Sec 7   |  Sec 19   |   i-City  |  USJ 21   |  Sec 9 

Privacy Policy

Privacy Policy

Personal Data Protection Policy

A. General

In view of the implementation of the Personal Data Protection Act 2010 (“Act”), Hotel De Art Sdn. Bhd. (“Hotel De Art“) recognize the need to process all personal data obtained in a lawful and appropriate manner. Hotel De Art is committed to protecting the personal data supplied by a data subject to ensure compliance with the legal and regulatory requirements in accordance with the Act. This Policy covers the processing of all personal data and sensitive personal data whose use is controlled by Hotel De Art Sdn. Bhd..

As a principle, collection, use, or disclosure of the personal data is prohibited for any purpose unless otherwise the approval of the head of the relevant business units and the compliance officer.

 

B. Policy Status

1. This Policy is applicable to all employees of Hotel De Art Sdn. Bhd.. For the purposes of this Policy, the term “employees” herein refers to all members of Hotel De Art Sdn. Bhd., including sales representatives and members of Hotel De Art. Failure to comply with this Policy may result in disciplinary action.

2. Any query regarding this Policy may be directed to the compliance officers of Hotel De Art Sdn Bhd at [email protected]

3. In the event of any discrepancy, contradiction, and/or differences between any part of this Policy and that of any current policies adopted by Hotel De Art, by the portion of the relevant policy which imposes a higher standard of data protection shall apply and supersede the other.

 

C. Roles and Responsibilities

4. The legal responsibility for compliance with the Act lies with Hotel De Art  who is the “data user” under the Act and is registered as such with the Personal Data Protection Commission. Compliance with this Policy and the Act is the responsibility of all employees of Hotel De Art.

 

D. Data Collected & Purposes

5. During the course of Hotel De Art’s business and activities, Hotel De Art many be required to process information of a data subject, including but not limited to the name of the individual, address, phone number and email address. Information identifying in combination with other information even if such information cannot identify such individual on its own. Such information may be collected online or offline.

6. The personal data collected by Hotel De Art may be used inter alia for the following purpose*:-

i. Providing customer care and enhancing customer satisfaction, including but not limited to, resolving complaints, dealing with and/ or responding to requests and enquiries, warranty, returns and other after sales services;

ii. Promoting, advertising and enhancing our products and services;

iii. Human resources, employment and recruitment purposes;

iv. Training of staff;

v. Storing and processing of personal data relating to the clients of Hotel De Art in the data storage systems;

vi. Updating and managing the accuracy of the Hotel De Art’s internal record, including but not limited to administration, processing and matching any personal data held which relates to you for any of the purposes listed herein;

vii. Billing, taxation and/ or auditing purposes;

viii. Information and security purposes, including but not limited to managing and administrating e-mail, handling and investigating any security related issues, vulnerability, and/or incidents;

ix. Facilitating business asset transactions (which may extend to any merges, acquisitions or assets sales) invoicing any of the related corporations or affiliates of Hotel De Art;

x. Legal purposes (including but not limited to obtaining legal advice and dispute resolution);

xi. Disclosing personal data to the government authorities and/or authorised third party as required by law and/or within the responsibility of Hotel De Art; and

xii. As reasonably contemplated by the nature of any transaction.

*This list is not exhaustive.

 

E. Data Processing

7. As and when Hotel De Art  is required to collect personal data, Hotel De Art and its employees must abide by the requirements of this Policy and the Act. In the context of the Act, “processing” is defined to include collecting, recording, holding or storing personal data which includes inter alia NRIC numbers, home address, contact details etc.

8. Hotel De Art will be responsible for ensuring that any personal data processed in relation to the Hotel De Art’s clients and/or another individual is accurate, complete, not misleading and kept up-to-date. The personal data will be reviewed periodically to warrant that they are up-to-date and to determine whether retention of such personal data is necessary.

 

F. Consent of Individual

9. Hotel De Art may only process personal data with the consent of the data subject whom the personal data concerns and/or if the processing of the personal data is for the performance of Hotel De Art’s and/or Hotel De Art Group Companies’ duty to which the data subject is a party.

 

G. Disclosure of Information

10. Hotel De Art requires all employees to be vigilant and exercise reasonable caution when asked to provide any personal data to a third party. In particular, Hotel De Art must ensure that personal data is not disclosed either orally or in writing to any unauthorized employee without express prior consent of the compliance officer stated in Paragraph 2 and/or authorized individual as the case may not be among the purposes contemplated in Paragraph 6.

11. However, as and when it is reasonably required, the personal data in the possession of Hotel De Art may be only disclosed to the following third parties:-

i. Authorised agents, contractors and third party service providers who provide services to Hotel De Art and the Hotel De Art Group Companies (hereinafter defined) for any of the purposes contemplated at Paragraph 6;

ii. External professional advisors and auditors;

iii. Governmental departments and authorities; and

iv. Any affiliated companies of Hotel De Art Corporation (“Hotel De Art Group Companies“)

12. Personal data will not be transferred outside Hotel De Art and in particular not a country outside of Malaysia unless:-

i. Consent from the data subject is obtained;

ii. The country’s personal data protection laws provide an adequate level of personal data protection; and/or

iii. Adequate safeguards have been put in place in consultation with Hotel De Art’s compliance officer.

 

H. Data Security

13. Hotel De Art will ensure that any personal data which is collected, stored and processed, is stored securely and the practical steps are adopted to ensure the following:-

i. Source documents are well kept;

ii. Paper-based records must not be left where unauthorized employees can gain access to them;

iii. Computerized personal data is protected by passwords; and

iv. Individual passwords are kept confidential and not disclosed or shared with other employees to enable log-in under any other employee’s personal username and password.

