Rawa Island Resort Sdn Bhd Personal Data Protection Policy

This Personal Data Protection Policy (“PDPA Policy”) explains the manner in which your personal information collected from or provided by you is processed, disclosed and safeguarded by Rawa Island Resort Sdn Bhd (“the Company”). The Company is committed to ensuring your personal information is protected. The Company understands and appreciates you are concerned about your privacy and about the confidentiality and security of information we may collect about you. We pledge to fully comply with the requirements of the Personal Data Protection Act 2010 (“PDPA”) which came into effect on 15th November 2013. The following discloses our information gathering and dissemination practices.

The Application of this PDPA Policy

This PDPA Policy applies to personal data and information in any form, whether electronic or written, regarding guests and other individuals who enters into transaction with us.

This PDPA Policy conveys our commitment to protect your personal information and has been adopted by all the hotel and resort properties owned, managed and/or operated by the Company or its affiliated or associated companies. References to "Rawa Island Resort", "we", "our" and "us" hereinafter, depending on the context, collectively refer to the Company or its affiliated or associated companies..

Our collection of Personal Information

The term "personal data" in this PDPA Policy refers to personal information which is capable of identifying you as an individual. You can visit our website without providing any personal data or information. When we need to collect personal data from you to provide you with a particular service, we will ask you to voluntarily supply us with the information we need. Personal data may be collected for purposes including but not limited to:

  1. fulfilling reservations or requests for information or services,
  2. accommodating your personal preferences,
  3. purchasing our products or services,
  4. registering for our program memberships,
  5. submitting job applications; and/or
  6. facilitating communications ("the Purpose").

Types of Personal Information we collect

The types of personal data that we process include but not limited to:

  • your name and address, contact information, Identity Card/Passport and Visa information;
  • guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, observations about your service preferences, telephone numbers dialed and faxes and telephone messages received;
  • your credit card details, CVC number, bank account  details, email address, profile or password details and any frequent flyer or travel partner programme affiliation;
  • any information necessary to fulfill special requests (for example, leisure, travel and guest preferences);
  • your reviews and opinions about our services;
  • Information derived from cookies (small text files placed on our computer which uniquely identify your browser the next time you visit this Rawa Island Resort Site, save where you disable cookies or otherwise manage them, or do not use any of the Company’s services which require cookies to be enabled.
  • Information gathered automatically by our computer systems programmed to gather certain anonymous data to help us understand how this Rawa Island Resort Site is being used and how we can improve it. This automatically gathered data includes your computer’s IP or “Internet Protocol” address, browser type, browser language, the pages visited, previous or subsequent sites visited, length of user sessions, access status or conditions.
  • Information shared with third party social media websites and services through our site (such as Facebook/Twitter) will be governed by their privacy policies. You may also be able to modify your privacy settings with these third party social media web sites.
  • Information that is gathered through registration that you specifically give the Company.
  • CCTV recording of you in our premises.

Our commitment to Data Security

To maintain the accuracy of your personal data, as well as preventing unauthorised access to and ensuring the correct use of your personal data, we have carried out appropriate physical, electronic and managerial measures to safeguard and secure the personal data we collect. These measures are subject to ongoing review and monitoring. Whilst we make every effort to protect your personal data, no security measures can guarantee that your personal data and information will not be subject to interference, misuse or hacking and we shall not be responsible for any loss, misuse or alteration arising as a result of such incidents.

How we use your information and whom we may disclose it to

The information that we collect about you is used to help you access the services or acquire the goods that the Company provides more easily. The Company will use reasonable endeavors to keep the information we collect from you confidential. We do not sell, rent, loan, trade or lease your personal data stored in our database to any third parties. We may disclose the personal information, other information or data we collect from you if:

  • disclosure of information to our service providers, agents or business partners and affiliates that we work with in connection with our business;
  • in circumstances where we believe that disclosure is required under the law, to cooperate with regulators or law enforcement authorities; or to enforce our Terms of Use or other agreements; or to protect our rights, property or safety of the Company, our customers or others. The foregoing includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk protection;
  • In the event that the Company or substantially all of its assets are acquired by or merged with another, your personal information may become subject to a different privacy policy;
  • The Company may contract with third parties who do analysis and development on our behalf. We may share your information with such a third party provided that such third party uses the information only to perform services as requested by the Company and agrees to maintain the information as strictly confidential.
  • We may also use your information to send you promotional material, which you may find of interest. If you do not wish to receive any such material you may simply choose to "unsubscribe" from our mailing lists or inform our Personal Data Protection Officer in writing and no further material will be sent to you. 

