Policy (“Policy”) on the use of closed-circuit television (“CCTV”) devices describes how Central Plaza Hotel Public Company Limited, and its affiliates (referred to as “Company” "we", "us", or "our") use CCTV devices and its system for monitoring our specific space within and around our premises, buildings and facilities for protecting life, health, and property, of personal data of all employees, directors, contractors, workers, visitors, or any individuals entering the monitored space within our buildings and facilities (collectively referred to as "you" or "your"). This Policy also describes how we collect, use, disclose and transfer of individually identifiable information ("Personal Data") about you and set out how the CCTV and its system will be managed and used by us. We may amend this policy at any time and will notify you of the amendments, where possible.
1. What Personal Data we collect
We capture your recognizable moving or still images, and voices of you and your belongings e.g. vehicles, when entering the monitored space in our premises, buildings and facilities through the CCTV devices and system ("CCTV Data").
2. Why we collect, use, and disclose your Personal Data
2.1 We may collect, capture, use, disclose, transfer, and carry out any operation, including but not limited to recording, holding, adapting, altering, modifying, destroying, deleting, retrieving, combining, copying, transmitting, storing, extracting, amending, adding, in relation to your CCTV Data and other Personal Data concerning you, for the "CCTV Monitoring Purposes" as listed below, on the legal basis of legitimate interests; vital interest; legal compliance; public interest; consent; or any other basis as permitted by applicable laws (provided that those interests are not overridden by individuals’ rights and interests), as the case may be:
- to protect your life, body, health personal safety, and/or your belongings;
- to control access to the building and to ensure the security of the building, the safety of our personnel, employees and visitors, as well as our property and information located or stored on the premises.
- to protect/prevent our premises, buildings, facilities and assets from damage, disruption, vandalism and other crime;
- to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings; • to assist in the investigation or proceedings concerning a whistleblowing complaint;
- to assist in the establishment or defence of any civil litigation, including but not limited to employment proceedings;
- to comply with our legal obligations and/or cooperate with the court, regulators, government authority and law enforcement bodies for the exercising of such official authority vested in us including but not limited to safety, occupational and workplace environment laws. We consider that the use of CCTV is a necessary measure to enable us to meet those obligations; and
- to exercise our rights or protect our legitimate interest where it is necessary to do so, for example, to deter, prevent, and detect misconduct, crime or violations of law; to follow up on incidents; to prevent and report misconduct or crime in our stores and to protect the security and integrity of our business. We will endeavour on a continuing basis to balance between our legitimate interest and that of any relevant third parties, as the case may be, and your fundamental rights and freedom in relation to the protection of the CCTV Data concerning you. We will also endeavour to identify any steps required to achieve the right balance as appropriate.
2.2 We will install CCTV devices at strategic points within our premises, buildings and facilities, except in certain areas such as changing rooms, toilets, and shower rooms.
2.3 Our CCTV devices are in operation 24 hours a day and they will be monitored by our security staff, except in case of device/system failure and/or maintenance.
2.4 We will place appropriate signage in the monitored areas where the CCTV is in use.
3. To whom we disclose your Personal Data
3.1 We will keep CCTV Data concerning you confidential, and will not disclose or transfer it except to our subsidiaries, affiliates, and other carefully selected third parties now or in the future, licensees, joint venture partners and/or service providers, [who may be located overseas,] to achieve the CCTV Monitoring Purposes provided in this Policy.
3.2 Third parties to which we may disclose CCTV Data and other Personal Data concerning you include our affiliates (as part of our legitimate interest and our affiliates' interest to achieve the CCTV Monitoring Purposes), governmental and/or regulatory organizations (to comply with legal obligations or to support or assist law enforcement organizations with regard to investigation and prosecution of civil or criminal proceedings), and third-party service providers (as our necessary steps to ensure our protection of your health and personal safety, and belongings). However, the access to CCTV Data may only be accessed or disclosed to the extent necessary in order to deal with an incident which falls within one of the objectives identified in Clause 3.2 or in order to respond to a request made by an individual under the law under Clause 2.1.
