PRIVACY POLICY

REVĪVŌ Asia limited: Privacy Policy

Last updated September 2023

We Are Committed to Protecting Your Privacy

PT. RUMAH KESEHATAN BALI (REVIVO WELLNESS RESORTS “we”, “us”, “ours” or “ourselves” below), located at Jl. Desa Sawangan, Ling. Sawangan, Kel. Benoa, Kec. Kuta Selatan. BADUNG BALI 80361, INDONESIA, have a strong commitment to providing quality service to our guests, patrons and potential customers and are further committed to protecting your privacy.

The processing of personal data of a data subject by the REVĪVO Wellness Resorts shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to REVĪVO Wellness Resorts.

To ensure you as data subject can make informed decisions and feel confident about supplying personal data relating to you when purchasing our products and using our services, we provide this privacy policy (“Privacy Policy”) (together with our terms of use and any other documents referred to on it) outlining the nature, scope, and purpose of the personal data REVĪVO Wellness Resorts collect, use and process. Furthermore, you, as data subject, are informed of the rights which you are entitled. You must read to fully understand all data protection measures adopted by REVĪVO Wellness Resorts . By using our website https://www.revivoresorts.com and/or using services provided by REVĪVO Wellness Resorts, you will be regarded as having accepted the terms of this Privacy Policy.

1. PERSONAL DATA WE COLLECT

In this Privacy Policy of REVĪVO Wellness Resorts, the term “Personal Data” means any information relating to an identified or an identifiable natural person, who is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.1 Personal Data We Collect

We may collect and process the following Personal Data about you:

  • (a) personal information about you including your name, contact number, address, email address, age, gender, passport or other identification document details details
  • (b) your payment information such as credit card information (including credit card number, security code and expiry date) and your bank account details
  • (c) correspondence record between you and us
  • (d) survey information collected when you complete surveys that we use for research purposes
  • (e) details of your visits to our website and information collected through cookies and other tracking technologies which are set out in more detailed in section 5.9
  • (f) your travel details such as flight number, arrival and departure dates and time, country/ point of origin and destination, frequent flyer information, travel partner information, and preferences about room, food and beverages and treatment, service requests, information related to dietary, access or treatment requirements, and where required by local laws, information such as entry visa and driver’s license details
  • (g) your itemized spending including room rates and other expenses billed to your room

1.2 Personal Data about Other Individuals

If you provide us with Personal Data about other individual(s) (e.g. family members or travel companions), regardless of whether you are travelling together, you must inform such individual(s) that you have provided us with their details and let them know where they can find a copy of this Privacy Policy.

1.3 Special categories of Personal Data

“Special Categories of Personal Data” are a subset of Personal Data, and include information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings, and genetic and biometric information.

As a general rule, we do not process Special Categories of Personal Data. We may however process health/medical information in order to handle medical incidents and/or claims as per section 5.7.

Additionally, we may process Special Categories of Personal Data in limited circumstances where you have provided such Special Categories of Personal Data including health/ medical information (e.g. long-term conditions, allergies, disabilities, dietary requirements) so that we can provide our services safely to you (e.g. spa treatments, yoga sessions and meals).

Where we must process Special Categories of Personal Data, we will only do so in strict accordance with this Privacy Policy.  The REVĪVO Wellness Resorts will require your explicit consent before we process any Special Categories of Personal Data unless we are required to do so by law. Where you are providing Special Categories of Personal Data about a travel partner, you agree that you have procured their consent to our collection, processing and disclosure of their Special Categories of Personal Data.

1.4 Processing

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.5 Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interest, reliability, behavior, location or movements.

2. DATA PROTECTION PRINCIPLES

“Supervisory Authorities” are national bodies responsible for data protection. The Supervisory Authorities applicable to the REVĪVO Wellness Resorts are as follows:

  • Spain: Agencia Española de Protección de Datos (AEPD)
  • Netherlands: Personal Data Authority (PDA)
  • France: Commission nationale de l’informatique et des libertés (CNIL)
  • Italy: The Italian Date Protection Authority (Garante)
  • Hong Kong: Privacy Commissioner for Personal Data, Hong Kong (PCPD)

 

3. DATA PROTECTION PRINCIPLES

REVĪVO Wellness Resorts shall comply with the principles of data protection (“Principles”) enumerated in the European Union General Data Protection Regulation (“GDPR”). We will make every effort possible in everything we do to comply with the Principles. The Principles are:

3.1 Lawful, Fair and Transparent

Personal data processing must be fair for a legal purpose and we must be open and transparent as to how the data will be used.

