Privacy Policy

Global Privacy Statement

Last Updated: June 2021

MI Squared Limited, the service provider engaged by the developer of the Anantara Vacation Club, respects your privacy and is committed to protecting your personal data. This privacy statement will inform you as to how we look after your personal data when you visit our website or use our services and tell you about your privacy rights and how the law protects you.

If you are accessing this website from California, please refer to the California Consumer Privacy Act Statement.

Anantara Vacation Club was established by Minor International and forms part of the Minor Hotel Group.

By using any of our products or services and/or by agreeing to this privacy statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal data as described in this privacy statement.

It is important that you read this privacy statement together with any other privacy statement or fair processing statement we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy statement supplements other notices and privacy policies and is not intended to override them.

This privacy statement is provided in a layered format, so you can click through to the specific areas set out below.

Data controller

This Privacy Statement

This privacy statement is issued on behalf of MI Squared Limited, the service provider engaged by the developer of Anantara Vacation Club. So when we mention "we", "us" or "our" in this privacy statement, we are referring to MI Squared Limited.

This Website

The Data Controller of this website is MI Squared Limited, with registered address at 88 The Parq Building, 12th Fl. Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand. If you have any questions regarding this privacy statement you can reach us via privacy.corporate@minor.com

Please note that our websites are not intended for children and minors and we do not knowingly solicit or collect personal data from anyone under the age of 18, other than from a parent or legal guardian with consent. As a parent or legal guardian, please do not allow your children to submit personal data without your permission.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statement of every website you visit.

How is your personal data collected?

This privacy statement also aims to give you information on how we collect and process your personal data through your use of this website, and other services provided by us (both online and offline channels), e.g. our hotels and other properties, and call centers (“Services”) from which you are accessing this privacy statement, including any data you may provide when you use our:

  • Online services, such as websites owned or controlled by us, web and mobile applications, social media pages, HTML-formatted email messages; or
  • Offline interactions, when you visit or stay as a guest at one of our properties, reach out to our call center, or through other offline interactions.

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise, including when you call a call center, contact us to inquire about our products or Services, or submit requests or claims. This includes personal data you provide online when you book an accommodation, sign up for a newsletter, complete the form on our website, or participate in a survey, contest, online campaign activities, or promotional offer. We collect personal data offline, when you visit our properties, or use Services, such as hotels, resorts, restaurants, childcare services, and spas, and other Services provided under Anantara Vacation Club, or participate in our roadshow or other offline campaign activities, including scheduling for a preview presentation provided by us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. To learn more, please see your cookie statement for further details.
  • Security Systems. When you visit our managed properties, information may be collected about you through such properties’ closed circuit television systems, electronic key cards and other security systems.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources including business partners, hotels managed by us, travel agents and aggregators.

Purposes for which we will use your personal data

We will process your personal data for different purposes. This data processing may be for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

We collect, use, or disclose your personal data to the extent permitted or required under applicable law, for the following purposes:

