Privacy Policy – Travel Guide TH

Privacy Policy

Effective Date: 1 January 2025  |  Last Updated: 1 January 2025

This Privacy Policy describes how Travel Guide TH (legal name: PARRA SERVICES CORP, hereinafter referred to as “we,” “us,” or “our”) collects, uses, stores, discloses, and protects personal data obtained through the website mytomorrowthailand.net (the “Website”). We are committed to safeguarding your privacy in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) of Thailand, as well as other applicable data protection laws and best practices.

Please read this Privacy Policy carefully. By accessing or using our Website, submitting information through our contact forms, or otherwise interacting with our services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with this Privacy Policy, please discontinue use of the Website immediately.


1. Introduction and Identity of the Data Controller

Travel Guide TH (legal name: PARRA SERVICES CORP) operates the Website at mytomorrowthailand.net and acts as the Data Controller for personal data collected through this Website. As Data Controller, we determine the purposes and means of processing your personal data.

Our contact details for all privacy-related matters are as follows:

  • Company (Trade Name): Travel Guide TH
  • Legal Name: PARRA SERVICES CORP
  • Address: 13471 SW 99TH Ter, Miami, Florida, 33186-2231, United States
  • Telephone: +13148041548
  • Email: [email protected]
  • Website: mytomorrowthailand.net

We are dedicated to operating transparently and responsibly with respect to all personal data we process. This policy is designed to fulfil our notification obligations under Section 23 of the PDPA.


2. Personal Data We Collect

We collect personal data only when you voluntarily provide it to us or when it is automatically generated through your use of our Website. The categories of personal data we may collect include:

2.1 Data Provided Directly by You

When you submit an enquiry or message through our contact form, we collect the following information:

  • Full Name: To address you appropriately and identify your enquiry.
  • Email Address: To respond to your enquiry and send relevant communications.
  • Phone Number: To contact you by telephone if required and if you choose to provide it.
  • Message / Enquiry Content: The content of your message, question, or request submitted through the form.

Providing your name and email address is mandatory to submit a contact form enquiry. Your phone number is optional. Failure to provide mandatory information may mean we are unable to respond to your enquiry.

2.2 Data Collected Automatically

When you visit our Website, certain technical and usage data may be collected automatically by our servers and third-party services, including:

  • IP Address: Your internet protocol address, which may indicate your approximate geographic location.
  • Browser Type and Version: Information about the web browser you are using.
  • Operating System: The operating system of your device.
  • Referring URLs: The website or link from which you arrived at our Website.
  • Pages Visited and Time Spent: Information about which pages you viewed and how long you spent on the Website.
  • Date and Time of Access: The timestamp of your visit.
  • Device Information: General information about the type of device used (e.g., mobile, tablet, desktop).

This automatically collected data is primarily used for website security, performance monitoring, and, where analytics cookies are enabled, to understand how visitors use our Website.

2.3 Cookie Data

We use cookies and similar tracking technologies as further described in Section 5 of this Privacy Policy.


3. Purposes and Legal Basis for Processing

Under the PDPA, we must have a lawful basis for collecting and processing your personal data. The following table outlines our processing purposes and their corresponding legal bases:

  • Responding to Contact Form Enquiries: To read, process, and respond to messages and questions you submit via our contact form. Legal basis: Performance of a contract or steps taken prior to entering a contract (Section 24(3) PDPA); and/or Legitimate interests (Section 24(5) PDPA).
  • Website Operation and Security: To ensure the technical functionality, security, and integrity of our Website, including detecting and preventing fraudulent or malicious activity. Legal basis: Legitimate interests (Section 24(5) PDPA).
  • Analytics and Website Improvement: To understand how users interact with our Website and to improve content and user experience (only where analytics cookies are accepted). Legal basis: Consent (Section 19 PDPA).
  • Legal Compliance: To comply with applicable laws, regulations, court orders, and legal obligations. Legal basis: Legal obligation (Section 24(6) PDPA).
  • Communication of Travel Information and Services: To provide you with travel guides, tips, and information about Thailand that you have requested. Legal basis: Legitimate interests / Consent as appropriate.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.