3.2 Purpose Limitation

Personal data can only be processed for purposes which are specified, explicit and legitimate.

3.3 Data Minimisation

Any personal data processed must be necessary, relevant and adequate in relation to the purposes.

3.4 Accuracy

The personal data we retain must be accurate and kept up to date and shall be erased or rectified without delay if it is inaccurate for the purpose of processing.

3.5 Storage Limitation

The retention of personal data in a form for allowing identification of you as data subject should not be longer than necessary.

3.6 Integrity and Confidentiality

We adopt appropriate security measures of the personal data to avoid unauthorized loss or disclosure.

3.7 Accountability

We as controllers must ensure we comply with the Principles and are able to demonstrate the compliance.

4. JUSTIFICATIONS OF USE

Please note that the use of Personal Data under EU data protection laws must be justified under one of a number legal grounds and we are required to set out the grounds in respect of each use in this Privacy Policy.

Following are the principal legal grounds that justify our use of your Personal Data:

Consent: where you have consented to our use of your Personal Data (you will have been presented with a consent form in relation to any such use)

Contract performance: where your Personal Data is necessary to enter into or perform our contract with you

Legal obligation: where we need to use your Personal Data to comply with our legal obligations

Legitimate interests: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights

Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party

Vital interest: where we need to process your Personal Data to protect the vital interest of you or another natural person, e.g. where you require urgent assistance; and

Following are the principal legal grounds that justify our use of your Special Categories of Personal Data:

Explicit consent: You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent by contacting us as set out in section 7.9

We note the grounds we use to justify each use of your Personal Data next to the use in sections 5 and 6 of this Privacy Policy.

5. HOW WE COLLECT AND USE YOUR PERSONAL DATA

We may collect and use your Personal Data in the following ways:

5.1 To Administer Your Reservations

If you would like to make a reservation at the front desk of one of the hotels/resorts/residences of REVĪVO Wellness Resorts, we will request for personal data including your name, address, telephone number, e-mail address and credit card information for payment purposes (including credit card number, code and expiry date). We will use your e-mail address to send an e-mail confirmation of your booking and a pre-arrival message summarizing your confirmation details and preferences. Such pre-arrival message will include other information about the hotel, the area and the weather.

The personal data that you provide to us for making a reservation is made available to the applicable hotel/resort/residence of the REVĪVO Wellness Resorts for the purpose of completing your reservation request. We may also need to collect personal data as required by local laws such as passport numbers, type of entry visa, and driver’s license.  Upon check-in, your personal data will be verified by our staff and you may be requested to indicate whether you wish to opt in and receive hotel promotional literature.

You can make also a reservation by contacting a particular hotel/resort/residence of the REVĪVO Wellness Resorts by phone, email or via the Website. When making a reservation, you will be asked to provide personal data including your name, address, telephone number, email address and method of payment, name(s) of additional guest(s). If you choose to provide us with your e-mail address, a confirmation and a pre-arrival message of your reservation will be sent to you by e-mail.  We may also ask for your travel details (including flight number, arrival and departure dates and time, as well as country/point of origin and destination), room preferences and special requests, which you can provide on voluntary basis, to better prepare ourselves for your arrival and to serve you better before your departure.

You can access the Website from a web-enabled mobile device to find a hotel and/or restaurants operated by REVĪVO Wellness Resorts. You can make a reservation from a web-enabled device. When you make a reservation, you will have to provide personal data including your name, e-mail address and credit card information for guarantee purposes.

Use justification: contract performance, legitimate interest (to enable us to perform our obligations and provide services to you)

5.2 To Provide You with Services

In general, we collect your Personal Data in order for us to provide for hotel related services including but not limited to accommodation, food and beverages, wellness activities and spa treatments, and to facilitate any special requests or assistance that you have asked for, and non-hotel services including transportation services.

We collect your Personal Data including your name and phone number when you make a reservation at our food and beverage outlets.

We collect your personal data including your name, contact details, and where necessary, credit card information for payment purposes when you make a spa reservation. In addition, with your explicit consent, we may collect and process information relating to your health, allergies and treatment preferences before the spa treatment is commenced to ensure that your spa treatment is conducted under safe conditions.

