PERSONAL DATA PROTECTION POLICY
We, MTrustee Berhad and Hektar Asset Management Sdn Bhd, as the Trustee and Manager of Hektar REIT respectively, recognise the importance of privacy and the sensitivity of personal data. As required under the Personal Data Protection Act 2010, the purpose of this Personal Data Protection Notice (“Notice”) is to inform you about how we collect and process your personal information. “Personal Information” means Personal Data and/or Sensitive Personal data (as defined below).
This Notice supplements but does not supersede or replace any other consents you may have provided to us or any other arrangements or arrangements that you may have with us, in respect of your Personal Information.
This Notice may be amended or updated from time to time. We would advise you to check this Notice on our website at www.classichotel.com.my from time to time for amendments or updates. By continuing to accept our services, to use our website or to communicate with us subsequent to any amendments or updates to this Notice, it would confirm and indicate your acceptance of the amendments or updates to this Notice.
What is Personal Data?
Personal Data refers to any data that relates directly or indirectly about an individual who can be identified or identifiable (a) from that data; or (b) from that data and other information to which we have in our possession or control.
What is Sensitive Personal Data?
Sensitive Personal Data refers to any personal data consisting of information as to the physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature or any personal data prescribed under law as sensitive personal data.
We do not generally collect sensitive information unless it is volunteered by you or unless we are required to do so pursuant to applicable laws or regulation. We may use health data provided by you to meet your particular needs (for example, allergies, provision of disability access)
How we collect Personal Information
Personal Information about you will be collected via the following ways:-
- When you submit a reservation form or other forms relating to any of our services;
- When you request that we contact you, be included in an email or other mailing list;
- When you respond to our promotions, initiatives or to any request for additional Personal Data;
- When you are contacted by, and respond to, our marketing representative and/or customer service officer;
- When we provide our services to you; f) When you access and use our website;
- When you interact with us including through meetings, telephone conversations, correspondence,
- Through social media platforms, emails, conferences, events or through any correspondence with us; and/or
- When we receive references from business partners and/or third parties, for example, where you have been referred by them.
What Personal Information Do We Collect?
The type of Personal Information collected and processed by us includes but is not limited to the following:
- Name, date of birth, nationality, gender, NRIC / passport number, correspondence address, contact details including mobile, office and residential telephone number and facsimile number, e-mail address, banking details;
- Telephone numbers dialed, faxes and telephone messages received from third parties on behalf of guests/customers;
- Guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special request made, observations about your service preferences;
- Information which comprises your health including medical conditions, medical history and/or religious belief;
- Credit card details, membership information, frequent flyer or travel partner programme affiliation;
- Information such as videos and/or photographs collected or captured on security systems including closed circuit TV;
- Such other information relevant or required to fulfill special request (for example, leisure, travel, dietary, and guest preferences);
- Your reviews and/or opinion about our services; and/or i) any additional information provided by you or by third parties about you.
Source of Personal Information
Personal Information collected will mainly be from you. However, some Personal Information may also be collected by us from our business partners such as tour operators, travel agencies, reservation system or other available sources including but not limited to websites, social media, publications, events, seminars and/or conferences.
How We Use Your Personal Information
Your Personal Information is collected and processed by us for all and any purpose relating to Hektar REIT including but not limited to the following:
- To verify your identity
- To confirm hotel arrangements and/or restaurant reservations;
- To confirm bookings, reservation and/or making arrangements for sports or recreational activities;
- To provide privileges, benefits and/or services to you;
- To respond to your enquiries or complaints and for emergency and/or safety purposes;
- For internal usage such as for operations and administrative including billing;
- To be used in connection with promotional and marketing events;
- To promote, offer or market our services to you;
- To perform surveys, research or analysis to improve our promotional and marketing strategies and/or services;
- To send you materials and publications which includes newsletters, articles, magazines or updates or information about events, conferences, seminars or talks which may be of interest to you;
- To send as potential referees to (i) editors/researchers in relevant publications and journals and/or (ii) clients / potential clients who request for referees in relation to any proposal or submissions;
- For the purposes of enforcing or defending our legal rights or obtaining legal advice;
- For security and internal audit purposes including but not limited to security surveillance through our closed circuit TV;
- To comply with applicable law, proceedings, or inquiries from regulatory authorities, enforcement agencies, internal policies and procedures including audit, accounting, risk management and/or record keeping; and/or
- For other purposes as may be consented or directed by you.
