PURPOSE
This Global Privacy Policy(“Policy”) applies to Cora Cora Maldives, its subsidiaries, and all of the outlets within the Cora Cora Maldives Portfolio of Brands (collectively, “Cora Cora Maldives,” “we,” or “us”). At Cora Cora Maldives, we strive to deliver outstanding products, services, and experiences around the world. We value your business and, more importantly, your loyalty. We recognize the importance of our customer’s privacy, and we respect the fact that our customers want to safeguard the use of their personal information. We have therefore developed this privacy policy to explain how we collect data about you, and the nature of that data, how we use that data, whom that data may be sent to, and how we can amend data you have submitted to us.
This privacy policy forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you expressly accept the provisions of this privacy policy.
WHO WE ARE?
HMM Private Limited is a privately owned hotel management company that owns and manages the brands Cora Cora Maldives. Its registered office is situated at 20026 Millenia, Ameer Ahmed Magu, K. Male, Republic of Maldives
HMM Pvt Ltd, as the primary operating entity, shall be responsible for handling your personal information in connection with the operation of the website and the provision of reservation and marketing services.
The responsibility for handling your personal information shall be shared between HMM Pvt Ltd and the Hotel with which you have a contractual relationship.
PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA
The seven principles below are applicable to our resort.
1. Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.
2. Legitimacy: We will collect and process your personal data only for the purposes described in this privacy policy.
3. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.
4. Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.
5. Access, rectification, opposition: You may access, modify, correct, or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information.
6. Confidentiality and security: We will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure, or access.
7. Sharing and international transfer: We may share your personal data within our organization or with third parties (such as commercial partners and/or service providers) for the purposes set out in this privacy policy. We will take appropriate measures to guarantee security when sharing or transferring such data.
SCOPE OF APPLICATION
This Privacy Policy applies to:
• All data processing at Cora Cora Maldives
• All reservation websites, including the brand sites www.coracoraresorts.com
WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. It relates to any personal information you provide to us by phone, SMS, email, in letters, in person, through representatives, any online medium or channels and other correspondence or means.
COMMENTS
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
MEDIA
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
COOKIES
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
EMBEDDED CONTENT FROM OTHER WEBSITES
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
At various times, we will be obliged to ask you, as our customer, for information about you and/or members of your family, such as:
• Contact details (e.g. last name, first name, telephone number, email)
• Personal information (e.g. date of birth, nationality)
• Information relating to your children (e.g. first name, date of birth)
• Your credit card number (for transaction and reservation purposes)
• Your arrival and departure dates
• Your preferences and interests (e.g. smoking or non-smoking room, preferred floor, type of bedding, sports, cultural interests)
• Your questions/ comments, during or following a stay in one of our hotels.
DATA ON MINORS
The information collected in relation to persons under 18 years of age is limited to their name, nationality, and date of birth, which can only be supplied to us by a parent or guardian. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet).
Sensitive personal information
We do not collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of sexual orientation or character certificate. However, in limited cases, we might need to collect sensitive data to provide you with a better service and meet your needs, such as your food preferences, allergies, health conditions, current medication, and/ or any physical conditions that affect your mobility. In these cases, the sensitive information will be those volunteered by you and which you have unequivocally agreed to communicate to us.
WHEN PERSONAL DATA COLLECTED
Personal data may be collected on a variety of occasions, including:
1. Hotel activities:
• Booking a room
• Checking in and paying
• Eating/ drinking at the hotel bar or restaurant during a stay
• Activities offered by the hotel (spa, kids club, water sports, etc.)
• Requests, complaints, and/ or disputes.
2. Closed circuit television systems and other security systems
• Closed-circuit television (CCTV) images only, no audio recording
3. Participation in marketing programs or events:
• Signing up for loyalty programs
• Participation in customer surveys (for example, the Guest Satisfaction Survey)
• Online games or competitions
• Subscription to newsletters, in order to receive offers and promotions via email
4. Transmission of information from third parties:
• Tour operators, travel agencies, GDS reservation systems, and others
• Profiling
5. Internet activities:
• Connection to our Group’s websites (IP address, cookies)
• Online forms (online reservation, questionnaires, our Group’s pages on social networks, network login devices)
PURPOSE OF COLLECTION OF PERSONAL DATA
We collect your personal data for the purposes of:
1. Meeting our obligations to our customers
2. Managing the reservation of rooms and accommodation requests
3. Creation and storage of documents in compliance with legal and accounting requirements
4. Managing your stay at the hotel:
• Monitoring your use of services (telephone, bar, restaurants, pay TV etc.)
• Managing access to rooms
5. Providing a safe and secure environment for our customers, employees, suppliers and service providers and to protect our premises and property.
6. Improving our hotel services, especially:
• Processing your personal data in our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes
• Adapting our products and services to better meet your requirements
• Customising commercial offers and the promotional messages we send to you
• Informing you of special offers and any new services created by our Group
• Carrying out surveys and analyses of questionnaires and customer comments
• Managing claims/complaints
7. Managing our relationship with customers before, during, and after their stay:
• Providing details for the customer database
• Segmentation operations based on reservation history and customer travel preferences with a view to sending targeted communications
• Predicting and anticipating future behaviors
• Developing statistics and commercial scores, and carrying out reporting
• Providing context data for the offer push tool when a customer visits the Group’s websites or makes a reservation
• Knowing and managing the preferences of new or repeat customers
• Sending you newsletters, promotions, hotel or service offers, offers from partners, or contacting you by telephone
• Managing requests to unsubscribe from newsletters, promotions, offers, and satisfaction surveys
8. Using a trusted third party to cross-check, analyze and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your customer profile, and to allow us to send you personalized offers.
