Privacy Policy
Last updated : 2026-05-03
Phi Phi Paradise Travel respects your privacy and complies with the EU GDPR (2016/679) and Thailand's PDPA (B.E. 2562).
1. Data controller
Phi Phi Paradise Travel, travel agency based in Koh Phi Phi, Thailand. Contact: [email protected]
2. Data collected
- Identity: name, email, phone — for booking.
- Booking: dates, headcount, hotel, amounts.
- Payment: processed by Stripe (PCI-DSS Level 1), no card data on our servers.
- Analytics: Google Analytics 4 on consent, IP anonymised, Consent Mode v2.
- Conversations: WhatsApp, email, chat (Olivia) stored for customer service.
3. Purposes
Fulfil your booking, contact you, respond to enquiries, meet accounting obligations, improve service via aggregated metrics.
4. Legal bases
Performance of contract, legal obligation, legitimate interest, consent.
5. Recipients
- Stripe (payments) — Ireland/USA, SCC clauses.
- Google (Analytics, Search Console) — on consent, pseudonymised.
- Partner operators (captains, guides) to deliver the excursion.
- Authorities on legal request.
6. Retention
- Bookings and invoices: 10 years.
- Customer service exchanges: 3 years.
- Analytics cookies: 13 months.
- Cookie preferences: 6 months.
7. Your rights
Access, rectification, erasure, restriction, portability, objection. Write to [email protected]. Complaint possible to your local DPA (e.g. CNIL in France, PDPC in Thailand).
8. International transfers
As we operate in Thailand, some data is processed outside the EU. We rely on the EU Commission's Standard Contractual Clauses (SCC) for relevant processors.
9. Cookies
Details on our Cookies page.
10. Security
Systematic HTTPS, encryption of sensitive data, restricted access, regular backups.