The Library takes your privacy seriously and is committed to protecting and respecting your personal data as best as we can. Below is an overview of how your data are processed when you use our website, as well as when you stay at our hotel.
I. Information on processing of personal data
Controller for data processing
The controller for data processing on our website pursuant to Article 4 No 7 GDPR and the provider of the website (service provider) is:
Kamoltham Co., Ltd. (The Library)
14/1 Moo 2, Chaweng Beach,
Bophut, Koh Samui
Suratthani 84320 Thailand
Contact details of the Data Protection Officer
You can reach our Data Protection Officer at:
Kamoltham Co., Ltd. (The Library)
14/1 Moo 2, Chaweng Beach,
Bophut, Koh Samui
Suratthani 84320 Thailand
Purposes and legal basis for processing personal data
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) as follows:
(a) For processing and managing reservation inquiries and reservations as well as for providing our services under the accommodation agreement, including execution of your hotel stay and payments processing – the legal basis for this is the first sentence of Article 6(1)(b)) GDPR.
(b) For fulfilling a legal obligation to which our company is subject as controller (e.g. by reason of reporting legislation, tax laws, accounting obligations, etc.) – the legal basis for this is the first sentence of Article 6(1)(c)) GDPR.
(c) For sending our email newsletter including managing your subscription to the newsletter – the legal basis for this is your consent pursuant to the first sentence of Article 6(1)(a)) GDPR.
(d) For maintaining, safeguarding and improving the quality of our products and services, in particular by performing and analyzing satisfaction surveys and guest comments, by processing your personal data in our centralized guest database enabling us to recognize you as a returning guest, to better appreciate your expectations and wishes, to improve the quality and individual character of our communication with you and to create offerings tailored to you – the legal basis for this is the first sentence of Article 6(1)(f)) GDPR. Our overriding legitimate interests arise from the accommodation agreement entered into with you representing a relative and appropriate relationship within the meaning of Recital 47 of the GDPR, as well as from the fact that this type of data processing is standard industry practice with international hotel groups and is in keeping with the reasonable expectations of the majority of guests.
(e) For direct advertising of our offerings and services – the legal basis for this is the first sentence of Article 6(1)(f)) GDPR. Our overriding legitimate interest follows from Recital 47 of the GDPR.
(f) For ensuring compliance with house rules, for preventing and clarifying criminal acts (in particular also by video monitoring), for establishing and defending against legal claims and for safeguarding interests in legal disputes, for ensuring IT security and IT operation, for identifying credit risks – the legal basis for this is the first sentence of Article 6(1)(f) GDPR. Our overriding legitimate interests following from our obligation to ensure that our guests have a safe stay in the hotel as well as from our interest in enforcing our tangible and intangible claims and safeguarding our rights as well as defending against unjustified claims. Furthermore, the processing of personal data in the scope which is absolutely required to prevent fraud pursuant to Recital 47 of the GDPR likewise constitutes a legitimate interest of our company.
Minors may not send any personal data to us without the consent of their parents or guardians. Through our website, we do not process any personal data knowingly acquired from minors.
Categories of personal data recipients
If and to the extent required for the purposes as set out above, we also disclose your personal information to the following recipients or categories of recipients pursuant to Article 4 No 9 GDPR: Within our company only those persons or entities are permitted to view or access your data (to the extent required in each case) who need such data for performance of our contractual and statutory duties. Furthermore, a disclosure of data may be made to public bodies and institutions if a statutory obligation to do so exists (e.g. financial authorities, criminal prosecution authorities). Further data recipients may be those entities for which you have given us your consent to data transfer.
Transfer of personal data to a third country
A transfer of personal data to entities in countries outside the European Union (third countries) takes place if:
(a) it is required to carry out your reservations or execute your hotel stay,
(b) it is prescribed by law, or
(c) you have given us your consent.
Our company for certain tasks uses service providers which have their corporate seat in a third country or which belong to an international group with companies in third countries or which for their part work together with service providers having their seat in a third country. A transfer of personal data to such service providers is permissible if the European Commission has decided that the third country in question ensures an adequate level of protection (pursuant to Article 45 GDPR). If the Commission has not made such decision, our company or the service provider may transfer personal data to a third country or an international organization only if appropriate safeguards are provided for and enforceable data rights and effective legal remedies are available (Article 46(1) GDPR). Beyond the cases mentioned above, our company does not transfer personal data to entities in third countries or to international organizations.
Period of storage of personal data and criteria for defining such period
We process and store your personal data for as long as required for us to fulfill our contractual and legal duties. If the data are no longer required for fulfillment of contractual duties, they are normally deleted unless their further processing for a limited term is required by retention periods prescribed by commercial or tax legislation. The periods prescribed for their storage and/or documentation purposes range from two to ten years.
