Personal Data Protection Policy | Kurumba Maldives

Personal Data Protection Policy

Universal Resorts  


We are committed to protecting the personal data that you share with us online or otherwise. This Policy describes how your personal data is collected with your consent, processed, stored and used to meet our Group Hotels’ data protection standards and to comply with the data protection law.

This Personal Data Protection Policy forms part of the terms and conditions that govern our hotel services and applies to the Hotels managed by Vihamanaafushi Holdings Private Limited. By accepting these terms and conditions, you expressly accept the provisions of this Policy.

Summary of Key Issues

Consent: "Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing our Customer Personal Data Protection Policy.

Collection: We collect Personal Information about you that you provide to us or that we obtain while you are using our website, downloading mobile application, placing an order, subscribing to our newsletter, responding to a survey or filling out a form.

Protection: We employ reasonable and current technical, administrative, and physical safeguards that are designed to prevent unauthorized access, maintain data accuracy, and to ensure correct use of Personal Data.

Use: We use Personal Data to provide you with services, to build features that will make the services available on our website easier to use, to contact you about these services, and to send advertisements, marketing material or other offers that we think might be of interest to you.

Sharing: We share your Personal Data with other hotels in our group, affiliated companies, external service providers, third party vendors, agents, and otherwise as necessary to provide our services and manage our business.

Access: We understand that you may want to access, change or delete your personal data.

Depending on applicable local laws, certain information could be considered sensitive, such as your credit card number, your leisure activities, personal activities and hobbies, and whether or not you are a smoker. We may be obliged to collect such information, with your consent, in order to meet your requirements or provide you with an appropriate service, such as a specific diet.

When is your Personal Data is collected?

Personal data may be collected on a variety of occasions, including: a. Hotel activities:

Booking a room Checking-in and paying Eating/drinking at the hotel restaurant or bar during your stay Requests, complaints and/or disputes.

b. Participation in marketing programs or events:

Signing up for loyalty programs Participation in customer surveys (for example, the Guest Satisfaction Survey) Subscription to newsletters, in order to receive offers and promotions via email.

c. Transmission of information from third parties: Tour operators, travel agents, GDS reservation systems, and others

d. Internet activities:

Connection to our Group Hotels websites (IP address, cookies) Online forms (online reservation, questionnaires, our Group Hotels pages on

social networks, network login devices such as Facebook login etc.).

For What Purposes the Personal Data is Collected?

We collect your personal data for the purposes of: a. Meeting our obligations to our customers b. Managing the reservation of rooms and accommodation requests:

Creation and storage of legal documents in compliance with accounting standards.

c. Managing your stay at our hotels:

Monitoring your use of services (telephone, bar, watersports etc.)

Managing access to rooms

Internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non- compliance with the hotel contract or safety regulations, theft, damage and vandalism, or payment incidents).

d. Improving our hotel services, especially:

Processing your personal data in our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes

Creating tailor-made products and services to better suit your requirements Informing you of special offers and any new services.

e. Managing our relationship with customers before, during and after your stay:

Managing the loyalty program Providing details for the customer database Segmentation operations based on reservation history and customer travel

preferences with a view to sending targeted communications Developing statistics and reports Managing the preferences of new or repeat customers Sending you newsletters, promotions and tourist, hotel or service offers Managing requests to unsubscribe from newsletters, promotions, tourist offers

and satisfaction surveys

Using in the event of serious events affecting the hotel in question (such as natural disasters).

f. Improving our services, especially:

• • •

Carrying out surveys and analyses of questionnaires and customer comments Managing claims/complaints Offering you the benefits of our loyalty program.

g. Securing and improving your use of our websites. h. Conforming to local legislation (for example, storing of accounting documents).

Third Party Access to Your Personal Data

a. Within our Group Hotels: In order to offer you the best service, we may share your personal data and give access to authorized personnel from our Group Companies, including:

Hotel staff Reservation staff using reservation tools IT department Commercial partners and marketing services Medical services, if applicable Legal services, if applicable Generally, any appropriate person within the Group entities for certain specific categories

of personal data.

b. With service providers and partners: Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example: External service providers such as IT sub-contractors, international call centers, banks, credit card issuers, external lawyers and dispatchers.

c. Local authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.

