Privacy Policy

Softinn Official Personal Data Protection Policy

 

Introduction

letsgoholiday.my and mysoftinn.com is owned and operated by Softinn Solutions Sdn. Bhd. ("LGH", "Softinn", or "we"), a company registered in Malaysia. The following Privacy Policy describes how we as a data controller collect, use, disclose, and otherwise process personally identifiable information that we collect about individuals ("Personal Data") in connection with the services available from LGH through the website located at www.letsgoholiday.my and www.mysoftinn.com ("Site"). References to the Site are deemed to include derivatives thereof, including but not necessarily limited to mobile websites and applications. By visiting the Site, guest and/or merchant (“you”) are consenting to the collection, use, disclosure and processing of your Personal Data as described in this Privacy Policy. You may find the Terms of Service (T&C) of Softinn here.

We are the data controller (as defined in the PDPA (Amendment) Act 2024) when processing Account and Marketing Data;  and Softinn’s merchants (e.g. hotels) are the data controller when processing Guest Data. A Data Controller decides why data is collected and how the data will be used.

We are also the data processor when we process our merchants’ guest data on behalf of our merchants under their instructions, and/or under the services our merchants have subscribed to. A Data Processor is the party that processes personal data on behalf of the Data Controller, without deciding the purpose or means.

On occasion, we may revise this Privacy Policy to reflect changes in the law, our Personal Data collection and use practices, the features of our Site, or advances in technology. If we make revisions that change the way we collect or use your Personal Data, those changes will be posted in this Privacy Policy and the effective date will be noted at the beginning of this Privacy Policy. Therefore, you should review this Privacy Policy periodically so that you are up to date on our most current policies and practices. We will also prominently post such material changes prior to implementing the change.

If you do not agree with any changes or modifications to the Privacy Policy, please do not continue using the Site. You will be deemed to have consented to any modification of the Privacy Policy when you use the Site after the effective date of the modification.

 

Information We Collect

We collect, hold, and process Account and Marketing Data, which is personal information that we collect about you:

  • In connection with the creation or administration of a Softinn account
  • If you ask to receive information about us or our services, including if you sign up to schedule a demo call
  • When you contact us directly (e.g., telephone call, email, website chat, or through your user dashboard)
  • When you visit this Site
  • The Account and Marketing Data we collect may include company/personal names, usernames, phone numbers, email addresses, your location, information about how you use our website or services (for example, traffic volumes, time spent on pages), your IP address and/or other device identifying data, and other information required to provide a service or information you have requested from us.
Guest Data is personal information that Softinn’s merchants (e.g. hotels) may collect from their customers (e.g. hotel guests using Softinn’s products and services). This may include first and last names, email address, mobile phone number, ID or Passport, address, and booking information such as check-in and check-out dates, and any special requests (if required). We will not collect or process Guest Data except as provided in our agreements with Softinn’s merchants, and we require Softinn’s merchants to comply with applicable privacy and data protection laws.

 

Protecting Your Personal Data

To prevent unauthorized access, we maintain reasonable physical, electronic, and organizational procedures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, or unauthorized disclosure or access. All access to computer hardware is password protected, with encryption and default security firewalls in place.  Transfers of data between your device and our servers are encrypted using SSL and TLS encryption protocols. In addition to this, we implement staff access controls to your personal data as well as provide training and awareness to our staff about data protection.

To protect the transfer of data between your device and our server, we currently use Secure Socket Layer technology to encrypt sensitive information during transit. Our payment gateway service providers are all PCI Compliant. When credit card details are collected, we simply pass them on to be processed as required. We never permanently store complete credit card details.

You can play an important role in keeping your personal information secure by maintaining the confidentiality of any password used for our products and services. Please do not disclose your password to third parties. Please notify us immediately if there is any unauthorised use of your account or any other breach of data security.

