This Privacy Policy reflects New Coast Hotel Manila’s (“NCHM”) commitment and promise to make sure that all personal data collected and processed by the Organization and its partners are protected and safeguarded at all times. Should there be any future amendments, alterations or modifications to NCHM’s Privacy Policy because of any changes in its personal data processing activities including any disclosures of such data, to any third party, and future developments in local and/or foreign data privacy regulations, where applicable, NCHM shall undertake reasonable efforts to effectively inform affected data subjects, and, where applicable, appropriately obtain their consent.
2.1 This Privacy Policy specifies NCHM’s organizational policy in accordance with the collection and processing of all personal data.
2.2. NCHM reserves the right to amend, alter and /or modify its Privacy Policy to conform to any future developments in local and/or foreign data privacy regulations where applicable.
2.3 This Privacy Policy applies to all personal data processing activities conducted by NCHM, including, but not limited to, the collection, use, storage, sharing and disposal of all personal data about the organization’s customers and employees.
* Data Subject – is defined under Section 3(c) of the Data Privacy Act as any individual whose personal information is processed.
* Data Sharing Agreement – is defined as the disclosure or transfer to a third party of personal data under the control or custody of a personal information controller. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor.
* Processing – is defined as any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
* Personal Information – is defined as any information whetherrecorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
* Personal Information Controller – is defined as person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal data on his or her behalf.
* Personal Information Processor – is defined as any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
* Sensitive Personal information – is defined as personal information (a) About an individual’s race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations, beliefs or opinions, and trade union membership; (b) About an individual’s health, education, genetic and/or biometric data, sexual life and/or orientration., or any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records. Licenses or its denials, suspension or revocation, and tax returns; (d) Specifically established by applicable local and/or foreign laws as classified.
* Personal Data – shall refer to all types of personal information, including those pertaining to agency personnel
As a hotel operator, we collect personal data from customers/clients who register and avail of our rooms, amenities and facilities for the following purposes:
a) Compliance with applicable laws, rules and regulations;
b) To perform functions vital and necessary to the provision of our services to you, including, among others, internal security, quality assurance, customer feedback and real time monitoring of client/customer activities, winnings and losses for purposes of client/customer care and efficient and timely service delivery.
c) Business development, including, among others, the conduct of marketing/information campaigns relating to our complimentary services, promotions, loyalty and rewards offers/programs, and service discounts, and business analysis research; and
d) The achievement of corporate objectives and business endeavors and compliance to applicable laws, rules and regulations.
We collect such information directly from data subjects through our online reservation, registration cards and restaurant reservation system and encode such information in our database.
As an organization which engages a substantial number of people to achieve our corporate objectives and business endeavors, we collect and process personal data from our applicants and employees for Administrative and Human Resource Development purposes as well as in compliance with applicable laws, rules and regulations, including, but not limited to:
NCHM fully acknowledges that our employees, as data subjects, are accorded the following privacy rights:
• Right to be informed
Our customers and employees have the right to demand and be informed of the details about how and why we collect and process their personal data including its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal and any changes to such processing activities before the same is undertaken.
• Right to Object
They have the right to object to the sharing of their data. Should there be any changes in the information provided to them under this policy, they shall be informed of such changes and their consent thereto, where applicable, obtained before such changes are implemented.
• Right to withdraw consent anytime
They have the right to withdraw their consent to the processing of their personal data anytime subject to any lawful basis for which such data is processed other than by consent.
• Right to access
They have the right to have reasonable access to their personal data, upon demand and in a machine-readable and/or data portable format.
• Right to dispute/rectify
They have the right to review and amend their personal data as processed by the organization shoud there be any inaccuracies.
• Right to object/block/erase
They have the right to reject further processing of their personal data, including the right to suspend, withdraw, and remove their personal data in our control which are falsely collected or unlawfully processed.
It is the policy of NCHM to:
I. Adequately inform or customers and employees of their rights as data subjects:
II Ensure that our customers and employees, are fully and sufficiently informed of all processing activities performed by the organization with respect to their personal data including the scope, purpose and means used by NCHM for the such processing, its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal any changes thereto before the same is implemented.
III. Obtain the express, informed and properly documented consent of our customers and employees, where applicable, to our data processing activities. Where the processing does not require consent from our customers and employees, we endeavor, nonetheless, to fully inform our customers and employees of the bases of such processing other than consent;
IV. Ensure that our customers and employees have the facility to reasonably exercise their rights as data subjects and that the organization can respond to such requests within reasonable time, including the provision of personal data in a machine-readable or data portable format in response to a request for information;
V. Ensure that our customers and employees have the facility to dispute any inaccuracy or error in their personal data, to object to any changes in the manner and purpose by which their personal data is being processed, to withdraw consent where applicable, and to suspend, withdraw, block, destroy, or remove any unnecessary, falsely collected or unlawfully processed personal data;
VI. Ensure that the personal data obtained from our customers and employees are proportional, necessary and limited to the declared, specified and legitimate purpose of the processing;
VII. Ensure that the personal data of our customers and employees are retained for only a limited period or until the lawful purpose of the processing has been achieved;
VIII. Ensure that the personal data of our customers and employees are destroyed or disposed of in a secure manner;
IX. Ensure that our customers and employees have the facility to lodge complaints to NCHM relating to any violations to the rights of our customers and employees as data subjects and that such complaints are adequately and timely addressed.
