PRIVACY POLICY

Minor International PCL and its subsidiaries Minor International PCL and its subsidiaries (“Minor Group”, “us”, “we” or “the Company”) (the “Data Controller”), is a global company focused on three primary businesses including restaurants, hotels and lifestyle brands distribution. . We understand and respect the importance of your privacy and below we explain:

• what information we collect about you
• who is collecting data
• how we will use this information
• marketing
• how data is stored and who it could be shared with
• your rights and how to exercise them
• cookies
• other websites

We may change this Privacy Policy from time to time, in order to reflect changes in the law and/or our business practices. We recommend you check this Policy for changes whenever you visit our website.

What information we collect about you

For the purposes mentioned in the following paragraph “Why it is being collected” we collect the following categories of personal data when you register on our website, participate in our surveys or subscribe to our newsletters, alerts or use some of our products or services:

• Personal information: name, gender, nationality, date of birth, and names of your family members, their date of birth, nationality, etc.
• Preference information: information relevant to the service being booked
• Contact information: address, telephone number, e-mail, address, etc.
• Payment information: credit card details, billing address, and other payment and billing information.
• Loyalty and referral program: details and partner program affiliation, marketing and analytical data.
• Accommodation information: dates of arrival and departure from our hotels, the location of the room, smoking/ non-smoking room, type of room and bed requests, preferred newspaper, etc.
• Feedback: records of your contact with us such as via the phone number, or if you get in touch with us online using our online services, details such as your mobile phone location data, IP address and MAC address, including history of any communications with us, and analysis of your interaction with us, which helps us to customize offers to you and provide information that we think are of interest or relevance to you.
• Technical information: IP address, geographic data, browser and computer system, application version, language settings and pages that have been shown to you, etc.
• Professional information: if you are applying for a position at Minor Group, in addition to the abovementioned information we may collect your education, training and employment records.

We also limit the information collected in relation to children under 18 years to their name, nationality, and date of birth, which can only be supplied to us by an adult who is either the children’s parent or guardian or who has the parent’s or guardian’s consent. We kindly request that parent ensure that children do not send or provide us with any Personal Data without parental consent, and if such information was sent, please get in touch with us and we will delete such information.
We also collect information about your website usage by using cookies (see below).

Who is collecting data

Data could be collected by a number of different entities within our global group depending on your interaction with us. Please contact the region closest to the location of the interaction, service or product consumed in the first instance. If the regional Head of Data Privacy is unable to satisfy your request, it will be forwarded internally by us to the most appropriate Head of Data Privacy. Please use the Group Head of Data Privacy as a point of escalation or for any other query.

All entities in Asia and Group Head of Data Privacy
Minor International PCL is an international hospitality company with the registered office at Berli Jucker House, 99 Soi Rubia, Sukhumvit 42 Rd, Bangkok 10110, Thailand.
The Head of Data Privacy of our company is Marcos Cadena who can be contacted by the following methods:

1. Email: privacy.corporate@minor.com
2. Post: Berli Jucker House, 99 Soi Rubia, Sukhumvit 42 Rd, Bangkok 10110, Thailand

Minor Hotels in Portugal
The person responsible for Data Protection is Filipa Jordao (Head of Data Protection) who can be contacted by the following methods:

1. Email: dpo.mhpt@minorhotels.com
2. Post: Rua Barata Salgueiro 37, - 1st floor 1250-042 Lisbon, Portugal

Oaks Hotels and any of our entities in Australia
The person responsible for Data Protection is Romesh Niles (Head of Data Protection) who can be contacted by the following methods:

1. Email: privacy.corporate@minorhotels.com.au
2. Post: PO Box 473, Cotton Tree, QLD 4558

How we will use this information

We will use this information for the following purposes:

• Performing our customer service obligations: management of reservations and your stay in our properties, payment, catering to your requests, monitoring use of services (telephone, bar, pay TV etc.) in response to a contractual relationship between you and us, such as a hotel booking or service request.
• Improvement of our services: assessment of our services in hotels, restaurants, and other outlets, improvement in the operation of our business as part of the contracted relationship between you and us.
• Personalization of our services and communications: personalize content and tailor our digital customer experience and offerings, understand customers’ requirements to develop targeted marketing programs, newsletters, and promotions. We will always seek and record your permission to opt in and participate in any of our marketing campaigns. Use of your information for marketing is presented in more detail under the Marketing section below. Personalisation of our website based on your preferences is covered in the Cookies section at the end of this Policy.
• Recruitment: recruitment of staff or interns for Minor Group. As part of your submission of information to us as a result of applying for a position at Minor Group, you give us permission to process your data as part of the recruitment process.
• Compliance with legal obligations: compliance with applicable laws, such as local privacy laws, prevention of fraud or money laundering, police investigations, and tourism regulations

Marketing

We would like to send you information about new products and services of ours and companies within our Group which may be of interest to you. If you have consented to receive marketing, you can opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes.
Each email contains a link which allows an easy opt-out of our services, and if you no longer wish to be contacted for marketing purposes you can opt out at any time.

