Privacy & data protection

Privacy policy

This policy explains what we collect when you use our website, request a quote, or book travel with us, and how you can exercise your rights.

Last updated 10 May 2026

1. Who we are

Thailand Vibes (“we”, “us”) operates this website and travel booking services. For data protection queries you can reach us at [email protected] or via the contact details shown in the site footer.

2. Scope (GDPR & PDPA)

We aim to meet the requirements of the EU and UK GDPR where they apply to individuals in those regions, and the Thai Personal Data Protection Act B.E. 2562 (PDPA) where it applies to individuals in Thailand. Not all sections apply to every visitor; your rights depend on applicable law and our role (controller vs processor) in a given activity.

3. What we collect

  • Contact & trip details: name, email, phone, party composition, travel dates, preferences you share when requesting a quote or booking.
  • Account & booking data: login identifiers, booking references, payment status (payments may be processed by regulated partners — we do not store full card numbers on our servers).
  • Technical data: IP address, device/browser type, pages viewed, approximate region, and cookies or similar technologies as described in our cookie notice (see banner on first visit).
  • Communications: messages you send us by email or supported channels.

4. Purposes & lawful bases

We use personal data to:

  • respond to enquiries and provide quotations (contract steps / legitimate interests);
  • perform a booking contract, including sharing necessary data with airlines, hotels, and payment providers (contract / legal obligation where applicable);
  • operate, secure, and improve the website (legitimate interests);
  • send service messages (contract / legitimate interests);
  • where permitted, send marketing — only with consent where required (consent).

5. Cookies & similar technologies

We use strictly necessary cookies for security and preferences, and optional cookies for analytics or marketing only where you allow them via the consent banner (where displayed). You can change your mind by clearing cookies and revisiting the site or contacting us.

6. Retention

We retain data only as long as needed for the purposes above, legal claims, accounting, or regulatory obligations. Booking and financial records may be kept for longer periods as required by law.

7. International transfers

Providers (e.g. cloud hosting, email, payment gateways) may process data outside your country. Where GDPR applies we use appropriate safeguards (such as standard contractual clauses) when required.

8. Sharing

We share data with suppliers and partners strictly as needed to deliver your itinerary (carriers, hotels, transfers, insurers as applicable), regulators if required by law, and processors bound by confidentiality and security obligations.

9. Your rights

Depending on your location you may have the right to access, rectify, delete, restrict processing, object, withdraw consent, lodge a complaint with a supervisory authority, and receive a portable copy of certain data we hold on automated basis (GDPR); under PDPA you may have comparable rights regarding consent, notification, correction, objections, deletion, portability, suspension, withdrawal, complaints to the Thai PDPC, and compensation. To exercise rights, contact us using the email above — we respond within statutory timeframes where applicable.

10. Children

Our services are marketed to adults organising travel. Parents or guardians should provide traveller details for minors. If you believe a child supplied data without supervision, inform us promptly.

11. Updates

We update this policy from time to time. Material changes may be flagged on the website; check the date at top of page.