プライバシーポリシー
Effective Date: 08-Mar-2024
Last Updated: 08-Mar-2024
INTRODUCTION
This Privacy Policy explains our personal data practices and the choices you can make about the way your personal data is used.
Mulia Group ("Mulia", "us", "our" or "we") respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide to us or that we collect about you when you use our websites, social media pages we control, software applications available on computers and mobile devices that include a link to this Privacy Policy as well as when you provide your information on the telephone via our call centres or in person (collectively the "Sites"). Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. We are aware of our responsibilities to protect your personal data, to keep it secure and comply with applicable privacy and data protection laws.
You may be asked to consent to the terms of this Privacy Policy when making a reservation, registering for events or promotions or otherwise corresponding with us via the Sites or if required by applicable law. Otherwise your continued use of the Sites will constitute your deemed consent to the terms of this Privacy Policy.
PERSONAL INFORMATION WE COLLECT
PERSONAL INFORMATION YOU PROVIDE
When using our Sites, you may voluntarily provide certain information about yourself or others, such as when you create an account or book a reservation. We may collect Personal Information (information that identifies you or relates to you as an identifiable person) that you may provide through the Sites about yourself or others such as:
- Name, date and place of birth, passport and visa information;
- Postal address;
- Telephone number;
- Email address;
-
Information that allows us to provide specialized services to you or fulfil special requests, such as accommodating health or dietary conditions, but we do not collect sensitive information about you, such as health information, except as reasonably needed for us to provide services to you;
Credit or debit card number, expiration date and security code;
- Social media account information;
- Stay or trip information and preferences, such as your preferred location/facilities, dates and number of people/children traveling with you;
- Demographic information (age, gender, country and preferred language);
- IP address; and
- Preferences for receiving communications from us or for surveys or promotional offers.
AUTOMATICALLY COLLECTED INFORMATION
Our websites collect statistical information about users to ensure a welcoming and accessible website. For this purpose we may track your movement within the websites, the pages from which you were referred, access times and browser types. We only use this information in aggregate and do not link it to you personally. To gauge the effectiveness of our websites and analyze site traffic, understand customer needs and trends, we do collect some generic information about our visitors. Our web servers recognize and automatically log a visitor's domain name, the web page from which a visitor enters our websites, which pages a visitor visits and for how long, and the visitor’s IP address. We may use anonymous tracking technologies to collect, store and sometimes track information for statistical purposes and to improve the services we provide, including using it to evaluate and improve our website. We also collect and store information automatically using cookies and similar technology as described below.
This information does not constitute Personal Information. If we combine anonymized or aggregated data with Personal Information, we will treat the combined information as Personal Information according to this Privacy Notice.
HOW WE USE YOUR INFORMATION
We may use Personal Information you submit and non-Personal Information we automatically collect for the purposes identified in this Privacy Policy for our business use and the legal bases, including, for example:
- Processing, fulfilling and recording reservations and/or purchases;
- Billing your credit card for advance purchase reservations and advance deposits;
- Contacting you for confirmation or customer service after reservations and purchases are made or after you sign up for or participate in certain activities;
- Conducting statistical or demographic analysis
- Tracking reservations and corresponding resort stays;
- Sending you emails that relate to a resort stay;
- Sending you communications such as guest surveys or promotional offers and benefits;
- Communicating special offers, competitions and featured items if you choose to receive such notices;
- Responding to your inquiries, complaints and other communications; and
- Providing for the safety and security of our guests and staff and meeting our legal and regulatory compliance requirement.
DISCLOSING YOUR INFORMATION
As an international resort and hotel management company, we need to share information across numerous countries so that we can provide you with services on a consistent basis. Accordingly, your Personal Information may be shared as reasonably necessary and as set out in this Privacy Policy as follows to:
- Any Mulia Group entity, resorts and/or residences managed by us;
- Tour operator, travel representative, personal assistant, employer or spouse that has supplied us with your Personal Information;
- Third parties which we have received your consent;
- Trusted third partners to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures including;
- Our marketing and advertising partners to provide you with more-relevant ads on our websites and to encourage you to return to our websites and to our CRMs, who securely host emails and act as a supplier to distribute our email communications. We contractually require these service providers to keep your Personal Information safe and secure and they are only be permitted to use your Personal Information for the purposes we specify.
- To third parties not affiliated with Mulia Group if we have a good-faith belief that it is reasonably necessary to: (1) meet any applicable law, regulation, legal process or enforceable governmental request; (2) enforce applicable terms of service, including investigation of potential violations; (3) detect, prevent, or otherwise address illegality, fraud, security or technical issues; and (4) protect against harm to the rights, property or safety of Mulia Group, our users or the public as required or permitted by law; and (5) to any third parties to the extent necessary with respect to a sale of all or part of our business operations or assets and/or resorts that are no longer managed or owned by Mulia Group.
