We collect various types of personal data to provide, improve, and personalize our Services, including facilitating hotel bookings, managing accounts, and delivering relevant marketing. Personal data is information that can identify you as an individual, either directly or indirectly. We collect personal data in the following ways:
a. Directly from you: When you provide information through our Sites, App, customer service interactions, or other Services (e.g., when creating an account, making a booking, or contacting us).
b. Automatically: Through technologies such as cookies, web beacons, or device data collection when you interact with our Services.
c. From third parties: From affiliates within Sands Group, business partners (e.g., hotels, payment processors), or other authorized third parties to enhance our Services or comply with legal obligations.
When we process your personal information, we must have a valid legal reason, known as a "legal basis", for doing so. Depending on the situation, we may rely on one or more of the following legal bases:
a. Consent – By you accepting this Privacy Policy or you have given us permission to process your personal information for a specific purpose.
b. Performance of a contract - We need to process your information to deliver the products or services you have requested.
c. Legal obligation - We are required by law to collect and process certain personal information.
d. Legitimate interests - We may process your information as part of running and improving our business, but only when doing so does not override your rights and interests.
e. Vital interests - In rare situations, we may need to use your information to protect your safety or the safety of others.
Categories of Personal Data
The table below details the personal data we collect, purposes for collection and use, sources, and lawful bases under the Privacy Act.
Personal Data Category | Purposes for Collection/Use | Sources |
Identification data (e.g., first and last name, nickname, email, phone number, billing/home address) | Facilitate bookings, manage accounts, authenticate users, provide customer service, deliver marketing, conduct analytics, ensure security. | Directly from you, Sands Group companies, device data, third-party partners (e.g., hotels). |
Government-issued identification (e.g., passport, driver’s license, tax ID, country of residence) | Verify identity, process bookings, comply with tax or sanctions laws. | Directly from you, Sands Group companies, third-party partners. |
Transaction information (e.g., order numbers, booking details, transaction amounts, dates, times, locations, payment methods) | Process bookings, track orders, manage refunds, analyze trends, prevent fraud. | Directly from you, Sands Group companies, device data, payment processors, travel suppliers. |
Payment data (e.g., card number, expiration date, bank details) | Process payments, secure bookings, manage refunds, prevent fraud. | Directly from you, Sands Group companies, payment processors. |
Travel preferences (e.g., hotel preferences, dietary or accessibility needs) | Personalize bookings, enhance user experience, marketing, analytics. | Directly from you, Sands Group companies, device data, partners. |
Account information (e.g., username, password, membership ID, membership level) | Manage accounts, authenticate users, administer loyalty programs, provide access to Services. | Directly from you, Sands Group companies, device data. |
Loyalty data (e.g., membership points, rewards, vouchers, redemption history) | Administer loyalty programs, deliver rewards, marketing, analytics. | Directly from you, Sands Group companies, device data, partners. |
Geolocation data (e.g., IP-based location, GPS with consent) | Offer location-based services (e.g., nearby hotels), personalize content, marketing, security, compliance. | Directly from you, Sands Group companies, device data, partners. |
Images, videos, recordings (e.g., profile photos, social media images, customer service call recordings) | Enhance profiles, customer service, marketing, analytics, security, document event participation. | Directly from you, Sands Group companies, device data, social media platforms. |
Communications data (e.g., emails, chat transcripts, call recordings) | Provide customer service, resolve disputes, train staff, analytics, compliance. | Directly from you, Sands Group companies, device data, partners. |
Site interaction data (e.g., searches, clicks, booking history) | Improve Services, personalize content, marketing, analytics, security. | Directly from you, Sands Group companies, device data, partners. |
Device data (e.g., device type, unique ID, operating system, browser) | Optimize Services, analytics, marketing, security, technical support. | Sands Group companies, device data, partners. |
Co-traveler data (e.g., names, contact details of travel companions) | Facilitate bookings, customer service, marketing, analytics. | Directly from you, Sands Group companies, partners. |
Child data (e.g., names, ages of minors from parents/guardians) | Facilitate bookings, customer service, compliance. | Directly from you, Sands Group companies, partners. |
Clickstream data (e.g., website interaction sequences) | Enhance user experience, analytics, marketing, security. | Sands Group companies, device data, partners. |
Birthdate and gender | Personalize bookings, marketing, analytics, compliance (e.g., age verification). | Directly from you, Sands Group companies, partners. |
Sensitive data (e.g., health, disability, dietary needs for accessibility) | Facilitate accessibility, bookings, compliance. | Directly from you, Sands Group companies. |
At other times, Sands Group may collect information that cannot be used to identify you. For example, we may aggregate non-personal information about you and other users/customers who use our Services. Aggregate information will not contain any information that can be linked directly back to you.