  • Performing our contract with you (including our customer service obligations), processing and managing your purchases or use of our products and Services, such as member/program application, provision of presentation and preview tour of our properties under the program voluntarily participated by you, creation and management of reservations and your stay in our properties (including booking process, check-in and hotel registration process, and management of the booking or Services requested by you related to your stay in our properties), provision of other Services, collection and payment, point usage management, catering to your requests, monitoring use of Services (telephone, bar, pay TV etc.), and administering relevant program participation, online/offline campaign activities, your use of our website and the Services via both online and offline channels in response to a contractual relationship between you and us.
  • Responding to your customer service inquiries, handling the complaint management process which you have raised, or taking other actions in response to your inquiries or other website’s activities or other customer service platforms.
  • Communicating with you by post, telephone, email, and social media about your purchases, your Services, accounts and program participation, campaign activities you have participated in, and your requests for information.
  • Improvement of our products, Services and relevant processes, such as assessment of our Services in hotels, resorts, spas, restaurants, and other outlets, improvement in the operation of our business as part of the contracted relationship between you and us, including requesting feedback or participation in surveys (including customer satisfaction survey) and analysis for us to review, develop and improve the quality of our products and Services, and test and improve our systems, and prevent the misuse or improper use of our Services.
  • Giving information and communicating with you by email, via our website and other online channels about our brands, products and Services, news, and events, and offering our products, Services, benefits, upgrade and promotions, including co-branded offers and Minor Hotels group and business partner offers.
  • Personalization of our services and communications, for example to personalize content and tailor our digital customer experience and offerings, understand customers’ requirements to develop targeted marketing programs, newsletters, and promotions. In addition, we may display User Generated Content (UGC) on our websites for promotional purposes. We will always seek and record your permission to opt in and participate in any of our marketing campaigns. Use of your information for marketing is presented in more detail under the Marketing section below. Personalisation of our website based on your preferences is covered in the [Cookies Policy].
  • Administration of loyalty programs in partnership with GHA and frequent flyer program partners.
  • Conducting business planning, reporting and forecasting.
  • Managing risks and undertake internal audit and administration, for example, preventing fraud or undertaking detection, investigating requests for use of our internal information systems.
  • Compliance with laws, regulations, orders, legal requirements and obligations of the Company, or reporting or disclosing information to government authorities as required by laws (such as local privacy laws, prevention of fraud or money laundering, police investigations, and tourism regulations), or upon receiving an order or a writ of attachment from police officers, government authorities, courts, or other competent authorities, undertaking detection and investigation under legal procedures and other regulations including establishment, compliance or exercise of the rights to legal claims or defense against the rights to legal claims.
  • Safety and security to maintain the safety, health and well-being of customers, and protecting Minor Hotels’ assets and employees.
  • Assignment of rights, obligations and any benefits under a contract between you and us which have been done legally, for example, merger or transfer of the contract.

This Website

  • Booking process: To manage booking requests made by the users including any modifications and cancellations as well as confirmation communications of these transactions. To register and manage your online check-in; To manage the payment or prepayment, if it is requested; To review your guest profile, in order to unify guests’ profiles and personalize services provided. If the user consent is given for direct marketing communications - sending you personalised promotional offers and event details, subscribing and unsubscribing you, when you request it. The lawful grounds for these processes are the performance of the contract, our legitimate interest and user consent.
  • Check-in online. To manage your check-in online and personalize your services if you request it. To manage any other services required by the user. The lawful grounds for these processes are the performance of the contract and user consent.
  • Newsletter. Direct marketing communications - sending you promotional offers and event details, subscribing and unsubscribing you, when you request it. The lawful grounds for these processes are user consent.
  • Management of general and booking enquiries. To manage communications, provide information and respond to general requests from users through the channels available for this purpose on the website or other Contact Us functions. To manage the booking or services request related to the reservations at our resorts or hotels. To receive feedback about the products and services provided. The lawful grounds for these processes are user consent, the performance of the contract and legitimate interest.
  • User Generated Content (UGC) on social media platforms. To display UGC on our websites for promotional purposes. The lawful grounds for these processes are user consent.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.

We may collect, use, store and transfer different kinds of personal data about you which we have arranged according to the different purposes as follows:

  • Personal identification information (such as full name, age, gender, relationship status, photo, date of birth, national identification number, passport number, driver’s license number, nationality);
  • Contact information (such as name, email address, mailing address, phone number, home address. If you interact with us through social media sites, we may collect your username and other relevant details);
  • Payment information (including payment details, payment card numbers, billing address, and bank account information);
  • Income information (including personal and household income);
  • Information related to your reservation, stay, or visit to a property (including the property where you have stayed or outlet you have visited, date of arrival and departure, and products and Services purchased);
  • Information necessary to fulfill your special requests and/or specific accommodations;
  • Employment information (such as company name, job title, and work contact information) to respond to requests for proposals or honour contractual arrangements;
  • Loyalty program member information, online account details, profile or password details and any frequent flyer or travel partner program affiliation;
  • Copies of your correspondence if you contact us;
  • Your interests and preferences;
  • Feedback and survey responses;
  • Information collected through the use of closed-circuit television systems, card key and other security systems;
  • Information related to your use and interaction with our website and network, including social media platforms; and
  • Information as requested by government authorities to fulfill our legal obligations.