4. Transfer your Personal Data internationally
We may disclose or transfer your CCTV Data as part of necessary steps to ensure your health, personal safety, and belongings, to [third-party service providers] that are outside of Thailand, and such disclosure or transfer may only be done by obtaining your consent or there are any other compelling legitimate grounds (e.g. to perform the contract terms between us and other persons for your benefit) as permitted by applicable laws. Such destination countries may or may not have the same data protection standard similar to Thailand, however, we will ensure that the data transfer requirement under applicable data protection law which is in effect at that time is met before such transfer.
5. Security measures
5.1 We use reasonable organizational, technical and administrative security measures to protect CCTV Data and Personal Data concerning you from accidental, unlawful, or unauthorized destruction, loss, access, use, alteration, or disclosure.
5.2 We will from time to time review and update our security measures as necessary or upon the development of the concerning technology to ensure effective and appropriate security measures, and in line with minimum legal requirements as prescribed by the relevant governmental organizations.
6. How long do we retain your Personal Data
We will retain your CCTV Data in our system for the period necessary to fulfil the CCTV Monitoring Purposes for which we obtained them. When we are no longer permitted by the applicable laws to store your CCTV Data, we will remove it from our systems and records. However, we may retain your CCTV Data for a longer duration, such as until the end of legal action or if required by the applicable laws or specific CCTV Data are required to be retained in order to deal with an incident or in order to respond to a request by an individual made under the law.
7. What are your rights with regard to your Personal Data
Subject to the conditions and exceptions under the applicable laws, you may have the rights to access and/or obtain a copy of, port, rectify, delete, destroy or anonymize certain CCTV Data that we have about you, restrict and/or object to certain activities, in which we engage with respect to your personal data. If we process your Personal Pata based on your consent, you may withdraw your consent, but we may not be able to provide you with our goods or services. You may also have the right to request us to disclose how we obtain your Personal Data without your consent and lodge a complaint with the competent authority under the applicable laws.
8. Contact us
If you have questions or concerns or would like to exercise your rights in relation to your CCTV Data, please contact us or our Data Protection Officer at:
1) Central Plaza Hotel Public Company Limited
- Corporate Risk and Legal Department 25th Floor, 999/99 Rama 1 Rd., Pathumwan, Bangkok 10330
- email: [email protected]
2) Data Protection Officer
- Data Protection Officer
- Data Protection Office, Central Group 22 Soi Somkid Ploenchit Road, Lumpini, Pathumwan, Bangkok, 10330 Thailand
- email: [email protected]
Privacy Policy on Events, Exhibitions and Tradeshows
This Customer Privacy Policy (this “Privacy Policy”) describes how Central Plaza Hotel Public Company Limited (referred to as “Company”, “we”, “our” or “us”) collect, use, and disclose your personal data in relation to your attendance of our event, exhibition, and/or tradeshow.
For the purpose of this Privacy Policy, “Personal Data” means “any information relating to an identified or identifiable natural person.
1. What Personal Data we collect
We will collect or obtain the following types of information directly from you which may include the following Personal Data:
- Contact Data: such as name, address, telephone number, mobile number, email address and national identification number;
- Membership Data: such as our products’ card details (such as The 1 Card), member type, joined date and information on your point usage;
- Identification Data: such as gender, nationality, date of birth, occupation, education, marital status, identification card number, passport number, driving license number or similar identifier and signature;
- Interest: such as data which identify your interests;
- Marketing and Communications Data: such as how you heard about us and your preferences in receiving marketing from us and/or our affiliates and business partners and your communication preferences;
- Financial Data: such as bank account, payment details and records, and debit/credit card details;
- Sales and Services Data: such as purchases or orders made by you, delivery details, complaints and claims, attendance to trade exhibitions and customer satisfaction surveys; and/or
- Other Data: such as LINE ID, Facebook ID, Google ID, CCTV, video footage, photograph, photo and voice records, taken at our premises or other places we hold relevant events, exhibitions and tradeshows.
