Last updated: 24 May 2026
1. Who we are
This website is operated by Thailand Guide (thailandguide.co.uk). When we say "we", "us" or "our", we mean Thailand Guide. You can contact us at [email protected].
2. What data we collect
Account data
If you register or sign in, we store your name, email address, and — if you used Google or Facebook to sign in — a reference ID from that provider. We never see or store your Google or Facebook password.
Cookies & tracking
We use non-essential cookies for two purposes. First, analytics: we run both Matomo (self-hosted — data never leaves our servers) and Google Analytics (anonymised data shared with Google) to understand how visitors use the site. Second, personalisation: we track which pages you visit in order to suggest relevant content elsewhere on the site. All non-essential cookies are opt-in. Declining via the cookie banner or the settings link in the footer disables analytics and personalisation in one step — there is no partial opt-out.
Contact enquiries
If you submit a contact form, we store your name, email address, and message so we can respond.
3. How we use your data
- To provide and improve the site and your account features (saved favourites, newsletters).
- To respond to enquiries you send us.
- To understand site usage so we can improve content (analytics).
- To send you updates or newsletters, only if you opted in.
We do not sell your data to anyone. We do not use your data for automated decision-making or profiling.
4. Legal basis (UK GDPR)
- Contract — processing your account details to provide the service you signed up for.
- Legitimate interests — analytics and security logging.
- Consent — newsletters and non-essential cookies, which you can withdraw at any time.
5. Third-party services
- Google Sign-In & Google Analytics — governed by Google's Privacy Policy.
- Facebook Login — governed by Meta's Privacy Policy.
These services only share data with us when you choose to sign in using them.
6. Data retention
We keep your account data for as long as your account exists. If you ask us to delete your account, we will remove your personal data within 30 days. Contact enquiries are retained for up to 2 years.
7. Your rights
Under UK GDPR you have the right to access, correct, or delete your personal data, to restrict or object to processing, and to data portability. To exercise any of these rights, email us at [email protected]. You also have the right to lodge a complaint with the ICO.
8. Security
Passwords are hashed using bcrypt and never stored in plain text. All traffic is served over HTTPS. Sessions are protected with CSRF tokens and regenerated regularly.
9. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will always reflect the most recent version.