At Grandis, we take personal data very seriously. We recognise that when you choose to provide us with information about yourself, you trust us to act in a responsible manner. Our company, Grandis Hotels and Resorts Sdn Bhd (also referred to as Hotel Grandis), is fully compliant with the relevant laws in Malaysia, including the Personal Data Protection Act 2010 (PDPA) and its Amendments in 2024.

Please read this Privacy Statement carefully to understand how we collect, use, store, and protect your personal information, and how the use of this information can enhance your experience with us online and offline.

Compliance with the PDPA (Amended 2024)

The collection, storage, and handling of your personal information are subject to the Data Protection Principles under the Personal Data Protection Act 2010, as revised by the PDPA (Amended) 2024. These amendments introduce enhanced requirements, including:

  • Clearer consent and transparency obligations
  • Strengthened data breach notification requirements
  • Expanded rights for individuals (e.g. data access, correction, data portability, and withdrawal of consent)
  • Stricter rules on cross-border data transfers and data sharing with third parties

By providing your personal information to us, you consent to the collection, use, access, transfer, storage, and processing of your data in accordance with this Privacy Statement and the latest amendments to the PDPA.

Types of Personal Information Collected

Hotel Grandis collects personal information about guests and visitors to ensure a responsive and personalised experience. Information may be collected from, but is not limited to, the following sources:

  • Fulfilling reservation or information requests (e.g. name, ID/passport number, phone number, credit card details, date of birth, gender, nationality, race, address, email, etc.)
  • Purchasing products and services (e.g. credit card or bank account details, billing address, expiration dates)
  • Registering for an account on our website
  • Signing up for newsletters
  • Submitting a job application
  • Responding to communications from us (e.g. surveys, promotions, confirmations)
  • Accommodating your preferences
  • Fulfilling requests for services or recommendations
  • Working with third-party sources, including publicly available social media data, to better understand and serve you

Purpose of Collecting Your Information

We do not collect personal information unless it is required or beneficial to our services. Your data may be used for purposes such as:

  • Processing reservations, transactions, or product orders
  • Customer service and support
  • Billing, accounting, and internal record-keeping
  • Security purposes
  • Marketing and promotional communications (with your consent)
  • Research, service improvements, and guest experience enhancements
  • Customised advertising based on customer profiles

You may opt out of marketing emails and surveys at any time via the unsubscribe link or by contacting us directly. However, declining to provide essential information may impact certain services, such as reservation fulfilment or payment processing.

Disclosure of Your Personal Information

We may disclose your information to:

  • Travel-related business partners (e.g. airlines, car rentals, tour providers)
  • Third-party service providers offering administrative, payment, IT, marketing, or telecommunications support
  • Legal or government entities if required by law or for the protection of our legal rights
  • Professional advisers, regulatory bodies, or auditors as part of compliance

Under the PDPA (Amended 2024), we ensure that all third parties handling your data adhere to strict confidentiality obligations and data protection standards. Personal data will not be used beyond its intended purpose.

We may also retain data to comply with accounting, tax, and regulatory obligations. Aggregated demographic data, which is not personally identifiable, may be shared for business analysis.

Protecting Sensitive Information

We implement industry-standard security measures and comply with the PDPA 2024 requirements to protect your data. These include:

  • Secure storage systems and controlled access
  • Use of encryption and secure transmission protocols
  • Limiting access to authorised personnel only
  • Using credit card and bank information strictly for payment purposes

We do not sell or trade your personal information to any third party without your explicit permission.

Under-Age Policy

Children under the age of 18 should not provide personal data without parental or guardian consent. Information collected from children under the age of 12 will:

  • Not be shared or sold to partners
  • Not be used in any marketing or promotional campaigns

Use of Cookies

Cookies on our website are used solely for functionality and to improve your user experience. They help us remember your preferences between visits but are not linked to personally identifiable information.

Updating the Privacy Statement

We may update this Privacy Statement from time to time to comply with legal changes or improve clarity. The latest version will supersede all previous versions and take effect immediately upon posting.

Users will be notified of changes via email or other electronic communication. If you agree with the changes, no action is needed. If you wish to withdraw consent or remove your data, please contact us directly.

Contact Us

If you have any questions, concerns, requests, or complaints regarding this Privacy Statement or the processing of your personal data—including access, correction, data portability, or withdrawal of consent as provided under the PDPA 2010 and its 2024 amendments—you may contact our Data Protection Officer at:

Grandis Hotels and Resorts
Suria Sabah Shopping Mall
1A, Jalan Tun Fuad Stephens
88000 Kota Kinabalu, Sabah, Malaysia

 Tel: +60 88 522 888
 Fax: +60 88 522 999
 Email: info@hotelgrandis.com