We use technologies to collect Usage Information, including:
a Cookies: Store preferences and track usage.
b Web Beacons: Monitor interactions.
c Embedded Scripts: Track clicks or App usage.
d ETags: Track accessed resources.
Third-party tools (e.g., widgets, plug-ins) may collect data, subject to their privacy policies. You can manage these via browser or device settings (see Cookies section below). Disabling technologies may limit Service functionality. We may combine personal information that we collect with information and data we receive from other sources, such as information about your prior transactions with any other Sands Group Companies within Sands Group, and information that is automatically collected.
We use personal data to deliver, improve, and secure our Services, comply with legal obligations, and provide personalized experiences. The specific purposes are listed in the table above, while this section outlines broader use cases and sharing practices.
General Use Cases
We collect and use personal data for the following purposes:
a. Platform Usage and Booking Purposes – including to:
o Facilitate your booking, verify your identity, and for travel insurance purposes.
o Book the requested travel (such as cruises, activities, and hotels) or enable vacation property booking.
o Provide services related to the booking and/or account.
o Maintain your search and travel history, accommodation and travel preferences, and similar information about your use of Sands Group’s platform and services, and as otherwise described in this Privacy Policy.
o Enable and facilitate acceptance and processing of payments (such as collecting or validating your payment details for our various payment models to hold a reservation, secure a booking, enable a travel partner to check the validity of your bank card, expedite the check-out process, or deal with any fee, charge, payment or refund that applies), coupons, and other transactions.
o Administer loyalty and rewards programs.
o Collect and enable booking-related reviews.
o Help you to use our services faster and more easily through features such as the ability to sign in using your account within the online services and sites of some of the Sands Group brands.
b. Communications and Customer Service Purposes – including to:
o Respond to your questions, requests for information, and process information choices.
o Enable communication between you and travel suppliers (such as hotels and vacation property owners).
o Contact you (e.g. by text message, email, phone calls, mail, push notifications, or messages on other communication platforms) to provide information such as travel booking confirmations and updates, emergency notifications, or for other purposes as described in this Privacy Policy.
c. Marketing Purposes – including to:
o Contact you (such as by text message, email, phone calls, mail, in-app messaging, push notifications, or messages on other communication platforms) for marketing purposes.
o Analyse information such as browsing and/or purchase history and use the result to optimize advertising and marketing in accordance with your interests and preferences.
o Measure and analyse the effectiveness of our marketing and promotions.
o Administer promotions like contests, sweepstakes, and similar giveaways.
o Deliver targeted advertising and advertising based on your profile.
d. Market Research, Analytics, and Training Purposes to improve our Services – including to:
o Conduct promotion, marketing messages, surveys, market research, make announcement in connection with the Services and data analytics.
o Maintain, improve, research, and measure the effectiveness of our sites and apps, activities, tools, and services.
o Monitor or record calls, chats, and other communications with our customer service team and other representatives, as well as platform communications between or among partners and travellers for quality control, training, dispute resolution, and as described in this Privacy Policy.
o Create aggregated or otherwise anonymized data, which we may use and disclose without restriction where permissible.
e. Security and Compliance Purposes – including to:
o Promote security, verify identity of our customers, prevent and investigate fraud and unauthorized activities, defend against claims and other liabilities, and manage other risks.
o Comply with applicable laws (including tax data sharing laws and obligations), protect our and our users’ rights and interests, defend ourselves, and respond to law enforcement, courts, governments, public bodies, other legal authorities, and requests that are part of a legal process.
o Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other due diligence laws and requirements.
The purposes listed above may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
For all the purposes outlined above, we may use artificial intelligence (AI) tools to help us process and analyse your personal information more efficiently and effectively. For example, we may use AI systems to support or automate decisions to:
a. recommend or enhance our products or services (e.g., offers, upgrades, or destinations based on your past travel patterns),
b. manage service disruptions (e.g., rebooking flights),
c. detect fraud and enhance safety and security,
d. personalise your experience across our website, app, and marketing channels,
e. streamline customer communication, and
f. match biometric data (such as your facial image to your passport photo) to validate your identity.
