Personal Data Protection Policy
Effective as of [•] September 2015
SECURITY AND CONFIDENTIALLY
At Noku and/or Roxy Hotels Management (“Noku Roxy”), we strive to earn your trust by ensuring that we will take reasonable measures to ensure that your Personal Data is protected in compliance with the Singapore Personal Data Protection Act 2012 (No. 26 of 2012). “Personal Data” in this Data Protection Policy (“Policy”) refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access. We promise to ensure that your Personal Data is used responsibly during the enquiry and reservation process to deliver services and products at a standard that will exceed your expectations. This Policy will apply in our overseas affiliates with the exception that should the local laws be more restrictive, the local privacy laws shall apply.
This Policy will state the information we are collecting, using and disclosing in order to provide services and products to our guests as well as improvements to guest experiences and provide updates on new promotions, services and products offered by us and/or our affiliates and partners.
By accessing and entering this site, you agree to the terms set forth in this Policy. Please read this Data Protection Policy so you will understand the purposes for which your Personal Data will be collected, used and/or disclosed by us.
By engaging any of our services, using or purchasing our products, renting or using our hotel facilities and providing any Personal Data to us for engagement of our services, you will be deemed to have agreed to and provided consent to the collection, use and disclosure of your Personal Data for the purposes which will be required to fulfil such engagement of services and rental of hotel facilities by us and our affiliates and partners, including the purposes stated in the paragraphs below at “The Purpose of Collecting and Using Personal Data”.
WITHDRAWAL OF CONSENT AND UNSUBSCRIPTION
You can withdraw your consent to any or all use or disclosure of your Personal Data, or unsubscribe to our email service, at any time by submitting a request with reasonable notice containing details of your Personal Data stored with us to: DPO@nokuroxy.com. We will endeavour to respond to your request within a reasonable timeframe.
Depending on the nature of your request, we may not be able to continue to provide our services, products and/or hotel facilities.
THE PURPOSE OF COLLECTING AND USING PERSONAL DATA
Type of Personal Data
The information we may collect from you include the following:
- NRIC/FIN/Passport Number
- Date of birth
- Email Address
- Telephone/Fax numbers
- Home/Work address
- Credit card information
- Preferred room types
- Dining preferences
- Dietary requirements
During your interactions with us, we may have notified you of any other purposes for which we will collect, use or disclose your Personal Data, and had sought your consent to such purposes in relation to specific products and services offered by us. We will only collect and use any Personal Data for the purposes which you have consented to. If we intend to use your Personal Data for any specified purpose which you have not previously consented to, we will seek and obtain your further consent to using your Personal Data for that specified purpose.
Purpose for Data Collection and Use
We will collect, use or disclose your Personal Data for the following purposes:
- To manage the administration and business operations of Noku Roxy;
- To provide hotel products, services and rental of hotel rooms and facilities to our guests;
- To respond to enquiries, requests and feedback from our guests;
- To process, complete and guarantee hotel bookings, reservations and any billings you make with us;
- To obtain feedback, analysis and reviews from you for the purpose of obtaining market research on our products and services;
- To organise hotel, social or corporate events with other external organisations for the benefit of Noku Roxy;
- To provide statistical, financial, performance and marketing analysis for internal use within Noku Roxy, as part of our ongoing effort to improve our service; and
- To comply with any applicable law, regulation, notice, direction and guideline as issued by any government or regulatory authorities in Singapore.
Other Purposes for Data Collection and Use
We will collect, use or disclose your Personal Data for the purposes of evaluating applications for employment and attachments with us.
NEW PROMOTIONS, PRODUCTS AND SERVICES
Where you have specifically provided us with additional consents, we will collect, use or disclose your Personal Data for the purposes of marketing of products and services as offered by us, any of our business affiliates and partners, and for any other specified purposes such as:
- promotions relating to hotel room packages, hotel products, business and recreational facilities and services;
- promotions relating to retail restaurants, food and beverage; and
- promotions and invitations relating to hotel events, social or corporate events, special offers, external arrangements for loyalty and reward programmes and travel partner programmes.
If you have provided your telephone or fax number(s) or email to us and have indicated to us that you consent to receiving marketing or promotional information via your telephone or fax number(s) or email, we will from time to time, contact you via your telephone number(s) or email with information about our promotions, products and services through voice calls, SMS, fax, email or other means.
DISCLOSE, USE AND COLLECTION OF YOUR PERSONAL DATA
We do not sell Personal Data that we collect from individuals. In the course of or in relation to our provision of business, products and services to our guests, we may disclose and transfer Personal Data to our affiliates, partners and service providers for the purposes of managing the administration and business operations of our hotel for all business and legal purposes.
We require that any party to whom we transfer Personal Data to implements adequate levels of protection to protect Personal Data transferred to them. Such parties are only allowed to process Personal Data strictly for the purposes for which we have specified and for the purposes in which we have stated above in the paragraphs under “The Purpose of Collecting and Using Personal Data”, or in accordance with any other purposes for we have obtained consent for.
