Welcome to Phi Phi Tour! This Privacy Policy explains how Five Star Group (Thailand) Co., Ltd. (referred to as "Phi Phi Tour", "we", "us", or "our") collects, uses, shares, and protects your personal information when you visit our website, https://phiphitours.com, and use our services. We are a business registered in the Kingdom of Thailand, and we are committed to protecting your privacy in compliance with Thailand's Personal Data Protection Act (PDPA).
We collect information that is necessary to provide you with a safe and seamless tour booking service. The types of information we collect depend on how you interact with our website.
Booking Information: When you book a tour, we collect the full names, dates of birth, and nationality of all passengers. For certain tours requiring insurance or national park entry, we may also collect passport numbers. We also require a primary contact email address, phone number, and your hotel name and room number for tour pickups.
Sensitive Information: To ensure your safety and comfort, we may ask for information about allergies, dietary requirements (e.g., vegetarian, halal), or health conditions. We only collect and process this sensitive data with your explicit consent for the sole purpose of service delivery.
Account Information: If you create an account, we collect your email address and the IP address used during registration.
Communications: When you contact us through our website's contact form or by email, we collect your name, email address, IP address, and any other information you provide in your message.
Payment Information: We use secure third-party payment gateways to process your payments. We do not collect, store, or have access to your full credit card details on our servers. This information is handled exclusively by our payment processing partners.
Cookies: Like most websites, we use essential cookies. These are small data files stored on your browser that are necessary for the site to function correctly (e.g., to keep you logged into your account).
Analytics: We use a self-hosted analytics platform (Umami) to understand website traffic and improve our services. This data is aggregated for statistical purposes and does not personally identify you. We do not use third-party analytics services like Google Analytics.
We use the information we collect for the following legitimate purposes:
To Fulfill Your Bookings: To process your tour bookings, arrange logistics with our partners, manage pickups, and send you essential communications about your booking.
To Provide Customer Support: To respond to your inquiries and provide assistance.
For Safety and Insurance: To ensure we can accommodate any dietary or health needs and to register you with our insurance provider for specific activities.
For Marketing: If you have specifically opted-in, we will send you emails about our tours and promotions. You can easily unsubscribe at any time using the link in every email.
To Improve Our Website: To analyze aggregated user data to enhance the website experience and our service offerings.
We do not sell your personal data. We only share it with trusted third parties when necessary to provide our services:
Tour & Transport Providers: We share necessary details (such as your name, hotel, dietary needs, and number of passengers) with our vetted local tour operators and transport providers to execute your booking. These partners may, in turn, need to share limited information with their own authorized contractors or insurance providers to fulfill their service obligations. While we contractually require our primary partners to adhere to data protection standards, we are not directly responsible for the privacy practices of their downstream third parties.
Insurance Companies: For activities that require it, we share your name, nationality, and passport number with our insurance provider.
Legal & Financial Obligations: We may be required to disclose information to law enforcement, government bodies, or financial institutions to comply with the law or in response to legal processes, such as a credit card chargeback dispute.
Security: Our website is secured with HTTPS encryption. We employ robust technical and organizational measures to protect your data. Account passwords are not stored in a readable format; they are securely hashed using industry-standard technologies.
Retention: We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, for our legitimate business records, and to comply with legal obligations, unless you request its deletion.
As a user, you have the following rights regarding your personal data:
Right to Access: You can request a copy of the personal information we hold about you.
Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
Right to Erasure: You can request that we delete your personal data from our systems, subject to our legal and contractual obligations.
Right to Object: You can object to us processing your data for certain purposes, including direct marketing.
To exercise any of these rights, please contact us at info@phiphitours.com.
We operate primarily within Thailand. We do not routinely transfer your personal data outside of the country, except when required for legal or financial proceedings, such as a chargeback dispute involving an international financial institution (e.g., Visa, Mastercard).
We may update this policy from time to time to reflect changes in our practices or for legal reasons. We will post the new policy on this page and update the "Last Updated" date.
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us.
This policy is governed by the laws of Thailand. By booking with Phi Phi Tours, you agree to this privacy policy.
Five Star Group (Thailand) Co., Ltd.
