This Personal Data Protection Policy (“PDPA Policy”) explains the manner in which your personal information collected from or provided by you is processed, disclosed and safeguarded by D’Rumah Bonda River View (“the Company”).
The Company is committed to ensuring your personal information is protected. The Company understands and appreciates you are concerned about your privacy and about the confidentiality and security of information we may collect about you. We pledge to fully
comply with the requirements of the Personal Data Protection Act 2010 (“PDPA”) which came into effect on 15th November 2013. The following discloses our information gathering and dissemination practices.

The Application of this PDPA Policy

This PDPA Policy applies to personal data and information in any form, whether electronic or written, regarding guests and other individuals who enters into transaction with us.

This PDPA Policy conveys our commitment to protect your personal information and has been adopted by all the hotel and resort properties owned, managed and/or operated by the Company or its affiliated or associated companies. References to “D’Rumah Bonda River View”, “we”, “our” and “us” hereinafter, depending on the context, collectively refer to the Company or its affiliated or associated companies.

Our collection of Personal Information

The term “personal data” in this PDPA Policy refers to personal information which is capable of identifying you as an individual. You can visit our website without providing any personal data or information. When we need to collect personal data from you to provide you with a particular service, we will ask you to voluntarily supply us with the information we need.
Personal data may be collected for purposes including but not limited to:

(i) fulfilling reservations or requests for information or services,
(ii) accommodating your personal preferences,
(iii) purchasing our products or services,
(iv) registering for our program memberships,
(v) submitting job applications; and/or
(vi) facilitating communications (“the Purpose”).

Types of Personal Information we collect

The types of personal data that we process include but not limited to:

• your name and address, contact information, Identity Card/Passport and Visa information;
• guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, observations about your service preferences, telephone numbers dialled and faxes and telephone messages received;
• your credit card details, CVC number, bank account details, email address, profile or password details and any frequent flyer or travel partner programme affiliation;
• any information necessary to fulfill special requests (for example, leisure, travel and guest preferences);
• your reviews and opinions about our services;
• Information derived from cookies (small text files placed on our computer which uniquely identify your browser the next time you visit this sitr, save where you disable cookies or otherwise manage them, or do not use any of the Company’s services which require cookies to be enabled.
• Information gathered automatically by our computer systems programmed to gather certain anonymous data to help us understand how this site is being used and how we can improve it. This automatically gathered data includes your computer’s IP or “Internet Protocol” address, browser type, browser language, the pages visited, previous or subsequent sites visited, length of user sessions, access status or conditions.
• Information shared with third party social media websites and services through our site (such as Facebook/Twitter) will be governed by their privacy policies. You may also be able to modify your privacy settings with these third party social media web sites.
• Information that is gathered through registration that you specifically give the Company.
• CCTV recording of you in our premises.

Our commitment to Data Security

To maintain the accuracy of your personal data, as well as preventing unauthorised access to and ensuring the correct use of your personal data, we have carried out appropriate physical, electronic and managerial measures to safeguard and secure the personal data we collect. These measures are subject to ongoing review and monitoring. Whilst we make every effort to protect your personal data, no security measures can guarantee that your personal data and information will not be subject to interference, misuse or hacking and we shall not be responsible for any loss, misuse or alteration arising as a result of such incidents.

How we use your information and whom we may disclose it to

The information that we collect about you is used to help you access the services or acquire the goods that the Company provides more easily. The Company will use reasonable endeavors to keep the information we collect from you confidential. We do not sell, rent, loan, trade or lease your personal data stored in our database to any third parties. We may disclose the personal information, other information or data we collect from you if:

• disclosure of information to our service providers, agents or business partners and affiliates that we work with in connection with our business;
• in circumstances where we believe that disclosure is required under the law, to cooperate with regulators or law enforcement authorities; or to enforce our Terms of Use or other agreements; or to protect our rights, property or safety of the Company, our customers or others. The foregoing includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk protection;
• In the event that the Company or substantially all of its assets are acquired by or merged with another, your personal information may become subject to a different privacy policy;
• The Company may contract with third parties who do analysis and development on our behalf. We may share your information with such a third party provided that such third party uses the information only to perform services as requested by the Company and agrees to maintain the information as strictly confidential.
• We may also use your information to send you promotional material, which you may find of interest. If you do not wish to receive any such material you may simply choose to “unsubscribe” from our mailing lists or inform our Personal Data Protection Officer in writing and no further material will be sent to you.

Rights of Access and Correction

You have the right to request to access and correct your Personal Data in our records (subject always to exemptions provided under the PDPA or other laws). We will make every endeavour to ensure that your personal information is accurate and up to date but you are responsible for informing us about changes in your Personal Data and for ensuring that such information is accurate and current.

You have the right to:

• request access and access to your Personal Data in our records for verification purposes;
• request the correction of your Personal Data in our records in the event the information is inaccurate, misleading, out-of-date or incomplete upon validation and verification of the new information;
• request that your Personal Data shall only be kept for the fulfilment of the purpose of the collection of such information;
• communicate to us your objection to the use of your Personal Data for marketing purposes; and
• withdraw, in full or in part, your given consent, subject to any applicable legal restrictions, contractual conditions and a reasonable time;

Storage of data

Any personal information that we collect about customers including email addresses will be kept in a database of the Company. The Company will take all steps reasonably necessary to ensure that the database is treated securely and in accordance with this Privacy Policy Statement, and to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data.