We record your itemized spending to properly assemble your folio during your stay, which includes your room rate and other expenses billed to your room to enable us to charge for our services.

Use justification: contract performance, legitimate interest (to enable us to perform our obligations and provide services to you)

5.3 To Customize Our Services and Products to You

In order to assure your future comfort and attention to your individual needs, after obtaining your explicit consent, other stay specific information may be stored in the property management system at the particular hotel, such as your food and beverage preferences and other special requests for future reference by the REVĪVO Wellness Resorts so as to get ourselves well prepared before your next arrival.

Use justification: legitimate interest (to enable us to perform our obligations and provide services to you)

5.4 To Conduct Direct Marketing

With your explicit consent, we may send you information about REVĪVO Wellness Resorts and restaurants and clubs operated by our group companies, including special offers on accommodation, food and beverage, spa and other hotel services by post or e-mail. It is however our intention to only send you mail and e-mail communications that you may want to receive. When you opt-in or do not opt-out from receiving promotional material either on a guest registration card or when you enrol via the Website, or patronise our restaurants and provide your e-mail address to us specifically and expressly in order to receive marketing communications, we will periodically contact you via e-mail and provide information about special offers and promotions that may be of interest to you. These communications will relate to offers relating to REVĪVO Wellness Resorts, and restaurants and clubs operated by our group companies. We typically use third party e-mail service providers to send e-mails. These service providers are contractually prohibited from using your e-mail address for any purpose other than to send e-mails related to our group operations. Your personal data will not be shared with third parties for their own marketing purposes.

We provide you the ability to unsubscribe from all marketing communications. Every time you receive an e-mail, you will be provided with the choice to opt-out of future e-mails by following the instructions provided in the e-mail. You may also opt-out of receiving promotional materials by sending a letter or fax or email to our Data Protection Officer.

Use justification: consent (which can be withdrawn any time, see Section 7.9)

5.5 For Analytics and Profiling

In connection with our marketing activities, we analyse information that we collect about customers to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. In relation to hotel-related services, we combine Personal Data (including customer behavioural information such as transaction history, spending pattern, preferences, service requests and interactions with us) of customers. From time to time, we will assess the Personal Data that we hold about you in order to tailor or marketing communications to include offers and content that are relevant to you. We may also use this method to avoid sending you offers that are inappropriate or unlikely to be of interest to you. You have the right to opt-out of such analysis of Personal Data at any time.

Use justification: consent (which can be withdrawn any time, see Section 7.9); legitimate interests (to enable us to tailor our marketing to you)

5.6 To Comply with Our Legal Obligations

We record your spending information to comply with financial reporting requirements and those imposed by our auditors and government authorities, and to cooperate with law enforcement agencies, government authorities, regulators and/or the court in connection with proceedings or investigations anywhere in the world where we are compelled to do so.

Use justification: legal obligation, legal claims legitimate interests (to cooperate with law enforcement and regulatory authorities)

5.7 To Handle Incidents and Process Any Claims We Receive

To protect your vital interests in situations of life or death, physical injury or significant health risk, we may be required to process your Personal Data in order to handle any accidents and incidents such as liaising with emergency services. We may also process your Personal Data in order to handle claims made by customers such as personal injury claims. Please note that this may also require the processing of Special Categories of Personal Data please see Section 1.3 for more information.

Use justification: vital interest (in relation to Special Categories of Personal Data), legal claims, legitimate interests (to ensure that incidents and accidents are handled appropriately and to allow us to assist our customers)

5.8 To Tailor Our Wellness Retreat for You

Before you arrival at one of the hotels/resorts/residences of REVĪVO Wellness Resorts, we may ask you to complete a pre-arrival questionnaire which collects your Personal Data (including Special Categories of Personal Data), including food allergy, health history, lifestyle habits, physical and emotional health status. This is to enable us to assess your eligibility in certain activities such that we can tailor a wellness program that is suitable for your conditions.

Use justification: explicit consent (in relation to Special Categories of Personal Data), legitimate interests (to enable us to perform our obligations and provide services to you; to ensure that the wellness retreat we offer are suitable for our customers)

5.9 To Improve Our Services and Products

We may use your Personal Data to assist us in developing new services and products and to improve our existing services and products.