How do we protect your Personal Data?

We take appropriate technical and organizational security measures, in accordance with applicable legal provisions, to protect your personal data against unlawful, unauthorized or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. Our security procedures include contractual terms with any contractors, agents or data processors that require such entities to protect security and confidentiality of your personal data in accordance with our standards.

While we strive to protect your personal data, we cannot ensure the security of the information you transmit. It is your responsibility to safeguard any email or password that you have created or used in connection with Universal Resorts hotels.

Retention and Storage

We retain your personal data for as long as we are required to do so by applicable laws or for as long as necessary for the purposes described above for which it is processed. We will delete personal data that is no longer needed and/ or take steps to properly anonymize it so that you can no longer be identified, unless we are required to keep your information to comply with legal or regulatory obligations to which our Group Hotels are subject.


The information collected in relation to children under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet). If such data is sent without such consent, we can arrange for this information to be deleted.

Access to Personal Data

You may correct, update, amend, or remove your personal data by requesting us to do so. You may contact us on by sending an email to [email protected] and request for the modification. If you no longer desire to use our services, you may deactivate the services by contacting us via email. You may withdraw your consent to our processing of your personal data at any time by contacting us using the contact information listed in our website, but that will mean we can no longer provide our service to you.

For confidentiality and personal data protection, we will need to identify you in order to respond to your request. For this purpose, you will be asked to include a copy of your passport, driver license or other identification along with your request.

All requests will receive a response as soon as possible.

Use of Cookies

We advise you that we use cookies in our online booking sites. Cookies are packets of data used by servers to send status information to a user’s browser and (if the user allowed) return status information to the original server through the same browser. For instance, we use cookies to help us remember and process the request as per your preferences. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

You can set your browser to block cookies. Keep in mind that if you set your browser to block cookies, some features, pages and spaces on our websites will not be accessible, and we cannot be held responsible in this case.

Cookies on our website may include the following categories:

Strictly Necessary Cookies: These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies which are erased when you close your browser.

Analytical/Performance Cookies: These allow us to recognize and count the number of users of our website and see how such users navigate through our website. This helps to improve how our website works, for example, by ensuring that users can find what they are looking for easily. These cookies are session cookies which are erased when you close your browser.

Functional Cookies: These improve the functional performance of our website and make it easier for you to use. For example, cookies are used to remember that you have previously visited our website and asked to remain logged into it. These cookies are session cookies which are erased when you close your browser.

Targeting Cookies: These record your visit to our website, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the website and other websites you visit. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our website. You can delete these cookies via your browser settings. We will not collect these cookies from individuals without notice.


We may modify this Policy from time to time. Therefore, we recommend that you consult it regularly, particularly when making a reservation at one of our Group Hotels.

Contact Us

If you have any questions or comments regarding this Personal Data Protection Policy, please contact us by sending an email to [email protected] or send us a letter to The Data Protection Officer, Universal Resorts Management Pvt Ltd, 39 Orchid Magu, Male’, Republic of Maldives.

Principles for Protecting Personal Data

a. Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.

b. Legitimacy: We will collect and process your personal data only for the purposes described in this Policy.

c. Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.

d. Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the applicable laws.

e. Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. You may contact our Data Protection Officer by sending an email to: [email protected].

f. Confidentiality and security: We will ensure that reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.

g. Sharing and international transfer: We may share your personal data within the Universal Resorts Hotels or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Policy. We will take appropriate measures to guarantee security when sharing or transferring such data.

What Personal Data is Collected by us?

Contact details (for example, last name, first name, telephone number, email) Personal information (for example, date of birth, nationality) Information relating to your children (for example, first name, date of birth, age) Your credit card number (for transaction and reservation purposes) Your membership number for the loyalty programs Your arrival and departure dates Your preferences and interests (for example, smoking or non-smoking room, preferred

floor, type of bedding, type of newspapers/magazines, sports, cultural interests) Your questions/comments, during or following a stay in one of our establishments.