Privacy policy.

This privacy policy explains what data Pattaya Authority collects when you visit pattaya-authority.com, why we collect it, who we share it with, and how to exercise your rights under Thailand's Personal Data Protection Act (PDPA) and the EU General Data Protection Regulation (GDPR).

If you only have 30 seconds: we collect anonymous analytics (Google Analytics 4) and conversion attribution (Meta Pixel) when you visit. We don't sell your data. We don't run email lists from this site. Contact requests go through WhatsApp, LINE, or email · those messages are stored only in our inbox.

1. Who we are

The data controller is TIMPAEMI CO., LTD., a Thai limited company operating Pattaya Authority. Registered office: Pattaya City, Bang Lamung District, Chon Buri 20150, Thailand. Contact: [email protected] +66 96 728 6999.

2. What we collect

• Analytics data (Google Analytics 4): page URLs you visit, session duration, scroll depth, device type, browser, approximate location (city/country, not IP), referrer source. Pseudonymous client ID. No name, no email.
• Conversion attribution (Meta Pixel): page views, contact-CTA clicks, engaged-visit events (scroll ≥75% or 30 seconds on page). Hashed identifiers used by Meta to match against Meta account holders. No raw personal data is sent.
• Contact messages: if you message us via WhatsApp, LINE, or email, the message content + your contact handle is stored in those services and in our inbox. We don't import them into any database or email-marketing list.
• Server logs (Cloudflare): standard IP-based request logs for security and abuse prevention. Retained for 7 days, then aggregated.

3. Why we collect it

• To improve the site: understand which pages perform, where people drop off, what content works.
• To measure ad campaigns: attribute paid traffic to conversions so we don't waste budget on what doesn't work.
• To respond to inquiries: answer your messages.
• Security: detect and block abuse.

4. Legal basis

Under PDPA and GDPR, our legal basis is legitimate interest for analytics and security (improving a website you've chosen to visit), and consent for marketing-purpose cookies where applicable. You can object to either at any time · see Section 8.

5. Who we share with

• Google (Analytics): for Google Analytics 4 processing. Google's privacy notice: policies.google.com/privacy.
• Meta (Pixel): for conversion measurement and ad attribution. Meta's privacy notice: facebook.com/privacy/policy.
• Cloudflare: our hosting and CDN provider. Cloudflare's privacy: cloudflare.com/privacypolicy.

We do not sell your data. We do not share it with third parties beyond these processors.

International data transfers (PDPA Section 28, GDPR Chapter V): Google, Meta, and Cloudflare are US-based companies and may process your data outside Thailand and the European Economic Area. We rely on their Standard Contractual Clauses (SCCs) and Data Processing Addenda as the appropriate safeguards required by Thai PDPA and EU GDPR. You can review these on each provider's privacy page linked above.

6. Cookies

We use cookies only for analytics and conversion tracking. Specifically: Google Analytics cookies (_ga, _ga_*) and Meta Pixel cookies (_fbp). All have technical purposes · none are used for cross-site behavioural advertising beyond what Meta and Google do by default. You can clear cookies any time in your browser, or block third-party cookies entirely (the site still works).

7. Data retention

• GA4 data: 14 months default retention, then auto-deleted.
• Meta Pixel data: retained by Meta per their policy.
• Contact messages: retained as long as the conversation is active; deleted on request.
• Server logs: 7 days raw, then aggregated for security analysis only.

8. Your rights

Under Thailand PDPA and EU GDPR you have the right to:

• Access · request a copy of any data we hold on you.
• Correct · request corrections to inaccurate data.
• Delete · request deletion of your data ("right to be forgotten").
• Restrict or object · limit how we process your data, or object entirely.
• Data portability · receive your data in a structured format.
• Withdraw consent · for any processing based on consent.
• Lodge a complaint · with Thailand's PDPA Committee (PDPC) or your local EU data protection authority.

To exercise any of these rights, email [email protected]. We respond within 30 days, usually within 1-2 days.

9. Updates to this policy

We may update this policy when we change tools or add features. The version and date at the top track the current revision. Material changes will be flagged on the homepage for at least 7 days.

10. What we don't collect or do

• Children's data: our services are not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we'll delete it.
• Sensitive personal data: we do not collect sensitive personal data as defined in PDPA Section 26 (race, religion, political opinion, health, sexual orientation, biometric data, criminal record, etc.).
• Automated decision-making: we do not perform automated decision-making or profiling that produces legal or similarly significant effects on you. Ad-platform algorithmic targeting by Meta or Google is governed by their own terms · not by Pattaya Authority.
• Email marketing: we don't run mailing lists from this site. There is no newsletter signup. Anything you write to us stays in our inbox.

11. Contact

Questions about this policy or your data: [email protected] · WhatsApp +66 96 728 6999 · LINE @timpaemi.