Privacy Statement
Last Updated: July 2026
We respect your privacy rights and are committed to protecting your personal data. This Privacy Statement outlines how we collect, access, use, process, disclose, and protect your personal data (collectively referred to as “Process” or “Processing”, as may be applicable) when you interact with websites, apps and services provided within our Spa and Wellness portfolio. Our Spa and Wellness portfolio includes spas owned and managed under our brands (“Spa & Wellness Brands”). We encourage you to read this statement carefully to understand our practices regarding your personal data.
The Spas and Wellness centers are operated jointly or individually by entities within our group as provided below. When we mention “we”, “us” or “our” in this Privacy Statement, we are referring to the relevant entities within our group responsible for processing your personal data when you engage with us through our websites, apps and/or services.
- Data controllers
2. Information and consent
3. Scope of this Privacy Statement
4. How we collect your personal data
5. Purposes for which we collect data
6. The data we collect about you
7. Sharing of personal data
8. International transfers
9. Data retention
10. Your rights
11. Direct marketing
12. Contact us
13. Data security
14. Liability
15. Changes to this Privacy Statement
Data Controllers
The purposes and means of personal data processing set in this Privacy Statement are determined by (either jointly or individually):
Information and Consent
This Privacy Statement is provided to inform you about how we Process your personal data. It explains the purposes of, and the legal bases for, each of our processing activities, which are described below. Acknowledging this Privacy Statement confirms that you have read and understood how we handle your personal data; it does not by itself constitute your consent to the processing of your personal data. Please note that we do not rely on consent as the sole basis for all processing. The purposes of such processing and the legal basis for processing personal data are in this Privacy Statement.
Where we rely on your consent, in particular, for the collection and use of sensitive personal data such as health information, we will request your explicit consent separately, at the point at which we collect that data (for example, through a dedicated form or health questionnaire), rather than through your general acknowledgement of this Privacy Statement. You may withdraw any consent you have given at any time, as described in the “Your rights” section.
Please read this Privacy Statement, which has been drafted in a clear and simple manner to facilitate its understanding, freely and voluntarily determining whether the user wishes to provide his/her personal data.
Scope of This Privacy Statement
This Privacy Statement applies to the personal data we collect through:
- Online platforms: websites owned or controlled by any of us, web and mobile applications, social media pages, HTML-formatted email messages, Wi-Fi connectivity and other digital channels; and
- Offline interactions: when you request a consultation call, or visit as a customer at any of our spa and wellness center(s), attend events and activities hosted by us, authorized agents or partners, reach out to our call center, or through other offline interactions.
Collectively, we refer to the above as our “Services”.
In the performance of our obligations, we will comply with all data protection and privacy laws and regulations applicable to us in the jurisdiction we operate in.
This Privacy Statement does not apply to the personal data that we collect about employees, business partners and other personnel in connection with their working relationship with us, or the personal data that we collect about applicants and candidates. We may also collect, generate, use and disclose aggregate, anonymous, and other non-identifiable data related to our Services, which is not personal data subject to this Privacy Statement.
How We Collect Your Personal Data
We use different methods to collect personal data:
Direct interactions: You may provide us with your personal data by filling in forms or by corresponding with us through our websites, apps, phone, email or otherwise. This includes personal data you provide to us when you inquire regarding the details of spa and/or wellness treatments, sign up for a membership, newsletter, or participate in a survey, contest or promotional offer. We collect personal data offline when you visit our spa or wellness centers (including through forms and questionnaires), attend events and activities hosted by us or our authorized agents or partners, reach out to our call center, or through other offline interactions.
The data requested in the forms on the Website is mandatory (if it is indicated against the relevant field on the Website) to perform services or fulfill your request. If you do not wish to provide required personal data, then we would be unable to fulfill your request, but you can still see the content of the Website.
Automated technologies or interactions: As you interact with our websites, apps or other pages, we will automatically collect technical data about your equipment, browsing actions and patterns. The information we may collect by automated means includes, but is not limited to:
- Information about the devices you use to access our Websites (IP address, MAC address, device, browser and operating system type);
- Pages and URLs that refer visitors to our sites, also pages and URLs that visitors exit once they leave our Websites;
- Information about your visits (date and time) and actions taken on our Websites (such as page views, site navigation patterns, application activity, or user preferences);
- A general geographic location (such as country and city) from which a visitor accesses our Websites; and
- Search terms that visitors use to reach our Websites.
We collect this personal data by using cookies, web beacons and other similar technologies. Please see the details of website cookies in our Cookies Policy.
Security Systems: When you visit our spa and wellness center, your personal data may be collected through such spa and wellness center’s closed-circuit television systems, and other security systems.
