Privacy policy and cookies policy

https://thailand-arrivalcard.com/

I.Operator

II. General Information

This document sets out the privacy policy applicable to the thailand-arrivalcard.com website https://thailand-arrivalcard.com/ – thailand-arrivalcard.com regarding the collection, processing, and use of personal data obtained by the Data Controller.

Personal data collected by the Data Controller is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (GDPR).

According to Article 4(7) of the GDPR, the Data Controller is:
Veltis Hubert Szabat
Giedlarowa 1143, 37-300 Leżajsk, Poland (EU)
Email: [email protected]
NIP: 8161711130
REGON: 387371370

The Data Controller takes all necessary steps to protect the privacy and information provided by website users.

III. Principles of Personal Data Processing

Personal data will be processed following the principles defined in Article 5 of the GDPR.

Personal data will be:
a) Processed lawfully, fairly, and transparently for the data subject (“lawfulness, fairness, and transparency”).
b) Collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes (“purpose limitation”).
c) Adequate, relevant, and limited to what is necessary for processing purposes (“data minimization”).
d) Accurate and, where necessary, kept up to date (“accuracy”).
e) Stored in a form allowing the identification of individuals for no longer than necessary (“storage limitation”).
f) Processed securely, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

IV. Personal Data We Collect and Use

We ensure that collecting and using your personal data is done lawfully. Therefore, we will only use your data for the purposes mentioned below if at least one of the following conditions is met:

a) You have given your consent.
b) We need your personal data to fulfill a contract, e.g., purchasing a product via the website.
c) We are legally required to comply with applicable laws.
d) We must protect your vital interests.
e) Processing is necessary for the public interest.
f) We have a legitimate interest in processing your personal data.

Categories of Personal Data

  • Identity Data: Full name, date of birth, gender – required for traveler identification.
  • Contact Information: Email address, phone number – used for sending documents and contacting you if additional information is needed.
  • Passport Data: Passport number, country of issue, expiry date – necessary for completing applications.
  • Travel Information: Arrival date, planned stay, purpose of visit – required by the authorities in Malaysa.
  • Device Information: Data about your computer, phone, or other device used to browse the website, such as device type, operating system, hardware version, browser type, unique device identifier, IP address, and advertising identifier.
  • Payment Information: (We do not store this data).

V. Legal Bases for Processing Personal Data

The legal bases for processing personal data derive from the GDPR. When we process personal data, it is based on:

a) Article 6(1)(a) GDPR – We process personal data based on your consent.
b) Article 6(1)(b) GDPR – We process personal data because it is necessary to fulfill a contract or to take steps at your request before entering into a contract.
c) Article 6(1)(c) GDPR – We process personal data to comply with legal obligations.
d) Article 6(1)(f) GDPR – We process personal data to pursue legitimate interests.

The primary basis for processing customer personal data is the necessity to execute a contract or take steps before entering into a contract. Additionally, data may be processed based on:

  • Applicable legal provisions, where processing is necessary to comply with the legal obligations imposed on the Data Controller (e.g., tax regulations).
  • Legitimate interests of the Data Controller, such as establishing, exercising, or defending claims, marketing analysis, and statistical purposes.

VI. Retention Period of Personal Data

According to applicable laws, we process your personal data for the necessary period to achieve the defined purpose. After this period, your personal data will be irreversibly deleted or destroyed.

  • Personal data processed based on consent will be stored until you withdraw consent.
  • Personal data processed for contract execution will be stored for the contract duration and the limitation period for claims under civil law regulations.

VII. Recipients of Personal Data

The list of data recipients depends on legal provisions, user consent, and the scope of services used.

Recipients may include:

  • Employees, collaborators, accountants, IT solution providers, payment service providers, banks, marketing service providers, telecommunications providers, law firms, and authorized state authorities.
  • Government agencies in Malaysa – Data is transferred to official government institutions to process Malaysa Digital Arrival Card applications.

If personal data is transferred outside the European Economic Area (EEA), the Data Controller ensures compliance with Chapter 5 of the GDPR, including adequate safeguards such as EU Commission Standard Contractual Clauses (SCCs).

VIII. Your Rights Regarding Personal Data Protection

Since providing personal data is voluntary, you have the following rights:

  • Access to personal data (Article 15 GDPR).
  • Correction of personal data (Article 16 GDPR).
  • Erasure of personal data (“Right to be Forgotten” – Article 17 GDPR).
  • Restriction of personal data processing (Article 18 GDPR).
  • Data portability (Article 20 GDPR).
  • Objection to data processing (Article 21 GDPR).

If you believe your personal data processing violates the GDPR, you have the right to file a complaint with the relevant Data Protection Authority.

You may withdraw your consent for processing at any time. However, withdrawal does not affect the legality of processing before withdrawal.

IX. Cookie Policy

The website uses cookies to ensure proper functionality and improve the user experience.

Cookies help:

  • Remember previously entered information so you do not have to re-enter it.
  • Adjust content, including ads, to user preferences.

Types of cookies used:

  • Essential Cookies – Required for proper website operation.
  • Statistical Cookies – Used for traffic analysis and behavior tracking.
  • Marketing Cookies – Used for personalized advertising.

Users can manage cookie preferences through browser settings. Disabling cookies may affect some website functionalities.

X. Changes to the Privacy Policy

We reserve the right to modify the Privacy Policy and Cookie Policy if necessary. Any changes will be announced on the homepage.

This Privacy Policy and Cookie Policy is effective as of March 2, 2025.