Last Update - 23 November 2021
1. GENERAL / INTRODUCTION
a) This Privacy Policy (“Privacy Policy”) is provided by OMT Hotels Sdn Bhd (Registration No. 200501035610 (717756-M)), ECML Hotels Sdn Bhd (Registration No. 201701022399 (1236565-X)) , OHG Services Sdn Bhd (Registration No. 201101018275 (946411-T)) (as applicable) including their respective franchisees, associates, related companies, subsidiaries and affiliates who operate hotels under the Tune Hotels, Ormond and/or MoMo’s brand (collectively referred to as “Ormond Group Hotels”, “Ormond Group”, “we”, “our” and “us”).
b) This Privacy Policy describes how and when we collect your personal information, what that information may be used for, who uses it, when it may be disclosed to other parties, how you can access your details and seek correction of your details, how you control your own personal information and how you can contact us.
c) By submitting or providing us with your Personal Information (defined below) or by virtue of you visiting any of our Ormond Group Hotels’ website (https://www.ormondhotels.com),(https://www.tunehotels.com), (https://www.stayatmomos.com/) and/or https://www.thechowkit.com/ (together our “Websites”) and our mobile App, or by using any of our products and services, you are deemed to have read and agree to be bound by this Privacy Policy and consent to the use, processing, transfer and/or disclosure of your Personal Information (defined below) collected by us and all persons involved in the provision of services, in the manner set out in this Privacy Policy.
d) If you are a resident of the European Union (“EU”), please see Appendix A for additional information regarding Ormond Group Hotels’ use of your Personal Information.
e) For the payment transactions from any of our Website handled and processed by Notel Management Sdn Bhd for and on behalf of the Ormond Group Hotel, Notel Management Sdn Bhd will assist in complying with its obligations under this Privacy Policy.
2. NOTICE
a) This Privacy Policy serves as a notice pursuant to the Malaysian Personal Data Protection Act 2010.
b) We may vary or update this Privacy Policy from time to time. We will notify you of these changes to our Privacy Policy on our Website. Please check our Website regularly for updates to our Privacy Policy.
3. INFORMATION COLLECTION AND USE
a) We may collect and hold personal information/data (“Personal Information”) about you or someone else whom you are making a booking for or traveling with (“Third Party”) that is, information relating to you or such Third Party, as an identifiable person. This Personal Information includes without limitation, your full name, gender, postal and email address, telephone number, nationality, passport number, date and place of birth, visa or other government-issued identification data, other contact details, identification details, credit and debit card number or other payment details, booking and travel information, membership or loyalty program data, participation in contests or marketing programs, guest preferences, correspondences and other information relevant to providing you with the services you and/or the Third Party are, or someone else you know, is seeking, which we receive from you through a variety of sources, including without limitation, our Website, booking engines, voice or telephone reservations facilities provided, check-in facilities, social media sites or campaigns, direct marketing campaigns, contests, walk-in or distribution channels, including online travel agencies. If you submit Personal Information of a Third Party to us, you agree that you have obtained the consent of such Third Party to provide us with their Personal Information and to view or change their information and you permit us to use the Personal Information in accordance with this Privacy Policy. You agree to indemnify us in the event we suffer any loss or damage as a result of your failure to comply with the same.
b) We may collect other data which do not generally reveal your specific identity or do not directly relate to you or a Third Party as an individual (“Other Data”). To the extent Other Data reveals your specific identity or relates to you or a Third Party as an individual, we will treat such Other Data as Personal Information. Other Data includes without limitation, a catalogue of the site pages you visited, number of visits to our Website, browser and device data, app usage data, data collected through cookies (see the COOKIES section below), pixel tags and other technologies, demographic data and other data provided by you and aggregated data.
c) If you are using a mobile device when browsing our Website or make any bookings through our Website or mobile Apps, we may collect your IP address or other device identifier, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other portable device information.
d) When you log into our hotel’s WiFi or have your WiFi settings switched on in any of our Ormond Group Hotels or where you are using a mobile device whilst in our Ormond Group Hotels with its WiFi capability switched on or during your access to our free WiFi, we may additionally collect your phone operating system details, MAC address and location data whilst you are within any of our Ormond Group Hotels or immediately within its perimeters. If you do not want us to track your device or use your information in this way, please turn off the WiFi capability on your phone or other electronic device within your settings.
e) You are responsible for ensuring that the Personal Information you provide us is accurate, complete and not misleading and that such Personal Information is kept up to date.
