Privacy Policy

Privacy Policy

  1. Introduction

This Website is owned and controlled by Ben Thanh – Norfolk Hotel Company Limited (hereafter referred to as the “Norfolk Hotel”). Norfolk Hotel recognizes that protecting the privacy of our customers and their Personal Information (hereafter referred to collectively as “Personal Information”) is the basis of the Norfolk Hotel’s business and one of the Norfolk Hotel’s social responsibilities. In order to responsibly protect our customers’ Personal Information, the Norfolk Hotel has established the Personal Information protection policy set forth below. The Norfolk Hotel has established an in-house system and strategies for protecting Personal Information, which it is committed to implementing, maintaining, and continuously improving. The Norfolk Hotel’s Personal Information protection system and activities are designed to comply with all relevant legislation and in-house rules, and to be worthy of our customers’ confidence.

This Privacy Policy explains who we are, how we collect, share and use your Personal Information, and how you can exercise your privacy rights. This notice is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.

The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within Vietnam. It should be noted that GDPR does not apply to information already in the public domain.

This Privacy Policy includes information concerning what information we collect; how we collect it; the secured measurement that we use it or share it with who; and your rights concerning personal data protection.

  1. What does Norfolk Hotel do?

Norfolk Hotel, which operates hospitality property in Vietnam under the “Norfolk Hotel”, “Corso Steakhouse & Bar”, “Norfolk Spa” and “Norfolk Hotel Privilege Club” program, is comprised of a family of companies (collectively referred to as “Norfolk Hotel”, “Hotel”, “we”, “our” or “us”), which owns the site (the “Website”). This Privacy Policy contains information on how Norfolk Hotel collects, uses, and shares information collected from you as well as how such information is protected from unauthorized access. This Privacy Policy only covers the Website. By using the Website, you agree that Norfolk Hotel may collect, use, and share information consistent with this Privacy Policy.

  1. Effective date of Privacy Policy

The effective date of this Privacy Policy is 17 December 2019.

  1. Changes to Privacy Policy

Norfolk Hotel may change this Privacy Policy from time to time. This Personal Information Protection Policy is subject to revision at any time to respond to revisions and changes in related laws and regulations and to social needs related to Personal Information. You can tell when this Privacy Policy was last updated by looking at the date at the bottom of the Privacy Policy. Any changes to this Privacy Policy will become effective upon posting of the revised policy on the Website.

  1. Obtaining Personal Information from customers

5.1. Obtaining Personal Information

In the course of providing services to our customers, the Norfolk Hotel may obtain from customers such Personal Information as their name, address, and contact information. When obtaining Personal Information from customers, only the necessary information is obtained, and the purpose and extent of the utilization of the information is clearly explained.

5.2. How information is obtained

Personal Information is obtained by the following means in the course of customer transactions with the Norfolk Hotel, related to the Norfolk Hotel facilities or products (such as accommodation, banquet, or bar/restaurant facilities, product sales, the provision/sale of amenities, the provision of services, and the holding of events) and other transactions (referred to hereafter as “transactions”).

  • Directly from the customer: by telephone, in writing, from business cards, verbally, or over the Internet.
  • From a person duly authorized by the customer: such authorized persons may include those authorized to make a reservation on behalf of a customer or to introduce a customer, travel agencies, and package tour companies.
  • From published information: newspapers, Internet, telephone books, publications, and other written materials.

5.3. Types of Personal Information obtained by the Norfolk Hotel

The Personal Information obtained by the Norfolk Hotel may include the following information: name, place of work, home/work address, email address, telephone number, fax number, date of birth, gender, customer requirements regarding guest rooms, leisure activities, and other services, information required to fulfill special requirements, and the customer’s previous/subsequent night’s accommodation if required by bylaws or ordinances.

5.4. Right to refuse to provide Personal Information

The Norfolk Hotel does not compel customers to provide Personal Information. At all times, the customer has the right to choose whether or not to provide Personal Information to the Norfolk Hotel. However, in the event that a customer refuses to provide Personal Information such as his or her name, it may not be possible to provide certain services, such as making reservations.

