RI-YAZ GROUP (“RI-YAZ”, “we”, “us”, “our”) is committed to ensure that your personal data which we collect about you when you visit our website (www.ri-yaz.com) (“Site”) is protected and secured in accordance with applicable privacy and data protection laws.
1. Types of personal data collected1.1. Information you provide to us:
We collect personal data (including where applicable sensitive personal data) you provide directly to us. This includes:
1.1.1. your full name and contact information, passport and visa information;
1.1.2. guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased from us, special requests made, your service preferences, telephone numbers dialled and email, faxes, telephone and other messages received;
1.1.3. your credit card, mobile payment and other payment details;
1.1.4. your membership information, account details, profile or password details and any frequent flyer or travel partner programme affiliation;
1.1.5. any information necessary to fulfill special requests (for example, leisure, travel and guest preferences);
1.1.6. your reviews, feedback and opinions about our hotels, resorts, programmes and services;
1.1.7. information collected through the use of closed circuit television systems and other security systems; and
1.1.8. any other personal data you choose to provide to us.
1.2. Information we collect automatically when you use the Site:
When you access or use our Site, we automatically collect personal data about you, including:
1.2.1. system log information about your use of the Site, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Site;
1.2.2. device information about the computer or mobile device you use to access our Site, including the hardware model, operating system and version, unique device identifiers (such as, IP address, IMEI number, the address of the device’s wireless network interface, or mobile phone number used by the device) and mobile network information;
1.2.3. information about the location of your device each time you access or use our Site or otherwise consent to the collection of this information.
1.3. Information collected by cookies and other tracking technologies:
We and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Site and your experience, see which areas and features of our Site are popular and count visits. Web beacons are electronic images that may be used in our services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness.
1.4. Information We Collect From Other Sources:
We may also obtain personal data from our hotels and from our third party service providers (such as information relating to the credit of guests) and from public sources and combine that with information we collect through our Site where we believe that it is necessary to help manage our relationship with you.
1.5. Where you provide personal data of third parties (for example, names and contact details of your family members in connection with bookings or family
2. Purpose of personal data collected
2.1. The personal data collected may be processed for the following purposes:
2.1.1. to process and complete reservation and other purchases;
2.1.2. to administer and operate voluntary membership and/or loyalty programs;
2.1.3. provide you with access to the content on our Site;
2.1.4. respond to your enquiries and requests for information and services;
2.1.5. for our internal business purposes, such as data analysis, audits, developing new products and/or services, enhancing the Site, improving our services, identifying usage trends and visiting patterns, determining effectiveness of our promotions and meeting contractual obligations;
2.1.6. for direct or indirect marketing purposes;
2.1.7. other legitimate purposes as determined by RI-YAZ;
2.1.8. for administrative purposes, including to send you billing or payment receipts and to notify you of any changes to our terms, conditions, policies or other administrative information;
2.1.9. to comply with legal and regulatory requirements or demands in accordance with applicable law, a court order, subpoena, or other legal process;
2.1.10. other additional purposes as described to you when you provide such information to us.
3. Disclosure of Personal Data
3.1. We may share your personal data:
3.1.1. between and among RI-YAZ and a limited number of our affiliates as are relevant for the above purposes and to facilitate the operation of our business, but we shall only do so on a need to know basis;
3.1.2. with the operator of the hotel or the hub of hotels which you book, stay or visit for the above purposes;
3.1.3. with third-party payment processors, payment service providers, IT and marketing support service providers and other consultants, vendors and service providers who need access to such information to carry out work or provide services on our behalf or who help us to provide the Site to you;
3.1.4. with anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organisers and your employer) in order to fulfill contractual obligations;
3.1.5. with any law enforcement, courts, government or regulatory bodies (in whatever jurisdiction), or otherwise in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, court order or legal process;
3.1.6. if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of RI-YAZ, our affiliates or others;
3.1.7. in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company, or any change of management of a hotel;
3.1.8. with our advisors, which includes our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
3.1.9. with any other party at your consent or at your direction; and
3.1.10. otherwise as permitted or required by applicable laws and regulations.
3.2. We may also disclose aggregate or de-identified data that is not personally identifiable with third parties, including our commercial and strategic partners.
3.3. We shall not disclose your personal data without your permission except in accordance to the terms and conditions herein or legally entitled to do so or if we may so determine that it would be necessary to protect and/or defend our rights, property or personal safety and those of our customers or any other party.
4. Consent to collection and processing of personal data
4.1. By visiting the Site, you:
4.1.2. declare that the information provided are accurate, complete and true and when such information becomes incorrect or outdated, you shall correct or update such information;
4.1.3. are giving your consent to your personal data being collected and processed in the manner described in this Policy;
4.1.4. consent to the transfer of your personal data between RI-YAZ and third parties as set out herein and in the manner and extent as permissible in law; and
4.1.5. consent to the transfer of your data to locations outside of Malaysia or disclosure to the third parties, who may be located within or outside Malaysia.
5. Security of your personal data
We implement reasonable administrative, organisational and technical safeguards and security measures to protect personal data within our control from unauthorized access, acquisition, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures.
6. Retention of personal data
7. Access to your personal data
7.1. You are entitled to the following rights from our data protection officer, whose contact details are as set out in paragraph 8 below:
7.1.1. right of access to your personal data by requesting for a copy of your personal data; and
7.1.2. right of rectification to correct and/or update your personal data.
7.2. You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time, and you may in certain circumstances ask us to delete your personal data. However, we may not be able to continue providing services to you if you entirely withdraw your consent or ask us to delete your personal data entirely.
8. Contact details of our data protection officer
Email Telephone No Fax No
: L-1-8, Block L, Plaza Damas, Jalan Sri Hartamas 1, 50480 Kuala Lumpur.
: email@example.com : 03-62119180
This Policy has been drawn up in both the English and Malay languages. In the event there is any conflict, dispute or divergence between the two texts, the
English version shall prevail. For the avoidance of doubt, the Malay version is for translation purposes only and does not affect the interpretation of this Policy.[The remainder of this page is intentionally left blank]