4. How Contact Form Submissions Are Processed

When you complete and submit the contact form on our Website, the following process occurs:

  1. Your form data (name, email address, phone number, and message) is transmitted securely over an encrypted HTTPS connection to our web server.
  2. The submission is processed by our server-side application (PHP) and forwarded to our designated business email address so that our team can review and respond to your enquiry.
  3. A copy of the form submission may be stored in our email system and/or a secure internal database for record-keeping and follow-up purposes.
  4. Our team will review your message and respond to you using the email address or phone number you have provided, typically within 2–5 business days.
  5. We do not sell, share, or disclose your contact form data to third parties for their own marketing or commercial purposes.

All personal data submitted through contact forms is handled with strict confidentiality and is accessible only to authorised personnel who need access to respond to your enquiry.


5. Cookie Policy

Our Website uses cookies — small text files placed on your device by your web browser — to enhance your experience and to help us understand how our Website is used. We use the following categories of cookies:

5.1 Strictly Necessary / Functional Cookies

These cookies are essential for the basic operation of our Website. They enable core functionality such as page navigation, security features, and access to secure areas. The Website cannot function properly without these cookies, and they do not require your consent under the PDPA. Examples include:

  • Session cookies that maintain your session state while browsing.
  • Security cookies that help detect and prevent malicious activity.
  • Cookies that remember your cookie consent preferences.

5.2 Analytics Cookies (Optional)

With your consent, we may use analytics cookies to collect anonymised data about how visitors interact with our Website. This helps us identify which pages are most popular, how users navigate between pages, and where we can improve content. These cookies are only activated if you provide your explicit consent via our cookie consent banner. Analytics cookies we may use include:

  • Google Analytics: Provided by Google LLC, which may set cookies to track page views, session duration, traffic sources, and similar metrics. Google Analytics data is aggregated and anonymised to the extent possible.

You may withdraw your consent for analytics cookies at any time by adjusting your browser settings or clearing your cookies. Please note that withdrawing consent will not affect the lawfulness of processing carried out before your withdrawal.

5.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse all cookies, accept only certain cookies, or delete cookies that have already been set. Please refer to your browser’s “Help” section for instructions. Be aware that restricting cookies may affect the functionality of some parts of our Website.


6. Third-Party Services and External Resources

Our Website may incorporate third-party services and resources that have their own privacy practices. We have no control over these third parties’ data collection or use of your information. The third-party services we currently use or may use include:

  • Google Fonts (Google LLC): Our Website may load fonts directly from Google’s servers. When your browser requests a font, Google may log your IP address. Google’s privacy policy is available at https://policies.google.com/privacy.
  • Tailwind CSS CDN: We may serve Tailwind CSS stylesheets from a Content Delivery Network (CDN). CDN providers may collect server access logs including IP addresses for performance and security purposes.
  • Google Analytics (Google LLC): As described in Section 5.2, analytics data may be sent to Google’s servers, including in the United States. Google is certified under applicable data transfer frameworks and provides standard contractual clauses for international data transfers.
  • Hosting / Server Provider: Our Website is hosted by a third-party hosting provider that processes server data on our behalf as a data processor. We ensure that our hosting provider implements appropriate security measures.

We encourage you to review the privacy policies of these third-party providers to understand how they handle personal data.


7. International Data Transfers

Your personal data may be transferred to, stored in, or processed in countries outside of Thailand, including the United States and countries within the European Economic Area, where our third-party service providers (such as Google) operate their servers. These countries may have data protection laws that differ from those of Thailand.

Pursuant to Section 28 of the PDPA, when we transfer personal data to a foreign country, we take appropriate safeguards to ensure your data remains protected to a standard consistent with Thai law. These safeguards may include:

  • Ensuring the receiving country has been assessed to provide adequate levels of data protection.
  • Implementing standard contractual clauses or data processing agreements with third-party service providers.
  • Relying on recognised certification schemes or binding corporate rules where applicable.