2. Why we collect, use, and disclose your Personal Data
We collect, use, and disclose your Personal Data for the following purposes:
- to process event registration;
- to manage tickets for events such as managing booking communications and promotions;
- to contact you with marketing communications and offers relating to our products and services;
- to manage and improve our relationship with you (such as customer satisfaction survey and customer relationship management marketing) and to improve future events;
- to promote, market and report on events, exhibitions or tradeshows that you attended or will attend;
- to identify you and respond to your requests;
- to protect the security and integrity of our business;
- to improve and assure our service quality;
- to meet our contractual obligations with you under any agreement we have with you or to take any necessary steps before entering into such agreement;
- to comply with our legal obligations and/or cooperate with court, regulators, government authority and law enforcement bodies for the exercising of such official authority vested in us;
- to exercise our rights or protect our legitimate interest where it is necessary to do so, for example, to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law; and/or
- to prevent or suppress a danger to your life, body or health.
Where we need to collect, use, and disclose your Personal Data as required by law, or for the performance of a contract with you and you fail to provide that Personal Data to us, we may not be able to serve you our full range of services or perform the contract we have or are trying to enter into with you (for example, to provide you with our goods or services).
3. How long do we retain your Personal Data
We retain your Personal Data for as long as it is reasonably necessary to fulfil the purpose for which we obtained them. However, we may retain your Personal Data for a longer duration, if required by applicable law.
4. To whom do we disclose your Personal Data
We may disclose your Personal Data to members of our group companies, our affiliates, our subsidiaries, our business partners, service providers, legal advisors, auditors, courts, regulators, government authorities and law enforcement bodies.
A list of our group companies is available here.
5. Transferring your Personal Data internationally
Your Personal Data may be transferred to countries outside Thailand, which may or may not have the same data protection standard similar to Thailand. However, we will ensure that the data transfer requirement under applicable law is met before such transfer.
6. What are your rights with regard to your Personal Data
Subject to the conditions and exceptions under the applicable laws, you may have the rights to access and/or obtain a copy of, port, rectify, delete, destroy or anonymize certain Personal Data that we have about you, restrict and/or object to certain activities, in which we engage with respect to your Personal Data. If we process your Personal Data based on your consent, you may withdraw your consent, but we may not be able to provide you with our full range of services. You may also have the right to request us to disclose how we obtain your Personal Data without your consent and lodge a complaint with the competent authority under the applicable laws.
7. Contact us
If you have any questions, or concerns, or would like to exercise your rights regarding your Personal Data, please contact us or our Data Protection Officer at:
1) Central Plaza Hotel Public Company Limited
- Corporate Risk and Legal Department
- 25th Floor, 999/99 Rama 1 Rd., Pathumwan, Bangkok 10330
- email: [email protected]
2) Data Protection Officer
- Data Protection Officer
- Data Protection Office, Central Group 22 Soi Somkid Ploenchit Road, Lumpini, Pathumwan, Bangkok, 10330 Thailand
- email: [email protected]
Central Plaza Hotel Public Company Limited (the “Company,” “we,” “us,” or “our”) recognizes the importance of the protection of personal data for you of our products and services. We know you care how information about you is collected, used, disclosed, and transferred outside of Thailand. The information you share with us allows us to provide the products and services you need and want appropriately tailored for you, not only from us but also those within Central Group's data ecosystem. We appreciate your trust that we will carefully and sensibly handle your personal data while giving you the very best personalized experience and customer service.
This privacy policy applies to our retail stores, websites, mobile applications, call centres, social networking sites, online communication channels, and other locations where we collect your personal data. However, please read this Privacy Policy in conjunction with the terms and conditions of the particular service that you use. (This may be provided separately according to the type of Personal Data that we collect from you)
For the purpose of this Privacy Policy, “Personal Data” means any information relating to an identified or identifiable natural person.
We reserve the right to modify this Privacy Policy from time to time, so please review it frequently to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our website or application. We will provide additional notice of significant updates. In case any modification deprives your rights of sensitive data in relation to this Privacy Policy, the Company will first obtain your consent, except as otherwise permitted by law.
1. What Personal Data we collect
We may collect or obtain the following types of information which may include your Personal Data directly or indirectly from you or other sources or through our affiliates, subsidiaries, business partners or other companies. The specific type of Personal Data collected will depend on the context of your interactions with us, and the services or products you need or want from us and companies in Central Group's data ecosystem.