Use justification: legitimate interest (to enable us to continuously improve and develop our services)

5.10 To Ensure Proper Functioning of Our Website (a) Our Website

When you browse the Website, the Website collects series of general data and information which is stored in server log files.  Information collected may be (1) the browser types and versions used; (2) the operating system used by the accessing system; (3) the website from which an accessing system reaches the Website (so-called referrers); (4) the sub-websites; (5) the date and time of access to the Website; (6) an Internet Protocol Address (IP Address); (7) the Internet Service Provider of the accessing system; and (8) any other similar data and information that may be used in the event of attacks on our information technology systems. We treat this information as personal data if identifiable person can be directly or indirectly identified by reference to log files. When using these general data and information, the REVĪVO Wellness Resorts does not draw any conclusions about you as data subject.  Rather, this information is needed to (1) deliver the content of the Website correctly; (2) optimize the content of the Website as well as its advertisement; (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.   Therefore, the REVĪVO Wellness Resorts analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process.  The anonymous data of the server log files are stored separately from personal data provided by you.

(b) Cookies

By using the Website, you agree that we may automatically collect information through the use of “cookies”.  The Website only uses “cookie” technology as a tracking tool. Cookies do not retain your personal data and information provided during the online reservations. Cookies identify your browser, rather than you and cannot be used by themselves to disclose your individual identity. Cookies enable us to track the number of page visits from the same computer or browser to be aggregated for statistical purposes.

Cookies do not corrupt or damage your computer, programs, or computer files. The purpose for which cookies — other than those which are either exclusively intended to enable or facilitate communication by electronic means or strictly necessary for the provision of an online communication service at your express request — are used on the Website is set forth in a banner appearing the first time you land on the Website. By continuing to browse on the Website, you consent to their use.

You may set your browser to block Cookies, although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on the Website. Procedures for managing your settings may differ depending on your browser. Please consult the instructions for your particular browser on how to do this. From commonly used browsers, please click the links below:

  • Microsoft Windows Explorer
  • Google Chrome
  • Mozilla Firefox
  • Apple Safari

If you do not use any of the browsers listed above, choose the “Help” function, followed by “Cookies” to find out where your cookie folder is stored.

(c) Pixel Tags

The REVĪVO Wellness Resorts and our third-party service providers may use pixel tags (also known as “clear gifs”, “beacon gifs” etc.), tracking links and/or similar technology for the following purposes:

(i) Track customer response to the REVĪVO Wellness Resorts advertisements and website content;

(ii) Determine your ability to receive HTML-based e-mail messages. Our e-mail service provider includes a pixel tag, which they refer to as a “coded sensor” in all of the HTML-based messages sent on our behalf. The sensor activates when the e-mail message is opened and flags the e-mail address of the user as one that is capable of receiving HTML-based e-mail messages. This capability helps our service provider to send the e-mail in a format you can read. The sensor does not collect or use any other information. If you cannot receive HTML, you will not receive a functioning sensor;

(iii) Know how many users open an e-mail and allow our service provider to compile aggregated statistics about an e-mail campaign for us; and

(iv) Allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you. Your personal data and information will not be collected apart from what you voluntarily provide us in your dealings with our group operations.

(d) Device Identifiers

When you access the Website by or through a mobile device (including but not limited to smartphones or tablets), we use one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify its mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how you browse and use the Website. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Website may not function properly if use or availability of device identifiers is impaired or disabled.

(e) User Identifiers

When you access the Website, we use one or more “user identifiers.” User identifiers are small data files or similar data structure assigned to you that will be used to enable you to continue to use the Website. A user identifier may convey information to us about how you browse and use the Website. A user identifier may remain persistently on your device or computer, to help you log in faster and enhance your navigation through the Website. Some features of the Website may not function properly if use or availability of user identifiers is impaired or disabled.

(f) Location Data

When you access the Website by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey to us information about how you browse and use the Website. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.

(g) Contact Possibility via the Website

The Website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes e-mail address and online enquiry form. When completing an enquiry form, we will request you to provide personal data and information including your name and email address. If you contact us by e-mail or via the enquiry form, the personal data transmitted by you are automatically stored.  You may also access the Website from a link in an email that we send to you or where you have created a profile under LOGIN and you log-in to your account on a voluntary basis. When creating a profile under LOGIN, we will request you to provide personal data and information including your name and email address.  Such personal data transmitted on a voluntary basis by you to us are stored for the purpose of processing or contacting you. There is no transfer of this personal data to third parties.