14. When physical files or any forms relating to the data subject are no longer required, they will be shredded or bagged destroyed securely, and the hard drives consisting of those records will be erased off via secure electronic deletion pursuant to such standard procedure by the administration department.

15. Any employee of Hotel De Art will not process any personal data belonging to any data subject, whether in softcopy or hardcopy, outside of the premises of Hotel De Art unless prior approval is provided by the compliance officer or any authorized person.

 

I. Data Retention

16. Personal data obtained should not be kept longer than it is required for its purposes. Hotel De Art has an obligation to ensure that the personal data of the data subject are destroyed and/or permanently deleted after a specified period of time. All employees are required to contact the compliance officer and/or any authorized officer should the need to dispose of any personal data arises.

17. Personal and sensitive data will be disposed of by means as listed in Paragraph 14 above. Appropriate measures will and must be taken by Hotel De Art to ensure the personal data destroyed are not reconstructed or processed by third party.

 

J. Rights of Data Subject

18. A data subject has the following rights under the Act:-

i. Request for access to personal data held on the individual, the purpose for which the personal data is being used and those to whom it has, or can be disclosed to;

ii. Prevent data processing that is likely to cause distress or damage;

iii. Take reasonable action to stop the use of, rectify, erase, and/or dispose of inaccurate personal data; and

iv. Withdraw their consent given to Hotel De Art.

19. Any individual who intends to exercise the abovementioned rights shall make a written request to Hotel De Art together with the prescribed fee as applicable. Hotel De Art shall, subject to exemptions, comply with the request and/or take reasonable steps not later than 21 days from the date of receipt of such request.

 

PERSONAL DATA PROTECTION NOTICE

A. Introduction

Hotel De Art (Malaysia) Sdn. Bhd. (“the Company”) values and is committed to the protection of Personal Data. This Personal Data Protection Notice (“Notice”) explains the collection, processing and disclosure of your Personal Data pursuant to the Personal Data Protection Act 2010 (the “Act”).

By visiting our website or by interacting with us or by providing Personal Data to us, or otherwise by acknowledging receipt of this Notice, you have read and consent and/or you are deemed to have read and consent to us using, collecting and processing your Personal Data in the manner described in this Notice.

Kindly note that the Company reserves the right to change, amend and/or vary this Notice at any time. You are advised to check this Notice from our website from time to time for amendments or updates.

 

B. Collection of Personal Data

1. The Company collects your personal data in the course of your dealings with us including:-

i. Your personal details, including details relating to other person(s) who may be identified from the data;

ii. The contents of all information obtained from the membership and/or VIP forms and/or document(s) collected by us; and/or

iii. Other information (collectively referred to as “Personal Data”).

 

C. Purposes

2. The Personal Data collected by us may be used for, but not limited to the following purposes:

i. Providing customer care and enhancing customer satisfaction, including but not limited to, resolving complaints, dealing with and/or responding to requests and enquiries, warranty, returns and other after sales services;

ii. To manage and service our relationship with you by fulfilling your lifestyle aspirations;

iii. To keep you informed of promotions, discounts, and/or events;

iv. For internal record keeping, including but not limited to administration, processing, and matching any Personal Data held which relates to you for any of the purposes listed herein;

v. For statistical analysis;

vi. For recruitment purposes;

vii. For information and security purposes, including but not limited to managing and administrating e-mail, handling and investigating any security related issue, vulnerability, and/or incidents;

viii. For the exercise of any functions conferred on any person by law and/or towards the administration of justice; and/or

ix. For any purpose incidental, ancillary or in furtherance to the abovementioned purposes (collectively referred to as “Purposes”).

 

D. Disclosure to Third Parties

3. If and when necessary, your Personal Data may be disclosed to the following third parties:

i. Authorised agents, contractors and third party service providers who provide services to the Company and the Hotel De Art Group Companies (hereinafter defined) for any of the Purposes contemplated at Paragraph 2 above;

ii. External professional advisors and auditors;

iii. Governmental departments and authorities; and/or

iv. Any affiliated companies of Hotel De Art Sdn Bhd (“Hotel De Art Group Companies”).

 

E. Security of Personal Data

4. The Company may transfer your Personal Data to any of the Hotel De Art Sdn. Bhd. and/or any third party as set forth in Paragraph 3 above in, including but not limited to Japan, Singapore, UAE, United Kingdom, United States of America, Philippines, and China. In the event that your Personal Data is transferred to a location outside of Malaysia, including those indicated above, the Company shall ensure that confidentiality safeguards have been put in place to ensure your rights to personal data protection remains unaffected.

 

F. Access and Correction

5. The Personal Data must be accurate, complete, not misleading and kept up-to-date. Should you be made aware of any inaccurate, incomplete or misleading Personal Data or where the Personal Data provided to us earlier have become incorrect or out of date, kindly notify us at the contact provided for in paragraph 9.

6. You have the right to request access and correct your Personal Data and to withdraw your consent given to us hereunder. Such request however, may be subject to the requirements in the Act and the Company’s request procedure (which can be found at http://www.hoteldeart.com.my/privacypolicy) and a prescribed fee as applicable.

 

G. Retention Standard

7. Any Personal Data shall not be kept longer than is necessary for the fulfilment of the Purposes above mentioned in Paragraph 2. We shall undertake to ensure that all Personal Data is destroyed or permanently deleted if it is no longer required for the Purposes for which it was to be processed.

 

H. Inquiries

8. Should you require further information kindly email us at [email protected] or view our Hotel De Art Personal Data Protection Policy on our website: http://www.hoteldeart.com.my/privacypolicy

 

BOOK NOW