5.5. Obtaining information from minors

The Norfolk Hotel does not aim or intend to obtain Personal Information directly from minors. In the event that a minor provides the Norfolk Hotel with Personal Information about the minor or the minor’s family without the agreement of the minor’s parents, please contact a Norfolk Hotel’s representative. The Norfolk Hotel will immediately cease use of the Personal Information and take any necessary action, including deletion of the Personal Information, in good faith.
However, if a minor wishes to use the facilities of the Norfolk Hotel, and provides Personal Information about himself/ herself for that purpose, the Norfolk Hotel shall handle said Personal Information in accordance with this Privacy Policy.

6.    Use of customer Personal Information

6.1. Purposes for which Personal Information is used

The Norfolk Hotel uses a customer’s Personal Information only for the purpose(s) and within the scope made clear to the customer at the time the information is obtained. The Norfolk Hotel makes absolutely no use of Personal Information for other purposes or beyond the indicated scope.

6.2. Types of data obtained by the Norfolk Hotel and purposes of use

We may collect your name, email address, telephone number, and any other information you choose to provide so that we may process your requests. All required and optional information is clearly denoted on any form that you are presented. If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.

The Personal Information that we may collect about you broadly falls into the following categories:

  • Data you provide voluntarily

We ask you to provide certain information voluntarily. The types of information we ask you to provide, and the reasons why we ask you to provide it, include your contact details in order to make a reservation, book or purchase one of our services, subscribe to marketing communications from us, and to submit enquiries to us.

We will also ask you to provide your credit card details so that we can charge you for any purchases that you make during your stay at the Norfolk Hotel.

If we ask you to provide any other Personal Information not described above, then the Personal Information we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect your Personal Information.

  • Data we collect automatically

We may also collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered Personal Information under applicable data protection laws.

Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them.  We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.

  • Data we obtain from third party sources

From time to time, we may receive Personal Information about you from third party sources (including travel agents that have made a booking on your behalf), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your Personal Information to us.

The types of information we collect from third parties include your name, address, email, credit card rewards number and stay history. We use the information we receive from these third parties to honor your reservation.

6.3. Use of cookies

You should also be aware that information and data might be automatically collected from you through the standard operation of our internet servers and through the use of “cookies.” Cookies are small text files that a site can store on your computer. It is a string of information that the visitor’s browser provides to the Website each time the visitor returns. We may use both “session” cookies and “persistent” cookies on the Website. We will use the session cookies to: keep track of you whilst you navigate the Website. We will use the persistent cookies to: enable our Website to recognise you when you visit. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

Norfolk Hotel uses cookies to recognize repeat users, facilitate a user’s ongoing access to and use of the Website, track Website usage behavior, and compile aggregate data that will allow content improvements and targeted advertising. We use Google Analytics to analyse and generate statistical and other information about Website use by means of cookies, which are stored on users’ computers. The information generated relating to our Website is used to create reports about the use of the Website. Google will store this information. Google’s Privacy Policy is available at:

Cookies generally neither damage your files nor allow us to personally identify you. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. You should note that some cookies may be necessary to provide you with some features offered on the Site, so any deletion of them may adversely impact how the Site functions to you.

Please note that by using the Website, you agree that your Personal Information and your other non-personal data may be transmitted to Vietnam.

Norfolk Hotel will explicitly state on the Website when Personal Information is required to be collected. However, subject to applicable laws, Norfolk Hotel may collect, use and disclose to our business partners relevant portions of your Personal Information for following purposes:

7.    Provision to third parties and joint use of Personal Information

7.1. Limits to provision of information to third parties and joint use of information

Norfolk Hotel does not sell any of your Personal Information to third parties for any reason. As noted above, Norfolk Hotel may share some of your Personal Information with certain third parties in order to properly run its business, including the operation of its services. For example, your name and credit card information will be shared with our credit card processing vendor in order to process payments. Personal Information is not shared with third parties for use in connection with their own purposes, but only Norfolk Hotel own business purposes and to better serve our Site users.

Norfolk Hotel may also disclose your Personal Information if required to do so by law, or in a good-faith believe that such action is necessary: (a) to comply with applicable law or with legal process served on Norfolk Hotel or the Site; (b) to protect and defend the rights or property of Norfolk Hotel or the Site; or (c) if Norfolk Hotel ownership status changes, such as it being acquired by another party.

