Privacy Policy

Last updated: 1 February 2022

Dear Guest,

Your privacy is of utmost importance to us. Our Privacy Notice is presented in a format which is easy to read and navigate. If you seek further clarity or details on any specific matter, we urge you to contact us at data.privacy@chivasom.com.

Summary

The Chiva-Som Group, comprising Chiva-Som International Health Resorts Co., Ltd, as well as its affiliates, subsidiaries and related entities (“Chiva-Som Group” or “Chiva-Som”) and the wellness resorts and other properties we own or manage, use your personal information to process and facilitate bookings, product or service orders and deliveries, provide you with highly-individualised service at our wellness resorts or for delivery to your chosen location, respond to your requests for information, inform you of our products and services and other purposes as set out in this notice.

Data is shared with companies in the Chiva-Som Group, third party service providers and professional advisers that may be located anywhere in the world.

Where we rely on your consent, such as for marketing our products and services to you, use of cookies, and collection and use of your sensitive personal data, you may withdraw this consent at any time.

Our website uses cookies to track visitors using our site, analyse trends and usage patterns for research and marketing purposes. You are not obliged to accept cookies. More information is set out in Section 10 of this Privacy Notice.

You have certain rights to your personal information under applicable laws, including a right to object to some of the processing which Chiva-Som carries out. More information about your rights, and how to exercise them, is set out in Section 8 of this Privacy Notice.

Section 1. Data Controller

Chiva-Som International Health Resorts Co., Ltd and its affiliates in the Chiva-Som group of companies (hereinafter, “The Group”) is responsible for the personal data we hold about you. We are committed to respecting the privacy of our guests to our properties, clients of our services and products and users of our website.

The Group acts as an independent data controller. If you have booked to stay in a resort which is not owned by the Group, the owners of the hotel or resort, have limited rights to use your data as described in the sections below. A list of The Group’s entities and their contact details can be found here:

1. Entity Name: Chiva-Som International Health Resorts Co., Ltd. Relationship to The Group: Owned and Managed.  Resort address: 73/4 Petchkasem Road, Tambon Nong Kae, Hua Hin District, Prachuap Khiri Khan 77110, Thailand. Corporate Office:  11th Fl., Modern Town Building 87/104 Sukhumvit 63, Bangkok 10110, Thailand

2. Entity Name: Zulal by Chiva-Som. Relationship to The Group: Managed. Address: Qatari Commercial Registry no. 100411, having its registered address in Building No. 100, street 319, Zone 79, P.O Box 70034, Al Ruwais, Qatar

3. Entity Name: Bintan Wellness Resort and Residences. Relationship to The Group: Managed. Address: Jalan Raja Haji KM. 01, Treasure Bay Kawasan Pariwisata, Teluk Sebong Lagoi, Kepulauan Riau 29155,Indonesia

4. Entity Name: CSM Services Company Limited. Relationship to The Group: Owned and Managed. Address: 11th Floor, Modern Town Building, 87/104 Sukhumvit 63, Bangkok 10110, Thailand

5. Entity Name: Chiva-Som Academy (Chiva-Som International Health Resorts Co., Ltd.). Relationship to The Group: Owned and Managed. Address:. Ground Floor, Modern Town Building 87/104 Sukhumvit 63, Bangkok 10110, Thailand

The Privacy Notice applies to personal data that you provide to us when you make enquires, or a booking to stay at our resorts, or during property visits, or as clients of our services or products, and to personal data which we collect when you visit our website or through our social media pages.

Section 2. Coverage

The Privacy Notice describes the types of personal data we collect, how we use the personal data, with whom we share it, and your rights in relation to your data.

