Privacy Policy

1. Introduction

Take Sushi Ao Nang ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make reservations, or use our services.

We comply with the General Data Protection Regulation (GDPR), Thailand's Personal Data Protection Act (PDPA) B.E. 2562 (2019), and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information You Provide

• Name and contact information (email address, phone number)
• Billing and payment information (processed securely through Stripe)
• Reservation and booking details
• Dietary restrictions and special requests
• Communication preferences
• Account credentials (managed through Clerk)

2.2 Information Automatically Collected

• IP address and device information
• Browser type and operating system
• Pages visited and time spent on our website
• Referring website addresses
• Location data (with your consent)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your personal information for the following purposes:

• Process reservations and event bookings
• Communicate with you about your bookings and our services
• Process payments and prevent fraud
• Send marketing communications (with your consent)
• Improve our website and services
• Comply with legal obligations
• Analyze website traffic and user behavior
• Provide customer support

4. Legal Basis for Processing (GDPR & PDPA)

We process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our reservation and service agreements
• Legitimate Interests: To improve our services and communicate with customers
• Consent: For marketing communications and certain data analytics
• Legal Obligations: To comply with applicable laws and regulations
• Vital Interests: In emergency situations affecting health or safety

5. Third-Party Services and Data Sharing

We use the following third-party services to operate our business:

5.1 Analytics and Tracking

• Google Analytics: Website traffic analysis and user behavior insights
• PostHog: Product analytics and user experience optimization
• Meta Pixel (Facebook): Ad targeting and campaign measurement
• TikTok Pixel: Ad performance tracking and audience insights

5.2 Service Providers

• Stripe: Secure payment processing (PCI-DSS compliant)
• Clerk: Authentication and user management
• Vercel: Website hosting and performance optimization
• Convex: Database and backend services

These services may process your data in accordance with their own privacy policies. We ensure all third-party processors provide adequate data protection guarantees.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Authenticate your account
• Analyze website performance
• Deliver targeted advertising
• Prevent fraud

Types of Cookies We Use

• Essential Cookies: Required for website functionality
• Performance Cookies: Help us improve website performance
• Functional Cookies: Remember your preferences
• Marketing Cookies: Used for targeted advertising (with consent)

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

7. Your Rights Under GDPR and Thailand PDPA

You have the following rights regarding your personal data:

GDPR Rights (for EU/EEA residents)

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limited processing of your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Rights Related to Automated Decision-Making: Not be subject to solely automated decisions

Thailand PDPA Rights

• Right to Withdraw Consent: Withdraw previously given consent
• Right to Access: Access your personal data and processing details
• Right to Data Portability: Transfer data to another controller
• Right to Object: Object to data processing for certain purposes
• Right to Erasure: Request deletion or anonymization
• Right to Restrict Processing: Suspend data processing
• Right to Rectification: Correct incomplete or inaccurate data

To exercise these rights, please contact us at privacy@takesushikrabi.com

8. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services and fulfill contractual obligations
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements
• Maintain business records for tax and accounting purposes

Typically, we retain booking data for 7 years for tax compliance. Marketing data is retained until you withdraw consent or request deletion.

9. International Data Transfers

Your data may be transferred to and processed in countries outside Thailand and the EU/EEA, including the United States. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent where required

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection
• Secure payment processing through PCI-DSS compliant providers

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information.

12. Marketing Communications

With your consent, we may send you promotional emails about our events, special offers, and services. You can opt-out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at marketing@takesushikrabi.com
• Updating your preferences in your account settings

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR and PDPA.

14. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.

15. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact us:

Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority:

• Thailand: Personal Data Protection Committee (PDPC)
  Website: www.mdes.go.th/pdpc
• EU/EEA: Your local Data Protection Authority
  Find your authority: edpb.europa.eu/about-edpb/board/members_en