Privacy Policy

Effective: 2026-05-03 · Last updated: 2026-05-03

1. Who we are and how to reach us

This website samuidays.com (the "Site") is operated by SamuiDays Co., Ltd., a company registered in the Kingdom of Thailand (registered office and company number: [TBD]). We are the data controller for your personal data within the meaning of the Thai PDPA 2022, the EU GDPR (extraterritorial scope for EU/EEA visitors), and Russian Federal Law 152-FZ (where applicable — see §8).

For any privacy question, contact privacy@samuidays.com. We respond within 30 days.

2. What we collect

When you submit a booking enquiry or contact form:

When you just browse the Site:

What we deliberately do not collect: payment-card details, passport / ID numbers, health data, political opinions, biometric data.

3. Lawful bases

4. Retention

5. Who we share with

We do not sell your data. Sharing is limited to processors strictly necessary to operate the Site:

International transfers protected by Standard Contractual Clauses or adequacy decisions.

6. Your rights

To exercise any right, email privacy@samuidays.com.

7. Security and breaches

Data encrypted in transit (TLS 1.3) and at rest (AES-256). Database access is least-privilege and logged. We notify PDPC Thailand and EU DPAs within 72 hours of a high-risk breach and affected users without undue delay.

8. Russian visitors (152-FZ)

The Site runs on a .com domain, the operator is in Thailand, and servers are in the EU. We do not run targeted marketing in Russia, do not use Yandex.Metrica / Yandex.Direct / SMS campaigns to Russian numbers, and do not partner with bloggers focused on a Russian audience.

If you are a Russian resident and believe your 152-FZ rights are affected, contact privacy@samuidays.com.

9. Changes to this policy

Material changes are announced 30 days in advance via an on-site banner.

10. Operator contact

SamuiDays Co., Ltd.
Email: privacy@samuidays.com
Address: [Bangkok / Koh Samui — TBD]