Section 3. Collection and Processing of Personal Information

Personal data you provide us

When you fill forms in on our website, complete guest registration cards, request information about our goods and services, purchase vouchers or want to validate vouchers, opt in for marketing information, create on-line accounts, or communicate with us by email, phone, via our website or social media messages, we may collect and process from you the following types of personal data:

your contact information (e.g. name, telephone number, email address, postal address);

your financial information (e.g. payment method, credit card number, security code, expiration date);

your medical information (e.g. health questionnaire data, medical records);

your health information (e.g. food allergies, dietary requirements, mobility requirements, general health and physical characteristics, health concerns, psychological and mental information/concerns);

sensitive personal information (e.g. relating to ethnic origin, children, marital status);

information related to your travel profile (e.g. nationality, passport and visa data, accommodation and travel preferences, travel itinerary);

prior guest stays or interactions, goods and services purchased, special services and amenities requests;

personal preferences to make more enjoyable your stay and experiences with us such as likes and dislikes about our services that you may tell us about so that we can improve our services;

membership to our loyalty program;

residential sale and preferences in relation to residential sales;

purchase and delivery of retail products and services (prior resort stays, delivery address, country of residence, favorite currency) or reviews about our products and services;

personal messages in relation to sale of vouchers;

images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our offices and resorts;

in more limited circumstances, we may also collect: data about family members and companions and important dates (birthdays, anniversaries and special occasions).

When we conduct due diligence assessments in relation to new products and services, and in the course of business activities we collect personal information from our retail suppliers, service providers (consultants, travel agents, journalists, PR agents, architects, engineers, brokers, lawyers, trainers, employee survey, payroll and pension assistants, etc) and business partners:

contact information (e.g. name, telephone number, email address, postal address);

financial information (e.g. credit card number, security code, expiration date);

information related to their travel profile (e.g. nationality, passport and visa data, accommodation and travel preferences, travel itinerary).

When you visit our website, we may also collect through the use of “cookies” or similar technologies the following data: date and time, originating IP address, domain name, type of browser and operating system used (if provided by the browser), URL of the referring page, completion status of the request, geographical location, language preferences.

A Cookie is a small piece of data (text file) which a website you visit requests your internet browser to store on your device, in order to remember the information about you, such as your location, preferences, or login information. To learn more about the Cookies, how they are used and your choices in relation to cookies on our website, please see Section 10 of the Privacy Notice..

Personal information received from business partners

We collect your personal information from companies with whom we partner to provide you with goods, services, or offers based upon your experiences at our properties or that we believe will be of interest to you such as on-property outlets, travel and tour partners.

The information we collect from such parties include your name, contact information and information related to your travel or stay profile.

Section 4. Information from Third Parties

Sometimes, we receive information about you from third parties. In particular, we may receive information about you from airlines, travel agents, tour operators and destination management companies whom you have direct contact. The information we collect from such third parties include your contact information and information related to your travel profile.

Section 5. Purpose of Requiring Personal Information

We may use your personal data for the following purposes:

To fulfil a contract, or take steps linked to a contract: this is relevant where you make bookings for our services or place an order with us. This includes, for example:

processing and facilitating bookings, including verifying your identity, taking payments and communicating with you and guest (or student) registration;

processing and delivering an order of our retail products;

processing in relation to residential sales;

processing in relation to membership to a Chiva-Som loyalty program.

As required by The Group to conduct our business and pursue our legitimate interests, in particular:

responding to requests which you have submitted via our website(s) and to deal with on-going matters relating to such requests, for example, request during your stay;

conducting surveys and business intelligence activities to offer and improve the products and services and investigate any complaints received from clients or from others, about our website or our products or services;

make improvements to our website and social media pages;

provide for the safety and security of our guests and visitors.

Where you give us consent:

for providing of marketing information (electronic or otherwise) or other communications;

for providing you with highly individualised services at our resorts (dietary requirements in relation with food and beverage or health condition and preferences in relation to health and wellness treatments. The Group will use the data for the purpose explained at the time.

To protect your vital interests such as contacting emergency services or asking you for emergency contacts; or

To comply with legal obligations relating to financial transactions in connections with booking and guest registration, such as obligations to maintains books and records.

We may also process your personal data to monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law or use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation)

Section 6. Sharing Personal Information

We may also disclose your personal information to our group companies for the purposes described in this Privacy Notice such as business intelligence, providing and personalising the services.

