P.P. Coral Resort Limited (PPCRL)
Zeavola Resort
This Privacy Policy was last updated on 01 June 2022
PPCRL as the operator of “https://www.zeavola.com”. PPCRL acknowledges, realizes and respects the importance of privacy of our visitors and we will strictly follow security policies when we collect, use, process, disclose and/or overseas transfer the personal data (the “Personal Data”) in accordance with the Personal Data Protection Act B.E. 2562 (2019) and all applicable subsequent regulations (collectively referred to as the “PDPA”).
This Privacy Policy covers all Personal Data collected online or offline through the Site, application, call center, point of sales and events, and other locations where your Personal Data is collected.
This Privacy Policy informs you of our policies regarding the collection, use, processing, disclosure and overseas transfer of Personal Data we receive from you upon visiting the Site. It is strongly recommended for you to thoroughly read this Privacy Policy so that you fully understand how we process your Personal Data and what rights you have under the PDPA. If you access the site through any social networking sites, online communication channels or other websites, you must study and follow a Privacy Policy displayed separately on that access channel.
PPCRL may update and/or change this Privacy Policy from time to time pursuant to the terms specified herein. If you do not provide us the necessary Personal Data, we may not be able to take relevant actions which may affect our service or arrangement of activities for you. We will ensure that our collection, use, disclosure, processing, and overseas transfer of your Personal Data will be limited as necessary under a lawful purpose and basis as well as compliant with the PDPA.
We collect various types of data from you depending on how you interact with us and what services you need from us. The data we collect from you may or may not include:
a) Personal Details: title, name, surname, gender, age, occupation, nationality, date of birth, marital status, copy of national identification card or passport, driving license, address, signature, license plate details, vehicle details, photo, username or account of any social networking and other information necessary for using the Site and our services;
b) Contact Information: address, telephone number, mobile phone number, business phone number, e-mail address, LINE ID, Facebook account, Twitter account;
c) Payment Details: credit/debit card details, bank account number, billing address, member types, payment slip, and other necessary payment and billing details;
d) Loyalty Program and Membership Details: member card number and privilege details (including copy of member card), partner program, your discount code and promotions;
e) Accommodation Details: date of checking-in and checking-out, room number, type of room and bed requests, any other special requests;
f) Communication Details: your feedback, questions, interests, history of contact and communication with us, and your communication preference;
g) Technical Details: IP address, log, devices, networks, connection details, access details and time, cookies, search history, log-in details, browsing details, time zone and location, computer system and platform, and operating system you use to access the site;
h) Sensitive Data: we also collect your sensitive data as necessary for using the Site and our services such as ethnicity, race, religion, facial recognition, health and medical data, disability, etc. Such sensitive data (the “Sensitive Data”) will be collected, used, disclosed and processed only after obtaining your explicit consent or when permitted by law.
If third parties’ Personal Data is provided to us, you warrant and represent that you have valid authority to disclose such Personal Data to us and permit us to collect and use the same. Third Parties’ Personal Data disclosed to us will be collected and used in accordance with this Privacy Policy and the PDPA.
We will not collect any Personal Data of any children under 18 years old or quasi-incompetent persons, and incompetent persons without obtaining a consent from their parent or guardian. In case we discover that the Personal Data of children, quasi-incompetent persons and incompetent persons has been collected without consent from their parent or guardian when it is required, such collected Personal Data will be immediately deleted unless otherwise allowed or permitted under other legal grounds to process it.
4.1 The Personal Data is mainly collected, used and processed by us, and may also be collected by our staffs, affiliates, subsidiaries, contracted consultants or service providers or any third parties assigned and engaged by us.
4.2 We collect the Personal Data from you directly when you use the site or our services, or when you have communication or interaction with us.
4.3 We also collect the Personal Data from other third parties or other sources such as Facebook, Google Analytics, your devices (computer and/or mobile device) used for access into the Site, Cookie, IP Address, and other social networking sites.
The Personal Data is collected, use and disclosed for the following purposes:
(a) To perform services under the branded hospitality businesses under our management: provide you available dates of stay and price quotes, reserve and manage your bookings, reservation, and consumption or use of our products and services, manage your payments and requests during your stay, observe your use of our products, services, restaurants, beach club and other facilities, manage customer services and customer relationship with you, manage your requests, feedback, claims, complaints, inquiries, and undertake and manage other branded hospitality businesses.