Use justification: contract performance, legitimate interest (to enable us to provide you with the content and services on the Website)

5.11 To Register You as a User

For hotel related services, upon completing an online room reservation, you can set up, review or update your information (including your Personal Data) online.

Use justification: contract performance, legitimate interest (to allow us to bring you onboard as a user)

5.12 Protecting Your Credit Card Information

The credit card information provided by you to REVĪVŌ wellness resorts will be stored in a confidential manner. Our employees may access such information only when there is an appropriate business reason to do so, such as when a refund must be issued back to the credit card. We maintain physical, electronic and procedural safeguards to protect your information, and our employees are required to follow these privacy standards.

6. DISCLOSURE TO THIRD PARTY

The REVĪVO Wellness Resorts may engage third parties to assist in the provision of service by us to you and which may, as part of their role in delivering the service, process your personal data. As part of using service provided by REVĪVO Wellness Resorts, you consent to us sharing your Personal Data with the following parties:

  • agents, other service providers and third party partners who process and store personal data and information;
  • professional advisors;
  • law enforcement agencies;

In this respect agents, other service providers and third-party partners who process and store personal data and information of the REVĪVO Wellness Resorts are hereinafter referred to as ‘Subprocessors’.  The REVĪVO Wellness Resorts maintains a list of all Subprocessors that may process your personal data.

The REVĪVO Wellness Resorts has concluded data processing agreements with all Subprocessors in which they are required to abide by substantially the same obligations as the REVĪVO Wellness Resorts under this Privacy Policy.

Unless otherwise described elsewhere in this Privacy Policy, we do not disclose, sell or trade any to any of your Personal Data and information to third parties.

6.1 Third party service providers who process Personal Data on our behalf

We may share Personal Data and information with Subprocessors such as the credit card processor working with us in connection with the operation of the Website and/ or service provided by us to you and who need access to such personal data and information to carry out their work for us. Any credit card details collected are simply passed on in order to be processed as required. We never permanently store complete credit card details.

In addition to the required information sharing described above, we use the services of third party agents, such as e-mail service providers and mail houses for the purpose of mailing materials to our patrons. These parties are contractually prohibited from using your Personal Data for any purpose other than for the purposes specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of your personal data to entities outside of the REVĪVO Wellness Resorts for any use unrelated to our group operations or use of your Personal Data by third party for their own purposes.

Use justification: contract performance, legitimate interest (to enable us to perform our obligations and provide services to you)

In some cases, Subprocessors may be directly collecting your personal data from you on our behalf. If Subprocessors provide your personal data to REVĪVO Wellness Resorts, REVĪVO Wellness Resorts shall mention what Personal Data and information that Subprocessors provide to REVĪVO Wellness Resorts on the list that REVĪVO Wellness Resorts keep of its Subprocessors. We inform Subprocessors that they are not permitted to use your Personal Data they obtain from us other than to provide the service for us. We are not responsible for any additional information you provide directly to these Subprocessors. Please become familiar with their practices before disclosing any of your personal data directly to such Subprocessors.

6.2 Sharing of Personal Data with your express consent

From time to time, we may also share your Personal Data with third parties when you give us your explicit consent to do so. For example, we may enter into relationships with other parties to make specific services or offers available directly to you. If you opt-in to these third-party services or marketing offers, we may share the Personal Data you provide at the time of sign-up or such other Personal Data, such as your name or other contact information, that we deem reasonably necessary or appropriate for our business partner to provide these services or offers or get in contact with you.

Use justification: consent (which can be withdrawn any time, see Section 7.9)

6.3 Law enforcement agencies, government authorities, regulators and the court

We may disclose your Personal Data in the good faith belief that we are lawfully authorized or required to do so, or that doing so is reasonably necessary or appropriate to comply with the law or with legal process or authorities, respond to any claims, or to protect the rights, property or safety of REVĪVO Wellness Resorts, our users, our employees or the public, including without limitation to protect REVĪVO Wellness Resorts or our users from fraudulent, abusive, inappropriate or unlawful use of our service. REVĪVO Wellness Resorts will promptly notify you of any request of an executive or administrative agency or other governmental authority that it receives, and which is related to your Personal Data and information, unless prohibited by applicable law. REVĪVO Wellness Resorts will provide you with reasonable information in its possession that may be responsive to the request as stated above, and any assistance reasonably required for you to respond to the request in a timely manner. This also applies when we have reason to believe that disclosing the Personal Data is necessary to obtain legal advice, to identify, investigate, protect, contact or bring legal action against someone who may be causing interference to our guests, visitors, associates, rights or properties, or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities. You acknowledge and agree that REVĪVO Wellness Resorts has no responsibility to interact directly with the entity making the request.

