Nomads Asia

Privacy Policy

Last updated: January 2025

Introduction

Noho Hospitality Co., Ltd ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make bookings, or use our services.

This policy complies with the European Union General Data Protection Regulation (GDPR) and the Thailand Personal Data Protection Act (PDPA) B.E. 2562 (2019).

Data Controller

The data controller responsible for your personal data is:

Noho Hospitality Co., Ltd
152 Moo 3, Ao Nang, Mueang Krabi, Krabi Thailand 81180
Email: info@nomadsasia.com

Information We Collect

We collect information that you provide directly to us, as well as information collected automatically when you use our services.

Information You Provide

  • Identity Data: Name, date of birth, passport or ID details, nationality
  • Contact Data: Email address, phone number, postal address
  • Booking Data: Reservation details, travel dates, room preferences, special requests
  • Payment Data: Credit/debit card information, billing address, transaction history
  • Account Data: Username, password, account preferences
  • Communication Data: Correspondence with us, feedback, reviews

Information Collected Automatically

  • Device Data: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, click patterns, referring URLs
  • Location Data: General geographic location based on IP address
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: Processing bookings, managing reservations, facilitating check-in/check-out
  • Payment Processing: Handling payments, refunds, and billing
  • Communication: Sending booking confirmations, updates, and responding to inquiries
  • Marketing: Sending promotional offers and newsletters (with your consent)
  • Analytics: Understanding how visitors use our website to improve our services
  • Advertising: Delivering targeted advertisements based on your interests
  • Legal Compliance: Meeting legal obligations, including Thai immigration requirements
  • Security: Protecting against fraud, unauthorized access, and other security threats

Legal Bases for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to fulfill our booking and accommodation contracts with you
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, analytics cookies)
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving services, fraud prevention, and website analytics
  • Legal Obligation: Processing required to comply with applicable laws and regulations

Third-Party Services and Data Sharing

We work with third-party service providers to deliver our services and improve your experience. These providers may have access to your personal data as described below:

Website Hosting and Infrastructure

  • Vercel: Our website is hosted on Vercel's platform. Vercel may collect technical data such as IP addresses, device information, and performance metrics for hosting and analytics purposes. Vercel Privacy Policy
  • Convex: We use Convex as our backend database and real-time synchronization service. Convex securely stores your account information, booking data, and other user data. Convex Privacy Policy

Analytics and Tag Management

  • Google Analytics: We use Google Analytics to analyze website traffic and user behavior. This service collects data about page views, session duration, device information, and user demographics. Google Privacy Policy
  • Google Tag Manager: We use Google Tag Manager to manage and deploy marketing tags on our website. GTM itself does not collect personal data but facilitates the deployment of other tracking technologies. Google Privacy Policy

Advertising and Marketing

  • Google Ads / Conversion Tracking: We use Google Ads and conversion tracking to measure the effectiveness of our advertising campaigns and deliver targeted advertisements. This service collects data about ad interactions and conversions. Google Privacy Policy
  • Meta Pixel (Facebook): We use Meta Pixel to track conversions, optimize ads, and build targeted audiences for future advertising. This technology collects data about your interactions with our website and shares it with Meta. Meta Privacy Policy
  • TikTok Pixel: We use TikTok Pixel for conversion tracking and ad optimization on the TikTok platform. This technology collects data about website interactions to measure advertising effectiveness. TikTok Privacy Policy

Payment Processing

  • Stripe: We use Stripe to securely process credit card payments. Stripe collects and processes payment information including card details, billing address, and transaction data. Payment data is handled in accordance with PCI DSS standards. Stripe Privacy Policy

Booking and Reservation Management

  • MEWS Booking Engine: We use MEWS as our property management and booking system. MEWS processes booking details, guest information, payment data, and stay preferences to manage reservations and property operations. MEWS Privacy Policy

International Data Transfers

Your personal data may be transferred to and processed in countries outside Thailand and the European Economic Area (EEA), including:

  • United States (Vercel, Convex, Stripe, Google, Meta, TikTok)
  • European Union (MEWS)
  • Other countries where our service providers operate

When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Binding Corporate Rules where applicable
  • Your explicit consent where required

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Booking Data: 7 years after checkout (for tax and legal compliance)
  • Account Data: Until you request deletion or account becomes inactive for 3 years
  • Marketing Data: Until you withdraw consent
  • Analytics Data: 26 months (Google Analytics default)
  • Payment Data: As required by financial regulations (typically 7 years)

Your Rights

Under the GDPR and Thailand PDPA, you have the following rights regarding your personal data:

GDPR Rights (EU Residents)

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Rights Related to Automated Decision-Making: Request human intervention in automated decisions
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Thailand PDPA Rights

  • Right to Access: Request access to your personal data and obtain a copy
  • Right to Data Portability: Receive your data in a commonly used format
  • Right to Object: Object to collection, use, or disclosure of your data
  • Right to Erasure: Request deletion or destruction of your data
  • Right to Restrict Processing: Request suspension of data use
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with the Personal Data Protection Committee (PDPC)

To exercise any of these rights, please contact us at info@nomadsasia.com. We will respond to your request within 30 days.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure payment processing through PCI DSS compliant providers
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Staff training on data protection

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Noho Hospitality Co., Ltd
152 Moo 3, Ao Nang, Mueang Krabi, Krabi Thailand 81180
Email: info@nomadsasia.com

For EU residents: You may also contact your local data protection authority if you have concerns about our data processing practices.

For Thailand residents: You may file a complaint with the Personal Data Protection Committee (PDPC) at www.pdpc.or.th