Rights of Access and Correction

You have the right to request to access and correct your Personal Data in our records (subject always to exemptions provided under the PDPA or other laws). We will make every endeavour to ensure that your personal information is accurate and up to date but you are responsible for informing us about changes in your Personal Data and for ensuring that such information is accurate and current.

You have the right to:

  • request access  and access to your Personal Data in our records for verification purposes;
  • request the correction of your Personal Data in our records in the event the information is inaccurate, misleading, out-of-date or incomplete upon validation and verification of the new information;
  • request that your Personal Data shall only be kept for the fulfilment of the purpose of the collection of such information;
  • communicate to us your objection to the use of your Personal Data for marketing purposes; and
  • withdraw, in full or in part, your given consent, subject to any applicable legal restrictions, contractual conditions and a reasonable time;

You may request for access to or correction of your Personal Data or limit the processing thereof by submitting your written request to us via : 

Personal Data Protection Officer
Rawa Island Resort Sdn Bhd
Suite 1.03, Level 1, Wisma E & C
No. 2 Lorong Dungun Kiri
Damansara Heights 50490
Kuala Lumpur, Malaysia.
Tel : +603-2095 6393 
Fax : +603-2095 6390
Email : owen@rawaislandresort.com  

We reserve the right to impose a reasonable administrative fee for access of your Personal Data by you as permitted under the Personal Data Protection Act.

In respect of your right to access and/or correct your Personal Data, we have the right to refuse the request to access and/or make any correction to your Personal Data for the reasons permitted under the law, such as where the expense of providing access to you is disproportionate to the risk to your or another person’s privacy.

Storage of data

Any personal information that we collect about customers including email addresses will be kept in a database of the Company. The Company will take all steps reasonably necessary to ensure that the database is treated securely and in accordance with this Privacy Policy Statement, and to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data.

Choices to Limit Processing of Personal Data

he provision of your personal data to us is voluntary. If you do not provide your personal data to us, we may not be able to provide you the services which you require, may not be able to accomplish the Purpose and may not be able to communicate with you.

By providing your personal data and information to us, you are hereby deemed to have consented to us processing your personal data in the manner identified in this PDPA Policy. However, if you wish to withdraw or limit your consent, kindly notify us in writing immediately.

You have the right to limit in part or wholly any other processes of your personal data other that the Purpose it was initially given. If you wish to limit, kindly inform us immediately your request and the details on how the processing of your personal data is to be limited. 

You may at any time withdraw or amend, in full or in part, your processing consent given subject always to any applicable legal restrictions, contractual conditions by contacting us at the details provided in Section 6 above. Kindly inform us immediately your request for withdrawal or amendment. 

Your visit to our public website may be recorded for analysis on the number of visitors to the site and general usage patterns. Some of this information will be gathered through the use of “cookies”.

If you do not wish your Personal Data to be collected via cookies on the Websites, you may deactivate cookies by adjusting your internet settings to disable, block or deactivate cookies, by deleting your browsing history and clearing the cache from your.

Links to Third Party Website

The Websites may contain links to third parties’ websites. Please note that Rawa Island Resort Sdn Bhd is not responsible for the collection, use, maintenance, sharing or disclosure of data and information by such third parties. If you provide information directly to such sites, the privacy policy and terms of service on those sites are applicable and we are not responsible for the information processing practices or privacy policies of such sites.

Consequences of Refusal / Failure to Provide Personal Data

The Personal Data provided to us are wholly voluntary in nature.  However should your refusal or failure to provide the Personal Data results in the following, we shall not be held liable for any of the consequences arising therefrom:

  1. the inability of parties to formalize and/or carry out  the relevant agreement or transaction in relation to our product and/or services;
  2. the inability for us to provide you with the information, notices, services and/or products requested;
  3. the inability for us to update you with the latest promotion, product and/or services and obtaining your feedbacks on our products and/or services;
  4. the inability of the relevant third parties to provide product and/or services to you on our behalf.

Inconsistency 

In the event of any inconsistency between the English language version of the Personal Data Protection Notice and Policy and their corresponding Bahasa Malaysia and Chinese language version, the terms in the English language version shall prevail.

Third party consent

In the event you have provided personal data of third parties (e.g. your emergency contact person, authorised representatives) to us, we rely on you to and deem that you have sufficiently obtained the prior consent of such third parties to allow us to process their personal data in relation to the Purpose and you have advised them to read our Personal Data Protection Notice and Policy.

Changes to our Personal Data Protection Policy

We may, from time to time, without prior notice to you, be required to change our Personal Data Protection Policy to comply with or be consistent with changes in the applicable law and regulations as well as our business operations or policies. As such, we encourage you to check our Personal Data Protection Policy at our website from time to time.