9. Securing and enhancing your use of Cora Cora Maldives websites, especially:
• Improving navigation
• Implementing security and fraud prevention.
10. Conforming to local and applicable international legislation
DISCLOSURE OF PERSONAL INFORMATION
As we are present in many countries, we endeavor to provide you with the same services throughout the world. Thus, to guarantee you the right of access and amendment we have to share your personal data with internal and external recipients subject to the following conditions:
1. Within Cora Cora Maldives: in order to offer you the best service, we can share your personal data and give access to authorized personnel from the Group, including:
• Hotel staff
• Reservation staff using our reservation tools
• IT departments
• Marketing Staff
• Legal services if applicable
• Generally, any appropriate person within the Group for certain specific categories of personal data
2. With service providers and partners: your personal data may be sent to third parties for the purposes of supplying you with services and improving your stay. More specifically we use third parties to:
• Assist us with digital marketing and customer insight analytics
• Help us obtain customer feedback to enhance our services
3. Local authorities: we may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
We do not routinely disclose personal information to other organizations unless:
• Required by law
• Use or disclosure is permitted by this privacy policy
• We believe it necessary to provide you with a service or product which you have requested or are contracted to
• Necessary to protect the rights, property, or personal safety of any member of the public or a customer of Cora Cora Maldives or the interests of Cora Cora Maldives
• You give your consent
INTERNATIONAL TRANSFERS
Due to the global nature of our business and that of our third-party suppliers who process your personal data on our behalf, personal information we collect from you may be transferred, processed, and stored overseas including (where applicable) outside the jurisdiction where the personal information is collected.
Although the data protection laws of these other countries may not be as comprehensive as those in your own, we will take all necessary steps to ensure that your personal information is treated securely, and in accordance with this Privacy Policy and any applicable laws.
In addition, personal information that you submit for publication on the website will be published on the Internet and may be available, via the Internet, around the world. Cora Cora Maldives cannot prevent the use of such information by others. By submitting your personal data, you expressly agree to these transfers, storing, processing, and publishing.
However, any such transfer of information does not change any of our commitments to safeguard your privacy and the information remains subject to existing confidentiality obligations.
DATA SECURITY
We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect your personal information from loss, misuse, or alteration.
We have implemented information security policies, rules, and technical measures to protect the personal information that we have under our control from:
• unauthorized access
• improper use or disclosure;
• unauthorised modification; and
• unlawful destruction or accidental loss.
All of our employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our services.
COLLECTION OF OTHER INFORMATION
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
• Browser and device information
• App usage data
• Information collected through cookies, pixel tags, and other technologies
• Demographic information and other information provided by you
• Aggregated information
If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the required purposes and disclose Personal Information as detailed in this Charter. We and our third-party service providers may collect Other Information in a variety of ways, including:
• Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the online services (such as the Apps) you are using. We use this information to ensure that our online services function properly.
• Through your use of the Apps: When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
• Using cookies: You may view our Cookie Policy on our website for more information.
• Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some online services too, among other things, track the actions of users of the online services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the online services and response rates. We also use Google Analytics, which uses cookies and similar technologies to collect and analyze information about the use of our services and report on activities and trends. These services may collect information regarding the use of other websites, apps, and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt-out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout
• IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses our online services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems, and administering our online services. We may also derive your approximate location from your IP address.
• By aggregating information: Aggregated Personal Information does not personally identify you or any other user of the Services (for example, we may aggregate Personal Information to calculate the percentage of our users who have a particular telephone area code).
STORAGE OF DATA
We retain your personal data only for the period necessary for the purposes set out in this Charter or in accordance with the provisions of applicable law.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
ACCESS AND MODIFICATION
Your right of access.
If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information. If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification.
If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal information with others, we will let them know about the rectification where possible.
Your right to erasure.
You can ask us to delete or remove your personal information in some circumstances, such as when we no longer need it or if you withdraw your consent (where applicable). However, note that we may retain some of your personal information for a reasonable period of time, even after you withdraw consent, for legal or compliance purposes. If we have shared your personal information with others, we will let them know about the erasure where possible.
Your right to restrict processing.
You can ask us to suspend the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us processing it. It would not stop us from storing your personal information, though. We will tell you before we lift any restrictions. If we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
Your right to data portability.
With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you have provided to us (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere.
Your right to object.
You can ask us to stop processing your personal information, and we will do so if we are:
• relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
• processing your personal information for direct marketing.
Your rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you. However, we may conduct automated decision-making and/or profiling where it is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
You have the right to withdraw your consent at any time. However, we may not be able to provide certain services to you should that be the case.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal information, you can report it to the Data Protection Commissioner of Mauritius. If you are an EU citizen, you have the right to lodge a complaint with the supervisory authority of the country of your residence.
We would appreciate the chance to deal with your concerns before you approach the authorities above, so please contact us in the first instance.
14. HOW TO CONTACT US
If you have any questions or complaints about how we handle your personal data or would like us to update or erase the data we maintain about you and your preferences, please contact our Data Protection Officer:
By email: info@coracoraresorts.com
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, along with your request. In some cases, we may also request an administrative fee to cover the cost of access.
15. UPDATES
We may modify this privacy policy from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at our resort.
Cora Cora Maldives operates in a dynamic business environment. Over time, aspects of our business may change as we respond to changing market conditions. This may require our policies to be reviewed and revised. Cora Cora Maldives reserves the right to change its privacy policy at any time and notify you by posting an updated version of the privacy policy on its websites.
The amended privacy policy will apply between us whether or not we have given you specific notice of any change.