Legal
Privacy Policy
Last Updated: 12 May 2025 · Calmora, Hua Hin, Thailand
1. Introduction
Calmora ("we", "us", "our") is committed to handling personal information with care. This Privacy Policy explains what data we collect when you use our website or contact us about our services, how we use it, and what rights you have in relation to it.
This policy applies to the Calmora website at https://calmora.sbs and to any personal data provided to us through our contact form, telephone, or email enquiries.
We operate under Thailand's Personal Data Protection Act B.E. 2562 (PDPA). If you have questions about this policy, contact us at [email protected].
2. What Personal Data We Collect
We collect only the personal data that is necessary to respond to your enquiry or deliver our services.
Data You Provide Directly
- Full name (when you contact us or book a session)
- Email address
- Phone number (optional)
- Any additional information you include in a message to us
Data Collected Automatically
- Basic website usage data collected via analytics cookies (page views, session duration)
- Technical data such as browser type and approximate location (country or city level)
Legal Basis for Processing
We process personal data on the following legal bases under the PDPA:
- Consent — for optional cookies and marketing communications
- Contractual necessity — to respond to your enquiry and provide the service you have requested
- Legitimate interests — for basic website analytics to improve our service
Retention Periods
- Enquiry data: retained for 12 months from last contact
- Session records: retained for 24 months for service quality purposes
- Analytics data: aggregated and anonymised after 14 months
3. How We Use Your Data
- To respond to your enquiry and discuss whether our services are a suitable fit
- To schedule and confirm sessions or workshops
- To send service-related communications (booking confirmations, session reminders)
- To improve our website and session materials based on aggregated usage data
- To comply with legal obligations under Thai law
We do not sell personal data to third parties. We do not use personal data for automated decision-making. We do not send unsolicited marketing communications.
Third-Party Services
We may use the following third-party services that process data on our behalf: website analytics (such as Google Analytics, if enabled), and email communication tools. These services are bound by their own privacy policies and data processing agreements. Data is not shared with any third party for their own marketing purposes.
4. How We Protect Your Data
- Our website is served over HTTPS with TLS encryption
- Access to personal data is restricted to team members who need it to carry out their work
- Data stored on our systems is protected by access controls and regular reviews
- In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authority within the timeframes required by Thai PDPA
5. Cookies
We use cookies on our website. Essential cookies are necessary for the site to function. Optional cookies (analytics, preferences) are only placed with your consent. You can manage your cookie preferences at any time by visiting our Cookie Policy page.
6. Your Rights
Under Thailand's PDPA, you have the following rights in relation to your personal data:
- Right to access — to receive a copy of the personal data we hold about you
- Right to rectification — to ask us to correct inaccurate or incomplete data
- Right to erasure — to ask us to delete your data where there is no longer a lawful basis for processing it
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to object — to object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, to withdraw it at any time without affecting prior processing
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with Thailand's Personal Data Protection Committee (PDPC).
7. Third-Party Links
Our website may contain links to official government and professional sources. We are not responsible for the privacy practices of those external sites and encourage you to read their privacy policies when you visit them.
8. Children's Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided personal data to us, please contact us and we will arrange for it to be deleted.
9. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of our website or services after an update constitutes acceptance of the revised policy.
10. Contact
Data Controller: Calmora
Address: 14 Phetkasem Road, Hua Hin, Prachuap Khiri Khan 77110, Thailand
Email for privacy matters: [email protected]