(b) To operate our business, conduct quality control and training, improve the efficiency of our operation, products and services as part of the managerial contractual obligations of the branded business entities.
(c) To assess and improve overall services and facilities in our hotels, restaurants, beach club and other outlets to meet your needs constantly and, in this regard, your feedback on your use of our services and facilities will be requested.
(d) To recruit staff, employees and interns and manage the PPCRL’s human resources.
(e) For prevention or suppression of danger to a person’s life, body or health.
(a) To register and enable you to use the Site and to communicate with us; to run, develop, manage, maintain and improve the Site, IT system and security, data cleaning and matching, internal audit and/or our other social networking sites; to observe your use of the site; and to update databased, platform, policies and procedures.
(b) To ensure the function and improve efficiency of the Site and system operation, to build relevant audience and traffic to the Site to generate product and service awareness and sales, and to customize contents on the Site, applications, the internet and elsewhere.
(c) To personalize and improve aspects of the Site, communications and make them as user friendly as possible.
(d) For compliance with legal obligations as imposed by applicable law, prevention of fraud and money laundering, tourism regulations, etc., and to detect any illegal activities to prevent fraud and crimes for cybersecurity purpose.
(a) To do direct marketing and provide the sales, advertisement and marketing communication, loyalty programs, rewarding programs special promotions and offers, tailor made packages, new products and services, and news which may be of your interest.
(b) To make strategical analytics to target potential customers to generate sales.
(c) To conduct data analytics either by us and/or by third parties. In case the data analytics are conducted by our contracted third party, your Personal Data will be disclosed to such third party.
(d) To transfer your Personal Data and Sensitive Data to a country which has or may not have sufficient data protection measures and where the consent is required by law.
While your Personal Data will be kept in confidential, in certain circumstances, it may be necessary for us to provide or disclose your Personal Data (if required) to the following parties who process your Personal Data for any of the foregoing purposes on our behalf under the data processing clause or the data processing agreement as the case may be. Where we do so, we would merely disclose information that is necessary for the purpose of such disclosure and/or in accordance with this Privacy Policy.
(a) Our data processor and its employees
In case your Personal Data is collected, used and processed, on our behalf, by our engaged data processor or its employees to perform and fulfil its obligations under the agreements made with us, we will take reasonable actions to ensure that our data processor has adequate data protective measurement to protect your Personal collected, used or processed by it and its employees and only its limited responsible persons can access and use your Personal Data only for the purposes prescribed herein. In addition, we will ensure that its collection, use and processing of your Personal Data shall be strictly complied with this Privacy Policy, contractual obligations and the PDPA.
(b) Third-party contractors, consultants and service providers
We and/or our data processor also engage third parties to perform services on our behalf. Those third parties shall include with no limitation to contractors; consultants; legal advisors; accountants and auditors; infrastructure, software and website developers; IT service providers; data storage and cloud service providers; data cleaning and matching, data profiling and data analytics service providers; marketing and advertising agencies; campaign and event organizers; telecommunication and communication service providers; payment system service providers; outsourced administrative service providers; call center service providers; and/or other necessary service providers. Your Personal Data will be shared to those third parties on a necessity basis for the purposes specified herein. We will take reasonable steps to ensure that such third-party contractors’, consultants’ and service providers’ performance is compliance with this Privacy Policy, their contractual obligations, and the PDPA. We will make sure that such third parties will provide security measures to keep your Personal Data secure.
(c) Our affiliates, subsidiaries, business partners or shareholders
Your Personal Data may be shared to our affiliates, subsidiaries, business partners, shareholders, investors, assignee or transferee. We will ensure that the receiving parties will conform with this Privacy Policy, their contractual obligations, and the PDPA.
(d) Court or regulatory authorities
In order to comply with legal or regulatory obligations and/or to protect our and third parties’ rights, we may be required to disclose or share your Personal Data to legal enforcement agencies, courts, regulators, government authorities, or other government agencies.
Your Personal Data may be transferred to third parties or servers located either in Thailand or overseas. We will take necessary steps to ensure that the destination has adequate security measures to protect the data received and the transfer is securely conducted in accordance with the PDPA.