By using our Website, you acknowledge that your data may be transferred internationally as described in this section.


8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. Our retention periods are as follows:

  • Contact Form Submissions: Personal data submitted via contact forms (including name, email, phone number, and message content) is retained for a period of up to 3 years from the date of submission, unless a longer retention period is required by applicable law or a legitimate business need arises (such as an ongoing contractual relationship).
  • Server Access Logs: Technical logs containing IP addresses and access data are typically retained for up to 12 months for security and diagnostic purposes.
  • Analytics Data: Where Google Analytics is used, data is retained in accordance with your chosen settings in Google Analytics (typically 14 or 26 months).
  • Cookie Consent Records: Records of your cookie consent preferences are retained for the duration of their validity, typically 12 months, after which consent will be requested again.

Upon expiry of the applicable retention period, personal data will be securely deleted, anonymised, or disposed of in accordance with our data retention procedures.


9. Your Rights as a Data Subject Under Thai Law (PDPA)

Under the Personal Data Protection Act B.E. 2562 (2019) of Thailand, you have the following rights with respect to your personal data:

  • Right to be Informed (Section 23): You have the right to be informed about how your personal data is collected and used. This Privacy Policy fulfils this obligation.
  • Right of Access (Section 30): You have the right to request access to the personal data we hold about you and to receive a copy of that data.
  • Right to Data Portability (Section 31): Where technically feasible and where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit that data to another data controller.
  • Right to Rectification (Section 35): You have the right to request that we correct any inaccurate, incomplete, or outdated personal data we hold about you.
  • Right to Erasure / Right to be Forgotten (Section 33): You have the right to request the deletion or destruction of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent (where consent was the legal basis), or in other circumstances provided by law.
  • Right to Restriction of Processing (Section 34): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
  • Right to Object (Section 32): You have the right to object to the processing of your personal data where we are relying on legitimate interests as our legal basis, or where your data is being processed for direct marketing purposes.
  • Right to Withdraw Consent (Section 19): Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your rights have been violated. More information is available from the Office of the Personal Data Protection Committee.

To exercise any of the above rights, please contact us using the details provided in Section 13 of this Privacy Policy. We will respond to your request within 30 days of receipt, in accordance with the PDPA. In complex cases or where a large volume of requests is received, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reason for it.

We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests; however, we reserve the right to charge a reasonable administrative fee for manifestly unfounded or excessive requests.


10. Data Security Measures

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect your data against unauthorised access, disclosure, alteration, loss, or destruction. Our security measures include:

  • HTTPS Encryption: All data transmitted between your browser and our Website is encrypted using SSL/TLS (HTTPS) technology.
  • Access Controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis. Staff and contractors with access to personal data are subject to confidentiality obligations.
  • Secure Email Handling: Contact form submissions forwarded to our email accounts are handled through secure, password-protected email services.
  • Regular Security Reviews: We periodically review our security practices and update them as necessary to address emerging threats and vulnerabilities.
  • Third-Party Processor Due Diligence: We take reasonable steps to ensure that third-party service providers who process personal data on our behalf maintain adequate security standards.
  • Data Minimisation: We collect only the minimum personal data necessary for the stated purposes.

Despite these measures, no data transmission over the internet or electronic storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately using the contact details in Section 13.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the PDPC within 72 hours of becoming aware of the breach, and we will notify affected individuals without undue delay where required under Section 37 of the PDPA.


11. Children’s Privacy

Our Website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, process, or store personal data from children under the age of 18 without the verifiable consent of a parent or legal guardian, in accordance with Section 20 of the PDPA.

If you are a parent or legal guardian and you believe that your child under the age of 18 has provided us with personal data without your consent, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete the child’s personal data from our records.

We do not intentionally target or market our services to children, and we do not knowingly build profiles of or about children.