 

How We Use the Information We Collect– Credit Card on File

We use Personal Data and other information collected through the Site (a) to register you with the Site and create your user account, (b) to provide you with the requested services (mainly to process and confirm your reservation with the accommodation) after verifying your credentials, (c) to provide you with information about our services on the Site or on other websites and to communicate with you to the extent necessary to provide such requested services, (d) to build features that will make the services available on the Site easier to use and (e) for an improved user experience and general optimization purposes or (f) to contact you in case there is any issue with your booking (g) to facilitate you in issuing e-invoice as mandated by the Inland Revenue Board of Malaysia (LHDN). This includes faster purchase requests, better customer support, and timely notice of new services and special offers. From time to time, we may contact you to request feedback on your experience in using the Site, to assist us in improving the Site, or to send newsletters to you as a Site user. The confirmation emails and text messages sent after your booking and the guest review emails sent after your departure, respectively, are not marketing messages as these are part of your accommodation reservation process.

We may also use your personal information:

  • to protect and/or enforce our legal rights and interests, including defending any claim
  • for any other purpose authorised by you, the Act, or other applicable law
  • to respond to lawful requests by public authorities, including to meet law enforcement requirements
  • to transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation, or acquisition.

 

Sharing Your Personal Data

We may share your Personal Data with suppliers such as accommodation properties and other third parties we appoint to perform services on our behalf, such as third party loyalty programs, web server and hosting, data analysis, marketing (also on websites of such third parties), customer care, credit card and payment services, the Inland Revenue Board of Malaysia (LHDN) for e-Invoicing, and related services. All such third parties will be under an obligation to maintain the security and confidentiality of the Personal Data and to process the Personal Data only in accordance with our instructions.

Save for disclosures mentioned in this Privacy Policy or as required or permitted by law in any relevant jurisdiction as mentioned below and the disclosure of your Personal Data and information required for completing your booking with the relevant hotel of your choice and the sharing of certain Personal Data with selected partners where relevant (your details will be used for reporting and analysis purposes only), we will not disclose your Personal Data to third parties without your consent. However, we reserve the right to disclose your Personal Data to our affiliated (group) companies (in and outside your home country), including our affiliated (group) companies' employees and our trusted agents and representatives who have access to this information with our permission and who need to know or have access to this information to perform the service requested by you (including customer services) and internal (audit/compliance) investigations.

We may, in compliance with applicable law, disclose Personal Data to protect ourselves against liability, to respond to subpoenas, judicial processes, legitimate requests, warrants or equivalent by law enforcement officials or authorities, to investigate fraud or other wrongdoing or as otherwise required or necessary in order to comply with applicable law, protect our legitimate interests or to the purchasers in connection with any sale, assignment, or other transfer of all or a part of our business or company. We may also, in compliance with applicable law, disclose Personal Data to enforce or apply the terms and conditions applicable to our products or to protect the rights, property, or safety of Softinn, our users, or others.

In the situations described above, the recipient of the Personal Data may be located in a jurisdiction that may have different standards of data protection compared to the laws in your home jurisdiction.

 

Our Policy Concerning Cookies and Page Tags

By visiting our Site, you consent to the use of cookies and tags as described below. Our Site uses session and persistent cookies as well as page tags to collect and store certain information about you. A cookie is a small piece of data that is sent to your computer from the Site and stored on your computer’s hard drive. A page tag is a piece of code that reads and writes cookie data. Both cookies and page tags may be from LGH and/or third-party vendors we have chosen to work with. Session cookies disappear from your computer when you close the browser. Persistent cookies remain on your computer after the browser has been closed, but can be deleted at any time through your browser settings. 

 

Cookie, Page Tag and Data Use

  • LGH Cookies

We use a session cookie to keep you logged in throughout your visit to the Site.

We use persistent cookies to "personalize" the Site for each user by remembering information about the user's visit to and activities on the Site, e.g., the language you selected, your log-in details, so that you do not need to re-enter them at your next visit to the Site.

We also use persistent cookies or page tags to analyze your surfing behavior and your visit to the Site, enabling us to improve the Site and our services and to tailor our advertising (via email, on our Site, and on other websites) according to the interests of our users. Such cookies and page tags gather information about the pages you visited on the Site and the searches you performed.

