Keep in touch

Privacy Notice

S Hotels and Resorts Public Company Limited 

Privacy Notice

Last Updated : 08 July 2020

1. About Us

2. Personal Data Collections

3. Purposes of Personal Data Collection, Use, or Disclosure

4. Cross Boarder Transfer of Personal Data

5. Cookies Statement

5.1. Categories of Cookies

5.2. Managing Cookies

6. Disclosure of Personal Data

7. Your Rights

8. Marketing Related Activity

9. Security Measures for Personal Data

10. Personal Data Retention

11. Contact Us


About Us

S Hotels and Resorts Public Company Limited (“SHR”) is a holding company that engages in the management of hotels and resorts and investments in international locations. SHR and its properties (“we”, “us”, “our”) greatly value the importance of personal data protection and treat your personal data with utmost respect. We have a security system to protect your personal data and an international standard procedure to prevent any unauthorized access, disclosure, use, or alteration of personal data.

SHR reserves the right to change and update this privacy notice at any time. The details of the update will be posted on our website shotelsresorts.com.

In this Privacy Notice;

Properties” means hotels, resorts, amenities, and retail spaces which we own and operate, including but not limited to;

  • CROSSROADS Maldives
  • Hard Rock Hotel Maldives 
  • SAii Resorts
  • Santiburi Koh Samui
  • Phi Phi Island Village Beach Resort

Personal Data” means any data relating to a person, which can be used to identify a specific person, whether by a direct or indirect mean, but not including the data of the deceased persons or anonymized data.

Cookies” means a small text file consisting of data parts from a download activity that may be stored in a web browser you use to access websites or applications. Cookies data may be saved on your computer devices or any communication tools that you use to access the web browser while you visit our websites and applications.

Business Partners” means a commercial party that we have some form of alliance with. 

This Privacy Notice applies to; 

  • Any personal data processing activities done or implemented by us;
  • Any of our business websites, including but not limited to;
  • shotelsresorts.com
  • investor.shotelsresorts.com
  • saiiresorts.com
  • hardrockhotelmaldives.com
  • santiburisamui.com
  • phiphiislandvillage.com
  • crossroadsmaldives.com

Back to top


Personal Data Collections 

We will collect your personal data as necessary for lawful purposes. We may receive personal data through both direct and indirect means in either digital format or physical documents, which can be from properties, social media, event profiles, properties Wi-Fi service, inquiries, government agencies, business partners, and/or other service providers such as open communication platforms or chat applications.

We may collect your personal data such as;

  • Personal data and your interest such as name, surname, gender, age, nationality, date of birth, marital status, address, monthly income, occupation, work place, postal code, email address, telephone number, national ID number, passport number, credit card number, bank account number, payment data, purchase and/or booking history, travel history, guest preference, interest, liking, survey feedbacks, preference of products and services, hobby such as sport, and travel;
  • Identifiable image data such as picture and video of you and/or your belongings that SHR may collect from CCTV cameras and cameras when there is access to properties, office building, retail spaces, and areas under SHR’s responsibility during events, meetings, or any seminars;
  • Sensitive data such as information related to race, religion, health information (food allergy and disability information), sexual orientation, criminal records and etc. We do not usually collect sensitive data unless it is provided by you for the provision of services or products or to facilitate your stay or unless it is required to do so in accordance to applicable laws. We may use health data to facilitate your stay and meet your particular needs; for example, utilize health data to provide services for guest with certain food allergies or use sexual orientation data to facilitate and improve stay experience, using criminal records to conduct background check of our service providers, and etc. In the event that we have accidentally received other sensitive data and have no intention to collect such data, we will not further process it;
  • Technical data such as websites and/or applications usage and searching behaviors. we may use cookie as a tool to collect IP address, the type of web browser used to access website, website and application user registration and login information, visit duration, websites and applications that refer to our websites, and your location data during website or application access; 
  • Marketing and communication data such as your preferences in receiving marketing material, including contact information, participation in a membership, loyalty program, marketing program, frequent flyer or travel partner program affiliation and member number, groups with which you are associated for stays with us, and voice recording when you communicate with Call Center or through other social media channels.
  • Minor data such as name, surname, age, gender, parental name and surname. 

We collect, use, and disclose aggregated data, such as statistical and demographic information.
The aggregated data may derive from your personal data; however, such data is not considered as a personal data since it cannot be used to identify a specific individual. For example, we may use some of your data after the process of anonymization to create statistical information of people who access the website.

We are fully aware that the data used must not be able to revert to identifiable data. If the data is then able to be used to identify a specific individual, it will be considered as personal data and will be treated in accordance with this Privacy Notice.

Our websites or applications may lead you to a third-party website and/or application via a link; and other websites and/or application may be able to collect, use, or disclose your personal data without our involvements. These services, websites, and/or applications may operate independently from us and may have their own privacy notices and policies. We cannot be held accountable for any collection, use, or disclosure of personal data occurred on other websites and/or applications. Hence, it is encouraged that you read the privacy notices of every websites and/or applications you have visited.

