Customer Privacy Notice
This Privacy Notice (“Privacy Notice”) describes how our website address http://www.storyth.com which each is separately operated and liable for controlling and handling your personal data. We collect, use and disclose personal data of our individual customers, contact persons of our customers (in case of our corporate customers) and any person who we receive their personal data (“you” or “your”), and tells you of data protection rights.
This Privacy Notice (“Privacy Notice”) describes the privacy practices of www.storyth.com for data that we collect:
- from the entities within the http://www.storyth.com
- through websites operated by us from which you are accessing this Privacy Notice and other third party service providers (e.g. google analytic);
- when you contact us for any inquiry
- through any other form you communicate and interact with us (e.g., sales representative, customer service calls); and
- any other channels that may provide us with Personal Data.
The types of Personal Data we process
The term “Personal Data” in this Privacy Notice refers to any information which can be used to identify you as an individual, provided voluntarily when you connect with us by any means, whether oral, written or electronic, as listed below.
“Sensitive Data” means Personal Data classified by law as sensitive data. We will only collect, use, disclose and/or cross-border transfer Sensitive Data if we have received your explicit consent or as permitted by law.
The Personal Data we collect may include, but are not limited to, the following:
- Personal information, identification and contact information: such as your name-surname, title, gender, nationality, date of birth, address, telephone/mobile number, fax number, email address, education; workplace; household income; salary; insurance details; government-issued identification numbers and cards (e.g., national identification card, driver’s license information, tax identification), signature; house registration; immigration information, passport and visa information; postal address, delivery details, billing address, your contact person detail such as telephone number, contract data on other correspondence (e.g. written communication with you).
- Social media account: such as social media account ID and details provided on your social media accounts and sites;
- Technical Information: such as Internet Protocol (IP) address, cookies, media access control (MAC) address, log, device ID, device model and type, network, connection details, access details, access time and location, time spent on our page, login data, search history, browsing details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access our platform; website use, website traffic data;
- Profile details: such as your username and password, profile details and picture, service and purchase history, financial records, your interests, preferences, feedback and survey responses, satisfaction survey, social media engagement, participation details, your use of discount codes and promotions, customer order description, customer service, attendance to events, trade exhibitions, litigation, testing, and trials;
- Marketing preferences: such as information you provide or in the course of participating in our events, surveys, contests or promotional offers;
- Other relevant information: such as company registration information (for corporate customers), police station reports for retails space customers; Personal Data generated in connection with your relationship with us; signatures, and your correspondence with us;
- Sensitive data: such as Health information (e.g. allergies); disability information (e.g., hearing, mobility, visual, or wheelchair needs); Sensitive data from official identification documents (such as religion, race and ethnicity); religion.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We will only collect, use, and/or disclose your Sensitive Data if we have received your explicit consent or ;as permitted by law.
If you submit any Personal Data about other people to us or our service providers such as when you make a reservation for another individual, please provide this Privacy Notice for their acknowledgement and/or obtaining consents where applicable for us.
- Why we collect, use and/or disclose your Personal Data
Except in limited instances when we indicate that certain information is based on your consent, we collect use, and/or disclose your Personal Data on the legal basis of (1) contractual basis, for performance of activity in relation to the our business relationship; (2) legal obligation, for fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties, proportionate to your interest and fundamental rights and freedoms to the protection of your Personal Data; (4) vital interest, for the prevention or suppression of danger to a person’s life, body, or health; (5) public interest, for the performance of task carried out in the public interest or for exercising of official authorities or duties; and/or (6) the reason for an establishment and defenses of legal claims in the future.
2.1 Purpose for which consent is required
We rely on your consent to:
- Marketing and Communications: To provide marketing, communications, sales, special offers, promotions, notices, news, and information about the products and services from us, our affiliates and subsidiaries under www.storyth.com, and the third parties which we cannot rely on other legal grounds
- Sensitive data: To collect, use, disclose and/or transfer your Sensitive Data for the following purposes:
- Health information (e.g. allergies): to provide the appropriate accommodations and services to our hotel guests/customers (e.g. to prevent dust or food allergies) and for the guest/customer’s record management purposes;
- Disability information (e.g., hearing, mobility, visual, or wheelchair needs): to provide the appropriate accommodations and services to our hotel guests/customers and or the guest/customer’s record management purposes;
- Sensitive data from official identification documents (such as religion, race and ethnicity): for authentication and verification purposes;
- Religion: to provide accommodations and services to our hotel guests/customers and for the guest/customer’s record management purposes;
- Biometric information (e.g. facial recognition): for security and crime prevention purposes;
Where legal basis is consent, you have the right to withdraw your consent at any time. This can be done so, by contacting our Data Protection Officer via email : email@example.com. The withdrawal of consent will not affect the lawfulness of the collection, use, and disclosure of your Personal Data and Sensitive Data based on your consent before it was withdrawn.
2.2 Purpose for which we rely on other legal grounds
We may collect, use and disclose your Personal Data for the following purposes:
- Providing the services you request, such as whether they are services provided at any of our hotels or retail spaces. This includes: facilitating guest reservations, guaranteeing and confirming your reservation and stay, verifying your identity, answering customer service requests and inquiries, processing for quotation, billing, invoicing, refunds and payment details, personalizing our services according to your preferences, entering into a lease agreement for our retails space customers, and conducting activities related thereto; refund and exchange of products or services; to operate, track, monitor, and manage our sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and platform; improve layout, and content of our sites and platform.
