Privacy Policy
Ban MaeBo Local Stay (referred to as “we”, “our”, “us” or “Ban MaeBo”) give importance to the protection of your personal information as a data controller under the Personal Data Protection Act B.E. 2562 (2019). We have a legal obligation to inform you of the reasons and methods by which we collect, use, or disclose your personal data, as well as to inform you of your rights as a data subject.
This policy is established to define the guidelines and principles by which we may process your personal information as a service recipient or user. When you access our service or register as a user on the Ban MaeBo website or platform in any way, you consent to our collection, use, and disclosure of your personal data within the scope and conditions defined in this policy, in compliance with the PDPA B.E. 2562 (2019) and other related regulations.
1. Who we are and what do we do
We are a homestay accommodation with a website (stay.banmaebo.com) where users can book accommodation and services, as well as make payments online.
2. Collection of Personal Data
We as a service provider will collect your personal data as we deemed necessary, including information you provide directly through registration, identity verification and confirmation, as well as other information resulting from the use of our website or platform.
3. What Personal Data do we Collect, Use, and/or Disclose
Your personal data that we collect can be categorized into the following types:
3.1 Personal data that you provide to us directly through our services
Personal data such as your name, surname, date of birth, gender, nationality, national ID number, profile picture, and other identity verification information
Contact data such as your address, telephone number, phone, email, or LINE ID
Identity verification documents such as copy of national ID card or other government documents used for identity verification
Payment data such as payment methods (credit/debit cards, PromptPay, Google Pay, Apple Pay), card information in case of card payment, payment amount, and transaction timestamp
Service Usage Data such as:
Stay booking information (check-in date, check-out date, number of nights stayed)
Booking information for other service such as dining or massage services
Quotation information, location coordinates related to the service
Transaction information
Communication or conversation information through our system
Personal data will be stored as long as the user maintains an account with the system, unless the user deactivates their account, whereby the system will anonymize their personal identity so it cannot identify individuals, retaining only payment and booking data in a manner that cannot be linked back to the user account or any individual.
3.2 Data automatically collected when using our website or platform
When you access our website or system, the system may automatically collect certain types of data for authentication and other security purposes and service performance improvement including:
IP Address
Cookies and similar technologies, used to store authentication token for logging in and maintain user sessions. Such data will be stored only as necessary and will expire when the session period ends or when the user logged out of the system.
3.3 Data we received from third-parties
We may receive your personal data from external sources when you choose to use account linking services or conduct transactions through external service providers, as follows:
Third-party authentication providers such as Google, Facebook, and Apple, in cases where you choose to log in or link your account through such services. The information received will be subject to your privacy settings with those respective providers.
Payment Gateway providers. We uses Omise services for payment processing and collection. Card information or certain financial information may be stored and processed by such service providers under their privacy policies and security standards.
Backend / Cloud Service Providers. The company uses Supabase services for data storage and processing, with the Data Cluster located in Singapore. Data storage will comply with the service provider's security measures and relevant laws.
4. Sources of Personal Data
We will collect your personal data from various sources as follow:
Personal data that you provide directly, whether through manual actions, registration form completion or through usage of our website or platform.
5. Purpose of Collection, Use, and Method of Consent
We will process your personal data within the scope defined by the Personal Data Protection Act B.E. 2562 (2019) and will collect data only to the extent necessary for such operations. We may use, collect, and process your personal data for various purposes as specified below ("Purpose"). We have summarized the use of your personal data along with an explanation of the lawful basis of processing as follows:
| Purpose | Legal Basis |
|---|---|
For the purpose of providing services | Contractual basis Legitimate interest basis |
For the purpose of registration and identity verification | Contractual basis Legitimate interest basis |
For the purpose of managing your relationship with us and/or providing related services to you as a service recipient or user | Contractual basis Legitimate interest basis |
To compile statistics of service recipients or users to improve the quality of our services | Legitimate interest basis |
To administer our website or platform | Legitimate interest basis |
For the purpose of investigating and preventing fraud and other criminal activities, including filing police reports | Legal obligation basis Public interest basis Legitimate interest basis |
For the purpose of investigating and resolving complaints | Contractual basis Legitimate interest basis |
6. Personal Data Retention Period
6.1 We will retain your personal data for the period necessary to carry out the purpose of providing our services and in accordance with the period specified by accounting and legal standards, and other relevant regulations.
