Privacy Policy
This Privacy Policy governs the manner in which Mango & Chili Resort Kapas Island (referred to herein as “The Resort,” “we,” “us,” or “our”) collects, utilizes, maintains, and discloses Personal Data collected from Guests and Users of our website and services.
1. Data Collection and Purpose
The Resort collects Personal Data exclusively when voluntarily provided by the individual, primarily for the fulfillment of contractual and operational obligations. This data includes, but is not limited to:
- Identity and Contact Information:
Full legal name, nationality, passport/identification number, date of birth, postal address, email address, and telephone number, necessary for reservation processing and compliance with mandatory legal registration requirements in Malaysia. - Transactional Data:
Details concerning reservations, payment history, and information required for supplementary services, including pre-arranged Boat Service and the provision of Laundry Service. - Voluntary and Sensitive Data (Limited):
Specific information regarding dietary restrictions (for the Dining Experience) or special requests (such as a Birthday Cake), collected only to ensure guest safety and enhance service personalization, and processed with explicit consent. - Technical Data (Cookies):
Information gathered automatically via our website using cookies, including IP addresses, browser type, and usage patterns, used exclusively for system diagnostics, security, and service optimization.
2. Utilization and Processing of Data
Personal Data is processed strictly for the following essential functions:
- Contract Fulfillment:
To process, confirm, and secure reservations; manage check-in/check-out; and coordinate necessary external services, including confirmed transport with our preferred Boat Service companies. - Safety and Regulatory Compliance:
To adhere to local Malaysian laws, including the Personal Data Protection Act 2010 (PDPA), maintain security of the premises (via CCTV monitoring in public areas), and mitigate risk against fraud. - Communication:
To transmit necessary transactional documentation, service terms, and operational updates pertaining to the stay.
3. Data Retention
The Resort shall retain Personal Data only for the period necessary to fulfill the purposes for which it was collected, including meeting any legal, accounting, or reporting requirements. Generally, data pertaining to reservations is retained for a minimum period mandated by Malaysian tax and hospitality laws. Once data is no longer required, it shall be securely destroyed or anonymized.
4. International Data Transfer
As an international resort, we may transfer your Personal Data outside of Malaysia (e.g., to cloud service providers or international booking platforms). By utilizing our services, you consent to the transfer of your Personal Data to a place outside Malaysia where data protection laws may or may not be substantially similar to those in Malaysia. We shall take necessary steps to ensure that any such third parties are contractually bound to protect your Personal Data to a relevant standard comparable to the level of protection afforded by the PDPA.
5. Your Rights
Under the PDPA, you retain the right to request access to and correction of your Personal Data held by the Resort. Any request to access or correct your data must be submitted in writing to the contact specified below.