OVERSEAS DATA TRANSFERS
By using and/or purchasing our goods and services, we may transfer your Personal Information across multiple jurisdictions. Thus we may transfer and store your Personal Information:
- On our websites and servers located in United States and Indonesia;
- In or to Jakarta, Indonesia where our corporate offices are located;
- To countries where our trusted third party providers or advisors are located.
Some of these countries may not offer the same level of privacy protection but we will take all reasonable steps to ensure such transfers are taken with adequate security to maintain your privacy.
EXPLAINING THE LEGAL BASES FOR PROCESSING
- The legal bases for collecting and processing your Personal Information includes:
- Consent - we collect and process your data with your consent e.g. when you tick a box to receive marketing communication.
- Legal compliance - if required by applicable law, e.g. police, fraud investigations or court orders, we may need to collect and process your data.
- Legitimate interest - to pursue our legitimate interests such as providing services and products you have requested in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
SECURITY
We use reasonable technical, administrative and physical measures to protect Personal Information contained in our system against misuse, loss or alteration. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
We cannot enforce or control the security of the computers, electronic devices, or electronic communication method that you use to send e-mails and submit Personal Information to us over the Internet. You are responsible for ensuring that the computers, electronic devices and electronic communication methods you utilize will provide adequate security for communicating with us. We are not responsible for the disclosure or interception of your Personal Information before we receive it.
WITHDRAWING YOUR CONSENT
You do not have to provide us with your Personal Information. However, if you choose not to provide certain Personal Information we request and/or require consent to its use and disclosure, you will still be able to visit our Sites but you may be unable to access certain options, products or services and in we may not, as a result, be unable to fulfil your booking.
We offer you the choice of how you receive communications from us. All marketing communications we send to you will provide you with a way to withdraw your consent to future marketing. If you no longer wish to receive marketing you may opt-out of receiving these communications by clicking on the opt-out section of the marketing communication or changing your account settings, this will remove you from our marketing lists. You have the right to tell us to stop using your information for our direct marketing purposes. Please send your written request, including your name and contact information to the address listed below in "How To Contact Us". We will honor your request within 30 days of receiving it or sooner if required by applicable law. Please note that if you unsubscribe from marketing communications you will still receive operational and service messages from us regarding your booking and responses to your enquiries made to us, and that we may hold your details so we do not send you marketing communications in the future.
THIRD PARTY LINKS
We may permit third parties to link to our Sites or to post a link to their site on ours. We do not endorse these sites and are not responsible for other sites or their privacy practices. We do not assume responsibility or liability of any nature whatsoever for the activities conducted or information contained in the third party websites.
CHILDREN'S PRIVACY
We do not knowingly collect Personal Information from children under the age of 18, though we may collect Personal Information about a child as part of the guest registration process or to participate in activities on the websites or at the resorts but always with the consent of a parent or guardian.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
Whenever we collect or process your Personal Information, we will only keep it for as long as is necessary for the purpose for which it was collected, active legal proceedings, an identifiable and ongoing legal business need (such as record keeping) and to the extent permissible by applicable law.
Where there is no sufficient justification to retain such Personal Information, such Personal Information will be safely and securely deleted, disposed of, blocked and/or anonymised for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
If you are contacting us to complain about an alleged breach of this Privacy Policy or our legal privacy obligations, please provide us with as much detail as possible in relation to your complaint and provide us with any relevant information. We take every privacy complaint seriously and assess it with the aim of resolving all issues quickly and efficiently.
We are committed to keeping your Personal Information secure and will take all reasonable precautions to protect it from loss, misuse or unauthorised access or alteration. However, except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your Personal Information. Nothing in this Privacy Privacy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law.
CHANGES TO THIS PRIVACY POLICY
From time to time and without notice we may make changes to this Privacy Policy. From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our Privacy Policy. If our information practices change at some time in the future, we will post the Privacy Policy changes to our Sites to notify you of these changes and provide you with the ability to opt out of these new uses. Any revised Privacy Policy will only apply prospectively to Personal Information or non-Personal Information collected or modified after the effective date of the revised policy.
HOW TO CONTACT US
Your principal rights under the European Union General Data Protection Regulation are: (a) the right to access; (b) the right to rectification; (c) the right to erasure; (d) the right to restrict processing; (e) the right to object to processing; (f) the right to data portability; (g) the right to complain to a supervisory authority; and (h) the right to withdraw consent. You may exercise any of these rights in relation to your Personal Information or if you have any questions or complaints regarding this Privacy Policy or privacy concerns by contacting our Data Protection Officer by email at dataprivacy@themulia.com.
In order to ensure your request is dealt with expeditiously, please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and whether we have any Personal Information regarding you, or in case we need to contact you to obtain any additional information, we may require to make that determination.
You may also direct your complaint/concern to the applicable data protection authority.