Use justification: legal obligation, legal claims, legitimate interest (to enable us to perform our obligations and provide services to you)

6.4 Third parties who require such data in connection with a change in the structure of our business

In the event that we (or a part thereof) are (i) subject to negotiations for the sale of our business or (ii) sold to a third party or (iii) undergo a reorganization, you agree that any of your Personal Data which we hold may be transferred to that re-organized entity or third party and used for the same purposes as set out in this Privacy Policy, or for the purpose of analyzing any proposed sale or re-organization. We will ensure that no more of your Personal Data is transferred than is necessary.

Use justification: contract performance, legitimate interest (to allow us to run and manage our business)

Please note that nothing herein restricts the sharing of aggregate information, which may be shared with third parties without your consent.

7. YOUR RIGHTS

You as data subject have rights to your personal data which we must respect and comply with to the best of our ability.  We must ensure you can exercise your rights in the following ways:

7.1 Right of confirmation

You shall have the right to obtain from us the confirmation as to whether or not your Personal Data and information concerning you are being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact our Data Protection Officer or any of our staff.

7.2 Right of access

You shall have the right to obtain from us free information about your Personal Data stored at any time and a copy of the same.  Furthermore, you are also entitled to access to the following information:

(a) the purposes of the processing;

(b) the categories of Personal Data concerned

(c) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;

(d) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;

(e) the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of Personal Data concerning you, or to object to such processing;

(f) the existence of the right to lodge a complaint with a supervisory authority;

(g) where the Personal Data are not collected from you, any available information as to their source;

(h) the existence of automated decision-making, including profiling as well as the significance and envisaged consequences of such processing for you. Furthermore, you shall have a right to obtain information as to whether your Personal Data are transferred to a third country or to an international organization. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer. If you wish to avail yourself of this right of access, you may at any time contact our Data Protection Officer or any of our staff.

7.3 Right to rectification

You shall have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you.  Taking into account the purposes of processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement. 
If you wish to exercise this right of rectification, you may, at any time, contact our Data Protection Officer or any of our staff.

7.4 Right to erasure

You shall have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

(a) The Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) You withdraw consent to which the processing is based and where there is no other legal ground for the processing;

(c) You object to the processing and there are no overriding legitimate grounds for the processing pursuant to Article 21(1) of the GDPR

(d) You object to the processing for direct marketing purposes.

(e) The Personal Data have been unlawfully processed.

(f) The Personal Data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(g) The Personal Data have been collected in relation to the offer of information society services to a child.

If one of the aforementioned reasons applies, and you wish to request the erasure of Personal Data stored by REVĪVO Wellness Resorts, you may at any time contact our Data Protection Officer or any of our staff.  Our Data Protection Officer or any of our staff shall promptly ensure that the erasure request is complied with without undue delay.

7.5 Right of restriction of processing

You shall have the right to obtain from us restriction of processing where one of the following applies:

(a) The accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of the Personal Data.

(b) The processing is unlawful and you oppose the erasure of the Personal Data and requests instead the restriction of their use instead.

(c) We no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.

(d) You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforesaid conditions is met, and you wish to request the restriction of the processing of Personal Data stored by REVĪVO Wellness Resorts, you may at any time contact our Data Protection Officer or any of our staff.  Our Data Protection Officer or any of our staff will arrange the restriction of the processing.

7.6 Right to data portability

You shall have the right to receive the Personal Data concerning you, which was provided to us, in a structured, commonly used and machine-readable format.  You shall have the right to transmit those data to another controller without hindrance, where technically feasible and when doing so does not adversely affect the rights and freedom of others. In order to assert the right of data portability, you may at any time contact our Data Protection Officer or any of our staff.

