Privacy Policy - Mandarava Resort and Spa
Reservations
Arrival date
Departure date
Adult(s)
Children

Privacy Policy

Privacy Policy for Customer

Karon Novelty Co.,Ltd recognizes the importance of the protection of your personal data. This Privacy
Policy explains our practices regarding the collection, use or disclosure of personal data including other
rights ofthe Data Subjects in accordance with the Personal Data Protection Laws.

Types of Data Collected

Personal data such as name, surname, age, date of birth, nationality, identification card, passport, etc.

Contact information such as address, telephone number, e-mail address, etc.

Account details such as username, password, transactions history, etc.

Proof of identity such as copy of identification card, copy of passport, etc.

Transaction and Financial information such as purchase history, credit card details, bank account, etc.

Technical data such as IP address, Cookie ID, Activity Log, etc.

Health information such as medical allergies and food allergies.

Marketing and communications information such as your preferences regarding receiving marketing
information from us, our affiliates, subsidiaries and business partners as well as outsiders and desired
communication style.

Information collected through closed circuit TV systems or various security systems

Any information that forms your profile in order to help fulfill your special request.

Other such as photo, video, and other information that is considered personal data under the Personal Data
Protection Laws.

Children

If you are under the age of 20 or having legal restrictions, we may collect use or disclose your personal data.
We require your parents or guardian to be aware and provide consent to us or allowed by applicable laws. If
we become aware that we have collected personal data from children without verification of parental
consent, we take stepsto remove that information from ourservers.

Storage of Data

We store your personal data as hard copy and soft copy.

We store your personal data by using the following

  • systems: Our server inside and outside of Thailand

Purpose and Use of Data

We use the collected data for various purposes

  • To create and manage accounts
  • To provide products or services
  • To improve products, services, or user experiences
  • To share andmanage information within organization
  • To conduct marketing activities and promotions
  • To provide after-sales services To gather user’s feedback
  • To process payments of products orservices
  • To market and communicate, by being able to provide special promotional offers and other information
    about products and services.
  • To comply with our Terms and Conditions
  • To comply with laws, rules, and regulatory authorities
  • To prevent or suppress a danger to a person’s life, body or health.

Disclosure of Personal Data

We may disclose your personal data to the following parties in certain circumstances:

Organization

We may disclose your personal data within our organization to provide and develop our products or
services. We may combine information internally across the different products or services covered by this
Privacy Policy to help us be more relevant and useful to you and others.

Information collected by companies related to you will be kept secure with The company collecting your

information by:

  • We will notify the owner when the company collects or request the use of that information.
  • You have the ability to choose to receive or unsubscribe from us at any time.

Data Retention

We will retain your personal data for as long as necessary during the period you are a customer or under
relationship with us, or for as long as necessary in connection with the purposes set out in this Privacy
Policy, unless law requires or permits a longer retention period. We will erase, destroy or anonymize your
personal data when it is no longer necessary or when the period lapses.

Data Subject Rights

Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the
following:

Withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data
whether before or after the effective date of the Personal Data Protection Laws, you have the right to
withdraw such consent at any time throughout the period your personal data available to us, unless it is
restricted by laws or you are still under beneficialcontract.

Data access: You have the rightto access your personal data thatis under ourresponsibility;to request usto
make a copy ofsuch data for you; and to request usto reveal asto how we obtain your personal data.

Data portability: You have the right to obtain your personal data if we organize such personal data in
automatic machine-readable or usable format and can be processed or disclosed by automatic means; to
request usto send or transfer the personal data in such format directly to other data controllers if doable
by automatic means; and to request to obtain the personal data in such format sent or transferred by us
directly to other data controller unless not technically feasible.

Objection: You have the right to object to collection, use or disclosure of your personal data at any time if
such doing is conducted for legitimate interests of us, corporation or individual which is within your
reasonable expectation; or for carrying out public tasks.

Data erasure or destruction: You have the right to request usto erase, destroy or anonymize your personal
data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or
retention of the data by us is no longer necessary in connection with related purposes under this Privacy
Policy; or when you request to withdraw your consent or to object to the processing as earlier described.

Suspension: You have the right to request us to suspend processing your personal data during the period
where we examine your rectification or objection request; or when it is no longer necessary and we must
erase or destroy your personal data pursuant to relevant laws but you instead request us to suspend the
processing.

Rectification: You have the right to rectify your personal data to be updated, complete and not
misleading.

Complaint lodging: You have the right to complain to competent authorities pursuant to relevant lawsif you
believe that the collection, use or disclosure of your personal data is violating or not in compliance with
relevant laws.

You can exercise these rights as the Data Subject by contacting our Data Protection Officer as mentioned
below.

We will notify the result of your request within 30 days upon receipt ofsuch request. If we deny the request,
we will inform you of the reason via SMS, email address, telephone, registered mail (if applicable).

Advertising and Marketing

We may send certain information or newsletterfor the purpose of utilizing your preference via your email. If
you no longer want to receive the communications from us, you can click the “unsubscribe” link in the email
or contact us through our email.

Cookies

To enrich and perfect your experience, we use cookies or similar technologies to display personalized
content, appropriate advertising and store your preferences on your computer. We use cookies to identify
and track visitors, their usage of our website and their website access preferences. If you do not wish to have
cookies placed on your computer you should set their browsersto refuse cookies before using our website.

Data Security

We endeavor to protect your personal data by establishing security measures in accordance with the
principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access,
destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical
safeguard and access controls.

Data Breach Notification

We will notify the Office of the Personal Data Protection Committee without delay and, where feasible,
within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a
risk to the rights and freedoms of you. If the personal data breach islikely to result in a high risk to the rights
and freedoms of you, we will also notify the personal data breach and the remedial measures to you
without delay through our website, SMS, email address, telephone or registered mail (if applicable).

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. Any changes ofthis Privacy Policy, we encourage you to
frequently check on ourwebsite.

This Privacy Policy was last updated and effective on 6th July 2022

Links to Other Sites

The purpose of this Privacy Policy is to offer products or services and use of our website. Any websites from
other domains found on oursite issubject to their privacy policy which is not related to us.

Contact Information

If you have any questions about this Privacy Policy or would like to exercise your rights, you can contact us
by using the followingdetails:

Data Controller
Karon novelty co., ltd
14/2 Soi Patak 24 Karon Beach Phuket 83100
it@mandaravaresort.com
www.mandaravaresort.com
Telephone: 076681800

Data Protection Officer
Mandarava Resort Team
14/2 Soi Patak 24 Karon Beach Phuket 83100
it@mandaravaresort.com