โรงแรมสวิสโซเทล กรุงเทพ รัชดา - โรงแรมหรู - Data-Privacy

Customer privacy protection policy

June 1, 2022
Swissotel Bangkok Ratchada (“We,” “Us,” “Our”) has a measure to protecting your Personal Data. We shall ensure you that your Personal Data is handled in accordance with the Personal Data Protection Act B.E. 2562 (2019) in Thailand (“Thai PDPA”) and other applicable laws.

1. THE ACCOR GROUP’S COMMITMENT TO PROTECTING PRIVACY
We consider you an important customer. Our first priority is to offer you exceptional stays and experiences throughout the world.
Your complete satisfaction and confidence in Accoris absolutely essential to us.
That’s why, as part of our commitment to meeting your expectations, we have set up (and we had a privacy policy before the much anticipated GDPR – General Data Protection Regulation ;-)) a customer personal data protection charter. This charter formalizes our commitments to you and describes how the AccorGroup uses your personal data.

2. SCOPE OF APPLICATION
In this charter, “AccorGroup” means:

• Accor SA, the AccorGroup parent company, with registered offices at 82 rue Henri Farman, 92130 Issy-les-Moulineaux, France;
• Subsidiary or “family” companies of Accor SA involved in the hotel businesses of the AccorGroup; and
• hotels operated under one of the AccorGroup brands throughout the world (Raffles, Sofitel Legend, Fairmont, SO/, Sofitel, onefinestay, Rixos, MGallery, Pullman, Swissôtel, 25hours Hotels, Novotel, Mercure, Mama Shelter, Adagio, JO&JOE, ibis, ibis Styles, ibis budget, Grand Mercure, The Sebel and hotelF1). This list of brands is regularly updated and can be viewed on accor.com.

Good to know!
You probably don’t know this, but the hotel you are booked to stay in is probably not owned by Accor SA or one of its family of companies. Most Accorbranded hotels are operated under a franchise or management agreement between the hotel’s owner and Accor SA (or one of its subsidiaries across the world).
This is why, when staying in one of these hotels, your personal data will be dealt with by Accor SA and the hotel, both acting as Data Controllers for their own, separate, purposes. In summary:

• Accor SA will process your data because it manages a central booking engine, which allows Accor SA to collect the data necessary to organise your stay in hotels under an Accorbrand and to communicate this data to the concerned hotels. Accor SA also manages a global database of clients who stay in hotels under an Accorbrand. With the help of its subsidiary PRO-FID SAS, Accor SA also manages the Le Club Accor loyalty programme;
• Each hotel will process your data to manage its contractual relationship with you (invoicing, payment, booking management etc.), to perform marketing activities and to comply with its legal obligations.

Accor SA has communicated the principles set out in this charter to all of the Accorbranded hotels and their respective owners. We will do our upmost to ensure that all hotels comply with the applicable data protection laws and this charter in relation to the processing of your personal data.

3. ACCOR’ TEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA
In accordance with applicable regulations, in particular the European General Data Protection Regulation, we have instituted the following ten principles throughout the AccorGroup:

1. Lawfulness: We use personal data only if:
   • we obtain the consent of the person, OR
   • it is necessary to do so for the performance of a contract to which the person is a party, OR
   • it is necessary for compliance with a legal obligation, OR
   • it is necessary in order to protect the vital interests of the person, OR
   • we have a legitimate interest in using personal data and our usage does not adversely affect the persons’ rights
2. Fairness: We can explain why we need the personal data we collect.
3. Purpose limitation and data minimisation: We only use personal data that we really need. If the result can be achieved with less personal data, then we make sure we use the minimum data required.
4. Transparency: We inform people about the way we use their personal data
5. We facilitate the exercise of the people’s rights: access to their personal data, rectification and erasure of their personal data and the right to object to the use of their personal data
6. Storage limitation: We retain personal data for a limited period
7. We ensure the security of personal data, i.e. its integrity and confidentiality.
8. If a third party uses personal data, we make sure it has the capacity to protect that personal data.
9. If personal data is transferred outside Europe, we ensure this transfer is covered by specific legal tools.
10. If personal data is compromised (lost, stolen, damaged, unavailable…), we notify such breaches to the respective country’s responsible authority and to the person concerned, if the breach is likely to cause a high-risk in respect of the rights and freedoms of this person.

For any questions concerning the ten principles of Accordata protection policies, please contact the Data Privacy department whose details appear in the clause “Your rights”.