Purposes for Which We Collect Data and legal basis for Processing
We use personal data to provide you with the Services, to develop new products and services, and to protect safety and security of our client, team members, and properties.
Personal data will be processed by us for the following purposes:
Provision of spa and wellness treatments: to assess your suitability for, and to safely provide, the spa and wellness treatments you request, including reviewing health questionnaire responses, allergies and health concerns. As this involves sensitive personal data (health data), the legal basis for this processing is your explicit consent, which we collect separately at the point of consultation and/or treatment, as may be applicable. Where you do not provide this consent, we may be unable to provide certain services or treatments.
Registration and reservation: to manage customer registration and reservation processes, including any modifications and cancellations, send transaction confirmation, booking details, manage payment or prepayment, or send reminder for appointment or booking. In addition to the information provided in the reservation form, we will integrate certain data from your guest profile previously managed by us to provide you with better service in our spa & wellness center. The legal basis for this processing activity is the contractual relationship with you.
Loyalty Program: to provide more personalized services across our Spa & Wellness Brands and hotels and integrate certain data from your existing profile previously managed by us to enhance your experience. The legal basis for this processing activity is your consent.
Electronic gift cards: to manage purchase and redemption of electronic gift cards, including communication between the parties and payment processing. The legal basis for this processing activity is a contractual relationship with you.
Inquiry Management: to manage customer enquiries relating to spa and wellness treatments and services, including responding to requests for information, providing details of spa services, availability, pricing, and assisting customers with reservation-related questions through various communication channels including email, phone, live chat, and social media platforms such as LINE, WhatsApp, FB Messenger, and web forms. The legal basis for processing your general personal data for this purpose is our legitimate interest in responding to and managing your enquiries. Where an enquiry includes sensitive personal data, for example, health information you choose to share when asking about the suitability of a treatment, we process that information on the basis of your explicit consent. We ask that you avoid sharing sensitive personal data through these channels where possible; where it is necessary to respond to your enquiry, we will rely on your explicit consent and handle that information with appropriate safeguards.
Sending commercial communications and newsletters: If you have subscribed to our marketing communications, we will send you tailored promotional offers regarding our Spa & Wellness Brands, service and relevant offerings. If we have your permission, we will inform you about relevant services or opportunities provided by other entities within our group and business partners. You have the option to subscribe or unsubscribe at any time via the link included in the email or reaching out to us. The legal basis for this processing activity is your consent.
User-generated content (UGC) on social media platforms: Display UGC on our Websites for promotional purposes. The legal basis for this processing activity is your consent.
Retargeting advertising: We may engage in behavioral advertising using platforms such as Facebook Retargeting Ads. This involves the use of cookies and similar technologies to collect and leverage information about your interactions with our services and other websites. We utilize this data to deliver targeted advertising that aligns with your interests. Opt-out options for these targeted advertising efforts are available by adjusting your browser settings or contacting us directly.
The Data We Collect about You
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“Aggregate Data”).
We may Process different kinds of personal data about you which we have arranged according to the different purposes as follows:
- Contact information (email address, mailing address, country, phone number, and emergency contact);
- Identity data (such as full name, username, or similar identifier, nationality, age, and supporting documents when entering into contracts to fulfill our contractual obligations.)
- Financial information (including payment transaction, credit card number, billing address, and bank account information, if applicable);
- Health data (such as medical records, food allergies, general health and physical characteristics, physiological data, health tracking data and health concerns);
- Biometric data
- Demographic data (such as gender, country, marital status, and preferred language);
- Information (including health data and/or biometric data) necessary to fulfil your special requests and/or specific spa or wellness service;
- Customer Preferences
- Copies of your correspondence if you contact us;
- Feedback and survey responses;
- Information collected through the use of closed-circuit television systems, and other security systems;
- Information related to your use and interaction with our Website and network; and
- Information as requested by government authorities to fulfill our legal obligations.
Some of the data we collect, in particular, health data and/or biometric data, is considered sensitive personal data (also referred to as special categories of personal data) under applicable data protection laws. We collect and use this data only where you have given your explicit consent, or where another legal basis under applicable law permits, and only to the extent necessary to provide the consultation, spa and wellness services you request.
Sharing of Personal Data
Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share personal data (excluding your sensitive personal data) with the following parties:
- Minor Group: We disclose personal data to other companies, affiliates, and subsidiaries within our corporate structure for the purposes described in this Privacy Statement, such as providing Services and personalizing our communication with you.
- Strategic business partners: We disclose personal data and other data to business partners who provide goods, services, and offers that enhance your experience at our spa and wellness center. By sharing data, we can make personalized services available to you. For example, this sharing enables spa, restaurant, health club, concierge, and other outlets at our spa and wellness center to provide you with services.
