Privacy Policy
Last Updated: February 2026
This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
1. Data Controller
Sisu Sauna Co., Ltd. is the data controller responsible for your personal data.
Website: www.sauna.in.th
Email: info@sauna.in.th
Location: Thailand
For any questions or requests regarding your personal data, please contact us at the email address above.
2. Personal Data We Collect
| Category | Data Collected | When Collected |
|---|---|---|
| Identity | Full name | When you enquire, request a quote, or place an order |
| Contact | Email address, phone number, LINE or WhatsApp ID | When you contact us or submit a form |
| Delivery | Delivery address, location details, access instructions | When you place an order |
| Payment | Bank transfer details, payment confirmation. Card details are processed directly by Stripe and are never stored on our servers. | When you make a payment |
| Order | Product selections, quote history, order history, correspondence | Throughout your relationship with us |
| Technical | IP address, browser type, device information, pages visited | Automatically when you visit our website |
We do not collect sensitive personal data such as race, religion, health information, or biometric data.
3. How We Use Your Data
| Purpose | Legal Basis (PDPA) |
|---|---|
| Process quotes, orders, and payments | Contractual necessity |
| Deliver products and coordinate installation | Contractual necessity |
| Provide customer support and after-sales service | Contractual necessity |
| Send order updates, delivery notifications, and invoices | Contractual necessity |
| Send marketing communications about products and promotions | Consent (you may opt out at any time) |
| Improve our website, products, and services | Legitimate interest |
| Analyse website traffic and usage patterns | Legitimate interest |
| Comply with legal and tax obligations | Legal obligation |
4. Data Sharing & Third Parties
We do not sell your personal data. We share data only with the following parties, and only to the extent necessary:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | United States / EU |
| Google (Analytics) | Website traffic analysis | United States |
| Delivery partners | Product delivery (name, address, phone) | Thailand |
| Hosting provider | Website and data hosting | As per hosting provider location |
Cross-Border Data Transfers
Some of our service providers (Stripe, Google) process data outside of Thailand. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including the recipient country having adequate data protection standards or the transfer being necessary for the performance of a contract with you, in accordance with the PDPA.
5. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Order and invoice records | 7 years (Thai tax and accounting requirements) |
| Quote enquiries (no order placed) | 2 years from last contact |
| Customer support correspondence | 3 years from resolution |
| Marketing contact details | Until you withdraw consent or opt out |
| Website analytics data | 26 months (Google Analytics default) |
After the retention period, personal data is securely deleted or anonymised.
6. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- SSL/TLS encryption on our website
- Secure payment processing through Stripe (PCI DSS compliant)
- Access to customer data restricted to authorised personnel only
- Regular backups of business data
- Password-protected systems and databases
While we take reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
7. Your Rights Under the PDPA
As a data subject, you have the following rights:
- Right of access — Request a copy of the personal data we hold about you
- Right to rectification — Request correction of inaccurate or incomplete data
- Right to erasure — Request deletion of your data (subject to legal retention requirements)
- Right to restrict processing — Request that we limit how we use your data
- Right to data portability — Request your data in a structured, machine-readable format
- Right to object — Object to processing based on legitimate interest or for marketing purposes
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at info@sauna.in.th. We will respond to your request within 30 days. We may need to verify your identity before processing your request.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand.
8. Cookies
What Are Cookies
Cookies are small text files placed on your device when you visit our website. They help us provide a better browsing experience and understand how visitors use our site.
Cookies We Use
| Type | Purpose | Duration |
|---|---|---|
| Essential | Required for the website to function (session management, security, shopping cart) | Session / up to 1 year |
| Analytics | Google Analytics — helps us understand how visitors use our site, which pages are popular, and where visitors come from | Up to 2 years |
Managing Cookies
You can control and delete cookies through your browser settings. Disabling essential cookies may affect website functionality. Disabling analytics cookies will not affect your browsing experience.
9. Children’s Privacy
Our products and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.