We do not collect the following special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data), unless it is necessary for establishment, compliance, exercising or defense of legal claims or performing or exercising legal obligations. Nor do we collect any information about criminal convictions and offences. However, in some specific cases, we may collect data about your health such as food allergies, your religious belief and/or blood type as appeared on a copy of your identification card (if any), discriminations which relate to sensitive personal data (e.g. racial, ethnic origin)or other information that you provide to us.

Disclosures of personal data

Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data with the following parties:

  • Minor Hotels. We disclose personal data to other companies within the Minor Hotels group for the purposes described in this privacy statement, such as providing and personalizing the Services, communicating with you, facilitating the loyalty programs, and our business purposes. Minor Hotel Group Limited is the party responsible for the management of the jointly controlled personal data. We share your personal data used for making a reservation with the applicable property to fulfill and complete your reservation. The companies indicated are owners and franchisees of Brands.
  • Strategic Business Partners. We disclose personal data and other data to business partners who provide goods, services and offers that enhance your experience at our properties. By sharing data, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services.

Besides, we may share your personal data with other business partners with whom we may jointly offer products or services. You can tell when a third-party business partner is involved in a product or Service you have requested because their name will appear, either alone or with ours. If you choose to access these optional services, we will share your personal data with those partners.

  • Social networking sites. We allow you to login on our sites and platforms without the need to fill out a form. If you log in using the social network login system, you explicitly authorize us to access and store public data on your social network accounts (e.g. Facebook, Google, Instagram), as well as other data mentioned during use of such social network login system. In addition, we may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.
  • Service Providers. We disclose personal data to third-party service providers for the purposes described in this privacy statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing.
  • Professional advisors. This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.
  • Public administration and police bodies. We disclose personal data to public administration (such as any law enforcement agency, court, regulator, government authority) and police under requirement in order to comply with obligations under the regulations and cooperate with these entities in the performance of their duties.
  • Business Reorganization. We may share your personal data in case of any sale, assignment, or other transfer of our business or transition of service to another service provider. We will ask for your consent if required by applicable law.

We require all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

As a global hospitality company, we may transfer your personal data across multiple jurisdictions to the following locations, insofar as it is necessary to fulfill the purposes of the processing of your personal data specified in this privacy statement:

  • Countries where our corporate offices are located;
  • Countries where we manage and operate resorts, hotels, and/or preview centres; and
  • Countries where our third-party service providers, advisors, and consultants are located.

Where personal data is transferred to a country with a lower level of data protection as compared to the country in which the information was collected, we will take all reasonable steps to ensure that your information and privacy are protected in line with the applicable legal requirements of the country where the information was collected. Whenever we transfer your personal data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Where we use certain service providers, we may use data processing contractual clauses that provide sufficient protection measures which enable the enforcement of your rights as data subject, including effective legal remedial measures according to the rules and methods as prescribed and announced by the Thailand’s Personal Data Protection Committee.
  • If necessary, we will obtain your consent in transferring your personal data to other countries as required under the Thailand’s Personal Data Protection Act (“PDPA”).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the applicable country.

We would like to inform you about the following retention period:

  • Your personal data involved in the processing under lawful grounds of contractual relationship will be stored for the entire duration of the contractual relationship and once it has ended until the responsibilities for both parties expire.
  • Your personal data involved in the processing under lawful grounds of legal obligations, will be stored until the completion of this obligation.
  • Your personal data involved in the processing under lawful grounds of legitimate interest, will be stored until the end of this interest.
  • Your personal data involved in the processing under lawful grounds of consent, will be until the consent is withdrawn. In case of marketing communications, you may exercise your opt-out through the means provided in each of these communications.