4. WHAT PERSONAL DATA IS COLLECTED?
At various times, we may collect information about you and/or the persons accompanying you, including the following:

• Contact details (for example, last name, first name, telephone number, email)
• Personal information (for example, date of birth, nationality)
• Information relating to your children (for example, first name, date of birth, age)
• Your credit card number (for transaction and reservation purposes)
• Information contained on a form of identification (such as ID card, passport or driver licence)
• Your membership number for the Accor loyalty program or another partner program (for example, an airline loyalty programme) and information related to your activities within the context of the loyalty program
• Your arrival and departure dates
• Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests, food and beverages preferences, etc.)
• Your questions/comments, during or following a stay in one of our Accorbranded establishments
• Technical and location data you generate as a result of using our websites and applications.

The information collected in relation to persons under 16 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet). If such data is sent, you can contact the Data Privacy department (see clause “Your rights” below) to arrange for this information to be deleted.

In order to meet your requirements or provide you with a specific service (such as dietary requirements), we may have to collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health or sexual orientation. In this case, we will only process this data if you provide your express prior consent.

5.WHEN IS YOUR PERSONAL DATA COLLECTED?
Personal data may be collected on a variety of occasions, including:

1. Hotel activities:
   • Booking a room
   • Checking-in and paying
   • Hotel stays and services provided during a stay
   • Eating/drinking at the hotel bar or restaurant during a stay
   • Requests, complaints and/or disputes.
2. Participation in marketing programs or events:
   • Signing up for loyalty programs
   • Participation in customer surveys (for example, the Guest Satisfaction Survey)
   • Online games or competitions
   • Subscription to newsletters, in order to receive offers and promotions via email.
3. Transmission of information from third parties:
   • Tour operators, travel agencies (online or not), GDS reservation systems and others
4. Internet activities:
   • Connection to Accorwebsites (IP address, cookies in accordance with our Policy about the use of tracers)
   • Online forms (online reservation, questionnaires, Accorpages on social networks, social networks login devices such as Facebook login, conversations with chatbot, etc.).

6. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?

We collect your personal data for the purposes of:

1. Meeting our obligations to our customers.
2. Managing the reservation of rooms and accommodation requests:
   • Creation and storage of legal documents in compliance with accounting standards.
3. Managing your stay at the hotel:
   • Monitoring your use of services (telephone, bar, pay TV etc.)
   • Managing access to rooms
   • Internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).
4. Improving our hotel service, especially:
   • Processing your personal data in our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes
   • Adapting our products and services to better meet your requirements
   • Customizing commercial offers and the promotional messages we send to you
   • Informing you of special offers and any new services created by Accor S.A. or one of its subsidiaries.
5. Managing our relationship with customers before, during and after your stay:
   • Managing the loyalty program
   • Providing details for the customer database
   • Segmentation operations based on reservation history and customer travel preferences with a view to sending targeted communications
   • Predicting and anticipating future behaviors
   • Developing statistics and commercial scores, and carrying out reporting
   • Providing context data for the offer push tool when a customer visits a Group website or makes a reservation
   • Knowing and managing the preferences of new or repeat customers
   • Sending you newsletters, promotions and tourist, hotel or service offers, or offers from Accor S.A. partners, or contacting you by telephone
   • Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys
   • Taking into account the right to object
   • Using a dedicated telephone service to search for persons staying in AccorHotels Group hotels in the event of serious events affecting the hotel in question (natural disasters, terrorist attacks etc.).
6. Use a trusted third party to cross-check, analyze and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your customer profile, and to allow us to send you personalized offers.
7. Improving Accor S.A. services, especially:
   • Carrying out surveys and analyses of questionnaires and customer comments
   • Managing claims/complaints
   • Offering you the benefits of our loyalty program.
8. Securing and enhancing your use of Accor S.A. websites, especially:
   • Improving navigation
   • Implementing security and fraud prevention.
9. Conforming to local legislation (for example, storing of accounting documents).

7. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA
The AccorGroup operates in many countries and we endeavour to provide you with the same services throughout the world. Thus, we have to share your personal data with internal and external recipients subject to the following conditions:
In particular, the data related to your stays, preferences, satisfaction and, if the case may be, your loyalty program membership are shared between the hotels operating under the AccorGroup brands. This data is used to improve the quality of service and your experience in each of these hotels. In this context, your data is processed jointly by Accor SA and these hotels. In order to pursue this legitimate interest, whilst safeguarding your rights and liberties, a specific joint controllership agreement describes the obligations and responsibilities of Accor SA and these hotels. You may, at any time, object to the sharing of this data between the hotels and Accor SA by contacting the Data Privacy department whose details appear in the clause “Your rights”. You can also request a summary of the key points of the joint controllership agreement.