Back to top


Purposes of Personal Data Collection, Use, or Disclosure

In order to conduct business operations, activities, transactions according to your request and/or to achieve our objectives, we may collect and use your personal data, including but not limited to; the following objectives;

  • To allow us to identify you and any accounts you have to proceed with your booking and purchase of our products or services as requested;
  • To facilitate your stay, including conduct check-in/out, carry out pre-arrival communication, provide properties’ amenities and additional services, process payment, fulfil your requests, as well as provide you with customized services and experiences;
  • To enable you to utilize our websites and applications; including facilitating transactions;
  • To carry out the contract you have with us, or to process your request prior to entering into the contract; whether it is for term and condition of products or services, service provider performance evaluation, or any other relevant procedures. If you do not provide your personal data, we may not be able to proceed with your request as notified or there may be other legal effects;
  • To carry out the contract with the contracting party that we procure or use;
  • To comply with the law;
  • To serve public interest or carry out tasks assigned to us by government agencies;
  • To carry out our legitimate interests such as maintain relationship with you, response to your request or complaint, send administrative information, enhance our business operation standard, and prevent illegal activities;
  • To develop marketing plans, conduct data analysis and market research, assess service by conducting guest satisfaction surveys, analyze market trends and customers’ insights, improve and develop our products or services, and enhance the efficiency of the website and application;
  • To provide security in properties, office building, retail space, or areas under our responsibilities, using data from CCTV cameras when there is access of such locations;
  • To achieve our internal objectives or to conduct public relations for external audience using both print media and our social medial channels. This activity includes our collection of picture or video from events, meetings, or any seminars held by us;
  • In the event that we receive your explicit consent, we will only use your personal data for purposes you have given consent to, including but not limited to send marketing communications and promotional offers, facilitate your participation in on-line promotions and etc.;
  • In the event that we collect minor personal data, we will only process in accordance with the purposes where either the minor or the parent have provided it for, and such data will not be used for any other marketing purpose;
  • In the event that we want to process sensitive data for purposes other than for provision of products and services, we have to obtain your explicit consent before or during the collection of such data.

Back to top


Cross Boarder Transfer of Personal Data

We aim to provide you with the best level of services and experiences from us; thus, your personal data may be transferred to hotels and resorts under our portfolio, our service providers, or other third parties which may be located in countries outside of your own. 

Your data may be transferred, as part of the reservation process, to The Kingdom of Thailand, The Republic of Maldives, The Republic of Fiji, The Republic of Mauritius, and The United Kingdom, 

For other cross boarder transfer, either for service providers or for business partners, even though the destination country data protection laws may differ from Thailand, we will ensure before transfer that the personal data is protected with equal and appropriate security measures which meet the personal data protection legal requirements and standard. Cross boarder transfer of personal data will be in accordance with lawful ground such as contractual basis, legitimate interest, public tasks, and as you have given your consent for.

Back to top


Cookies Statement

We use cookies to improve your viewing experience and enhance your satisfaction.  The cookies will allow us to understand the website usage and make the website more accessible and convenient. Furthermore, the cookie data will be used to develop our website and application to be more suitable to your needs. Hence, we may need to use cookies for statistical analysis, as well as linking data and process it according to marketing objectives.

Back to top


Categories of Cookies

We use various types of cookies categorized as follows;

Strictly Necessary Cookies

Cookies necessary for website functionality which cannot be switched off. These cookies do not store any personal data and are usually only set in response to actions such as your privacy preferences setting, or actions of logging in or filling in forms. You can set your browser to block these cookies; however, if this category of cookies is switched off some parts of the site will not function.

Performance Cookies

These cookies allow us to count numbers of visits and traffic, in order to measure and improve websites performance. These cookies data is on aggregate level and thus is not personal data. If you switch off these cookies, we will not know the time of your website visit and will not be able to monitor websites’ performance.

Functional Cookies

These cookies allow the website to provide enhanced functionality and personalization. The setting may be made by us and/or by third party providers. If you switch off these cookies, then some or all website's services may not function properly.

Targeting Cookies

These cookies setting may be made by us or our advertising partners. They may be used by those companies to build a profile data of your interests, in order to show you relevant adverts on other sites. If you switch off these cookies, you will experience less targeted advertising.

Social Media Cookies

These cookies are set by a range of social media services that we added to the site to allow you to share our content with your friends and communities. These cookies are able to track your browser across other sites and build up a profile of your interests and may impact the content and messages you see on other websites you visit. If you switch off these cookies you may not be able to use or see sharing tools.

Back to top


Managing Cookies

If you want to remove or block Cookies from your device, you can update your browser settings (go to your browser's "help" menu to learn how to remove or block Cookies); and we are not responsible for your browser settings. Please keep in mind that if you switch off Cookies, it may affect your ability to perform certain transactions on the website, and our ability to recognize your browser for your next visit.