12. Disclosure of Personal Data to Third Parties

We respect your privacy and do not sell, trade, rent, or otherwise commercially disclose your personal data to third parties. However, we may share your personal data in limited circumstances as follows:

  • Service Providers and Data Processors: We may share your data with trusted third-party service providers who assist us in operating our Website and delivering our services (such as web hosting providers, email service providers, and analytics platforms). These providers are contractually bound to process your data only on our instructions and in accordance with applicable law.
  • Legal Requirements: We may disclose your personal data if required to do so by law, regulation, court order, or governmental authority, or where we believe in good faith that such disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, your personal data may be transferred to the acquiring entity, subject to continued compliance with this Privacy Policy.
  • With Your Consent: We may share your personal data with other third parties where you have given us your explicit consent to do so.

We require all third parties to respect the security and confidentiality of your personal data and to treat it in accordance with applicable law. We do not permit our third-party service providers to use your personal data for their own purposes.


13. Contact Information for Privacy Enquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, or if you wish to exercise any of your rights as described in Section 9, please contact us using the details below:

  • Company: Travel Guide TH (PARRA SERVICES CORP)
  • Address: 13471 SW 99TH Ter, Miami, Florida, 33186-2231, United States
  • Telephone: +13148041548
  • Email: [email protected]
  • Website: mytomorrowthailand.net

Please mark the subject line of your email or letter as “Privacy Enquiry” or “Data Subject Request” so that we can direct your communication to the appropriate team member promptly.

We will endeavour to respond to all legitimate enquiries and requests within 30 days. In cases requiring additional time, we will acknowledge receipt of your request and provide an estimated timeline for our full response.


14. Thailand PDPA Compliance Statement

This Privacy Policy has been prepared in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) of Thailand, which came into full effect on 1 June 2022. The PDPA governs the collection, use, disclosure, and cross-border transfer of personal data of individuals located in Thailand, and establishes the rights of data subjects and obligations of data controllers and data processors.

Key PDPA principles we adhere to include:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
  • Data Minimisation: We collect only the personal data that is adequate, relevant, and necessary for the purposes of processing.
  • Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date.
  • Storage Limitation: We retain personal data for no longer than is necessary for the stated purposes.
  • Integrity and Confidentiality: We implement appropriate technical and organisational security measures to protect personal data.

If you believe that we have not complied with the PDPA or this Privacy Policy, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC), the supervisory authority in Thailand responsible for enforcement of the PDPA.


15. Links to External Websites

Our Website may contain links to third-party websites, resources, and services for your convenience and information. These external websites are operated by independent organisations and are not under our control. This Privacy Policy does not apply to any third-party websites, and we are not responsible for the privacy practices, content, or security of any external sites.

We encourage you to review the privacy policies of any third-party websites you visit before providing any personal data to them. The inclusion of a link on our Website does not constitute an endorsement by us of the linked website or its privacy practices.


16. Changes to This Privacy Policy

We reserve the right to update, revise, or modify this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law, or for other operational, legal, or regulatory reasons. When we make changes, we will:

  • Update the “Last Updated” date at the top of this Privacy Policy.
  • Post the revised Privacy Policy on this page at mytomorrowthailand.net/privacy-policy (or the equivalent URL).
  • Where the changes are significant or materially affect your rights, we will make reasonable efforts to notify you directly, such as by posting a prominent notice on our Website homepage or, where we hold your email address, by sending you a notification email.

Your continued use of our Website after any changes to this Privacy Policy have been posted constitutes your acknowledgement of the modifications and your agreement to be bound by the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

If you do not agree with any changes to this Privacy Policy, you should discontinue use of our Website and may exercise your rights as described in Section 9, including the right to request deletion of your personal data.


17. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the Kingdom of Thailand, including but not limited to the Personal Data Protection Act B.E. 2562 (2019). Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts of Thailand, unless otherwise required by mandatory provisions of applicable law.


This Privacy Policy was last updated on 1 January 2025 and applies to all personal data collected by Travel Guide TH (PARRA SERVICES CORP) through the website mytomorrowthailand.net. If you have any questions about this policy, please contact us at [email protected].