We may also disclose your personal information with third parties:

who provide us with booking and reservation management, payment related, data management, customer relationship management, marketing and advertising, information technology services or administration services in order to process your bookings, provide information about tailored and individualised services/offers including on social media, and provide you with any information that you have requested;

who provide us with currier and warehouse services for our fashion and skincare products;

our advisors, consultants and insurer in event of a claim, dispute or where otherwise necessary;

the owner of the property you visit, when it is managed but not owned by the Chiva-Som Group;

where we consider that we need to in order to comply with any law or regulation or with requests from government agencies or where we suspect that any criminal offence may have been committed, to protect our rights, property or safety or that of others and in any circumstances where we consider that we are permitted to do so by law or regulation; and

If the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

Section 7. Cross-Border Transfers

Your personal data may be transferred to countries other than the countries in which the data was originally collected. We will always take steps to ensure that your data is used by third parties in accordance with this Privacy Notice and comply with applicable legal requirements. In particular, if you are located in the European Economic Area, we will only transfer your personal data if the country to which the personal data is transferred has been subject to an adequacy decision by the EU Commission or we have put in place appropriate safeguards in respect to the transfer such as EU Commission approved standard contractual clauses and additional safeguards.

Section 8. Your Rights

In accordance with applicable laws, you may have rights in relation to your personal information. You have the right to:

ask us for a copy of your personal information;

to correct, object to processing, delete or restrict (stop any active) processing of your personal information; and

to obtain the personal information you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes. These rights may be limited, for example if fulfilling your request would reveal personal information about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in applicable data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to an applicable data protection authority where you live, work or where you believe a breach may have occurred.

If you do not wish to remain on our database and to receive our personalised mailings (electronic or otherwise) or to exercise your rights or to make a compliant, please contact us at dataprotection@chivasom.com.

Section 9. Duration of Data Storage

We will keep your personal data for as long as needed to fulfil the purposes for which it is collected unless we are required or permitted by law to keep the personal data for longer.

Your medical and health information will be deleted or anonymized for research if your last interaction (for example, your last visit to one of our properties, or the last marketing opened marketing communication, or your membership) with us was over 5 years ago, unless legal obligations relating to health records require us to keep some personal data longer.

Your contact information and record of prior stays will be maintained with us until or unless you request us to delete it.

Section 10. Cookies

Our website uses cookies. A “cookie” is a small file of letters and numbers that is sent to your computer by a website and automatically saved on your computer by your web browser (e.g. “Safari”). Each time you request a page from the website, your web browser sends this cookie back to the website server. Some cookies used are necessary for the operation of the website (strictly necessary), others for analysing the use of our services (we collect these data through Google Analytics).

We also use third party advertising companies to server advertisements regarding goods and services. These companies place cookies on your browser to collect information about your browsing habits to deliver advertising to you that is relevant to you and your interests. The cookies we use include Google Ad Services, Google Tag Manager, Facebook, Instagram, LINE, Pinterest, WordPress and Drupal.

You are not obliged to accept cookies. If you don’t accept cookies we shall not place cookies on your browser unless they are strictly necessary for the operation of the website.

Section 11. Storage of Your Personal Data

The personal data we collect from you may be stored, with risk-appropriate technical and organisational security measures applied to it, on in-house as well as third-party servers in Thailand, Qatar, Indonesia, as well as anywhere we or our trusted service providers and partners operate. In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it.

How to contact us

If you have queries about this Privacy Notice, your data and the use of cookies, if you want to exercise your rights or complaint about the use of your data please contact our Data Protection Officer at dataprotection@chivasom.com or

Chiva-Som International Health Resort

11th Floor, Modern Town Building

87/104 Sukhumvit 63

Bangkok 10110, Thailand

If you have any queries regarding this Privacy Notice or complaints about our use of your information please contact us at “dataprotection@chivasom.com” and we will do our best to deal with your complaint or query as soon as possible.

Amendments

We may update this Privacy Notice from time to time and without prior notice to you. We will indicate at the top of the Privacy Notice when it was most recently updated.