1.1. Personal details, such as title, full name, gender, age, occupation, qualifications, job title, position, business type, company name, nationality, country of residence, date of birth, marital status, number of family members and children, ages of children, information on government-issued cards (e.g., national identification number, photograph of the national identification, information on the national identification, control number on the reverse side of the national identification (Laser ID), social security number, passport number, tax identification number, driver's license details or similar identifiers), immigration details such as arrival and departure date, signature, voice, voice record, photograph, facial features for recognition, CCTV records, workplace, education, insurance details, license plate details, house registration, household income, salary and personal income;
1.2. Contact details, such as postal address, delivery details, billing address, residential address, workplace address, address shown in the national identification card, telephone number, fax number, email address, LINE ID, Facebook account, Facebook ID, Google ID, Twitter ID, and other ID from social networking sites, your contact person's contact details (e.g., telephone number, contact data on any correspondence (e.g. written communication with you), and any other contact details you provided to us;
1.3. Membership details, such as account details, member card number, reward points, member ID (e.g. The 1 member card number, The 1 ID, Siebel ID, member ID, customer ID), member type, customer type, member join/registration date and month, membership period, bank account and payment details, service and product applications (e.g. membership application, insurance application);
1.4. Financial details, such as debit/credit card or bank information, credit/debit card number, credit card type, issuance/expiration date, cycle cut, account details, bank account details, prompt pay number payment details and records, your information regarding the risk profile for the business partner, credit rating and solvency, information in accordance with the declaration of suitability, suitability of transaction and any other financial details;
1.5. Transaction details, such as details about payment to and from you, payment date and/or time, payment amount, details about the refund, refund amount, points, date and location of purchase, purchase/order number, appointment date for service, address/date and time for pick up or delivery, acknowledgement of receipt, recipient email’s signature, warranty details, complaints and claims, booking details, rental details, transaction, transaction history, location, transaction status, past sales transaction, status, transaction status, purchasing behaviour, and any other details of products and services you have purchased, including but not limited to any information incurring from using of products or services provided on our platform, such as e-pocket, digital asset, lending product, insurance product and the product related to wealth management, etc.;
1.6. Technical details, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID (such as international mobile equipment identifier (IMEI), electronic serial number (ESN), mobile equipment identifier (MEID) and serial number (SN)), device model and type, formats of software and hardware of the device when it is activated in the system, network, connection details, access details, single sign-on (SSO), log in log, access time and location, time spent on the page, login data, GPS, latitude, longitude and time spent on each webpage, login information, applications downloaded on communication devices, search history, browsing details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on devices you use to access the platform, including any other technical information arising from the use of our platform and systems;
1.7. Behavior details, such as information about your purchasing behaviour and data supplied through the use of our products and services;
1.8. Profile details, such as your username and password, profile details and picture, purchases, historical orders, past orders, purchase history, items bought, item quantity, orders or product recalls made by you, orders via website, Cash On Delivery details, order ID, financial records, PIN, your interests, preferences, feedback and survey responses, satisfaction survey, social media engagement, participation details, loyalty programs, your use of discount codes and promotions, customer order description, customer service, attendance to trade exhibitions and events, trade exhibitions, litigation, testing and trials;
1.9. Usage details, such as information on how you browse or use our websites, platform, application products and services, products in customer's cart, wish list record, remind me flash sale record, follow-shop record, and timestamp of last click and Q&A record;
1.10. Marketing and communication details, such as your preference in receiving marketing from us, our affiliates, subsidiaries, business partners or other companies, and your communication preferences; and/or
1.11. Sensitive data, such as race, religion, political opinions, fingerprints, facial recognition, person identity information (biometrics), face, information from the iris recognition, physical or mental health or condition, genetic data, medical history, disability and criminal records.
If you provide Personal Data of any third party to us, e.g., their name, family name, address details, and telephone number for emergency contact, family member income, or if you use the service on any of our platforms with your consent, we can access and collect third party personal information relating to you, such as information on name, picture and/or phone number, as well as personal and contact information of family, friends, emergency contact persons, recommended persons or referrals accessible from your mobile number, etc.; please provide this Privacy Policy for their acknowledgement and/or obtaining consents if necessary.