These systems help us work faster and more efficiently, but we always ensure that important decisions that could significantly affect your rights are either made by humans or can be reviewed by one. We are committed to using AI responsibly and ensuring your data is handled safely, securely and ethically.
Sharing of Personal Data
We share personal data with the following recipients, ensuring compliance with the Privacy Act and implementing safeguards like contractual protections:
Recipient | Purpose |
Sands Group Companies | Support bookings, customer service, marketing, analytics, and compliance across affiliates, acting as joint controllers or processors |
Third-party service providers | Enable Services (e.g., payment processing, cloud storage in Singapore Australia and New Zealand, marketing automation). Providers are contractually bound to protect data and use it only for agreed purposes. |
Travel suppliers | Share data (e.g., name, preferences) with hotels to fulfill bookings. Suppliers may contact you for additional details. |
Business partners | Collaborate on co-branded promotions or services, with consent or where permitted. |
Advertising partners | Deliver targeted ads or create “lookalike” audiences, with consent or opt-out rights. |
Social media agencies, search engines and platform | Support marketing or sign-on |
Border control and Legal authorities | Comply with laws, respond to subpoenas, court orders, or law enforcement, or protect our rights, property, or safety. |
Corporate transaction recipients | Share data during mergers, acquisitions, or asset sales, ensuring continued protection. |
Authorised individuals | Share data to the person acting on your behalf or with your consent. |
Professional advisers | Share with auditors, lawyers, or insurers for compliance, legal, or risk management purposes |
Where we disclose your personal data, we will do so only in accordance with data protection laws. This includes taking steps to ensure the security and privacy of your personal data, and where required, it will be subject to contractual terms ensuring the security and protection of any personal data under any sub-processor or data intermediary, whether within or outside of New Zealand. Sands Group does not authorize these companies to use the personal data and information or to disclose it for any purpose other than to perform the service(s) requested by Sands Group.
We will, on occasion send marketing information on behalf of one of our business partners about products or services they provide that may be of interest to you. You may be asked if you wish to receive marketing materials from Sands business partners. If you elect to receive such materials, Sands will not share your personal data and information with such partners but rather will send mail by post or e-mail on behalf of the partners.
Sands Group reserves the right to use or disclose any information as needed to satisfy any law, regulation, code of practice, guideline, rule or legal request, to protect the integrity of the Services, to fulfill your requests, or to cooperate in any law enforcement investigation or an investigation conducted by any government and/or regulatory authority.
Necessary to provide your personal data
You acknowledge and agree that providing personal data is voluntary, but failure to provide certain data (e.g., payment or booking details) may prevent us from processing bookings or providing full Service functionality.
If you no longer want to receive any further communications from Sands Group, please contact us via our contact information set out below.
Withdrawing your consent
The consent that you provide will remain valid until such time it is withdrawn by you in writing. Subject to any exceptions set out within applicable law, you may request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by e-mail or mail by post via our contact information set out below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and to be determined on a case by case basis) for your request to be processed In some instances, please note that we may have already shared your information with one of the third parties before you changed your information preferences, and you may briefly continue to receive correspondences from us even after you withdraw your consent.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations in the course of or in connection with the Services to you, and we shall, in such circumstances, notify you of the consequences before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing by e-mail or mail.
Notwithstanding such withdrawal of consent, please note that this does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws and regulations.
Accuracy of Personal Data
By accepting this Privacy Policy and using our Services,, you represent and warrant that all information that you have provided to us is accurate, reliable, complete and up to date. If there are any changes to your personal data, please log in to your account through the Services offered at Sands and change your personal information, or update us via our contact information set out below.
Sands Group understands the importance of privacy to visitors and users of our Services. We are especially committed to protecting the privacy of children under 18 years old (subject always to applicable law). Our Services are not designed for children, and we do not knowingly collect, store, use or share any personal data from children.
If you are under 18 years old, please do not provide any personal data through the Services. If you are the parent or guardian and believe that a child under 18 years old may have provided us with personal data, you can contact us via our contact information set out below, and we will verify and delete the child’s personal data. If Sands Group or its internet service providers become aware that a child has provided us with personal data without parental consent, that information will be deleted from our database.