 

  • Third Party Cookies and Page Tags

Our third-party advertising companies may place cookies or page tags on some of the pages you visit on the Site. These cookies or page tags are designed to collect non-personally identifiable information in order to analyze your interests and searches when visiting our Site and to serve you advertisements specifically tailored to your interests and searches when you are visiting our Site or other websites or when using mobile applications. The non-personally identifiable information collected through cookies and page tags may be shared with other third parties for the purpose of managing and targeting advertisements and for market research analysis. In addition, we may share one-way hashed (undecipherable) data with third-party vendors using advertisement targeting products. Such third-party vendors typically use hashed device identifiers to serve custom ads based on a user's prior visits to the Site. As a consequence, third-party vendors may show our ads on other websites or mobile apps.

  • Advertising

We may use a combination of the above cookies and page tags to tailor your experience with our Site, our mobile application, and our ads to your preferences. We use display and search remarketing to tailor ad content for a better experience.

Where other advertising may not require the use of cookies or page tags, third-party data is used to determine when an LGH ad will be shown.

We take reasonable efforts to not collect, and to prevent the use of, personally identifiable information in third-party advertising solutions, unless you have authorized this. To opt out of the collection of information by third parties for advertising purposes, please click on one or more of the third-party links in the above “Opt Out Tools” section

  • Advertising and content on other websites

We use third-party tools to distribute ads on a variety of websites. We neither support nor endorse the goals, causes, or statements of the websites that display our advertisements.

 

 

Your Rights

You have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. If you wish to update any Personal Data you have previously provided, or to exercise any right of access, correction, rectification, deletion, or opposition to the processing of your Personal Data that you may have under applicable law, please contact us via our Contact Us. 

To protect your privacy and security, we will verify your identity before granting access or making changes to your Personal Data. Any request to access your Personal Data will be answered within a reasonable timeframe. You may also object to the processing of your Personal Data for advertising, marketing, and opinion research. We reserve the right to charge a reasonable fee for such access in accordance with applicable laws.

You have the right to data portability – you may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable, and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.

In addition, you have the right to complain to a supervisory authority – you can report any concerns you have about our privacy practices to the relevant data protection supervisory authority.

If you wish to contact the Softinn Data Protection Officer about privacy issues via email, you may send an email to: privacy@mysoftinn.com  

Alternatively, you may also contact our Data Protection Officer at the following dedicated number: +60 253 1592 (Malaysia, charges apply) or any other number that we may advise from time to time.

 

Handling Personal Data Complaints

All complaints regarding Softinn’s handling of personal information under this Policy should be made in writing to this email: privacy@mysoftinn.com  

If a data breach occurs that is likely to cause harm, we will notify the Personal Data Protection Commissioner and affected individuals within 72 hours.

Softinn’s merchants, who are also Data Controllers of your guest’s data, after discovering a data breach that is likely to cause significant harm, are responsible for notifying the Personal Data Protection Commissioner (PDPC) and the affected individuals within 72 hours after discovering such breach.

 

A Special Note About Minors

Persons under the age of 18 are not eligible to use the accommodation reservation services on our Site. Minors can normally accompany their parent(s) or legal custodian(s) who have booked an accommodation, except where indicated otherwise in the accommodation property policies.

 

International data transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

Our company and third-party service providers operate in Malaysia and around the world. Our current list of service providers identifies the countries to which your personal information is transferred.

However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Notice. We have implemented similar appropriate safeguards with our third-party service providers and partners, and further details can be provided upon request.

 

Data Retention Policy

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

 

Language

This Privacy Policy has originally been drawn up in the English language. Translations in other languages are not available for your convenience. In case of conflict between the English language version and a translated version, the English language version shall prevail.

Contact Us

You can contact us as set out in our privacy policy: privacy@mysoftinn.com 

Softinn has always been committed to ensuring that we maintain our merchants and their guests' data as securely as possible. Details of our IT Security Policy are available here.

 

Last Updated on 12th May 2025