главная / Правила отеля

RAWAYANA CENTRAL PARK VILLAS

Privacy Policy

Effective Date: 1 January 2026 | Version 1.1

 

 

1. Introduction and Identity of the Data Controller

Rawayana Central Park Villas is operated by Rawai VIP Villas Co.,Ltd., a company registered in the Kingdom of Thailand with its registered office at 58/88 Moo 6, Soi Rouyphad, T. Rawai, A.Muang, Phuket, Thailand.

For the purposes of applicable data protection laws, including the Thailand Personal Data Protection Act (PDPA) and, where applicable, the General Data Protection Regulation (GDPR), the company acts as the Data Controller for personal data collected in connection with the use of our resort facilities, website, mobile applications, and related services.

 

 

2. Scope of This Policy

This Privacy Policy applies to:

  • Guests and prospective guests of Rawayana Central Park Villas

  • Visitors to our website and online booking platforms

  • Individuals who communicate with us via email, telephone, messaging platforms, or social media

  • Suppliers, contractors, and business partners whose representatives interact with the Resort

  • Individuals subscribing to newsletters, marketing communications, or loyalty programmes

  • Job applicants submitting employment applications

This Policy does not apply to third-party websites or services that may be linked from our platforms. We encourage users to review the privacy policies of those third parties.

 

 

3. Categories of Personal Data We Collect

We collect only the personal data that is necessary to provide our services.

3.1 Identification and Contact Data

  • Full name

  • Nationality

  • Passport or identification number

  • Phone number

  • Email address

  • Home or billing address

3.2 Reservation and Stay Data

  • Booking details

  • Dates of stay

  • Room or villa preferences

  • Guest requests or special requirements

  • Travel information

  • Guest feedback and service history

3.3 Financial and Payment Data

  • Payment confirmation details

  • Billing information

  • Transaction identifiers

  • Partial payment card information processed through certified payment providers

The Resort does not store full payment card numbers.

3.4 Health and Dietary Data (Sensitive Personal Data)

Where voluntarily provided by the guest, we may process limited health-related information necessary to accommodate:

  • allergies

  • dietary requirements

  • accessibility needs

Such data is processed only with explicit consent.

3.5 Technical and Digital Data

When using our website or digital services we may collect:

  • IP address

  • browser type

  • device type

  • operating system

  • website usage data

  • cookies and tracking identifiers

3.6 Security and Safety Data

To ensure the safety of our guests and staff we may collect:

  • CCTV recordings in public areas

  • access logs to resort facilities

  • incident reports or security records

3.7 Marketing and Communications Data

  • newsletter subscription preferences

  • marketing consent records

  • communication history with our guest services team

 

 

4. Legal Bases for Processing

We process personal data only where a lawful basis exists under applicable data protection law.

These include:

  • Performance of a Contract
  • Processing necessary to provide accommodation, reservations, and requested services.
  • Legal Obligation
  • Processing required under Thai laws including tax, accounting, and immigration regulations.
  • Legitimate Interests
  • Processing necessary for business operations such as security monitoring, service improvement, fraud prevention, and customer relationship management.
  • Consent
  • Where required, such as for marketing communications or processing sensitive personal data.
  • Vital Interests

Processing necessary to protect the life or safety of guests or staff in emergency situations.

 

 

5. Purposes of Processing

We process personal data for the following purposes:

  • Reservation management
  • To process bookings, confirm availability, manage cancellations or modifications, and issue confirmations or invoices.
  • Guest services
  • To personalise guest experiences and accommodate requests including transportation, dining, spa services, or special arrangements.
  • Safety and security
  • To operate CCTV systems, manage access control, investigate incidents, and protect guests, employees, and property.
  • Legal compliance
  • To comply with tax obligations, immigration regulations, and other applicable laws in Thailand.
  • Marketing and communications
  • To send promotional offers, updates, and newsletters where consent has been provided or where permitted by law.
  • Service improvement
  • To analyse guest feedback, conduct satisfaction surveys, and improve the quality of our services.
  • Dispute resolution and legal claims
  • To investigate complaints, resolve disputes, or manage insurance or legal matters.
  • Loyalty programme administration

Where applicable, to manage membership accounts and provide programme benefits.