6.2 When determining the data retention period, we consider the volume and nature of use, the purposes of providing services, the sensitivity of personal data, the risks that may arise from unauthorized use, and the period specified by relevant laws.
6.3 In the event that we must comply with the law, court orders, or establish legal claims for dispute resolution, we may retain personal data for the statutory limitation period or until the dispute is finally resolved, whichever applies in each case.
7. Your Rights regarding your Personal Data
7.1 Right to Request and Access copies of your Data
You have the right to request access to your personal data under our responsibility and to request copies of it. This includes requesting disclosure of how we obtained personal data without your consent.
7.2 Right to Data Portability
You have the right to receive your personal data in a machine-readable format when we have prepared it for automated processing. You also have the right to request that we transfer your personal data directly to another data controller where technically feasible.
7.3 Right to Object
You have the right to object to the collection, use, and/or disclosure of your personal data at any time if you believe that the collect, use, and disclose of your personal data is contrary to the stated purposes, exceeds what you can reasonably expect under our legitimate interests, or fails to serve the public interest.
7.4 Right to Erasure or Destruction of Data
You have the right to request deletion or destruction of your personal data, or to make personal data into data that cannot identify you, if you believe that your personal data has been collected, used, and/or disclosed unlawfully in violation of relevant laws, or if you believe that we no longer have the necessity to retain it according to the relevant purposes in this policy, or when you have exercised your right to withdraw consent or exercised your right to object as stated above.
7.5 Right to Suspension of Data Use
You have the right to request temporary suspension of the use of personal data in cases where the service provider is in the process of verifying your request to exercise the right to correct personal data or to exercise the right to object, or in any other case where the service provider no longer has the necessity and must delete or destroy your personal data according to relevant laws, but you request that the service provider suspend use instead.
7.6 Right to Data Correction
You have the right to request correction of your personal data to ensure it is accurate, complete, up to date, and free from misunderstanding.
7.7 Right to Complain
You have the right to complain to the authority under relevant laws if you believe that the collection, use, and/or disclosure of your personal data is an act that violates or fails to comply with relevant laws.
7.8 Right to Withdraw Consent
You have the right to withdraw your consent at any time while we have custody of your personal data, unless such right is limited by law or by a contract that benefits you. The exercise of your aforementioned rights may be limited under relevant laws and in some cases, we may refuse or be unable to process your request for necessary reasons, such as complying with laws or court orders, serving the public interest, or protecting the rights and freedoms of others. If we refuse your request, we will provide you with an explanation.
8. How we Protect your Personal Data
8.1 We will safeguard your personal data appropriately through Technical Safeguards, Administrative Safeguards, and Physical Safeguards in order to maintain the confidentiality, accuracy, completeness, and availability of personal data, to prevent unauthorized or unlawful access, collection, modification, alteration, use, and/or disclosure of personal data, in accordance with applicable laws.
8.2 We have a system to verify manage the destruction of personal data that is not necessary for our operations
8.3 For all types of personal data, we have established security measures for access and usage control through Segregation of Duty for those who have access rights clearly defined, limited to only those who need to see it, in order to prevent unauthorized access, along with data backup systems, emergency response plans, and regular system risk assessments.
9. Security of Personal Data
To protect your personal data from unauthorized access, collection, use, disclosure, modification, destruction, or similar risks, we implement appropriate physical and technical safeguards. These include system vulnerability protection updates, encryption, and limiting disclosure of personal data, both internally and to service providers, third-party agents, or other authorized personnel as necessary.
10. Changes to the Privacy Policy
We may revise and change this policy in the future to further enhance personal data protection. We will notify you under this policy by specifying the date of the latest revision each time there is a change to our policy. Your continue use of our services after such amendments or additions have been announced will be subject to the revised Privacy Policy.
11. How to Contact Us
If you have any suggestions or wish to inquire about details regarding the collection, use, and/or disclosure of personal data, including requests to exercise your rights under this policy, you can contact us through the following channels:
Email: banmaebo@gmail.com
Address: 167 Moo 3, Ban Parkarm, Nhonghan, San Sai, Chiang Mai, Thailand, 50290
Last updated on 16 February, 2026