Your Personal Data is securely handled, retained and stored for the length of time reasonably needed to fulfill the purposes specified herein, to comply with our legal and regulatory obligations, and as required or permitted by law.
We use cookies and other tracking technologies (i.e. Google Analytics, Facebook Pixel Analytics, Facebook Ad Manager, web beacons, Twitter Advertising, etc.) to automatically collect information about your activities, such as your searches, page views, date and time of your visit, and other information about your use of the site and/or or services, and to improve the site and your experience. Cookies are small information files stored on your hard drive by a website. Cookies help to facilitate the site’s visitors to remember your username and language preference in a safe way and to help the sites to work properly.
You may manage your consent via (i) our consent management solution or (ii) your browser so as to refuse all or some cookies, or to alert you when they are being used. However, please note that if you refuse cookies, you may be limited to use some or all features of the site.
Unless otherwise required by the applicable law and exceptions prescribed herein, you may, at any reasonable time, exercise any of the following rights:
(a) To withdraw consent: you can easily withdraw your consent if you do not want us to continue collecting, using disclose or otherwise process the Personal Data collected by us.
(b) To access to and obtain copy: you can request to access, review your Personal Data, and request for, in a readable form, a hard or electronic copy of information we held about you or under our responsibility. In addition, you can request for disclosure of the acquisition of the Personal Data we obtained without your consent. Please note that we may reject your request if it is permitted by law or in accordance with a court order if such request will adversely affect others’ rights and freedoms.
(c) To request for the data portability: you can freely request us to send or transfer your Personal Data that you have given us consent for collection, use or disclosure or the Personal Data we collected for the purpose of performance of contract, in the readable and commonly used format, to other data controllers if such transfer can be done by electronic means.
(d) To object the collection, use or disclosure: you can object our collection, use or disclosure of your Personal Data in certain circumstances such as direct marketing or statistic research, etc.
(e) To request for erasure or destruction or anonymity: if (i) your Personal Data is no longer necessary in relation to the purposes for which it is collected, used or disclosed; or (ii) you withdraw your consent or PPCRL has no other legal grounds to collect, use or disclose your Personal Data; or (iii) you object to the collection, use or disclosure where we cannot reject to such objection; or (iv) your Personal Data is unlawfully collected, used or disclosed. Provided however that we may not reject your request if we are obligated to comply with a legal obligation or to initiate or defend any legal claims.
(f) To restrict the use: you may request to restrict the use or processing of your Personal Data when your Personal Data is unlawfully collected, used or disclosed, or we are no longer necessary to retain or use your Personal Data for the purposes where such Personal Data is collected.
(g) To rectify or update: if you find out that your Personal Data, we retained is incorrect, out-of-date, incomplete, or misleading, you can request to correct, accurate or update your Personal Data.
(h) To file a complaint: you can file a complaint with a competent authority in case we violate or do not comply with the PDPA.
To exercise any of the above rights, please contact us as detailed in Section 12 hereof and we may request you to prove your identity before proceeding with your request.
Your use of the Site or our services and facilities may be limited or restricted in case you exercise any of the above rights where the exercise of such rights affects our collection, use, disclosure, transfer or processing of your Personal Data.
We will, as soon as practicable after we have become aware of the Personal Data breach, notify and communicate with you (via email or other contact preferences) as well as a competent data protection authority if such data breach is likely to result in a risk to your and others’ rights and freedoms. In the case where the Personal Data breach is likely to cause a high risk to your and others’ rights and freedom, the details and impact of such breach, and the remedial measure will be notified. To determine the level of risk, various factors (such as the sensitivity of data, the persons who obtain the data and the nature of harm, and other elements as prescribed by applicable regulations) will be taken into account.
We may, from time to time, change our practices and this Privacy Policy to accommodate changes to the Site and our services. If we change the way we handle your Personal Data, we will update this Privacy Policy and you will be notified for such update.
If you want to contact us regarding the site, our services or any issues, or if you wish to exercise any of your rights mentioned herein, or if you have any questions regarding to this Privacy Policy, please contact our responsible person(s) at:
143/78 Moo 5, Prachasamak-khee Road, T.Rattsada, A. Muang 83000 Phuket, Thailand
By Phone: +66 (0) 75 627 000 between 10 a.m. – 5 p.m. daily
By email: info@zeavola.com
By continuing to use this website you agree to the use of cookies according to our Privacy Policy.