Palika Sun House Beach at Maenam
ENDE

Privacy Policy

We value your privacy. This Privacy Policy explains how Palika Sun House (“we”, “us”, “our”) collects, uses, and protects personal data under the EU/EEA General Data Protection Regulation (GDPR) and Thailand’s Personal Data Protection Act (PDPA).

1. Data Controller & Contact

  • Controller: Palika Sun House, 149/1 Moo 1, Maenam, 84330 Koh Samui, Thailand.
  • Contact (privacy): info@palika-sun-house.com, +66 96 859 9383.
2. Scope of this Policy

  • Applies to our website, booking channels, email/phone communications, and on-site guest registration.
  • Covers personal data of guests, prospects, website visitors, suppliers, and business contacts.
3. What Data We Collect

  • Identity & contact: name, email, phone, postal address, nationality, ID/passport details (where required by law).
  • Booking details: stay dates, room type, number of guests, preferences, special requests.
  • Payment data: payment method, transaction references (we do not store full card details on our servers).
  • Technical data: IP address, device/browser info, cookies/analytics (see Cookies section).
  • Communications: emails, messages, call notes necessary to handle your request.
4. How We Obtain Data

  • Directly from you (website forms, email, phone, check-in forms).
  • From booking platforms/OTAs or travel agents you use to reserve (e.g., reservation details).
  • From payment service providers for transaction confirmations.
5. Purposes of Processing

  • Process and manage bookings, check-in/out, and guest services.
  • Handle payments, invoices, accounting, and tax/audit obligations.
  • Respond to inquiries and provide customer support.
  • Maintain security, prevent fraud, and comply with legal obligations (e.g., guest registration).
  • Improve our website, services, and user experience (analytics, quality control).
  • Send service messages; marketing only with your prior consent (see Your Choices).
6. Legal Bases (GDPR) / Lawful Bases (PDPA)

  • Contract: to process your reservation and provide accommodation/services (GDPR Art. 6(1)(b)).
  • Legal obligation: e.g., accounting, tax, local guest-registration laws (Art. 6(1)(c)).
  • Legitimate interests: site security, fraud prevention, service improvements (Art. 6(1)(f)), balanced with your rights.
  • Consent: marketing emails, certain cookies/analytics, or optional data you choose to share (Art. 6(1)(a)).
  • PDPA: similar lawful bases incl. contract, legal obligations, legitimate interests, consent where required.
7. Cookies & Analytics

  • We use necessary cookies for site functionality and security.
  • Analytics cookies (if used) help us understand usage and improve the site; we ask for consent where required.
  • You can manage cookies in our cookie banner and via your browser settings.
8. Sharing Your Data

  • Service providers (e.g., booking/payment processors, IT hosting, email delivery) under confidentiality and data-processing terms.
  • Authorities/regulators when legally required (e.g., public safety, tax, guest-registration).
  • Business transfers (e.g., reorganization) with appropriate safeguards and notices.
9. International Transfers

  • If data is transferred outside your country/region, we ensure adequate safeguards (e.g., EU Standard Contractual Clauses, PDPA-compliant measures).
  • Details of safeguards are available on request.
10. Data Retention

  • We keep personal data only as long as necessary for the purposes above and to comply with legal obligations (e.g., tax/audit).
  • Typical retention: booking/financial records per statutory requirements; inquiry emails for a limited period; marketing data until you withdraw consent.
11. Your Rights (GDPR & PDPA)

  • Access, rectification, and erasure of your data (subject to legal limits).
  • Restriction and objection to processing; objection to direct marketing at any time.
  • Data portability (GDPR).
  • Withdraw consent at any time (does not affect prior lawful processing).
  • Lodge a complaint with a supervisory authority: your local EU authority under GDPR, or Thailand’s PDPC under PDPA.
  • To exercise rights, contact: [privacy email/contact]. We may verify your identity for security.
12. Security

  • We implement technical and organizational measures to protect personal data against unauthorized access, alteration, and loss.
  • Access is limited to personnel and providers with a need to know, under confidentiality obligations.
13. Children’s Data

  • Our services are not directed to children without parental/guardian involvement. Where required, we obtain consent from a parent/guardian.
14. Marketing Communications

  • We send marketing messages only with your consent (opt-in). You can unsubscribe at any time via the link in our emails or by contacting us.
15. Updates to this Policy

  • We may update this Policy from time to time. The latest version applies. Last updated: 08/09/2025.