Pacific Resort Hotel Group Privacy and Policies

Privacy and Policies

DRONE USAGE POLICY

To protect the privacy of our guests, all Pacific Resort Hotel Group properties are designated ‘No Drone Zones’. Please find information on the Cook Islands Government policy on drone use, please click here.

PRIVACY POLICY GDPR, CCPA & UK-GDPR

  1. This privacy policy applies to Pacific Resort Hotel Group properties. Pacific Resort Hotel Group take your privacy seriously. This policy covers the collection, processing and other use of personal data under the General Data Protection Regulations (GDPR) 2018, California Consumer Privacy Act (CCPA) 2020 and the United Kingdom General Data Protection Regulations (UK-GDPR) 2021.
  2. For the purpose of the GDPR, CCPA and UK-GDPR, we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Maree Surrey at our address PO Box 790, Rarotonga, Cook Islands or marketing@pacificresort.com

INFORMATION WE COLLECT

  1. Personal data via property sign in registers only if it is directly provided to us by you the user, e.g. your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent.
  2. Registration information you provide when you create an account, enter a promotion, or link your profile on a third-party site or platform with your registration account, such as your first name and surname, country of residence, gender, date of birth, email address, username, and password;
  3. Transaction information you provide when you request information, contact Guest Services, or purchase a product or service from us, such as your postal address, telephone number, and payment information; Pacific Resort Hotel Group may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information. Where we process your financial information, we will only keep the information for as long as necessary for the purpose/s for which it is collected and up to two months thereafter.
  4. Usage, viewing, technical, and device data when you visit our sites, use our applications on third-party sites or platforms, or open emails we send, including your browser or device type, unique device identifier, and IP address.
  5. Transaction information you provide when you request information, contact Guest Services, or purchase a product or service from us, such as your postal address, telephone number, and payment information;
  6. Information you provide in public forums on our sites and applications, such as your public posts;
  7. Information sent either one-to-one or within a limited group using our message, chat, post, or similar functionality, where we are permitted by applicable law to collect this information;

USE OF YOUR INFORMATION

  1. We may hold and process personal data that you provide to us in accordance with the GDPR , CCPA and UK-GDPR.
  2. The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. In addition, we may use the information for the following purposes, to:
    1. Notify you about any changes to our website, such as improvements or service/product changes, that may affect our service;
    2. Communicate with you about your account or transactions with us and send you information or request feedback about features on our sites and applications or changes to our policies;
    3. Provide you with the experiences, products, and services you request, view, engage with, or purchase;
    4. Send you offers, promotions and information about goods and services similar to those that were the subject of a previous sale to you;
    5. Personalize content and experiences;

DISCLOSURE OF YOUR INFORMATION

  1. We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
  2. Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in.
  3. If you do not want us to use your data for our [or third parties’] use, you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data, or you can do so by writing to us at the address detailed in clause 2, or sending us an email to marketing@pacificresort.com at any time.
  4. Please be advised that we do not reveal information about identifiable individuals to our advertisers but we may, on occasion, provide them with aggregate statistical information about our visitors.

CONTROLLING THE USE OF YOUR DATA

  1. If you have given us consent to use your data for a particular purpose you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 or email us at marketing@pacificresort.com at any time. Where we store and transfer your data
  2. As part of the services offered to you, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
  3. A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the GDPR. If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.
  4. We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
  5. We may disclose your personal data outside of our group: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if Pacific Resort Hotel Group’s business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer. However any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient.
  6. Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.

SECURITY

  1. We will do our best to protect your personal data, once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised use and access.

YOUR RIGHTS

  1. The GDPR, CCPA and UK-GDPR gives you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. Personal information is used to provide the products and services of our properties and is not sold to others. You can write to us at the addresses detailed in clause 2 above. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
  2. You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the addresses detailed in clause 2, above.

CHANGES TO THIS POLICY

  1. We may update these policies to reflect regulation changes and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data. We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please do not hesitate to contact us at the addresses detailed in clause 2, above.
Version: December 2019