AMILLA Maldives

Privacy Policy

Privacy Policy and Information Notice on the Processing of Personal Data.
LAST UPDATED March 2023

We respect your privacy and we are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy protections.

This privacy policy aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter or purchase a product or service.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We keep our privacy policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How Is Your Personal Data Collected?

We use different methods to collect data from and about you including through:

Direct interactions: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone, email, WhatApp, post or otherwise. This includes personal data you provide when you:

  • apply for our products or services;
  • create an account on our website;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us feedback or contact us.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.

Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from the following parties:
    • analytics providers;
    • advertising networks; and
    • search information providers.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
  • Identity and Contact Data from data brokers or aggregators.
  • Identity and Contact Data from publicly available sources.

How We Use Your Data

Typically, we will use and process your data to:

  • help us create content that is relevant to our visitors;
  • make improvements to our websites and social media pages and ensure that content on these is presented in the most effective manner for you;
  • provide you with information, products or services that you request from us or which we feel may interest you;
  • assess and help us understand general trends and patterns relating to our business;
  • provide for the safety and security of our guests and visitors;
  • manage general record keeping;
  • enable us to compile anonymous, aggregated statistics that allow us to understand how users use our websites and to help us improve the structure of our websites;
  • enable you to make reservations and payments;
  • meet any legal and/or regulatory requirements;
  • provide the products or services you request from us; and
  • improve our products and services and to ensure our products and services are of interest to you.

The processing of your personal data for:

  • Marketing and profiling purposes is managed solely by Amilla as data controller. Your decision to provide your data for such purposes is optional and will have no consequence on your ability to stay with us or benefit from the requested services;
  • All purposes concerning your booking, your stay and to provide you with the services you have requested, is managed by Amilla. Your decision to provide data to us is voluntary however, if you do not provide such data you may no longer be able to benefit from our services.
  • We may process your personal data by both automated and manual means. We may use your data in other ways for which we provide specific notice at the time of collection.

Disclosures of Your Personal Data

We do not sell, otherwise disclose, or share data we collect and hold about you, except as described in this Privacy Policy.

We may share your data with service providers who perform functions and services on our behalf. Such third parties will be appointed as data processors and will be provided only with data necessary to perform the services on our behalf, but are not authorised to use such data for any other purposes.

We may disclose data about you if we are required to do so by law or pursuant to legal process, or in response to a request from law enforcement authorities or other government officials.

Transfer of Your Personal Data to a Third Party

Your personal data may be transferred to third party recipients only upon your consent or if it is permitted by applicable law. Where data is transferred, we will maintain that appropriate safeguards are implemented.

How We Protect Your Data

We maintain administrative, technical and physical safeguards designed to protect the data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Services providers and contractors who might have access to your data in order to provide services on our behalf will be contractually obliged to keep such data in confidence, provide adequate data security measures, and may not use that data for any other purpose.

For your own protection, we encourage you not to include sensitive personal data, credit card or similar data in any e-mails you send us or our staff.

How Long We Keep Data For

Amilla only retains your information for as long as needed to fulfil the purposes for which it is collected, unless otherwise provided by law.

Your credit card details are not stored on our servers.

Child Safety

We are not intended to collect identifiable personal data from individuals under the age of 18 without the consent of their parents. None of the pages on this website has been designed to attract the attention of young people aged 18 years.

Your Rights

If you wish to avail any of the options listed below, please contact us.

  • request access to your personal data
  • request correction of your personal data
  • request deletion of your personal data
  • object to processing of your personal data
  • request restriction of processing your personal data
  • request transfer of your personal data
  • withdraw consent

No Fee Usually Required

You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What We May Need From You

We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no grounds to receive it. We may also contact you to ask you for further information in relation to your request to speed up your request.

Time Limit to Respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.