If you have any questions about our Children’s Privacy Notice, please contact us via our contact information set out below.
Access requests
You are in control of any personal data you provide to us through our Services. Subject to applicable laws and regulations, you may have the right to request access to your personal data that is in our possession or under our control, as well as information about the ways in which such personal data has been or may have been used or disclosed by us. Your right of access can be exercised in accordance with applicable laws and regulations. Any access request may be subject to a fee in providing you with details of the information we hold about you, the amount of which we will inform you before processing your request, if any.
Correction requests
Subject to applicable laws and regulations, you may also have the right to request us to correct your personal data that is in our possession or under our control.
You may submit your request for access and/or correction via our contact information set out below.
We will respond to your request as soon as reasonably possible and in accordance with applicable laws and regulations. If we are unable to provide you with access to your personal data, or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the applicable data protection law).
Requests to limit processing of personal data
You also have the right to request us to limit the processing and use of your personal data (for example, requesting us to stop sending you any marketing and promotional materials or contacting you for marketing purposes). However, please note that your abovementioned rights under the data protection law is subject to our right to rely on any statutory exemptions and/or exceptions to collect, use and disclose your personal data.
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, appropriate administrative, physical and/or technical measures such as add WEB firewall, transport protocol using HTTPS are utilised by us to secure all storage and transmission of personal data. Nevertheless, please ensure the security of your password and not to disclose it to another party to reduce the risk of data breaches.
In the unlikely event that Sands Group suffers a privacy breach (such as unauthorised access to your personal information), Sands Group may be required by the Privacy Act to notify you and the New Zealand Privacy Commissioner about the privacy breach. Notifications are required if the breach constitutes a “notifiable privacy breach”. This will depend on the nature of the breach and its impact. Generally, a “notifiable privacy breach” is a breach that is likely to result in serious harm to you as an affected individual.
As set out above, we may retain your personal data for as long as is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws, or when notified by you to delete.
We will not retain any documents containing your personal data after it is reasonable to assume that the purpose for which we collected that personal data is no longer served by the retention of it, and retention is no longer for legal or business purposes.
The personal data we process may be accessed from, processed or transferred to countries other than New Zealand. Those countries may have data protection laws that are different from the laws of your country. Such cross-border transfer of your personal data is necessary for us to service your transaction with us, and for the other purposes outlined in this Privacy Policy. By accepting this Privacy Policy and using our Services, you expressly authorize us to disclose your personal data to foreign persons or entities, and you acknowledge that these recipients may not be required to protect your information in a way that provides comparable safeguards to those under the Privacy Act.
The servers for our platform are located in Singapore and New Zealand, and the Sands Group companies and third-party service providers operate in many countries around the world. When we collect your personal data, we may process it in any of those countries. Our employees may access your personal data from various countries around the world. The transferees of your personal data may also be located in countries other than in New Zealand.
We will take appropriate steps and put safeguards in place to help ensure that any access, processing and/or transfer of your personal data remains protected in accordance with this Privacy Policy and in compliance with applicable data protection law. We will comply with obligations regarding personal data cross-border transfer in accordance with application data protection laws, regulations, and conditions set by the competent authorities.
Whenever you use our Service, we use cookies and other online tracking technologies to enhance your experience. This section explains what cookies are, how SANDS GROUP NEW ZEALAND LIMITED uses them, and how you can manage your preferences.
Cookies are small text files stored on your device when you visit our websites or mobile applications. We may also use other tracking technologies, such as web beacons, pixels (small graphic images indicating page views), tags, scripts, local storage objects (e.g., HTML5), or Software Development Kits (SDKs) in our apps. These are collectively referred to as “cookies” in this section.
Cookies enable our Service to recognize your device, store information about your interactions (e.g., preferences, bookings), and provide a personalized experience.
Sands Group, or third-party providers operating cookies on our Service, uses cookies for the following purposes:
- Essential for our Service to function, such as enabling navigation, booking processes, and secure access. These cookies are used based on our legitimate interest in providing a functional platform, in accordance with the Privacy Act 2020.
- Store your preferences (e.g., language, currency, search settings) to provide a personalized experience, such as remembering your hotel preferences. Disabling these may affect certain functionalities.