 

 

6. Disclosure and Transfer of Personal Data

6.1 Internal Access

Access to personal data within the Resort is restricted to authorised personnel on a strict need-to-know basis.

All employees are bound by confidentiality obligations.

6.2 Third-Party Service Providers

We may share personal data with trusted service providers who act as Data Processors on our behalf, including:

  • online travel agencies (OTAs) and booking platforms

  • payment processing providers compliant with PCI-DSS standards

  • IT infrastructure and cloud hosting providers

  • customer relationship management (CRM) systems

  • marketing and email service platforms

  • legal, accounting, and audit professionals

All processors are required to comply with strict data protection obligations.

6.3 Government Authorities

We may disclose personal data to government authorities, courts, or law enforcement where required by law or official request.

6.4 International Data Transfers

Where personal data is transferred outside Thailand, appropriate safeguards are implemented to ensure an adequate level of protection.

We do not sell personal data to third parties.

 

 

7. Data Retention

Personal data is retained only for as long as necessary for the purposes described in this Policy.

Typical retention periods include:

  • booking and accounting records: up to 10 years in accordance with tax laws

  • marketing data: until consent is withdrawn

  • CCTV recordings: typically 30 days, unless required for investigation

  • job applications: up to 12 months

After the applicable retention period expires, personal data is securely deleted or anonymised.

 

 

8. Your Rights as a Data Subject

Under applicable data protection laws, you may have the right to:

  • request access to your personal data

  • request correction of inaccurate information

  • request deletion of your personal data

  • request restriction of processing

  • object to certain types of processing

  • withdraw consent at any time

  • request data portability where technically feasible

Requests may be submitted to our Data Protection Officer.

We respond to verified requests within 30 days where possible.

 

 

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies.

  • Cookies are categorised as:
  • Strictly Necessary Cookies
  • Required for the basic operation of the website.
  • Functional Cookies
  • Enable enhanced website functionality and personalisation.
  • Analytics Cookies
  • Help us understand how visitors interact with our website.
  • Marketing Cookies

Used to deliver relevant promotional content and measure marketing effectiveness.

Users may manage cookie preferences through browser settings or our website’s cookie preference tool.

 

 

10. Security of Personal Data

We implement industry-standard technical and organisational measures including:

  • SSL/TLS encryption for data transmissions

  • PCI-DSS compliant payment processing

  • role-based access control systems

  • multi-factor authentication for internal systems

  • regular security audits and vulnerability testing

  • employee training on data protection practices

  • controlled physical access to sensitive systems

In the event of a data breach, appropriate notification procedures will be followed in accordance with applicable law.

 

 

11. Protection of Minors

Our services are not directed to children under 13 years of age without parental consent.

We do not knowingly collect personal data from children under 13 without verifiable parental permission.

For individuals under 20 years of age, consent may be required from a parent or guardian in accordance with the Thailand PDPA.

 

 

12. Third-Party Links and Integrations

Our website may include links to third-party services such as booking platforms or social media providers.

We are not responsible for the privacy practices of these third parties.

Users should review the privacy policies of external websites before submitting personal data.

 

 

13. Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects for individuals.

 

 

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or operational practices.

Updated versions will be published on our website with a revised effective date.

For significant changes, we will provide advance notice where possible.

 

 

15. Governing Law

This Privacy Policy is governed by the laws of the Kingdom of Thailand.

Any disputes arising in connection with this Policy shall fall under the jurisdiction of the courts of Thailand.

 

 

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:

Data Protection Officer

Rawai VIP Villas Co.,Ltd.

58/88 Moo 6, Soi Rouyphad, T. Rawai, A.Muang, Phuket, Thailand

Email: book@rawayanavillas.com

You also have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your personal data has been processed unlawfully.