Disclosure to Third Parties
Under certain circumstances, we may be required to disclose your Personal Information to third parties. Third parties to whom your Personal Information may be disclosed by us are as follows:
- Any persons directed by or consented to by you;
- Any person for the purposes of compliance with legal and regulatory requirements;
- Our data processors i.e. third party whom we engage to process personal data on our behalf including but not limited to archival storage, website service provider, data entry service providers, computer backup services and/or disaster recovery services;
- Our professional advisors and financiers including but not limited to legal advisors, tax advisors, financial advisors, auditors and/or insurance brokers;
- Payment channels, including without limitation, financial institution for the purpose of maintaining financial records, assessing or verifying credit cards details and/or facilitating payment due to us;
- Our property / hotel manager and other service providers;
- Conducting market research and survey to enable us to understand and determine guest preferences and/or to improve our services; and/or
- Our business partners, associates and/or sponsors on a need to know basis.
Further, we may also be required to transfer your Personal Information outside of Malaysia for the purposes and to such third parties stated in this Notice. The transfer of your Personal Information outside Malaysia would also be required if you are travelling, residing or based outside Malaysia.
When you interact with us through our website, we may employ cookies in order for us to recognize a return guest as a unique user. Cookies by themselves do not tell us your Personal Information unless you choose to provide the same. Cookies are small texts stored in your computer or other electronic devise which allow us to remember you. Cookies are not programs and as such it cannot access, read, amend, or modify data. Should you wish to disable the cookies associated with this technology, you may do so by changing the setting on your browser. However, you may be unable to use certain services or enter certain part(s) of our website.
Obligation to Provide Personal Data
We acknowledge that you have the right in deciding the Personal Information you wish to provide to us. The provision of the Personal Information is voluntary in nature. However, please note that if you do not provide the Personal Information or limit the way such Personal Information is to be processed, it may result in us not being able to:
- Process your transactions with us, or to provide products and services to you;
- Grant you access to our website; and/or
- Communicate or correspond with you.
You may enjoy certain rights under the Personal Data Protection Act 2010 in relation to our collection, use, disclosure and/or processing your Personal Information. Such rights include;-
Access: you may ask us if we hold your Personal Information and, if we are, you can request access to your Personal Information. This enables you to receive a copy of and information on the Personal Data and/or Sensitive Personal Data we hold about you.
Correction: you may request that any incomplete or updates the Personal Information we hold about you are corrected.
Erasure: you may ask us to delete or remove the Personal Information from our database in certain circumstances.
Withdrawal: you may withdraw consent for our use of your Personal Information, or ask us to suspend the processing of certain of your Personal Information about you, for example if you want us to establish its accuracy.
Data Access and Data Correction
- Have any question or feedback relating to your Personal Information or this Notice;
- Wish to request for access to your Personal Information;
- Wish to request for your Personal Information to be corrected or updated; and/or
- Wish to request to withdraw your consent or limit the use of your Personal Information. Please submit your written request to us as follows and please provide proof of your identity, address and/or sufficient information to enable us to identify you.
PDPA Compliance Officer D1-U3-10, Block D1, Solaris Dutamas, No. 1, Jalan Dutamas 1, 50480 Kuala Lumpur
Tel: +6 03 6205 5570 Fax: +6 03 6205 5571
An administrative charge may be imposed for any request under paragraph (a), (b), (c) and (d) above.
Further, we reserve the right to refuse your requests for any reasons permitted under law.
Security and Retention
While precautions will be taken to ensure that the Personal Information you provide is protected against unauthorised or unintended access, we cannot be held responsible for unauthorised access to your Personal Information which are beyond our control.
We do not guarantee that our systems or applications are invulnerable to security breaches, nor do we make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
We keep Personal Information only for so long as we need the Personal Information to fulfill the purposes we collected it for, and to satisfy our business and/or legal purposes, including audit, accounting or reporting requirement.
How long we keep your Personal Information depends on the nature of the data, for example: we will keep personal data for at least the duration of the limitation period for bringing claims if the Personal Information may be required to commence or defend legal proceedings. Some information may be retained for longer, for example where we are required to do so by law for example audit purpose.
The accuracy and completeness of your Personal Information depends on the information you provide. We assume that the information you have provided is accurate, up to date and complete unless you inform us otherwise.
Where you provide any third party information to us including but not limited to friends or family information, it is our assumption that such information is accurate, up to date and complete and that you have obtained the necessary consent to disclose the same.
In the event that there is any conflict between the English and national language version of this Notice, the English language version shall prevail.