How data is stored and with whom it could be shared

Data is recorded on paper and IT systems. Our data retention Policy sets out where this data is stored for the above-mentioned purposes.
Data may reside on shared IT systems with one of our group companies, who will be able to access the data for the above-mentioned purposes.
As a global hospitality company, we may transfer your Personal Data across multiple jurisdictions, insofar as reasonably necessary for the purposes, and in accordance with this Privacy Policy, your Personal Data may be transferred to the following locations:

• Countries where our corporate offices are located;
• Countries in which we manage and operate hotels, residences, and/or sales offices; and
• Countries where our third party service providers, advisors, and consultants are located, which changes from time to time.

Where Personal Data is transferred to a country with a lower level of data protection as compared to the country in which the information was collected Minor Group will only transfer data overseas if the appropriate safeguards are in place, and if enforceable data subject rights and effective legal remedies are available to data subjects.

We will only share your information with other entities within our group or third party companies when:

• You agree for us to share this information with third-party companies to receive marketing material from them.
• Sharing your information with other entities within our group or third party companies (such as our suppliers) is necessary to perform the services you have requested from us.

Without prejudice to any communications made to comply with legal or contractual obligations, data may also be disclosed to external parties as required by laws or regulations (e.g. court, tribunal, regulatory authority or governmental entity).

When we share your information with other entities within our group or contracted third party companies we take all reasonable steps to ensure that your information and privacy are protected in line with the applicable legal obligations.

The retention period of your information, documented in our data retention Policy, will be determined based on the following criteria:

• Reasonable business needs: for as long as we provide goods and services to you, or managing our relationship with you, managing our operations; and/or
• Reasonable statutory periods: for as long as someone could bring a claim against us or for as long we need to comply with our fiscal and legal obligations; and/or
• Other retention periods in line with legal and regulatory guidance and requirements.

Minor Group will comply with the required legal time period in each jurisdiction for retaining your personal data.

Data Breach

If there has been compromise of the confidentiality, integrity or availability of personally identifiable information, Minor Group will comply with the requirements of applicable laws in the affected region(s), including GDPR and local legislation.

Our action will be commensurate with the degree of harm associated with the exposure, the requirements of legislation and the requirements of the applicable regulators. This could include notifying you and the relevant data protection supervisory authority to provide you and them with:

• A description of what has occurred;
• The kinds of information concerned; and
• The next steps you should take in response to the data breach.

When determining whether the data breach is likely to result in a high risk to the rights and freedoms of the data subject we will consider factor such as the sensitivity of the information, the kind of persons who could obtain the information and the nature of the harm.
In all cases where we become aware that there has been a data breach but are uncertain of the circumstances we will carry out an expeditious assessment of the circumstances to determine the level of notification necessary to any applicable regulators within any deadline required by the applicable regulations and ensure that any incident is contained as quickly as is possible and within a reasonable length of time depending on the given circumstances.

Your rights and how to exercise them

You have the right to determine how we use your data and to oppose to the purposes of processing at any time. You have the right to withdraw your consent at any time, without affecting the lawful processing of data based on consent up to the point of its withdrawal.

We remind you that you have the right to request from us access to and rectification or erasure of personal data, or a restriction of processing, or to object to the processing of data concerning you subject to the restrictions of the local legal system.

You also have the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format and have the right to transmit such data to another data controller without hindrance from us. In exercising your right to data portability, you have the right to have your personal data transmitted directly from one data controller to another, where technically feasible.

Under certain circumstances where applicable law permits, you also have the right to lodge a complaint with a competent data protection supervisory authority.

You can contact us at privacy.corporate@minor.com to exercise your rights, please note that we may request proof of your identity before making any changes.

Cookies

We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our website). These collect information that tells us how you use our website and web-related services. We use these to compile statistical reports on website activity.

This helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details so we can recognize you if you visit our website again.

You can choose to refuse cookies, or set your browser to let you know each time a website tries to set a cookie. For further information on cookies, visit www.aboutcookies.org or www.allaboutcookies.org where you can also find information on how to turn them off.

The type of cookies we use on this site include:

1. Strictly Necessary Cookies: These cookies are essential, as they enable you to move around the Service and use its features, such as accessing logged in or secure areas.
2. Advertising Cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same advertisements from continuously reappearing, ensuring that ads are properly displayed, and in some cases selecting advertisements that are based on your interests.
3. Analytics Cookies: These cookies collect information that is used, either in aggregate form to help us understand how Minor Group websites are being used or how effective our marketing campaigns are, or to help us customize our websites for you. This information will also be used for evaluating your use of Minor Group website, compiling reports on Minor Group website activity for Minor Group website operators and providing them other services relating to Minor Group website activity and internet usage.

If you wish to block the cookies please visit:

• Google AdWords - http://www.google.com/settings/ads
• Facebook Pixel - You may disable any of these cookies or similar technologies via your browser settings.
• Twitter Advertising - You may disable tailored advertisements via your Twitter settings by visiting the “Promoted content” and “Personalization” sections.
• Google Analytics - You may disable any of these cookies via your browser settings or by downloading a browser add-in: https://tools.google.com/dlpage/gaoptout?hl=de.

You may disable any of these cookies via your browser settings.

Other websites

This privacy Policy applies only to this website which contains links to other websites. If you access websites through the links you should read the privacy policies specific to those websites.