1. We share your data with a number of authorised people and departments in the AccorGroup in order to offer you the best experience in our hotels. The following teams may have access to your data:
   • Hotel staff
   • Reservation staff using Accorreservation tools
   • IT departments
   • Commercial partners and marketing services
   • Medical services if applicable
   • Legal services if applicable
   • Generally, any appropriate person within AccorGroup entities for certain specific categories of personal data.
2. With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:
   • External service providers: IT sub-contractors, international call centres, banks, credit card issuers, external lawyers, dispatchers, printers.
   • Commercial partners: Accor SA may, unless you specify otherwise to the Data Privacy department, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyse and combine your data. This data processing will allow Accor SA and its privileged contractual partners to determine your interests and customer profile to allow us to send you personalized offers.
   • Social networking sites: In order to allow you to be identified on the Accorwebsite without the need to fill out a registration form, Accor SA has put in place a social network login system. If you log in using the social network login system, you explicitly authorize Accor SA to access and store the public data on your social network account (e.g. Facebook, LinkedIn, Google, Instagram…), as well as other data stated during use of such social network login system. Accor SA may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.
3. With local authorities: We may be obliged to send your information to local authorities if this is required by law or as part of an inquiry. We will ensure that any such transfer is carried out in accordance with local regulations.

8. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS
For the purposes set out in clause 6 of this charter, we may transfer your personal data to internal or external recipients who may be in countries or regions offering different levels of personal data protection.

Consequently, in addition to implementation of this charter, Accor employs appropriate measures to ensure secure transfer of your personal data to an Accor entity or to an external recipient located in a country or region offering a different level of privacy from that in the country or region where the personal data was collected.

Your data may be sent, in particular as part of the reservation process, to Accorhotels located outside of the European Union, in particular in the following countries/regions: South Africa, Algeria, Andorra, Angola, Saudi Arabia, Argentina, Australia, Bahrain, Benin, Brazil, Cambodia, Cameroon, Canada, Chile, China (including Taiwan Region, Hong Kong Special Administrative Region and Macau Special Administrative Region), Colombia, South Korea, Ivory Coast, Cuba, Egypt, United Arab Emirates, Ecuador, United States of America, Fiji, Ghana, Guatemala, Equatorial Guinea, India, Indonesia, Israel, Japan, Jordan, Kuwait, Laos, Lebanon, Madagascar, Malaysia, Morocco, Mauritius, Mexico, Monaco, Myanmar, Nigeria, New Zealand, Oman, Uzbekistan, Panama, Paraguay, Peru, Philippines, Qatar, Democratic Republic of Congo, Dominican Republic, Russia, Senegal, Singapore, Switzerland, Chad, Thailand, Togo, Tunisia, Turkmenistan, Turkey, Ukraine, Uruguay, Vietnam, Yemen.

Other than those that are required to carry out your reservation, data transfers to countries having different levels of personal data protection, are regulated by standard contractual clauses defined by the European Commission.

9. DATA SECURITY
Accor SA takes appropriate technical and organizational measures, in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing.

10. COOKIES
Accor SA uses cookies and other tracking technologies on its websites. To find out more about how Accor uses these trackers and how to configure them, please consult our policy on trackers using the “Cookies” link at the bottom of our web pages.

11. YOUR RIGHTS
You have the right to obtain information about and access your personal data collected by Accor SA, subject to applicable legal provisions. Also you have the right to have your personal data rectified, erased or have the processing of it restricted. Furthermore you have the right to data portability and to issue instructions on how your data is to be treated after your death (hopefully as late as possible!). You can also object to the processing of your personal data, in particular to the sharing of the data related to your stays, preferences and satisfaction between the hotels operating under the AccorGroup brands.
In the event that you wish to exercise any of your above rights, please contact the Data Privacy department for the AccorGroup directly by sending an email to data.privacy@accor.com or by writing to the address below:
Accor
Département Protection des Données Personnelles (Data Privacy Department)
82, rue Henri Farman -ACC 1208
CS 20077
92445 Issy-les-Moulineaux – FRANCE

For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document is sufficient.

All requests will receive a response as swiftly as possible.
You may also exercise your rights in respect of your personal data that is stored and processed by a hotel as a data controller. To do this, you must contact the hotel directly. You will find all necessary information to contact a hotel on all.accor.com. If you need any assistance, please contact AccorData Privacy Department by writing to data.privacy@accor.com or to the above postal address.

You also have the right to lodge a complaint with a data protection authority. For your information,
You can contact Accordata protection officer by writing to accorhotels.dpo(at)accor.com or to the above postal address.
If you are in Australia or New Zealand and have a complaint about how we collect, hold, use or disclose your personal data, you can also contact privacy.au@accor.com.

12. UPDATES
We may modify this charter from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at one of our hotels.

13. QUESTIONS AND CONTACTS
For any questions concerning The Accor Group’s personal data protection policy, please contact the Data Privacy department (See clause “Your rights”).