Privacy Policy

Publish: June 2024

At Veligandu Maldives Resort Island, we strive to deliver outstanding products, services, and experiences. We value your business and, more importantly, your loyalty. We recognize that privacy is an important issue. We have developed this Privacy Policy (this “Policy”) to explain the practices of CCR regarding the personal information we collect when you visit this site. Some jurisdictions also require notice concerning other means of collecting personal information; for those jurisdictions, this Policy also explains our practices regarding personal information obtained from sources other than our websites, such as written or verbal communications or information collected when you visit one of our properties.

Please read this Policy carefully before submitting personal information about you to us. Also, please note that this Policy does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, and other service providers, companies that organize or offer packaged travel arrangements.

Table of Contents

1. Information and consent

By accepting this Privacy Statement, you give your free, informed, specific and unequivocal consent for the processing of personal data provided through this website (the “Website”) to be processed by Veligandu Maldives Resort Island (“Veligandu” or “resort”) and Crown & Champa Resorts (“CCR”) as joint data controllers.
The user must carefully read this Privacy Statement, which has been drafted in a clear and simple manner to facilitate its understanding, freely and voluntarily determining whether the user wishes to provide his/her personal data to Veligandu and CCR.

2. Scope of this Privacy Statement

This Privacy Statement applies to the personal information we collect through:

Online services: websites owned or controlled by any of us, web and mobile applications, social media pages, HTML-formatted email messages, Wi-Fi connectivity and other digital channels; and

Offline interactions: when you visit or stay as a guest at one of our properties, attend events and activities hosted by us, reach out to our call center, or through other offline interactions.

Collectively, we refer to the above as our “Services.”

In the performance of our obligations, we will comply with all applicable data protection and privacy laws and regulations in the jurisdictions we operate in:
This Privacy Statement does not apply to the personal information that we collect about employees, business partners and other personnel related to their working relationship with us, or the personal information that we collect about applicants and candidates. We may also collect, generate, use and disclose aggregate, anonymous, and other non-identifiable data related to our Services, which is not personal information subject to this Privacy Statement.

3. How we collect your personal data

We use different methods to collect data:

Direct interactions: You may give us your personal data by filling in forms or by corresponding with us by post, phone, email, mobile app or otherwise. This includes personal data you provide online when you book accommodation, sign up for a newsletter, or participate in a survey, contest or promotional offer. We collect personal data offline when you visit the resort, or use our services such as online check-in, spa, dive, watersports and seaplane or other transfers.

The data requested in the forms on the Website is mandatory (unless otherwise indicated in the relevant field) to perform services or fulfill your request. If you do not wish to provide required personal information then we unable to fulfill your request, but you can still see the content of the Website.

Automated technologies or interactions: You may give us your personal data by filling in forms or by corresponding with us by post, phone, email, mobile app or otherwise. This includes personal data you provide online when you book accommodation, sign up for a newsletter, or participate in a survey, contest or promotional offer. We collect personal data offline when you visit the resort, or use our Services.

The data requested in the forms on the Website is mandatory (unless otherwise indicated in the relevant field) to perform services or fulfill your request. If you do not wish to provide required personal information then we unable to fulfill your request, but you can still see the content of the Website.

  • Information about the devices you use to access our Websites (IP address, MAC address, device, browser and operating system type);
  • Pages and URLs that refer visitors to our sites, also pages and URLs that visitors exit to once they leave our Websites;
  • Information about your visits (date and time) and actions taken on our Websites(such as page views, site navigation patterns or application activity);
  • A general geographic location (such as country and city) from which a visitor accesses our Websites; and

Search terms that visitors use to reach our Websites. We collect this personal data by using cookies, and other similar technologies. See Cookie Policy

Security Systems: When you visit our hotels, information may be collected about you through such properties’ closed-circuit television systems, and other security systems.

Third parties or publicly available sources: We will receive personal data about you from various third parties and public sources including business partners, franchisees, travel agents and aggregators.

Personal Information From Children:
Except where required by local laws, we do not knowingly collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not allow your children to submit personal information without your permission.

4. Purposes for which we collect data

We use personal data to provide you with the Services, to develop new products and services, and to protect the safety and security of our guests, team members, and properties.
Personal data provided through the Website will be processed by us for the following purposes:

Booking process: Fulfill and manage booking requests, including any modifications and cancellations, perform basket retrieval, send a reminder of the pending booking or Website searches, send transaction confirmation, manage payment or prepayment, or refer you to loyalty programs that can be used to receive benefits. In addition to the information provided in the reservation form, we will integrate certain data from your guest profile previously managed by us to provide you with a better service in our hotels. The legal basis for this processing activity is the contractual relationship with you.

Sending commercial communications and newsletters: If you have subscribed to our marketing communications, we will send you tailored promotional offers regarding our Services and Brands with your permission. You have the option to subscribe or unsubscribe at any time via the link included in the email or by reaching out to us. The legal basis for this processing activity is your consent.