f) We may collect Personal Information in one or more of the following circumstances or for one or more of the following purposes:
(i) to process your booking and for other operational and administrative purposes, including without limitation, processing bills and payments, travel notification, manage your account;
(ii) to complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with customer related service;
(iii) to provide you or someone else you know customer support and services. In the case where the Personal Information is provided to us in your application for a role with any member of the Ormond Group, to assess your suitability of employment with us, performing the contract of service, personnel administration, training and management purposes, purposes related to a benefit provided to you as an employee of a member of the Ormond Group, performing such other contract as may have been entered between you and us and such other purposes as may be related to the foregoing;
(iv) to undertake various activities that are required by law and to comply with legal and regulatory obligations, including financial reporting requirements imposed by government regulators and our auditors;
(v) for the establishment, exercise or defence of legal claims or proceedings;
(vi) for administrative, operational, marketing, planning, product or service development, troubleshooting and research requirements;
(vii) to send you information on products and services, and special or promotional offers, newsletters, customer survey forms, market research and questionnaires;
(viii) as part of a program you have joined (e.g. loyalty program) or purchase you have made to offer and manage your participation in the loyalty program, send you offers, or promotions and information about your account status and activities;
(ix) for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed-circuit television (CCTV), card keys and other security systems), developing new goods and services, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
(x) to resolve disputes or enforcement of our terms and conditions available at our Website (if any) or any of our Ormond Group Hotels; and
(xi) for any purpose made known to you at the time at the time of collection of your Personal Information (collectively referred to as “Purposes“).
g) At any time you may opt-out of receiving marketing communications from us by contacting us (see the CONTACTING US section below) and we will ensure that your name is removed from our mailing list.
h) We use general, aggregated information to generate statistics and measure site activity to improve the usefulness of customer visits. Such information does not include Personal Information.
i) We may disclose your information:
(i) to our related companies, affiliates, advisors, contractors, vendors or service providers, licensees, auditors, banks, business partners for the purposes of operation and maintenance of our Website or our business, for cross-promotional purposes and to otherwise provide customer support and services to you;
(ii) to owners and operators of our franchised hotels or our business partners and investors;
(iii) to other third parties with whom we have commercial relationships, for marketing, advertising and related purposes, unless you have indicated that you do not wish for us to disclose to such third parties for marketing and advertising purposes;
(iv) to social media websites;
(v) to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the Ormond Group Hotels’ business, assets or stock (including any bankruptcy or similar proceedings);
(vi) to permit us to pursue available remedies or limit the damages that we may sustain in a court of law; and
(vii) as required or authorised under law or provided in co-operation with any governmental authority.
j) If you fail to provide us with Personal Information stated in paragraph 3(a) above, we may not be able to perform and/or carry out any of the Purposes.
4. SENSITIVE INFORMATION
The term “sensitive information” refers to information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, traded union membership, physical or mental health, sexual orientation, genetic information, criminal background and any biometric data used for the purpose of unique identification. In some jurisdictions, mobile phone numbers, location data, and information contained on identity documents also are considered sensitive information.
We do not generally process sensitive information unless you explicitly consent to the processing of your sensitive information or unless we are required to do so pursuant to applicable laws or regulations. We may use health data provided by you to serve you better and meet your particular needs (for example, the provisions of disability access).
5. TO PREVENT FRAUD
We share your financial information including your credit, debit card or other payment information with third parties to ensure that your payment is safe and that your details are not being used fraudulently. This data sharing enables us to conduct fraud analysis which ensures that genuine and accurate payment details are provided to us for any purchase. We may share your Personal Information with credit agencies if you are requesting credit.
6. MARKETING AND PROMOTIONAL COMMUNICATIONS
a) We may use the Personal Information provided to send you information on products and services, and special or promotional offers offered by any member of the Ormond Group, newsletters or customer survey forms and questionnaires via SMS, post and email unless you have indicated that you do not wish to receive such materials.
b) You may opt out of receiving any communications from us at any time by clicking on the “unsubscribe link” on the relevant email communications or contact us with your request (see the CONTACTING US section below).
7. SECURITY OF YOUR PERSONAL INFORMATION
a) We will take reasonable steps to protect any Personal Information we receive from you via our Website from misuse and loss and from unauthorised access, modification or disclosure. We may hold your Personal Information in either electronic or hard copy form or retain third parties to hold that information on our behalf. Where required by applicable laws, Personal Information will be destroyed or de-identified when no longer needed.
b) By providing us with Personal Information or using our services or our Website, you consent to the transfer, storage and processing of Personal Information to where our servers, central database and system facilities are located and/or operated, which may be outside your country of domicile or the location where you access our Website to provide Personal Information, and which may include, among others, Malaysia, Singapore, Australia the United States and the United Kingdom.
c) However, as the Website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us and you do so at your own risk.