7.7 Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of Personal Data concerning you based on legitimate interest or performance of a public interest task. This also applies to profiling based on these grounds. If the REVĪVO Wellness Resorts processes Personal Data for direct marketing purposes, you shall have the right to object at any time to processing of Personal Data concerning you for such marketing.  This applies to profiling to the extent that it is related to such direct marketing.  If you object to the REVĪVO Wellness Resorts to the processing for direct marketing purposes, the REVĪVO Wellness Resorts will no longer process the personal data for these purposes. In order to exercise the right to object, you may directly contact our Data Protection Officer or any of our staff. In addition, you are free in the context of the use of information society services, and to use your right to object by automated means using technical specifications.

7.8 Right in relation to automated individual decision making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you as long as the decision (i) is not necessary for entering into, or the performance of, a contract between you as data subject and us as a data controller; or (ii) is not authorized by Union or Member State law to which the REVĪVO Wellness Resorts is subject and which also lays down suitable measures to safeguard you rights and freedoms and legitimate interests, or (iii) is not based on your explicit consent. If the decision (i) is necessary for entering into, or the performance of, a contract between you as data subject and the REVĪVO Wellness Resorts as a data controller, or (ii) it is based on your explicit consent, the REVĪVO Wellness Resorts shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and contest the decision. If you wish to exercise the rights concerning automated individual decision making, you may at any time directly contact our Data Protection Officer or any of our staff.

7.9 Right to withdraw consent

You shall have the right to withdraw your consent to processing of your Personal Data at any time.  If you wish to exercise your right to withdraw your consent, you may at any time contact our Data Protection Officer or any of our staff.

7.10 Right to Complain

In the event that you wish to make a complaint about how your Personal Data and information is being processed by the REVĪVO Wellness Resorts or its partners, you have the right to complain to the Supervisory Authority.  You may contact our Data Protection Officer on information in relation to how to lodge such complaint.

8. DATA TRANSMISSION ACROSS INTERNATIONAL BORDERS

As a global company, the REVĪVO Wellness Resorts endeavor to provide you with the same outstanding service in Bali & France. To achieve this goal, we have established a global network comprised of properties, offices, global customer service centers, data centers, trusted service providers, and trained associates around the globe. The nature of our business and our operations require us to transfer your personal data and information to other group companies, properties, centers of operations, data centers, or service providers that may be located in countries outside of your own for the purposes mentioned in this Privacy Policy.

The REVĪVO Wellness Resorts may transfer your personal data within European Economic Area (EEA) and to non EEA countries including our headquarters in Hong Kong as well as other countries where we are present, including Japan, Thailand, Indonesia, Himalayas, Spain Portugal, Holland, and Italy for the purposes specified in this Privacy Policy. We also use third party service providers located outside of these countries to process email confirmation, online bookings and post-stay surveys.

Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, the REVĪVO Wellness Resorts will ensure there is an appropriate level of protection for your fundamental rights as data subjects and implement, where necessary appropriate measures, including adopting approved model contract clauses and approved binding corporate rules, to secure the transfer of your personal data and information to the third party service providers located in non EEA countries.

9. RETENTION OF PERSONAL DATA

The REVĪVO Wellness Resorts retains Personal Data for no longer than is necessary for fulfillment of purposes as stipulated in this Privacy Policy.  We will promptly delete or otherwise render inaccessible personal data and information except as may be required by law.

10. DATA STORAGE

The REVĪVO Wellness Resorts holds personal data in the following manner:

10.1 Customer Information System and Reservation System

We store Personal Data collected in our Customer Information System and Reservation System (“CIR Systems”) at the time when a reservation is made.  The CIR Systems are secure customer databases stored  on servers hosted by a third party service provider. The personal data stored in CIR Systems includes guest name, address, phone numbers, position, company name and credit card information.  We may also store other personal data and information such as customers’ preferences in relation to room types, food and beverage, other service preferences and transaction history. This information may be shared within the REVĪVO Wellness Resorts to better anticipate your needs prior to and during your stay.

10.2 Marketing Database

The REVĪVO Wellness Resorts maintains a database of customer information which is used for marketing, promotion and research, understanding and analyzing customer behaviour and customer profiling to improve our services. You will receive marketing and promotional materials if you have already given your express and specific consent in data collection forms. You may elect to unsubscribe from receiving future e-mail promotions at any time.

11 DATA SECURITY

11.1 Transmission over internet

We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access and use.  We use SSL protocol – an industry standard for encryption over the Internet, to protect our customers’ Personal Data and information. When you type in sensitive information such as credit card details, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive data is encrypted as it travels over the Internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the computer screen.