We will only collect, use, or disclose sensitive data on the basis of your explicit consent or where permitted by law.
We only collect the information of children, quasi-incompetent persons, and incompetent persons where their parent or guardian has given their consent. We do not knowingly collect information from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. In the event we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete it immediately or process it only if we can rely on other legal bases apart from consent.
2. Why we collect, use or disclose your Personal Data
2.1. The purpose for which your consent would be required
Marketing and Communications: We collect, use and disclose your Personal Data to provide privileges and promotions, discounts, special offers, advertisements, notices, news, information and any marketing and communications about the products and services from us, Central Group, our affiliates, subsidiaries and business partners which we cannot rely on other legal bases.
Please contact [email protected] to manage your consent for marketing and communications.
For The1 members, please contact Customer Service or The1 Call Center Tel: 0-2660-1000 to manage your consent for marketing and communications.
2.2. The purposes we may rely on any other legal grounds for processing your Personal Data
We may also rely on (1) a contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of the legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or suppressing a danger to a person’s life, body, or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.
We may collect, use and disclose your Personal Data for the following purposes
1) To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to support and perform other activities related to such services or products; to complete and manage bookings and to carry out financial transactions and services related to the payments including transaction checks, verification, and cancellation; to process your orders, delivery, and collections and returns; refund and exchange of products or services; to provide updates and on the delivery of the products, and to perform warehouse internal activities, including picking, packing, and labelling of packages; to verify warranty period; to provide aftersales services, including maintenance and facility reservation;
2) Marketing and Communications: To provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, Central Group, affiliates, subsidiaries and business partners.
3) Promotions, special offers, loyalty programs, reward programs, prize draws, competitions, and other offer promotions: To allow you to participate or earn promotions, special offers, loyalty programs, reward programs, sweepstakes, privileges, prize draws, competitions, and other offer/promotions (e.g., sending you reminder emails and transferring your Personal Data to business partners) to participate in activities and seminars, and all services related to advertising. This includes processing and administering your account registration, gift registration, and event registration; for processing, collection, addition, exchange, earning, redemption, payment, and transfer of points; examining your entire user history, both online and offline; providing and issue gift vouchers, gift cards, and invoices;
4) Registration and Authentication: To register, verify, prove, affirm, identify, and/or authenticate you or your identity;
5) To manage our relationship with you: To contact and communicate with you as requested by you or in relation to the products and services you obtain from us, those within Central Group's data ecosystem, affiliates, subsidiaries and business partners; to handle customer service-related queries, request, feedback, complains, claims, disputes or indemnity; to provide technical assistance and deal with technical issues; to process and update your information; to facilitate your use of the products and services;
6) Personalization, profiling and data analytics: To recommend products and services that might be of interest to you, identify your preferences and personalize your experience; to learn more about you, the products and services you receive and other products and services you may be interested in receiving; to measure your engagement with the products and services, undertake data analytics, data cleansing, data profiling, market research, surveys, assessments, behaviour, statistics and segmentation, consumption trends and patterns; profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use, how you like to be contacted; to know you better; to improve business performance; to better adapt our content to the identified preferences; to determine the effectiveness of the promotional campaigns, identify and resolve of issues with existing products and services; qualitative information development. For this purpose, we will collect, use and disclose your Personal Data for your interest and benefit and for legitimate interest and businesses of Central Group, affiliates, subsidiaries and our business partners where such interests and businesses are not overridden by your fundamental rights to personal data. We will request your consent where consent is required from time to time;
7) To improve business operations, products, and services: To evaluate, develop, manage, improve, research and develop the services, products, system, and business operations for you and all of our customers within Central Group's data ecosystem, including but not limited to our business partners; to identify and resolve issues; to create aggregated and anonymized reports, and measure the performance of our physical products, digital properties, physical measurement of products performance, digital features and marketing campaigns as well as developing business models, model for loan consideration, insurance and debt collection model;
8) To learn more about you: To learn more about the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use from us, how you like to be contacted and so on;
9) Functioning of the sites, mobile application, and platform: To administer, operate, track, monitor, and manage the sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on the sites and platform; improve the layout, and content of the sites and platform;
10) IT Management: For business management purposes including IT operations, management of communication systems, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
11) Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities' orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes providing and handling VAT refund service; issuing tax invoices or full tax forms; recording and monitoring communications; making disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
12) Protection of our interests: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example, to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our premises which includes our use of CCTV; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;
13) Fraud detection: To verify your identity, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud). This includes performing sanction list checking, internal audits and records, asset management, system, and other business controls;
14) Corporate transaction: in the event of a sale, transfer, merger, reorganization, or similar event we may transfer your Personal Data to one or more third parties as part of that transaction;
15) Risks: To perform risk management, audit performance, and risk assessments; and/or
16) Life: To prevent or suppress a danger to a person’s life, body, or health.