Check-in online or via the Mobile App: Manage check-in online process, personalize our Services, and respond to requests. The legal basis for this processing activity is a contractual relationship.

Electronic gift cards: Manage purchase and redemption of electronic gift cards, including communication between the parties and payment processing. The legal basis for this processing activity is a contractual relationship with you.
User-generated content (UGC) on social media platforms: Display UGC on our Websites for promotional purposes. The legal basis for this processing activity is your consent.

Social platforms log-in: If you register or sign in with your Facebook, Apple ID, Google or other third-party accounts to our Websites, you give such third-party service providers permission to share your personal information from those accounts (such as your registration and profile information). This information varies and is controlled by third-party service providers or as authorized by you via your privacy settings. The legal basis for this processing activity is your consent.

5. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“Aggregate Data”).
We may collect, use, store and transfer different kinds of personal data about you which we have arranged according to the different purposes as follows:

  • Contact information (email address, mailing address, country and phone number);
  • Demographic data (gender, age and preferred language);
  • Information related to your reservation, stay or visit to the resort (including the property where you have stayed date of arrival and departure, transfer and travel services and goods and services purchased, interests and preferences);
  • Information necessary to fulfil your special requests and/or specific accommodations;
  • Customer Preferences
  • Employment information (such as company name, job title and work contact information) to respond to requests for proposals or honor contractual arrangements;
  • Copies of your correspondence if you contact us;
  • Feedback and survey responses;
  • Information collected through the use of closed-circuit television systems, keycards and other security systems;
  • Information related to your use and interaction with our website and network; and
  • Information as requested by government authorities to fulfill our legal obligations.

We do not collect the following special categories of personal data about you: race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic, biometric data, and criminal convictions and offences.

6. Sharing of personal data

Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share personal data with the following parties:

We disclose personal data to other companies within our corporate structure for the purposes described in this Privacy Statement, such as providing Services and personalizing our communication with you. We share your personal data with hotels where you will stay to fulfil and complete your reservation.

Strategic business partners: We disclose personal data and other data to business partners who provide goods, services and offers that enhance your experience at our properties. By sharing data, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables spa, restaurant, health club, concierge and other outlets at our properties to provide you with services.

Service providers: We disclose personal data to third-party service providers for the purposes described in this privacy statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery and marketing,

Public administrations and law-enforcement: We disclose personal data to public administrations and police under requirement or as part of an investigation, in order to comply with obligations under the regulations, to prevent fraud or money laundering and to cooperate with these entities in the performance of their duties.

Comply with laws: We may disclose personal data to courts and other authorities if required to do so by law. We require all third parties to protect your personal data and to process it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In order to determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the relevant country.
We determine the retention period based on the following considerations:

  • If personal data was collected for the purpose of contract performance, it will be stored for the entire duration of the contractual relationship, and once it has ended until the statute of limitations expire.
  • If personal data was collected for the purpose of compliance with legal obligations, it will be stored until the obligation is fulfilled.
  • If personal data was collected for the purpose of legitimate interest, it will be stored until the end of this interest.
  • If personal data was collected with your consent, it will be stored until consent is withdrawn. You can withdraw your consent at any time through the link provided in the communications.

Details of retention periods for different aspects of your personal data are available in our Retention Statement which you can request from us by contacting us.

8. Your rights

You can exercise your data rights under data protection laws by contacting us:

  • View your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing your personal data

Right to withdraw consent:
Under certain circumstances where applicable law permits, you also have the right to advice a withdraw of consent.

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond
We try to respond to all legitimate requests within one month, or within the timeframe as specified by the applicable data protection legislation. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. Direct marketing

With your consent, we may send you direct marketing communications regarding our Brands and Services. If you have opted in to receive marketing communications, we may contact you by electronic messages (email, SMS, mobile push notifications or website), by mail or other means that you share with us. You have the right to withdraw consent at any time by contacting us using the details provided in the Contact Us section or clicking unsubscribe link in our marketing messages.

Please note that if you choose to opt out of marketing emails, we will continue to send you transactional messages, such as information about your reservations or stays, including confirmation and pre-arrival emails, or account security updates.

10. Contact us

If you wish to exercise any of the rights set out above, please contact us.
Email: reservations@veligandu.com

11. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.

12. Liability

This Website is not intended for children, and we do not knowingly collect data relating to children.
You guarantee that you have informed any third parties whose data you are providing, if you have done so, of the points covered in this privacy statement. In addition, you guarantee that their authorization has been obtained to provide their data to us for the indicated purposes.
You will be liable for any false or inaccurate information provided and for direct or indirect damage caused to us or to third parties.

13. Changes to this Privacy Statement

We keep our privacy statement under regular review. At the top of this page, you will see the date on which the privacy statement was last revised, and it is also the date from which any changes will become effective. Your use of the Services following these changes means that you accept the revised privacy statement. If you would like to review the version of the privacy statement that was effective immediately prior to this revision, please contact us at reservations@veligandu.com.

It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.