We may disclose your information to affiliates and partners when we have obtained your prior consent;
- for the purpose of providing any products or services, subject to sharing or disclosure of Personal Data;
- for the purposes of fulfilling any contractual obligations with third party service providers under contract with us, that may require Personal Data for the purposes of providing any transactional or management services;
- when we are required to protect against any fraudulent activities and credit risks;
- when we are required to do so for any legal, investigation, or enforcement purposes, or by any government or regulatory authorities in Singapore.
OVERSEAS TRANSFERS OF PERSONAL DATA
We may transfer any Personal Data stored on our systems to any data centres, affiliates, partners or service providers in any other countries outside of the country we are located at.
Where we have obtained or you have specifically provided us with additional consents to the transfer of your Personal Data overseas, we will collect, use or disclose your Personal Data only for the purposes of transferring your Personal Data overseas.
Service providers and our affiliates and partners that receive your data will be required to comply with the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) and the local laws on privacy and data protection in their jurisdiction to ensure that your Personal Data is securely protected while such Personal Data remains in their possession or under their control. We will only transfer Personal Data to affiliates and partners in countries where the laws of the country to which the personal data is transferred provides a standard of protection that is comparable to the provision under the Personal Data Protection Act 2012 (No. 26 of 2012).
PERSONAL DATA SUBMITTED BY INDIVIDUALS
Your Personal Data may have been personally provided to us by you, or by other individuals authorized by you with your consent to provide the Personal Data to us on your behalf, which will constitute consent to our collection, use and disclosure of your Personal Data from these individuals. These individuals include, inter alia, your superiors, colleagues, subordinates, agents and your family members.
Prior to any collection, use and disclosure of your Personal Data, we will notify the individuals responsible to inform him of the purposes for which your Personal Data will be collected, used and disclosed.
ACCESS, CORRECTION AND RETENTION OF PERSONAL DATA
You can access or update your Personal Data, by providing us with details of your current Personal Data, so that we can retrieve your Personal Data and verify the authenticity of the request. You can send a request to us via email only to: DPO@nokuroxy.com. Any such request may be subject to an administration fee.
We may be required to store Personal Data for any reasonable period for the purposes of providing a comfortable and enjoyable guest experience for the customer.
Any Personal Data collected by us on our website or by other means will be stored in a secure environment on a secure database or server, with security adequate protection against external threats, unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Any Personal Data provided to us will be encrypted and protected with industry standard SSL (secure socket layer) communication protocol.
We endeavour to provide reasonable security arrangements to protect personal data under our possession or control, and we have implemented guidelines and internal policies for our staff to safeguard the security of the IT and Operational systems for your Personal Data. However, we cannot guarantee the security of information transmitted over the internet to us.
Our website may contain “cookies” or similar technology. A cookie is a piece of unique data which will be sent to your computer hard drive or mobile devices when you visit our website, if your browser is enabled to accept cookies. The cookie will not reveal your Personal Data or identity, but will be able to identify you and any of your previous preferences, the frequency of use, and your preferred sites when you visit our website again. Information collected with these cookies is used to assist us in analysing the use of our websites to help us improve our service.
Cookies can be disabled, blocked or erased via your internet browser settings. However, this may disrupt, delay or affect some services and portions of our website, make it difficult to browse or make bookings via our website.
We will not be responsible for any cookies in third party sites and services.
SECURITY MEASURES IN THE EVENT OF A BREACH
In the event of a data breach, we will notify individuals whose personal data have been compromised via email or telephone.
Individuals will be provided with the following details:
- how and when the data breach occurred;
- the types of personal data involved in the data breach;
- what we have done or will be doing in response to the risks brought about by the data breach;
- specific facts on the data breach where applicable, and actions individuals can take to prevent that data from being misused or abused; and
- contact details and how affected individuals can reach the organisation for further information or assistance.
Individuals are encouraged to take preventive measures to reduce the impact of the data breach as well.
In certain situations, we will be contacting the Personal Data Protection Commission to notify them of any data breaches.
OTHER WEB SITE LINKS
Our website may contain links to other websites that are operated by other third parties. We will not be responsible for your Personal Data, once you have left our website for a third party website. This includes the sharing of any information on any other third party social media sites. Customers are encouraged to read the Data Protection Policies of any of the third party sites or social media sites that they will be visiting to determine how the third party site will handle any information they may obtain from you.
If you do not wish to receive any promotions, events or news related to Noku Roxy from us, access and update your Personal Data or to withdraw consent, please contact our Data Protection Officer at the following:
Name: Mr Lo Chee Keat
UPDATING OUR PERSONAL DATA PROTECTION POLICY
Our personal data protection policy may be updated from time to time to comply with any business, legal or regulatory obligations and requirements. We will not be issuing any notice of any updates to our personal data protection policy, and customers are advised to visit our website to check for any updates. You will be deemed to have agreed to any new and updated personal data protection policy, by continuing to use our website and our services.