- Marketing and Communications, such as to provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, our affiliates and subsidiaries under www.storyth.com which meet your legitimate interests or in accordance with preferences you have expressed directly or indirectly;
- Monitoring and ensuring customer satisfaction, such as improving our services, sending customer satisfaction and quality assurance surveys and adjusting operations based on customer preferences;
- To improve business operations, products, and services: such as to determine business operations efficiency; to improve business performance; to assess and evaluate the service we provide to you in order to improve our services and operations; to recommend products and services that might be of interest to you, identify your preferences and personalize your experience; to create aggregated and anonymized reports; to measure the performance of marketing campaigns; to learn more about you, the products and services you receive and other products and services you may be interested in receiving; to measure your engagement with the products and services, undertake data analytics, data profiling, market research, assessments, behavior, statistics and segmentation, consumption trends and patterns; profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use from us, how you like to be contacted.
- Security, system monitoring, and IT Management; such as to authenticate and verify a person; to ensure safety and security of all our customers, employees and visitors to our hotels and retail space properties;to implement access controls and logs where applicable; to monitor system, devices and internet; and to ensure IT security; for our business management purpose including for our IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
- Other business purposes, such as granting access to our hotels and properties, processing lost and found requests, record-keeping and updating and information sharing, collecting data on parking, conducting market research and analysis, and operating/expanding our business activities;
- Enforcement and defense of our legal rights and claims; such as to solve disputes; dispute handling; to enforce our contracts; and establish, exercise or defend of legal claims;
- To protect our interests, to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;
- Conforming to our legal and regulatory obligations, such as to comply with legal obligations, including record-keeping, sending daily reports, and registration of hotel customers as required by law; to comply with legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders; issue tax invoices or full tax forms; conduct VAT refunds record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime.
Where we need to collect, use, and disclose your Personal Data as required by law, or for performance of a contract with you and you fail to provide that Personal Data to us, we may not be able to perform the contract we have or are trying to enter into with you.
Where consent is required for certain activities of collection, use or disclosure of your personal data, we will request and obtain your consent for such activities separately.
- Disclosures of your Personal Data
We may transfer or disclose your Personal Data to the following:
- Other third parties. We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to our service providers, or third-party suppliers, or business partners including, but not limited to (1) infrastructure, internet, infrastructure technical, software, website developer and IT service providers; (2) data storage and cloud service providers; (3) telecommunications and communication service providers; (4) storage and logistics service providers; (5) payment service providers; (6) research agencies; (7) analytics service providers; (8) survey agencies; (9) auditors; (10) marketing, advertising media, and communications agencies; (11) call centers; (12) campaign and event organizers; (13) sale representative agencies; (14) travel agencies and reservations agencies; (15) insurance company; (16) banks, financial institutions, payment, payment system, and authentication service providers and agents; (17) outsourced administrative service providers; and/or (18) healthcare providers or hospitals;
- Professional advisors. This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims;
- Courts, government authorities and regulatory agencies (e.g., Immigration Bureau, Department Of Provincial Administration, police) in order to respond to subpoenas, court orders, or legal processes and to comply with existing requirements under law and regulation, or to exercise our legal rights when we find that your actions violate our terms and conditions, or our hotel policies for specific products and or services;
- Third parties as our assignee of rights and/or obligations, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction.
Some of the recipients we may share your Personal Data with may be located outside Thailand which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. In such case, we ensure appropriate safeguards in place, and oblige the recipients to protect your Personal Data in accordance with this Privacy Notice and as allowed by applicable law using appropriate security measures. We will request your consent where consent to cross-border transfer is required by law.
- Retention and protection of Personal Data
Subject to applicable data laws, we will retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, and internal requirements. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.
- Your rights and a data subject
Subject to the applicable conditions under the Thai Personal Data Protection Act B.E. 2562, you have the right to:
- The right to access your Personal Data. This also enables you to receive a copy of the Personal Data we hold about you and to check on how we acquire certain Personal Data without your consent;
- The right to port your Personal Data to another party. This means to receive copies of your Personal Data in an electronic format and/or ask us to transfer it to another party;
- The right to object to the collection, use and disclosure of your Personal Data for certain cases, including when we use your Personal Data for direct marketing purposes;
- The right to delete, destroy or anonymize your Personal Data. This enables you to ask us to delete, destroy or anonymize Personal Data where there is no valid ground for us to continue the collection, use and disclosure of such Personal Data;
- The right to restrict the use of your Personal Data. This enables you to ask us to suspend the collection, use and disclosure of your Personal Data;
- The right to rectify the Personal Data we hold about you. This enables you to have any inaccurate, outdated, incomplete, and misleading Personal Data we hold about you rectified;
- The right to make a complaint to a competent authority under the applicable data protection law; and
- The right to withdraw your consent at any time where we collect, use and disclose your Personal Data based on your consent. This will not affect the lawfulness of the processing based on consent before the withdrawal.
- Links to other sites
This website may contain links to unaffiliated third party websites. Except as set forth herein, we do not share your Personal Data with them, and are not responsible for their privacy practices. We suggest you read ;the privacy notices on all such third party websites.
- Changes to this Notice
We may amend this Notice from time to time. Where applicable, we may notify you when material changes have been made to this Notice by means we deem appropriate. We recommend that you periodically revisit or keep track of this Notice to learn of any changes.
- Contact details for concerns / questions
Should you have any questions or concerns regarding this Privacy Notice, or if you would like to exercise your rights as a data subject, please feel free to contact us through the following details: firstname.lastname@example.org