- Service providers: We disclose personal data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery and marketing.
- Public administrations and police bodies: We disclose personal data to comply with legal obligations to public administrations and police, to prevent fraud or money laundering, and to cooperate with these entities in the performance of their duties.
We require all private third parties and request the public authority to protect your personal data and to process it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International Transfers
As a global hospitality company, we may transfer your personal data across multiple jurisdictions. Insofar as it is necessary for the purposes, your personal data, excluding sensitive personal data, may be transferred to countries where our third-party service providers, advisors and consultants are located, which may change from time to time.
When we share data, it may be transferred to, and processed in, countries other than the country you live in or where our data hosting provider’s servers are located. These countries may have laws different from what you’re used to. Where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data, for example, by entering into the European Commission’s Standard Contractual Clauses.
By providing your personal data to us, you consent to us disclosing your personal data to any such overseas recipients for the purposes described in this Privacy Statement and acknowledge that such overseas recipients may not be subject to laws that require them to protect your personal data in a way that is comparable to the safeguards in the applicable laws in your home state.
When we share data, we ensure that at least one of the following safeguards is implemented:
- We enter into a specific contract with third parties which enables the enforcement of the data subject’s rights, according to the applicable regulations.
- We use your consent to transfer data if the applicable law requires it.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.
Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In order to determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the relevant country.
We determine the retention period based on the following considerations:
- If personal data was collected for the purpose of contract performance, it will be stored for the entire duration of the contractual relationship, and once it has ended until the statute of limitations expires.
- If personal data was collected for the purpose of compliance with legal obligations, it will be stored until the obligation is fulfilled.
- If personal data was collected for the purpose of legitimate interest, it will be stored until the legitimate interest subsists.
- If personal data was collected with your consent, it will be stored until consent is withdrawn. You can withdraw your consent at any time through the unsubscribed link provided in the communications. However, withdrawing your consent will not affect any collection, use, or disclosure of your personal data that took place before the withdrawal.
- For sensitive personal data, where processing is based on your explicit consent, such data will be retained only for as long as necessary to fulfill the specific purpose for which it was collected, or until your consent is withdrawn, whichever is earlier. However, withdrawing your consent will not affect any Processing of your personal data that took place before the withdrawal.
Details of retention periods for different aspects of your personal data are available in our Retention Statement which you can request from us by contacting us.
Your Rights
You can exercise the following data rights under data protection laws by contacting us:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request your personal data in a portable format
- Right to withdraw consent. However, please note that withdrawing your consent will not affect any Processing of your personal data that took place before the withdrawal.
Under certain circumstances where applicable law permits, you also have the right to lodge a complaint with a competent data protection supervisory authority.
What we may need from you
We may need to request specific information from you to help us confirm/authenticate your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, as permitted under data protection laws, we could refuse to comply with your request in these circumstances, and we will indicate the reason for refusal.
Time limit to respond
We try to respond to all legitimate requests within one month, or within the timeframe as specified by the applicable data protection legislation. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Direct Marketing
With your consent, we may send you direct marketing communications regarding our spa and Services. If you have opted in to receive marketing communications, we may contact you by electronic messages (email, SMS, or website), by mail or other means that you share with us. You have the right to withdraw consent at any time by contacting us using the details provided in the Contact Us section or clicking the unsubscribed link in our marketing messages.
Please note that if you choose to opt out of marketing emails, we will continue to send you transactional messages, such as information about your purchase, including confirmation.
Contact Us
If you wish to exercise any of the rights set out above, please contact us at
Email: privacy.corporate@minor.com; or
Post: 88 The Parq Building, 12th Fl. Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Liability
This Website and our Services are not intended for children, and we do not knowingly collect data relating to children. We also request you to refrain from providing any personal data of children to us. By using this website, you confirm that you are not a child/minor under the applicable laws of the jurisdiction of your residence.
You confirm that you have informed any third party(ies) whose personal data you provide to us and, where required, obtained their consent to share their personal data. Additionally, you also confirm that you have their permission to provide their personal data to us for the stated purposes. We request you to refrain from providing us the data of any third parties that does not comply with the above requirements.
You will be liable for any false or inaccurate information provided, and for direct or indirect damage caused to us or to third parties.
Changes to This Privacy Statement
We keep our Privacy Statement under regular review. At the top of this page, you will see the date on which the Privacy Statement was last revised, and it is also the date from which any changes will become effective. Your use of the Services following these changes means that you accept the revised Privacy Statement. If you would like to review the version of the Privacy Statement that was effective immediately prior to this revision, please contact us at dataprotection@minor.com.
It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.