[TR] Privacy Notice
[TR] Version effective: 2026-05-13
[TR] DRAFT — this privacy notice has not yet been reviewed by a Thai-qualified lawyer. It reflects PDPA Section 23 requirements and industry best practices but should not be relied upon as legal advice. Final version pending lawyer review.
[TR] Who we are
[TR] RideSamui is a marketplace platform connecting customers with independent rental agencies in Koh Samui, Thailand. We act as the data controller for the personal data we collect from you when you use our platform. For questions about your personal data, contact us at privacy@ridesamui.com.
[TR] Data we collect
[TR] We collect: account information (email, name, phone, locale, profile preferences), identity documents you upload (driving license, passport — required for some agencies), booking and payment metadata (Stripe transaction IDs, payment status — we do NOT store card numbers), search history and location preferences, support ticket content, and cookies/local storage as described in our cookie banner.
[TR] Purposes and lawful basis
[TR] We process your data to: (1) perform the rental contract — account, booking, payment metadata, identity documents (PDPA Section 24(3) — contract performance); (2) prevent fraud and abuse — identity documents, IP logs (Section 24(5) — legitimate interest); (3) improve our service — search history, anonymous analytics (Section 24(5) — legitimate interest); (4) send marketing communications — only when you've opted in (Section 19 + consent). We never sell your data.
[TR] Who we share your data with
[TR] We share data only with the rental agency you book with (your booking details), our payment processor (Stripe, USA/Ireland), our hosting and infrastructure providers (Vercel USA, Neon USA — database), error monitoring (Sentry USA), and our notification provider (Knock USA — for transactional emails). We never share your data with third parties for marketing purposes.
[TR] International data transfers
[TR] Some of our service providers (Stripe, Vercel, Sentry, Neon, Knock) operate servers outside Thailand. Under PDPC subordinate regulations of 25 December 2023, pure cloud intermediary/transit/storage with technical safeguards is exempt from Section 28-29 transfer-restriction requirements. All providers above provide industry-standard technical and organizational safeguards (encryption in transit and at rest, access controls, breach notification commitments).
[TR] How long we keep your data
[TR] Active account data: retained while your account is active. Booking and payment records: 5 years from the booking date, per Thai Revenue Code retention requirements. Support tickets: 2 years from resolution. Anonymous analytics: aggregated, no individual retention. When you request account deletion (see 'Your rights' below), your personal information is anonymized immediately, but financial records remain in anonymized form for the 5-year period required by law.
[TR] Your rights
[TR] Under the Thai Personal Data Protection Act (PDPA), you have the right to: access your data and obtain a copy, rectify inaccurate data, request erasure (subject to legal retention obligations), restrict processing, object to certain types of processing, request data portability, withdraw consent at any time (for marketing and cookies), and lodge a complaint with the Personal Data Protection Committee (PDPC). For all rights except complaints, we'll respond within 30 days.
[TR] How to exercise your rights
[TR] Most rights can be exercised self-service from your account: visit /profile/privacy to download your data, manage cookie and marketing consent, or delete your account. For other requests, email us at privacy@ridesamui.com. We may ask you to verify your identity before processing requests that involve sensitive information.
[TR] Filing a complaint
[TR] If you believe your privacy rights have been violated, you may file a complaint with the Thai Personal Data Protection Committee (PDPC) at https://www.pdpc.or.th, or with the Office of the Consumer Protection Board (OCPB) at https://www.ocpb.go.th. We encourage you to contact us first at privacy@ridesamui.com so we can try to resolve the issue directly.
[TR] Updates to this notice
[TR] We may update this privacy notice from time to time. The version date at the top reflects the most recent revision. For material changes that affect your rights, we'll notify you by email and, where appropriate, request your renewed consent. Continued use of RideSamui after a notice update constitutes acceptance of the updated terms (except where explicit consent is required by law).