If you fail to provide your Personal Data when requested, we may not be able to provide our products and services to you.
3. To whom we may disclose or transfer your Personal Data
We may disclose or transfer your Personal Data to the following third parties who collect, use and disclose Personal Data in accordance with the purposes under this Privacy Policy. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy policies to learn more details on how they collect, use and disclose your personal data as you could also be subject to their privacy policies.
3.1. The company within Central Group's data ecosystem
As Central Plaza Hotel Public Company Limited is part of the data ecosystem of Central Group which all collaborates and partially shares customer services, products and systems including website-related platforms and systems, we may need to disclose or transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within Central Group's data ecosystem for the purposes set out in this Privacy Policy. Please see the list of companies for further details here.
3.2. Our service providers
We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to our service providers or third-party suppliers including, but not limited to (1) infrastructure, internet, infrastructure technical, software and website, and IT service providers; (2) warehouse and logistic service providers; (3) payment service providers; (4) research agencies; (5) analytics service providers; (6) survey agencies; (7) auditors; (8) marketing, advertising media, and communications agencies; (9) call centre; (10) campaign and event organizers; (11) sale representative agencies; (12) telecommunications and communication service providers; (13) payment, payment system, authentication, and dip chip service providers and agents; (14) outsourced administrative service providers; (15) data storage and cloud service providers; (16) verifying and data checking (Netbay and Department of Provincial Administration) service providers; (17) dispatchers; and/or (18) printing service providers.
In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we ask them not to use your information for any other purposes.
3.3. Our business partners
We may transfer your Personal Data to our business partners in the businesses of banking, finance, credit, loan, asset management, investment, insurance, credit cards, telecommunications, marketing, retail, e-commerce, warehouse, logistics, wellness, lifestyle products and services, spa and fitness, reward and loyalty program, and data analytics, including platform sellers or providers whom we may jointly offer products or services, or whose products or services may be offered to you. Data shared in this way will be governed by the third party’s privacy policy and not this Privacy Policy.
3.4. Social networking sites
We allow you to log in on our sites and platforms without the need to fill out a form. If you log in using the social network login system, you explicitly authorize us to access and store public data on your social network accounts (e.g. Facebook, Google, Instagram), as well as other data mentioned during the use of such social network login system. In addition, we may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.
We also partner with certain third parties that allow you to enrol in their services or participate in their promotions. For example, certain companies allow you to use your loyalty program number or online services login to receive or register for their services. Additionally, your social network account provider allows you to connect your social network account to your online services account or log into your online services account from your social network account. When you enrol in those services, we will share your Personal Data to those third parties. If you do not want to share your Personal Data in this way, do not provide your loyalty or reward program number to third parties, do not use your online services account to register for third-party promotions and do not connect your online services account with accounts on third-party services. Data shared in this way will be governed by the third party’s privacy policy and not this Privacy Policy.
3.5. Third parties required by law
In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.
3.6. Professional advisors
This includes lawyers, technicians and auditors who assist in running our business and defending or bringing any legal claims.
3.7. Associations
We may transfer your Personal Data to other member associations, such as Thailand E-Payment Association (TEPA), the Electronic Transactions Development Agency (ETDA), the Association of Confederation of Consumer Organization, Thailand (ACCOT), the Foundation for Consumers, the Thai Chamber of Commerce, Thai E-Commerce Association, Thai Retailers Association, Thai Shopping Center Association and the Ratchaprasong Intersection Group.