8. LINKS TO OTHER WEBSITES
a) Our Website may contain links to websites operated by third parties (“Third Party Websites”). We are not responsible for the privacy practices or the content of Third Party Websites. Third Party Websites are responsible for informing you about their own privacy practices.
9. ACCESS, CORRECTION AND WITHDRAWAL
a) You may request access to any Personal Information we hold about you or any Third Party whose Personal Information you had provided at any time by contacting us (see the CONTACTING US section below). Where we hold information that you are entitled to access, we will endeavour to provide you with suitable means of accessing it (e.g. by emailing or mailing it to you).
b) If you believe that Personal Information we hold about you is incorrect, incomplete or inaccurate, then you may request an amendment of it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the Personal Information stating that you disagree with it.
c) In accordance with the Malaysian Personal Data Protection Act 2010, and to the extent not limited by any other applicable law, we may:
(i) charge a fee for processing your request for access or correction to the Personal Information; and
(ii) refuse to comply with your request for access or correction to the Personal Information and give you a reason for our refusal.
d) You may withdraw or limit your consent to the processing of Personal Information we hold about you or any Third Party whose Personal Information you had provided (save for information necessarily retained by us to comply with legal and regulatory requirements or if there are valid grounds under the law to do so, such as legal claims etc.), from our database or require us to cease processing all or part of your Personal Information, at any time by submitting a notice in writing to our officer located at the address below (see the CONTACTING US section below). Please note that after deleting your Personal Information, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.
10. PERSONAL INFORMATION FROM CHILDREN
We do not knowingly collect Personal Information from individuals under 18 years of age. As a parent or legal guardian, please do not allow your children to submit Personal Information without your permission.
11. COOKIES
a) We use cookies in our Website to:
(i) maintain your session and required details when you browse our Website or during registration or the booking process (session cookie);
(ii) collect website usage data for statistical/analytics purposes (analytics cookie); and
(iii) direct you to the correct landing page based on your geo-location (geo-targeting cookie).
b) You may instruct your browser, by changing its setting, to stop accepting cookies or to prompt you before accepting a cookie from the websites that you visit. Note that our Website will not function properly if the cookie setting is disabled.
Please refer to our cookies policy for a description and the purpose of the different types of cookies and other technologies that may be used by the Ormond Group.
12. CONTACTING US
a) Subject always to our contractual rights and obligations under the relevant laws, you may exercise your choice in respect of the disclosure, retention and use of your personal information. Should you wish to do the above, or if you have any questions about our Privacy Policy, or any concerns or a complaint regarding the treatment of your privacy by us, including but not limited to the Malaysian Personal Data Protection Act 2010, please contact us at:
Name: Ms. Cymantha Sothiar
Designation: Manager, Central Reservations Office
Email: pdpa.compliance@ormondhotels.com
Address:
PDPA Compliance Department
Ground Floor, Bangunan ECM Libra
No 8 Jalan Damansara Endah
Damansara Heights
50490 Kuala Lumpur
Phone: 03-20825651
13. UPDATES TO THE PRIVACY POLICY
The “Last Updated” legend at the top of this page indicates when this Privacy policy was last revised. We may modify this Privacy Policy from time to time. Any changes to our Privacy Policy will become effective when we post the revised Privacy Policy on the site. Use of the Website, any of our products and services, and/or providing consent to the updated Privacy Policy following such changes constitutes your acceptance of the revised Privacy Policy then in effect.
14. MISCELLANOUS
a) In the event of any inconsistency between the English version and other language versions of this Privacy Policy, the terms of this English version shall prevail.
APPENDIX A
ADDITIONAL PROVISIONS APPLICABLE TO EU RESIDENTS AND THE PROCESSING OF THEIR PERSONAL INFORMATION PURSUANT TO THE GENERAL DATA PROTECTION REGULATION (EU) 2016/679 (“GDPR”)
This Appendix A highlights certain rights that EU residents may have in relation to the processing of your Personal Information pursuant to the GDPR.