- Collect data on how our Service is used (e.g., most/least visited pages, booking patterns) to improve performance and user experience. Disabling these limits our ability to monitor and enhance our Service.
- Used by us or advertising partners to deliver relevant ads on our Service or third-party sites based on your interests (e.g., travel preferences). Disabling these results in less personalized advertising.
Non-essential cookies (functional, performance, marketing) are used only with your consent. We may associate personal information with cookies to enhance your experience, as detailed in our Privacy Policy. If personal data collected via cookies is shared with third parties (e.g., analytics providers), including in countries outside New Zealand, please refer to our Privacy Policy for details on data handling and associated risks.
Other Similar Technologies
a. Web beacons, gifs, and clear gifs are tiny graphics, each with a unique identifier that are embedded invisibly on sites and in emails. Web beacons allow us to know if a certain page was visited or if ad banners on our sites and other sites are effective. We also use web beacons in our HTML-based emails to let us know whether our emails have been opened by recipients, which helps us to gauge the effectiveness of certain communications, promotions, and marketing campaigns.
b. Proximity based beacons send one-way signals over very short distances, to communicate with associated mobile apps installed on your phone. They can notify you, for example, about experiences related to your trip and can alert you to related deals or promotions. Beacons communicate with your device only when you are in close proximity and only if you have given consent within the relevant mobile application.
c. Pixels are small objects embedded into a web page that are not visible to the user. We use pixels to deliver cookies to your computer, facilitate the log-in process, monitor the activity on our sites, and deliver online advertising.
d. Tags are small pieces of HTML code that tell your browser to request certain content generated by an ad server. We use tags to show you relevant advertising and promotions.
e. Scripts are pieces of JavaScript code that launch automatically when certain webpages load, to determine whether users view associated advertisements.
f. Storage Objects, such as HTML 5, are used to store content and preferences. Third parties with whom we partner to provide certain features on our site to display advertising based upon your web browsing activity use Local Storage Objects to collect and store information.
g. Software Development Kits (“SDKs”) are a set of tools and software components embedded in our mobile applications. We use SDKs to collect and share information about user devices, track events and analyze activity within our apps, and generate unique identifiers.
All of the technologies described above will be collectively referred to in this cookies statement as “cookies”. You can choose not to accept our cookies, and you may use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive a cookie. Click on the section of your browser to learn how to change your cookie preferences. If you disable all cookies, you may not be able to take advantage of all the features of the relevant Services.
Before using the Sites, you are advised to check your current browser settings to ensure that the settings reflect your consent for Sands Group to place cookies on your devices.
Our Services may link to third-party websites or apps that are not operated by Sands Group and/or its affiliates. If you visit one of these linked sites, you should review their privacy and other policies. We are not responsible for the policies and practices of other companies, and any information you submit to those companies is subject to their privacy policies. Please review their policies before sharing personal data.
All Services operated by Sands Group will adhere to this Privacy Policy. The policies of some Services, Sites or App may vary, however, because of local customs, practices or laws or due to circumstances unique to that Services, Site and/or App. If we have provided you with a separate privacy policy for the Services we offer, then such separate privacy policy shall take precedence. Any matters not covered in such separate privacy policy shall be governed by this Privacy Policy. In all cases, however, Services operated by Sands Group will honor the commitments to our users/customers regarding the collection, use and disclosure of personal data.
From time to time, it may be necessary for Sands Group to change this Privacy Policy. If we change our policy, we will post the revised version and change the revised date, so we suggest that you check here periodically for the most up-to-date version of our Privacy Policy. Rest assured, however, that any changes will not be retroactively applied and will not alter how we handle previously collected information.
Name : SANDS GROUP NEW ZEALAND LIMITED
Attention : Data Protection Officer
Email : info@thesandshotel.co.nz
Please contact us at the email address provided above if you have any questions about this Privacy Policy or to make a complaint in relation to your personal information. We will investigate your complaint and endeavour to provide you with our response within a reasonable time of receiving your complaint and, in any event, no longer than the timeframe specified in the Privacy Act. If after receiving our response, you still consider that your privacy complaint has not been resolved, you may refer your complaint to the New Zealand Privacy Commissioner.
This Privacy Policy is issued in English. In the event of any inconsistencies or discrepancies with other language (if any), the English version shall prevail.