Afterwards, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.

Details of retention periods for different aspects of your personal data are available in our retention statement which you can request from us by contacting us at privacy.corporate@minor.com

Your rights

Under certain circumstances, you have rights under the PDPA in relation to your personal data.

  • Request access to your personal data
    Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of your personal data
    Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data
    Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the PDPA. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data
    Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing your personal data
    Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
  1. If you want us to establish the data's accuracy.
  2. Where our use of the data is unlawful, but you do not want us to erase it.
  3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  4. You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Request transfer of your personal data
    Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to withdraw consent
    Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
    If you no longer want to receive marketing-related emails, you may opt out by visiting our [unsubscribe page] or by following the instructions in any email you receive from us.
  • Right to file a complaint
    You have the right to file a complaint to the supervisory authority under the PDPA anytime the Company violates or does not comply with the PDPA.

Contact Us

If you wish to exercise any of the rights set out above, please contact us.

Asia, Africa and Middle East
Email: privacy.corporate@minor.com; or
Post: 88 The Parq Building, 12th Fl. Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances and we will indicate the reason for refusal.

Time limit to respond
We try to respond to all legitimate requests within one month or within the timeframe as specified by the applicable data protection legislation. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies

We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our website). These collect information that tells us how you use our website and web-related services. We use these to compile statistical reports on website activity.

This helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details so we can recognize you if you visit our website again.

You can choose to refuse cookies, or set your browser to let you know each time a website tries to set a cookie. For further information on cookies, visit www.aboutcookies.org or www.allaboutcookies.org where you can also find information on how to turn them off.

The type of cookies we use on this site include:

  1. Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
  2. Analytics Cookies: We use these cookies to analyse and identify the behaviour of our web visitors. We will track the IP address on the device you are using to identify you when visiting our website. When possible we combine your online web behaviour data with the personal data that you have previously supplied to us. This data will be used to analyse behaviour on our website and to personalise your experience.
  3. Advertising Cookies: These cookies may be set through our site by our advertising partners. They can be used and shared by those companies to build a profile of your interests and show you relevant adverts on other sites. This is based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
  4. Engagement Cookies: These cookies are used to provide additional functionality to the site and may affect your experience if they are turned off. They are used to allow enhancement widgets for live chat to provide customer support or alert widgets drawing your attention to updates and exclusive offers. These cookies may track your customer journey to personalise the support and messaging given.

If you wish to block the cookies please visit:

  • Google AdWords - http://www.google.com/settings/ads
  • Facebook Pixel - You may disable any of these cookies or similar technologies via your browser settings.
  • Twitter Advertising - You may disable tailored advertisements via your Twitter settings by visiting the “Promoted content” and “Personalization” sections.
  • Google Analytics - You may disable any of these cookies via your browser settings or by downloading a browser add-in: https://tools.google.com/dlpage/gaoptout.

You may disable any of these cookies via your browser settings.

Liability

This website is not intended for children under the age of 18 and we do not knowingly collect data relating to children.

You guarantee that you have informed any third parties whose data you are providing, if you have done so, of the points covered in this privacy statement. In addition, you guarantee that their authorization has been obtained to provide their data to Minor Hotels for the indicated purposes.

You will be liable for any false or inaccurate information provided and for direct or indirect damage caused to us or to third parties.

Changes to this Privacy Statement

We keep our privacy statement under regular review. At the top of this page you will see the date on which the privacy statement was last revised, and it is also the date from which any changes will become effective. Your use of the Services following these changes means that you accept the revised privacy statement. If you would like to review the version of the privacy statement that was effective immediately prior to this revision, please contact us at privacy.corporate@minor.com.

It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.