7.2. Scope and purposes of joint use of Personal Information

As a rule, if Personal Information is shared with third parties for the purpose of joint use, the joint use relates to the following

  • Direct Marketing: We will send Direct marketing via the postal service and by email. We will also make sure our direct marketing is relevant for you and where possible tailored to your interests.
  • Ordering online: In order for us to process an order, payment details are taken and contact information collected, such as name, address, telephone number, and email address.
  • Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
  • Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our guests and visitors.
  • Analytics:To process your Personal Information for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information as long as this does not harm any of your rights and interests.
  • Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
  • Due Diligence: We may need to conduct investigations on potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption. Any communication we send in this manner will give you the opportunity to unsubscribe very easily.

7.3. Consent

We also rely on consent for lawful processing where we have no legitimate interest. An example of this may be when you sign up to receiving marketing through our website. Every marketing email we send gives you the opportunity to withdraw consent by unsubscribing.

7.4. Disclosure

We may on occasions pass your Personal Information to third parties exclusively to process work on our behalf. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.

We do not broker or pass on information gained from your engagement with us without your consent. However, we may disclose your Personal Information to meet legal obligations, regulations or valid governmental request. We may also enforce our Terms of Use, including investigating potential violations of our Terms of Use to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of the Norfolk Hotel, our clients and/or the wider community.

  1. Online reservations and bookings

Lodging at our Norfolk Hotel & Norfolk Mansion is handled by a third party vendor, namely, D-Edge – Fastbooking ( In connection with making lodging reservations and bookings, you will leave the Site and go to a site maintained by Fastbooking.  Further, when making lodging reservations or bookings through the site maintained by Fastbooking, you will be bound by Fastbooking’s Privacy Policy regarding the collection of information. Please note that any information you provide to Fastbooking as part of reserving or booking lodging at Norfolk Hotel will be shared with us for reasons consistent with how we use information collected directly through the Site.

  1. Legal basis for processing Personal Information  

As stated in details above. Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).

Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided below.

  1. Retention Policy

We will process personal data during the duration of any contract and will continue to store only the personal data needed for five years after the contract has expired to meet any legal obligations. After five years any personal data not in use will be deleted.

  1. Your rights as a data subject

You have the following data protection rights as following:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that the Norfolk Hotel refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

Norfolk Hotel will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws, such as

  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of Norfolk Hotel or a third party such as one of its clients, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority (Data Protection Regulator).
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

To access what personal data is held, identification will be required. We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Norfolk Hotel is dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to [email protected] or by phoning (+84 28) 3829 5368 or writing to us at the address further below.

  1. Security of Information

Norfolk Hotel uses appropriate technical and organizational measures to protect the Personal Information that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Information. While Norfolk Hotel takes security of your information seriously, there is no system that is one hundred percent secure from outside threats.  Norfolk Hotel cannot guarantee that information sent over the Internet is fully secured, nor will it remain fully secured once on Norfolk Hotel’ system.

  1. Children’s Privacy

The Website is not marketed to or directed at, nor intended for, children under 18 years of age. Norfolk Hotel does not knowingly collect any information from children under 18 years of age. If Norfolk Hotel earns that it collected any information from someone younger than 18 years of age, Norfolk Hotel will delete the information.

  1. Miscellaneous

Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.  However, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Privacy Notice.

The Website may contain links to external sites not controlled and/or affiliated with Norfolk Hotel and therefore not bound by this Privacy Policy. If you access these linked sites, you will be subject to the privacy practices of those websites.

Your use of the Website is also governed by our Terms of Use found at on the other link whose terms are incorporated by reference into this Privacy Policy.

If you need to contact Norfolk Hotel for any reason, including if at any time you believe that a Norfolk Hotel has not adhered to this Privacy Policy, please notify Norfolk Hotel using the below information and we will use all reasonable efforts to promptly determine and correct the problem.

  1. Norfolk Hotel information center

In the event that you wish to make a concern about how your Personal Information is being processed by Norfolk Hotel or its partners, you have the right to complain to us.

The details for each of these contact is:

Ben Thanh – Norfolk Hotel Company Limited
Norfolk Hotel, 117 Le Thanh Ton Street, District 1,
Ho Chi Minh City, Vietnam, 700000
Telephone (+84 28) 3829 5368
Email [email protected]

Updated on 17 December 2019