3.8. Assignee of rights and/or obligations
Third parties as our assignee, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction; will comply with this Privacy Policy to respect your Personal Data.
4. International transfers of your Personal Data
We may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties have in place an appropriate level of protection standards or other derogations as allowed by laws. We will request your consent where consent to cross-border transfer is required by law.
5. How long do we keep your Personal Data
We retain your Personal Data for as long as is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.
6. Security of your Personal Data
The Company recognizes the importance of maintaining the security of your Personal Data. Therefore, the Company endeavours to protect your information by establishing security measures for your Personal Data appropriately and in accordance with the confidentiality safeguard of Personal Data, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, rectification or disclosure; provided, however, that the Company will ensure that the method of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of the Company.
7. Cookies and how they are used
If you visit our websites, we will gather certain information automatically from you by using cookies. Cookies are small pieces of information or text issued to your computer when you visit a website and are used to store or track information about your use of a website and used in analyzing trends, administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some cookies are strictly necessary because otherwise, the site is unable to function properly. Other Cookies allow us to enhance your browsing experience, tailor content to your preferences, and make your interactions with the site more convenient: they remember your username in a secure way, as well as your language preferences.
Most Internet browsers allow you to decide whether or not to accept cookies. If you reject, remove or block Cookies can affect your user experience and without cookies, your ability to use some or all of the features or areas of our websites may be limited.
In addition, some third parties may issue Cookies through our websites to serve ads that are relevant to your interests based on your browsing activities. These third parties may also collect your browser history or other information to determine how you reached our websites and the pages you visit when you leave our websites. Information gathered through these automated means may be associated with the Personal Data you previously submitted on our website.
8. Your rights as a data subject
Subject to applicable laws and exceptions thereof, you may have the following rights:
1) Access: You may have the right to access or request a copy of the Personal Data we are collecting, using or disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
2) Rectification: You may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data that we collect, use or disclose about you rectified.
3) Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) in the case where we are collecting, using or disclosing such data on the basis of your consent or to perform a contract with you.
4) Objection: You may have the right to object to certain collection, use or disclosure of your Personal Data such as objecting to direct marketing.
5) Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.
6) Withdraw Consent: For the purposes you have consented to our collecting, using or disclosing of your Personal Data, you have the right to withdraw your consent at any time.
7) Deletion: You may have the right to request that we delete or de-identify Personal Data that we collect, use or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
8) Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use or disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.
9. Our Contact Details
If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Policy, please contact us or our Data Protection Officer at:
Central Plaza Hotel Public Company Limited.
1. For members of the CentaraThe1 Loyalty Programme
- Contact Name: Central Loyalty Marketing Co., Ltd.
- Address: 11th Floor, 999/99 Rama 1 Road, Pathumwan, Bangkok 10330 Thailand
- E-mail: [email protected]
2. For hotel guests, non-members of any Centara hotels and resorts loyalty or/and reward programmes
- Contact Name: Corporate Risk Management
- Address: 25th Floor, 999/99 Rama 1 Rd., Pathumwan, Bangkok 10330 Thailand
- E-mail: [email protected]
3. For members of The1
- Contact name: The 1 Central Limited
- The1 Call Center, Tel: +66 (0) 2660 1000, Operate daily from 9.00 am. - 10.00 pm.
- E-mail: [email protected]
Data Protection Officer
- Data Protection Officer
- Data Protection Office, Central Group
- 22 Soi Somkid Ploenchit Road, Lumpini, Pathumwan, Bangkok, 10330 Thailand
- E-mail: [email protected]
Notice of Data Security Incident
After an extensive investigation following an allegation of a cyber security incident on 14th October 2021, Centara Hotels & Resorts has discovered that it has been the victim of a data breach, impacting a limited volume of data on its information network. Regrettably, the personal data of some customers has been unlawfully accessed. To understand more about this incident and the steps taken to contain and resolve it, as well as for advice for customers, please click here for full available details.