1. WHY DO WE PROCESS YOUR PERSONAL INFORMATION?
We may process your Personal Information in order to:
a) Provide our hotel services to you – When you make a reservation with us, we will process your Personal Information , including without limitation, your full name, gender, postal and email address, telephone number, date and place of birth, nationality, passport number and visa or other government issued identification information (including obtaining scanned copies of passport/visa during check-in time), contact information, payment and credit card information, booking and travel information, and other information that will be relevant in order for us to complete your reservation/booking request, sending you reservation confirmations, registering you for memberships (where applicable), customising our hotel services and facilities to your preferences (including access to our WiFi), earning and redeeming loyalty points/rewards (where applicable), and keeping proper records of your transactions with us.
b) Provide our marketing and promotional items to you – We may send you information and updates on our hotels including hotels owned and/or managed by any member of our Ormond Group, including the latest newsletters, promotions or deals, competitions, responses to your inquiries, updates on our website, or changes to our terms and conditions and policies.
c) Enhance the provision of our services – From time to time, we may perform market researches in the form of surveys in order to find out about your hotel experiences, your thoughts on our products and services and how we can improve and further develop our services to better serve our guests. We may also perform analytics and/profiling, advertising campaigns and even promotional activities in relation to our products and services.
d) Work with third parties to provide our services to you – We may also process your Personal Information when we work with third parties including but not limited to, travel agents, group travel organisations, airline operators, credit card companies, third party loyalty programs or any other parties that may be involved in the process of making your travel arrangements.
e) Maintain your safety and security – When you stay with us, we may require your Personal Information for identification and verification purposes especially in the implementation of our security systems in our hotels or facilities.
f) Others – For any other purposes mentioned at paragraph 3(c) of Appendix A of the Privacy Policy or any other purposes made known to you at the time of collection of your Personal Information or as required by applicable laws.
g) Please note that we will only process your Personal Information on one or more of the following legal principles:
i. that you have provided your consent;
ii. the processing of your data is necessary for the performance of your instructions to us;
iii. to comply with our legal obligations (i.e. to keep tax records);
iv. the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
2. HOW LONG WILL WE RETAIN YOUR PERSONAL INFORMATION?
We will retain your Personal Information for the duration that shall be necessary to achieve the purpose for which such information was collected, which shall usually be during the duration of our contractual relationship and for any period thereafter as permitted by applicable laws (i.e. until you have withdrawn your consent for us to retain your Personal Information).
3. WHAT RIGHTS DO YOU HAVE?
a) Access, Correction and Erasure: You have the right to ask us to confirm whether we are processing your Personal Information, obtain a copy of your Personal Information from us, receive information on how your Personal Information is being processed, request for updates or corrections on your Personal Information, and also the right to request for erasure/deletion of your Personal Information.
b) Right to object to the processing of your Personal Information: You have the right to request for us to cease processing your information for direct marketing purposes, including profiling. We will no longer process your Personal Information unless we are able to demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms for the establishment, exercise or defence of legal claims.
c) Right to restrict the processing of your data: You have the right to request for us to restrict the processing of your Personal Information, (i) while we are in the process of verifying the accuracy of your data and subsequently updating your Personal Information; (ii) where the processing is unlawful and you oppose the erasure of your data and request to restrict the processing of the data instead; (iii) where we no longer require your data, but you may require for us to retain the same for the establishment, exercise or defence of legal claims; or (iv) where you have submitted an objection to processing pending the verification whether our legitimate grounds override your interests, rights and freedom.
d) Right not be subjected to automated individual decision-making, including profiling: With your consent, we are able to process your Personal Information and make automated decisions, including profiling, in order to be able to offer certain benefits based on your characteristics. However, you have a right to request for human intervention and can request for us to not subject your data to automated decision-making/profiling.
e) Right to data portability: You have a right to request for us to provide your Personal Information(which we obtained based on your consent) to a third party in a structured, commonly used and machine-readable format.
f) Right to withdraw your consent: You are entitled to withdraw your consent to any processing that we conduct on your Personal Information.
To do any of the above, please contact us at pdpa.compliance@ormondhotels.com (other details and contact information are available at paragraph 13 of our Privacy Policy).
4. TRANSFER OF YOUR PERSONAL DATA
As we are active internationally, we may transfer your Personal Information abroad if required for the purposes as highlighted above at paragraph 1 of this Appendix A. When we make such transfers, we will ensure that we provide appropriate safeguards in accordance with the GDPR.
5. MISCELLANEOUS
(a) In the event of any inconsistency between our Privacy Policy and the additional provisions here in Appendix A, the terms in Appendix A shall prevail for EU residents.
(b) If you have any concerns with our personal data policies or the exercise of your rights, you may contact us at pdpa.compliance@ormondhotels.com or the supervisory authority in the Member State of your residence