Your rights as a data subject
Every data subject whose personal data are processed has the right to obtain information from the controller about the personal data in question pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object to the processing pursuant to Article 21 GDPR as well as the right to data portability pursuant to Article 20 GDPR. The right to obtain information and the right to erasure are further subject to the restrictions pursuant to sections 34 and 35 BDSG-new. Further information on your right to object to processing pursuant to Article 21 GDPR. If the processing of your personal data is based on a consent granted to us, you have the right to revoke your consent at any time without the legality of the processing performed on the basis of such consent up to revocation being affected thereby. You also have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Article 77 GDPR in conjunction with section 19 BDSG-new.
Obligation to provide data
As part of our contractual relationship, you are required provide such personal data which are required to establish and perform the accommodation agreement or which we are legally required to collect. Without such data, we will generally not be able to conclude the agreement with you or to execute the same. We are particularly required by local law to record certain personal data about you on the registration card. In the event you should not provide us with the necessary information, we might not be able to provide you with the requested services or might not be able to do so completely.
Automated decision-making and profiling
When establishing and executing our contractual relationship, you will not be subjected to a decision based solely on automated processing, including profiling, pursuant to Article 22 GDPR, which produces legal effects concerning you or similarly affects you in a serious way.
Additional information on your right to object pursuant to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which are based on the first sentence of Article 6(1)(e)) GDPR (data processing in the public interest) or the first sentence of Article 6(1)(f)) GDPR (data processing based on a balancing of interests), including profiling based on those provisions pursuant to Article 4(4) GDPR. If you make an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. If your personal data are processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. The objection may be made without any particular form and should be directed to our Data Protection Officer under the contact details specified in item 2 above.
II. Additional information on data processing on this website
With email newsletters, we keep you regularly informed about the offerings and services at The Library. If you wish to receive the email newsletter, we will need a valid email address for you. As a subscriber to the email newsletter, you may at any time revoke your consent to the processing of your email address for sending the newsletter. Consent may be revoked via the link provided for this purpose in each email newsletter or by sending an email with the subject “unsubscribe” to: email@example.com.
The tracking measures used by use as specified below are performed on the basis of the first sentence of Article 6(1)(f) GDPR. With the tracking measures used we want to ensure that our website is designed to meet the needs of users and optimized on a continuous basis. We moreover use the tracking measures to statistically record the use of our website and to evaluate such use to optimize our offering for you. Such interests are to be deemed legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the relevant statements on such tracking tools.
This website also uses Google Analytics, a web analysis service of Google Inc. based in Mountain View, USA (“Google”). Google Analytics uses “cookies”. These are text files that are saved to your computer that allow your usage of the website to be analyzed. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on a server in the United States. Google provides IP anonymization (so-called IP masking) and this is activated on this website (by extending Google Analytics by the code “gat._anonymizeIp();”); Google will therefore shorten and therefore anonymize your IP address within the European Union or in another member state of the European Economic Area. Only in exceptional cases will a full IP address be transmitted to a Google server in the USA and be shortened there. On behalf of the operator of this website, Google will use the information collected through Google Analytics to analyze your use of the website, to compile reports on website activities and to render other services related to the use of the website and of the Internet in general to the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be mixed with other Google data. You may prevent the setting of cookies by Google Analytics by configuring your browser software accordingly; however, please note that in this case you may not be able to make full use of all functions of this website. In addition, you may prevent collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google and processing of these data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=com). Furthermore, you can prevent Google Analytics from recording your use of the website by setting an “opt-out cookie” that will prevent your data from being collected during any future visits to this website. The operator of this website also uses Google Analytics to analyze data from AdWords and the DoubleClick cookie for statistical purposes. If you wish to opt out, please deactivate this function via the ads settings manager http://www.google.com/settings/ads?hl=de
Inclusion of third-party services and content (e.g. Vimeo and Google Maps)
Third-party content such as videos from Vimeo or maps from Google Maps (hereafter referred to as “Third Party Providers”) are included in this website. To use such content, the user’s IP address for technical reasons must be sent to the respective Third Party Provider, since without the IP address the Third Party Providers would not be able to send the content included in the Website to the browser of the respective user. We do not have any control over whether a Third Party Provider stores the IP address e.g. for statistical purposes or otherwise.
III. Current version and updating of this Private Policy
This Private Policy shall apply with effect from October 2019. We will update this Private Policy from time to time to reflect relevant changes to our website, changes in the processing of personal data or amendments to legislation. The revised version shall apply as of the published effective date. In the event of any material amendments to this Private Policy, we will inform you in good time prior to the effective date of such amendments by posting a notice on our website. Where applicable, we will also inform our guests of the amendments by email or other means.