Privacy Policy
Mystic Bangkok Hotel (“we,” “us,” or “our”) is committed to safeguarding your privacy and upholding the highest standards of data protection. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you visit or interact with our website, mysticbangkokhotel.com, and our related services. We aim to provide transparency and maintain your trust by adhering to applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all individuals (“you,” or “user”) who access or use our services through mysticbangkokhotel.com. We act as the data controller for any personal data collected via our website, meaning we determine the purposes and means of processing your personal information.
For any matters related to this policy or your personal data, you may contact us at [email protected].
2. Categories of Personal Data We Process
We may collect and process the following categories of personal data, either directly from you, automatically via your use of our services, or from third-party sources, in accordance with applicable data protection laws:
2.1 Usage Data
This includes data about your interaction with our website, such as your IP address, browser type and version, time zone setting, referring website, pages viewed, time spent per page, and other diagnostic data.
2.2 Account Data
This includes information you provide when creating an account or making a reservation, such as your full name, title, email address, postal address, telephone number, and account credentials.
2.3 Profile Data
This includes details such as your loyalty program status, service preferences, purchase/booking history, and behavioral patterns relevant to personalization.
2.4 Communication Data
Includes records of your communications with our team through support requests, inquiries, emails, contact forms, or live chat, including metadata such as timestamps and IP addresses.
2.5 Technical Data
This includes information related to the devices you use to access our website, such as device type, operating system, unique device identifiers, network data, and software configurations.
2.6 Transaction Data
Includes data concerning payments or reservations, such as payment method, transaction reference, billing details, and delivery data (e.g., room keys or amenities).
2.7 Preference Data
This includes preferences indicated by you regarding marketing communications, product interests, personalization settings, and opt-in or opt-out consents.
3. Legal Bases for Data Processing
We process your personal information based on one or more of the following legal grounds:
– Consent: When legally required or when we request your permission before collecting or processing your data.
– Contractual Necessity: To fulfill our contractual obligations to you (e.g., process reservations or deliver requested services).
– Legitimate Interests: To pursue our legitimate business interests, including enhancing website functionality, maintaining security, and direct marketing (where permitted by law).
– Legal Obligation: When processing is required to comply with legal or regulatory obligations.
4. Your Rights Under GDPR & CCPA
Subject to applicable laws, you have the following rights regarding your personal data:
4.1 Right to Access
You have the right to request access to the personal data we hold about you.
4.2 Right to Rectification
You may request correction of any inaccurate or incomplete personal data.
4.3 Right to Erasure
In certain cases, you may request the deletion of your personal data (“right to be forgotten”).
4.4 Right to Restriction
You can request us to restrict processing of your personal data under specific circumstances.
4.5 Right to Data Portability
Where applicable, you may request a copy of your personal data in a commonly used electronic format for transmission to another data controller.
4.6 Right to Object
You may object to processing based on our legitimate interests or for marketing purposes.
4.7 Right Under CCPA (California Residents)
You have the right to:
– Know the categories and specific pieces of personal information that we collect.
– Request deletion of personal information.
– Opt-out of sale (while we do not sell your data in the traditional sense, we support legally compliant opt-out mechanisms).
– Not be discriminated against for exercising any of your rights.
To exercise your rights, please contact us at [email protected].
5. Security Measures
We implement appropriate organizational and technical security measures to ensure the protection of your personal information, including but not limited to:
– Data encryption (during transmission and at rest);
– Role-based access control and authentication mechanisms;
– Regular backups and secure storage systems;
– Continuous monitoring of our systems for vulnerabilities;
– Staff training on data protection compliance and secure handling.
While no system can be completely secure, we strive to maintain security practices that meet or exceed industry standards.
6. International Data Transfers
Personal data that we collect may be transferred to, and stored in, countries outside of your jurisdiction, including countries that may not provide the same level of data protection. Where such transfers occur, we apply appropriate safeguards such as:
– Standard Contractual Clauses approved by the European Commission;
– Implementation of supplementary technical and organizational measures;
– Compliance with applicable regulatory guidance.
7. Data Retention
We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected, including:
– Usage Data: up to 12 months from collection;
– Account & Profile Data: for the duration of your account plus 3 years;
– Communication Data: retained for up to 2 years;
– Transaction Data: retained as required by tax or financial laws, generally up to 7 years;
– Preference Data: retained until the user withdraws consent or as required for compliance purposes.
Upon expiration of the retention period, data is securely deleted or anonymized.
8. Cookie Policy
We use cookies and similar technologies to enhance user experience, optimize site performance, and gather analytics. The types of cookies we use include:
– Essential Cookies: Necessary for the functioning of core website features (e.g., account login, reservation processing).
– Functional Cookies: Used to remember your preferences and settings to improve user experience.
– Analytics Cookies: Help us understand how users interact with mysticbangkokhotel.com to improve content and usability.
– Performance Cookies: Monitor site performance metrics to help ensure smooth operation.
9. Cookie Management and Compliance
We comply fully with GDPR and CCPA requirements with respect to consent for cookies:
– Users are presented with a consent banner on first visit (with options to accept, reject or configure preferences).
– Users may withdraw or change consent preferences at any time via our Cookie Settings link located in the website footer.
– Do Not Track (DNT) and Global Privacy Control (GPC) mechanisms are honored where supported by the user’s browser.
10. Children’s Privacy
Mystic Bangkok Hotel does not knowingly collect or solicit personal data from children under the age of 13. If we are made aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such data promptly. Parents or legal guardians who become aware that their child has provided us with personal information should contact us at [email protected].
11. Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in technology, legal requirements, or our data handling practices. Material changes will be communicated prominently on mysticbangkokhotel.com. Continued use of our website and services indicates your acceptance of any revised policy.
12. Contact Information
Should you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact:
Privacy Officer
Mystic Bangkok Hotel
Email: [email protected]
We are committed to ensuring compliance with all applicable privacy laws and standards. You may contact us at any time with questions, requests, or concerns regarding your personal data.