1. Introduction

Siam On Cloud appreciates your business and trust. We are a Thailand-based company ([Company Address]) dedicated to providing comprehensive travel services, including leveraging AI technology to enhance your travel experience. Please read this Privacy Policy, providing consent to its terms in order to have permission to use our services.

2. Data Collected

2.1 Data Storage Location

We are a Thailand-based company, and we utilize GoDaddy as our hosting provider, which operates data centers globally, including in Asia and Europe. GoDaddy adheres to international data security standards and is GDPR compliant. For more information on GoDaddy’s privacy policy, please see here: [Link to GoDaddy’s Privacy Policy].

2.2 Registration Data

If you register on our website, we store your chosen username, your email address, and any additional personal information added to your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit this information. This data is essential for account management and related services.

2.3 Purchase and Service Data

To provide flight booking services, travel packages, or group travel management, we need to collect data related to your bookings, including but not limited to:

• Name, surname, title, date of birth, nationality
• Passport information (passport number, expiry date)
• Contact information (address, phone number, email)
• Payment information (partial credit/debit card data such as the last 4 digits, expiry date, or information related to other payment channels; sensitive financial data is processed by trusted payment service providers)
• Travel details (itinerary, travel dates, airline, accommodation, special activities, special requests such as dietary needs, allergies)
• Company/organization information (for group travel management services)

This information is necessary for processing bookings, issuing tickets, confirming travel arrangements, and providing efficient customer service. This data will be stored together with your user account information.

2.4 Support and Contact Data

If you contact us via the contact form or customer support system, the information you provide will be stored for customer service purposes only. This information will never be used for marketing purposes or shared with third parties without your explicit consent. We may utilize third-party Customer Relationship Management (CRM) systems or ticketing systems ([Specify system name, e.g., Zendesk, Freshdesk] which maintain privacy policies compliant with international standards) for managing your inquiries. Only the data you explicitly provide will be sent to these systems as necessary for service provision.

2.5 Comments

When you leave comments on the website, we collect the data shown in the comments form, and also the IP address and browser user agent string to help spam detection.

2.6 Google Analytics

We use Google Analytics 4 (GA4) on our site for anonymous reporting of site usage and to understand overall user behavior to improve our website and services. No directly personally identifiable data is stored through Google Analytics. If you would like to opt-out of Google Analytics monitoring your behavior on our website, please use this link: [Link to Google Analytics Opt-out].

2.7 Google AI (Gemini) and AI Helper

Our services incorporate Google AI (Gemini) technology as an intelligent AI assistant. Information you provide during interactions with the AI Helper (e.g., travel-related questions) may be processed by Google AI solely for the purpose of providing answers and recommendations. This data will primarily be used to improve the accuracy of our AI and AI services, without disclosing your personal information to the public.

2.8 Cases for Using Your Personal Data

We use your personal information in the following cases:

• Verification/identification of the user during website and service usage;
• Providing Technical Assistance and customer services;
• Processing booking requests and providing related services;
• Sending important notifications and updates to our users, including news and service changes;
• Checking account activity to prevent fraudulent transactions and ensure the security of our customers’ personal information;
• Customizing our website and services to make your experience more personal and engaging;
• Guaranteeing overall performance and administrative functions run smoothly.
• Analyzing data to improve our services and develop our AI functionalities.

3. Embedded Content

Pages on this site may include embedded content, such as YouTube videos, Facebook plugins, or Twitter feeds. Embedded content from other websites behaves in the exact same way as if you visited those other websites. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. We recommend you review the privacy policies of these third-party providers.

• Facebook: We may use the Facebook page plugin to display our Facebook timeline on our site. Facebook has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Facebook, and your IP is not sent to a Facebook server until you consent to it. See their privacy policy here: [Link to Facebook Privacy Policy].
• Twitter: We may use the Twitter API to display our tweets timeline on our site. Twitter has its own cookie and privacy policies over which we have no control. Your IP is not sent to a Twitter server until you consent to it. See their privacy policy here: [Link to Twitter Privacy Policy].
• YouTube: We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube, and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: [Link to YouTube Privacy Policy].