X. With respect to personal data collected and processed from foreign sources, we ensure that their personal data, is collected and processed in accordance with the applicable foreign law, if any.
NCHM takes data protection seriously and has appointed a Data Protection Officers (“DPO”) tasked to monitor compliance with any and all applicable foreign and/or local data privacy laws, rules, and regulations.
Our DPO is fully committed to protecting our customers’ and employees’ privacy rights. Should you have any concerns regarding NCHM’s privacy practices and policies, including requests for exercise of data subjects’ rights, you may reach the DPO through the following contact information:
Data Privacy Officer
email dpo.manila@newcoasthotels.com
Office Address17th Floor New Coast Hotel Manila
1588 Pedro Gil St. corner M.H. Del Pilar St.,
Malate, Manila
It is our policy to store both paper-based and electronic personal data in a secure data center covered by appropriate data security standards. Transfers of personal data within and without the organization shall only be made in accordance with strict security protocols and under modes of transfer compliant to the appropriate data security standards.
We only retain personal data for a limited period or until the lawful and legitimate purpose of the processing is achieved. To that effect, we have established procedures for securely disposing files that contain personal data whether the same is stored on paper, film, optical or magnetic media, personal data stored offsite, and computers and mobile phones at end-of-life.
a. PERSONAL INFORMATION PROCESSORS
Where any processing of personal data is outsourced to a third-party processor, NCHM will make sure that such third party shall be covered by the appropriate contracts that will enforce adequate data security standards under terms and conditions compliant with the requirements of both local and/or foreign law, where necessary.
b. PERSONAL INFORMATION CONTROLLERS
NCHM shall ensure that any disclosures or transfers of personal data to controllers shall be governed by legally compliant data sharing agreements and in accordance with the right of data subjects. Data subjects shall be dully informed and consent from them obtained, where applicable, before such data sharing activities are performed.
Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Personal Data Breaches shall be subject to notification and remediation requirements.
NCHM requires its employees to undergo periodic and mandatory training privacy and data protection in general and in areas reflecting job-specific content. Likewise, it will ensure that all employees, representatives, and agents exposed to personal data pursuant to their function are adequately bound by strict confidentiality.
Thank you for visiting NEW COAST HOTEL MANILA (“NCHM”) and for providing your personal data in relation thereto. Here at NCHM, we respect and value your rights as a data subject under the Data Privacy Act (DPA). NCHM is committed to protecting the personal data you provide in accordance with the requirements under the DPA and its IRR. In this regard, NCHM collects personal information directly from you through our online reservation, registration cards and restaurant reservation system and encode such information in our database prior to availing services at the hotel. We collect such information from you exclusively to secure our facilities through the proper identification of individuals entering and exiting our premises. We may also use this information for purposes of investigation should you be involved in any incident occurring within our facilities/premises.
Our data collecting associates are professionally trained in handling personal data and are covered by appropriate confidentiality agreements in accordance with the procedures for application and approval established by the Office of the Data Protection Officer (DPO) of NCHM. While they conduct the collection of personal information from you, custody and maintenance of the database containing such information shall remain with NCHM and shall never be taken outside the premises. Likewise, this database shall only be viewable by authorized personnel and shall be securely kept away from public view and access.
We do not sell, share or disclose your personal information to unauthorized third parties unless we are legally required to do so, or in the event that such action is necessary to protect, defend and/or enforce our rights, property or the personal safety of our employees and other individuals, including the disclosure of such information to external auditors who help us ensure that our organizations’s security policies are properly implemented.
Your personal information will only be retained only for as long as is necessary for the fulfillment of the declared, specified, and legitimate purposes provided above, or when the processing is relevant to the purpose, strictly in accordance with our records retention policy. After which, personal data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other public, or prejudice the interests of the data subjects.
Please be advised that you have the right to request for a copy of any personal data we hold about you in relation to this notice. You have the right to have it corrected or revised if you think it is inaccurate or incomplete, subject to the submission of sufficient proof establishing the same. You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information should you: a) discover that it is incomplete, outdated, false, unlawfully obtained, used for an unauthorized purpose, no longer necessary for the abovementioned purposes; or b) discover violations of your right as a data subject.
If you have any questions, concerns, objections about this Notice, and/or our personal information processing activities please contact us through the following:
Data Privacy Officer
email dpo.manila@newcoasthotels.com
Office Address17th Floor New Coast Hotel Manila
1588 Pedro Gil St. corner M.H. Del Pilar St.,
Malate, Manila
NEW COAST HOTEL MANILA
+63 2 8252 6888
contactus@newcoasthotels.com
1588 Pedro Gil cor. M.H. Del Pilar Manila, Philippines, 1004
book now