Privacy Policy

  • Home
  • Privacy Policy

Privacy Policy

This policy clarifies how Samafen uses personal information gathered through www.Samafen.com. Please note that the following information will be collected solely to provide you with an exceptional service and to comply with applicable laws and regulations.

1. Introduction

This Data Protection and Privacy Policy outlines the principles and procedures for collecting, processing, and protecting personal data at Samafen. We are committed to safeguarding the privacy rights of our customers, employees, and partners across all regions where we operate.

2. Scope

This policy applies to all personal data collected, processed, and stored by Samafen, including but not limited to:

  • Customer booking and stay information
  • Payment and financial data
  • Marketing and communication preferences
  • Website usage and analytics data
  • Employee and contractor information
  • Immigration and regulatory compliance data

3. Required Personal Information

We collect the following types of personal information:

  • Contact Information: Name, email address, mailing address, phone number
  • Demographic Information: Age, gender, private interests
  • Guest Information: Names of other guests who stay within the premises during your stay
  • Technical Information: Data gathered automatically, including IP address, browser type, referring/exit pages, and operating system

For Maldivian Immigration Compliance, we are legally required to collect:

  • Full name as it appears on the passport
  • Passport number and date of expiry
  • Nationality
  • Date of birth
  • Gender
  • Date of arrival and departure
  • Accommodation details
  • Contact information during the stay
  • Next destination (if known)

Important: Once all payments have been settled, your information will be deleted unless required by law, such as immigration data that must be retained for regulatory compliance purposes.

4. Instances Where Your Personal Information Is Used

We use your personal information for the following specific purposes:

  • To confirm your reservation
  • To provide necessary feedback on customer requests
  • To improve our marketing efforts and keep you updated about the latest offers
  • To respond to the indicated matters
  • To comply with the Maldivian Immigration Act (Law No. 1/2007) and the Maldives Immigration Regulations
  • To fulfill our legal obligation to report guest arrival and departure information to immigration authorities through the Maldives Immigration Portal (IMUGA)

5. Legal Compliance

Samafen is committed to complying with applicable data protection laws in all jurisdictions where we operate:

Maldives

  • We follow the Personal Data Protection Act (2019), which governs the collection, use, and disclosure of personal data in the Maldives
  • We comply with the Maldivian Immigration Act (Law No. 1/2007) and related regulations regarding the collection and reporting of foreign traveler information
  • We maintain guest registers with accurate arrival and departure information as required by law
  • We submit the required information about the guests to the authorities through the official Maldives Immigration Portal (IMUGA)

European Union

  • General Data Protection Regulation (GDPR): We adhere to the GDPR requirements for processing personal data of EU residents, including the legal basis for processing, data subject rights, and the implementation of appropriate security measures.

United States

  • We comply with federal data protection laws, including the Federal Trade Commission Act (FTC Act).
  • Where applicable, we comply with state-specific regulations, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

China

  • We adhere to the Personal Information Protection Law (PIPL) and the Data Security Law (DSL) when handling personal information of Chinese residents.

India

  • We comply with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Other Asian Countries

  • We respect and comply with relevant data protection regulations in other Asian countries where our customers reside.

6. Data Protection Principles

Lawfulness, Fairness, and Transparency

We process personal data in a lawful, fair, and transparent manner.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

Data Minimization

We limit our data collection to what is necessary for the intended purposes, in accordance with applicable laws and regulations.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law:

  • General booking information: Not saved after all payments have been settled.
  • Information needed by Maldivian Immigration: Retained for the minimum period required by law (typically 90 days).

Integrity and Confidentiality

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

7. Individual Rights

We respect the rights of individuals regarding the protection of their personal data:

Right to Access

You have the right to request access to the personal data that we process about you.

Right to Rectification

You can request the correction of inaccurate or incomplete personal data.

Right to Erasure

You may request the deletion of your personal data under certain conditions, except where we are legally obligated to retain such data (e.g., immigration compliance data).

Right to Restrict Processing

You can request the restriction of processing your data under specific circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to the processing of your personal data under certain conditions.

Rights Related to Automated Decision Making

You have rights related to automated decision-making, including the right to object to profiling.

8. Securing Your Personal Data and Information

We are responsible for the data and information that we hold on our servers. Therefore, we are bound to secure them. Your information will not be sold or transferred to any third party without your consent.

Exceptions:

  • Trusted third parties who work hand in hand in maintaining the website, conducting our campaigns, or serving our guests
  • Government authorities, where required by law, such as the Maldivian Immigration regulations.
  • To support any legal process, your private data and information may be disclosed only as required by law.
  • Your data and information may be released to protect the rights and safety of others when required by law.

Technical Measures

  • Encryption: We use industry-standard encryption for data in transit and at rest
  • Secure Networks: We maintain a secure network architecture with appropriate firewalls and intrusion detection systems
  • Regular Updates: We keep our systems updated with the latest security patches
  • Restricted Access: Systems containing immigration data have additional access controls.

Organizational Measures

  • Access Controls: We implement strict access controls and authentication procedures
  • Employee Training: We provide regular data protection training to our staff, including specific training on handling immigration data
  • Security Assessments: We conduct regular security assessments and vulnerability testing
  • Dedicated Personnel: Staff responsible for immigration reporting are specially trained

9. Data Breach Notification

Response Plan

We maintain a comprehensive data breach response plan to address potential security incidents.

Notification Procedure

In the event of a data breach that poses a risk to individual rights and freedoms, we will:

  • Notify relevant supervisory authorities without undue delay and within 72 hours, where feasible
  • Inform affected individuals in clear and plain language about the breach and steps they should take
  • Document all breaches and remedial actions taken
  • Notify relevant immigration authorities if traveler data is compromised

10. Marketing Technologies and Cookies

To enhance our marketing efforts, we may utilize technologies such as cookies, web beacons, or scripts to gather information about website interactions. For example, we will know:

  • How many users access specific areas or features within our site
  • Which links or ads have they clicked on

These types of data and information help us understand the site's usage and its specific requirements for the viewer, as well as inform our marketing efforts, while presenting guests with content that aligns with their expected interests.

Types of Cookies

  • Essential Cookies: Required for the operation of our website
  • Functional Cookies: Enable enhanced functionality and personalization
  • Performance/Analytics Cookies: Help us understand how visitors interact with our website
  • Marketing Cookies: Used to track visitors across websites for advertising purposes

Cookie Management

Visitors can manage their cookie preferences through our cookie banner and by adjusting their browser settings.

11. International Data Transfers

Transfer Mechanisms

For transfers of personal data outside your country of residence, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules, where applicable
  • Adequacy decisions by relevant authorities
  • Explicit consent in specific cases

Maldivian Immigration Data

Information collected for Maldivian immigration compliance purposes is processed and stored in accordance with local regulations and may be shared with relevant authorities as required by law.

Third-Party Assessment

We assess third parties who may receive personal data to ensure they provide adequate protection.

12. Marketing Communications

Consent

We obtain appropriate consent before sending marketing communications.

Opt-Out

All marketing communications include an easy way to opt out of future communications.

13. Children's Privacy

We do not knowingly collect personal data from children under 16 years of age without obtaining their parents' consent. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information.

14. Updates to This Policy

We reserve the right to update this policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes through our website or direct communication.

15. Contact Information

If you have questions or concerns about this policy or our data practices, please get in touch with us at:
Email: support@samafen.com
WhatsApp: +60 111 788 7819

16. Complaint Resolution

You have the right to complain to a supervisory authority if you believe our processing of your personal data violates applicable law.

Last Updated: April 2025