11.2 Email and Online Communication

It is important to note that all e-mail communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail, for example, from the “Contact Us” section of the Website. We recommend that you do not include any sensitive information including credit card details when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure.

To be prudent, it is advisable to always close your browsers when you have finished completing a form or a reservation. Although the session will automatically terminate after a short period of inactivity, it is easier for a third party to gain access to your profile whilst you are logged onto the Website and making a reservation.

Please note that companies of the REVĪVO Wellness Resorts will never send you an e-mail requesting your password, credit card number or passport, personal identity card or social security number. If you receive any suspicious e-mails that looks like it is from our group, but asks you for your credit card number or passport, personal identity card or social security number, it is a fraudulent e-mail, or “phishing”. We recommend that you do not reply to the e-mail or click onto any links or pop-up messages and report to the local authorities which handle fraudulent e-mails. If you believe “phishers” have gained access to your personal or financial information, we recommend that you also change your password(s), alert your credit card service provider and bank and review credit card and bank account statements to check for unauthorised charges.

11.3 Internal Controls

The REVĪVO Wellness Resorts trains their employees and staff on the importance of data privacy and protection. The Privacy Policy is updated as required to reflect any changes in applicable laws and developments in best practice procedures. Further, we limit the number of individuals within the group with access to personal data and information to those directly involved in the process of providing quality service to you.

11.4 Incident Management

The REVĪVO Wellness Resorts shall evaluate and respond to incidents that create suspicion of unauthorized access to or handling of Personal Data and information. The response will be to restore confidentiality, integrity and availability of the environment of our services provided to you. Furthermore we shall establish root causes and remediation steps.

The REVĪVO Wellness Resorts shall inform you within 24 hours after a data breach has been noticed. The REVĪVO Wellness Resorts shall provide you with a description of the data breach, the type of data / personal data that was the subject of the breach and steps taken in order to cure the data breach and prevent further consequences of the breach. The REVĪVO Wellness Resorts will provide further information upon your request. The REVĪVO Wellness Resorts and you shall coordinate in good faith any related (public) statements and / or notifications to any privacy authority and/or affected data subjects / persons.

The REVĪVO Wellness Resorts will inform you immediately after it has become aware of the fact that (i) the REVĪVO Wellness Resorts and/or its personnel infringe applicable data protection legislation or obligations under this Privacy Policy, (ii) third parties have unauthorized or unintended access to the Personal Data.

The REVĪVO Wellness Resorts will keep you duly informed on any new developments in relation to a data breach. All notifications of data breaches by us to you will be made in writing. If time and circumstances do not permit a written notification, we may notify you through other means, provided that such notification is followed up by a written confirmation by us as soon as possible thereafter.

As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.

12. CHILDREN’S PRIVACY

The Website is not intended for children and minors and the REVĪVO Wellness Resorts do not knowingly solicit or collect personal data and information from children and minors. As a parent or legal guardian, please do not allow your children to submit their personal data to us without your permission.

13. OTHER SITES

The REVĪVO Wellness Resorts is only responsible for this Privacy Policy and content of the Website. The Website may contain links to other sites of third parties. We are not responsible for the data collection and use practices, privacy policy or the use of cookies on other websites that you have accessed the Website from and to the non-REVĪVO Wellness Resorts websites that you may access from the Website. We advise you to review the privacy policies of such third parties before submitting your Personal Data and information.

DATA PROTECTION OFFICER

If after reviewing this Privacy Policy you have any questions or concerns or would like to exercise your rights as mentioned in this Privacy Policy, please contact our Data Protection Officer by :

EMAIL: [email protected]

By MAIL: Room 1601, 16th Floor, Wilson House, 19-27 Wyndham Street, Hong Kong

CHANGES TO THIS PRIVACY POLICY

In the future, we may need to make additional changes. All additional changes will be included in the Privacy Policy published on the Website, so that you will always understand our current practices with respect to the Personal Data we gather, how we might use your Personal Data and disclosures of that personal data to third parties. You can tell when this Privacy Policy was last updated by looking at the date at the bottom of this Privacy Policy. Any changes to the Privacy Policy will become effective upon posting of the revised version on the Website, and where appropriate, notified to you by e-mail.

This Privacy Policy contains numerous general and technical details about the steps we take to respect your privacy concerns. We have organised the Privacy Policy by major processes and areas so that you can review the information of most interest to you.