If you are based in Thailand or Europe, you can also adjust your Cookies preferences through the Cookies Settings on Cookies Consent Manager function. 

Back to top


Disclosure of Personal Data

We will keep your personal data confidential and does not have policy to sell your personal data to third party. If there is legal necessity to disclose your personal data, we will only disclose your personal data to authorized person or party as necessary. However, we may disclose and transfer personal data to person or party as listed below;

  • Our business partners and our authorized representative personnel;
  • Service providers such as representative companies, travel agencies, contractors, consultants, financial institutions, cloud service providers, online travel agents (OTA) websites, marketing companies, and information technology (IT) development companies. Such parties may locate either domestically or internationally and all party is under agreement with us;
  • Franchise companies of hotels and resorts, joint venture companies, and hotel management companies under hotel management agreement with us;
  • Government or regulatory agencies, to comply with law or request of authorized departments.

Back to top


Your Rights

You can submit a request to exercise your legal rights through our contact channel provided under "Section 11. Contact Us." We will then process your request as soon as possible; however, it also depends on the volume and complexity of the request.

  • You have the right to withdraw your consent and we will stop the processing of your personal data as soon as possible;
  • You have the right to access and ask for a copy of your personal data, or to request disclosure of the how we obtained your personal data without your consent; unless it is when we must comply with the law or court order, or the request of access or to receive a copy of your personal data may impact that cause damage to the rights and freedoms of others; 
  • You have the right to request correction and rectification on your personal data to ensure that the data is correct, up-to-date, complete, and does not cause any misunderstandings;
  • You have the right to receive or request us to send or transfer your personal data to other data controller, or to directly request the personal data that we disclose or transfer to other data controller; unless it is impossible to do so because the technical circumstances;
  • You have the right to request us to erase, destroy, or anonymized your personal data, in the event that such personal data is no longer necessary for the purpose in which it is collected for, you have withdrew your consent or object processing of personal data for direct marketing purposes and others, there is unlawful processing, and other scenarios as required by law;
  • You have the right to restrict the processing of your personal data and we will stop the processing of personal data; however, the personal data will be stored for the following purposes 1). To establish legal claims or 2). Personal data is under review for correctness or it is in the process of proving higher legitimate ground. Nonetheless, we will only store personal data as necessary;
  • You have the right to object the collection, use, or disclosure of personal data for direct marketing, research purposes either in the field of science, history, or statistics; unless it is necessary for public interest, higher legitimate ground, establishment of legal claims, legal compliance, exercise of legal rights, or to defend exercise of legal rights;
  • You have the right to file a complaint to relevant government agencies, in the event that you believe we, our employee, or our business partners violate or do not comply with Personal Data Protection Act (PDPA, Thailand) or General Data Protection Regulation (GDPR, Europe).

Back to top


If you wish to cancel or request not to receive marketing materials or newsletters from us or our business partners, you can proceed to submit your request through our contact channel provided under “Section 11. Contact Us.” However, this cancellation will not affect your ability to receive products or services as addressed in the contract or term and condition in which you have accepted.

Back to top


Security Measures for Personal Data

We understand the importance of data security treat your personal data with respect and in accordance with legal requirements. Your personal data is classified as confidential and we have taken appropriate measure to ensure physical protection and organizational and technical measurements on all organization levels and throughout all the properties (for detailed definition, please refer to section “Section 1. About Us”), to prevent your personal data from loss, misuse, or unauthorized access, disclose, change, and deletion.

In the event that we assign external party for system, website, and application development and maintenance, resources allocation, or any other services, we may set for confidentiality and/or data processing agreement in accordance with this Privacy Notice to be made; for the benefit of securing your personal data.

We have set the process to manage the personal data breach incident and will notify you in accordance with the law. Nonetheless, even though there is strict security measure for personal data, there is a security limitation when it comes to transmission of data on the internet. Hence, we are unable to guarantee the security of your personal data disclosed on online platform.

Back to top


Personal Data Retention

We will retain your personal data as part of customers profile information (including contact, identity, financial, and transactions data) for 10 years from the booking date. With other categories of personal data, we will retain it for as long as necessary to achieve the purposes we have stated in this Privacy Notice and your personal data will be retained in accordance with our Policy and strict legal requirements.

Back to top


Contact Us

If you have any questions about this Privacy Notice or how we process your personal data, or if you wish to either provide a compliment or a complaint, please contact us via the following channels: 

S Hotels and Resorts Public Company Limited 

Address: 123 Sun Towers Building B, 10th Floor, Vibhavadi-Rangsit Road, Chom Phon, Chatuchak, Bangkok 10900, Thailand

Phone: +66 (0) 2058 9888

Email: contactus@shotelsresorts.com

Back to top