4. Cookies

This site uses cookies – small text files that are placed on your device to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third-party applications like Google Analytics. Cookies generally exist to make your Browse experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.

• Necessary Cookies (for all site visitors):

• cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: [Link to CloudFlare Privacy Policy].
• PHPSESSID: To identify your unique session on the website.

• Necessary Cookies (Additional for Logged in Customers):

• wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication, and user verification.
• wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication, and user verification.
• wordpress_test_cookie: Used by WordPress to ensure cookies are working correctly.
• wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of the admin interface, and possibly also the main site interface.
• wp-settings-{time}-[UID]: WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of the admin interface, and possibly also the main site interface.

5. Who Has Access To Your Data

If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself. If you are a client with a registered account, your personal information can be accessed by:

• Our system administrators.
• Our support team when they (in order to provide support) need to get information about client accounts and access.

6. Third-Party Access to Your Data

We do not share your data with third parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us. Please see below:

• Payment Service Providers: We use trusted payment service providers (e.g., [Specify Payment Gateway names, e.g., Stripe, PayPal, Local Payment Gateway]) to process your payments. Your payment information will be encrypted and transmitted directly to these providers. We do not store your complete credit/debit card details.
• Airline/Hotel/Travel Partners: To process flight bookings, accommodation, or other travel services, we need to share relevant travel and personal information with the respective service providers (e.g., airlines, hotels, tour operators). The data shared will be limited to what is necessary to fulfill your booking.
• Support Platform Providers: (If using a system other than Ticksy, e.g., Zendesk) If we use a third-party support platform ([Specify name]), the data you provide to create a support ticket will be transmitted to that platform. The data they receive is limited to the data you explicitly provide and consent to when creating a support ticket.

7. How Long We Retain Your Data For

When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation. If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.

8. Security Measures

We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization. In case of a data breach, system administrators will immediately take all necessary steps to ensure system integrity, will contact affected users, and will attempt to reset passwords if needed. We strictly adhere to industry-standard data security practices to protect your information.

9. Your Data Rights

9.1 General Rights (under Thailand’s PDPA)

As a data subject, you have the following rights under personal data protection laws:

• Right of Access: You have the right to request access to and obtain a copy of your personal data held by us.
• Right to Rectification: You have the right to request the rectification of your inaccurate, outdated, or incomplete personal data.
• Right to Erasure/Right to be Forgotten: You have the right to request the erasure or destruction of your personal data, unless there are legal grounds for us to retain that data (e.g., legal compliance, essential account management). If you wish all of your data to be erased, we will no longer be able to offer any support or other product-related services to you.
• Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data2 in cases specified by law.
• Right to Data Portability: You have the right to receive personal data that you have provided to us in a commonly used and machine-readable format, and to transmit that data to another data controller.
• Right to Object: You have the right to object to the processing of your personal data3 for certain purposes.
• Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw that consent at any4 time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint:5 If you believe that we have violated your rights under the PDPA, you have the right to lodge a complaint with the Personal Data Protection Committee.

If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us. To exercise these rights, please contact us via the channels specified in this policy.

9.2 GDPR Rights (for EU Residents)

Your privacy is critically important to us. Going forward with the GDPR, we aim to support the GDPR standard. Siam On Cloud permits residents of the European Union to use its Service. Therefore, it is the intent of Siam On Cloud to comply with the European General Data Protection Regulation. For more details, please see here: [Link to EU GDPR Information Portal].

10. Third-Party Websites

Siam On Cloud may post links to third-party websites on this website. These third-party websites are not screened for privacy or security compliance by Siam On Cloud, and you release us from any liability for the conduct of these third-party websites.

All social media sharing links, either displayed as text links or social media icons, do not connect you to any of the associated third parties unless you explicitly click on them.

Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third parties or require disclosure of any personal information relating to members of the Service or Site. Siam On Cloud bears no responsibility for the information collected or used by any advertiser or third-party website. Please review the privacy policy and terms of service for each site you visit through third-party links.

11. Release of Your Data for Legal Purposes

At times, it may become necessary or desirable for Siam On Cloud, for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.

Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.