Privacy Policy

1. Overview

Effective Date: 2025-08-01
Controller: Wannapha Sense Spa, owned and operated by Jumnean Paisong
URL: https://wannaphasensespa.com

Wannapha Sense Spa (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains:

• What information we collect

• How we use and share it

• Your rights under applicable laws, including Thailand’s PDPA and, where relevant, the EU’s GDPR

2. Scope & Legal Framework

• This policy applies to personal data collected via our website, e-commerce platform, and in-person spa services.

• We comply with Thailand’s Personal Data Protection Act (PDPA), which governs how personal data is handled in Thailand Privacy Bee for BusinessTermly.

• We also align with GDPR-style practices for customers in the EU, including rights to transparency and data control

3. Data Collection & Lawful Basis

We collect personal data when:

• Placing orders (e.g., name, contact details, payment info)

• Booking services or redeeming vouchers

• Signing up for newsletters or promotions

• Visiting our website (via cookies or tracking tools)

Purposes include:

• Processing orders and bookings

• Verifying identity

• Handling payments and invoices

• Marketing and sending promotions (with consent)

• Improving user experience and website functionality

Lawful bases:

• Customer consent (for marketing and non-essential cookies)

• Fulfillment of contract (orders, bookings)

• Legal obligations (tax, accounting)

• Legitimate interests (fraud prevention, site analytics), balanced with privacy rights

As per PDPA, consent must be explicit and documented.

4. Categories of Personal Data

• Basic data: Name, email, phone, delivery address

• Payment info: Processed via secure gateways (we do not store full credit card data)

• Booking details: Treatment history, appointment times

• Online data: Cookies, IP address, browsing logs for analytics or site improvements

• Sensitive data: We do not collect sensitive categories such as health or biometric info, unless voluntarily disclosed (e.g., allergies), and with explicit consent when necessary

5. Cookies & Tracking

We use cookies and similar technologies to:

• Ensure website functionality (essential cookies)

• Analyze traffic (analytics cookies)

• Personalize your experience (with consent)

You can manage your cookie preferences via a consent banner. We obtain explicit opt-in consent for non-essential cookies in line with PDPA requirements.

6. Data Sharing & Transfers

• We share data with:

  • Payment processors

  • Delivery services

  • IT/website service providers

• We ensure any third parties comply with PDPA standards.

• For transfers outside Thailand (e.g., if using an external CRM located offshore), we rely on appropriate safeguards and customer consent as required by PDPA.

7. Data Retention

• We retain personal data only as long as necessary for:

  • Order fulfillment, bookkeeping, customer service

  • Legal or tax obligations

• After these periods, data is securely deleted or anonymized, in accordance with storage limitation principles under PDPA.

8. Security Measures

We implement administrative, technical, and physical safeguards to protect personal data, such as:

• Secure hosting and SSL

• Access controls

• Regular backups and audits

• Staff training on data protection.

In case of a data breach with risk to individuals, we will notify the PDPC within 72 hours and affected individuals as appropriate.

9. Your Privacy Rights

Under PDPA (and similarly under GDPR for EU users), you have the right to:

• Access your personal data

• Correct inaccuracies

• Delete or object to processing

• Request restriction or portability

• Withdraw consent at any time (for processing based on consent)

To exercise these rights, please contact us. We’ll respond within legal timeframes and inform you if any requests cannot be honored (e.g., due to legal obligations).

10. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance:

• Contact: Jumnean Paisong, info@wannaphasensespa.com

11. Children’s Data

We do not knowingly collect data from children under age 13. If detected, such data will be deleted immediately, unless parental consent is verified.

12. Third-Party Links

Our website may include links to external sites. These are outside our control and not covered by this policy. We recommend reviewing their respective privacy policies.

13. Updates to This Policy

We may update this Privacy Policy periodically. Changes will be posted with a revised “Effective Date”. Continued use of our services implies acceptance of updates.

14. Contact Us

Wannapha Sense Spa
Owner/Data Controller: Jumnean Paisong
Website: https://wannaphasensespa.com
Email: info@wannaphasensespa.com
Phone: +66 81 015 1949

Summary Table