Privacy & Confidentiality Policy

Updated Version – Thailand PDPA Compliant

Last updated: 04/09/2025

By using our website https://muttivillas.com, you signify your acceptance of this Policy. If you do not agree, please discontinue use of the website. This Policy forms an integral part of our Terms & Conditions and Cookies Policy.

This Privacy & Confidentiality Policy (“Policy”) explains how MUTTI DEVELOPING CO., LTD. (“Company,” “we,” or “our”), as Data Controller under the Thai Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), collects, uses, discloses, and protects personal data of users (“User,” “you”) when using our website. We are committed to ensuring your privacy and compliance with applicable laws, including PDPA, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant international standards.

1. Data We Collect

  • Information provided by you: name, email, phone number, booking details.
  • Identification documents: passport/ID copies for compliance with Thai KYC/AML.
  • Technical data: IP address, browser, OS, access times, referral websites.
  • Cookies and tracking: as described in our Cookies Policy.
  • Data from third parties: social media interactions, advertising networks, CRM partners.

2. Purposes of Processing

  • Provide website access and services.
  • Process inquiries, bookings, contracts.
  • Fulfill KYC/AML obligations.
  • Improve website functionality and user experience.
  • Marketing communications (only with consent).
  • Compliance with Thai and international laws.

3. Legal Basis for Processing

Under Section 24 PDPA, we process based on: consent, contract performance, legal obligations, legitimate interests (not overriding your rights), vital/public interest. For EU/EEA and California users, GDPR/CCPA bases also apply.

4. Data Retention

We retain data as long as necessary for stated purposes or legal requirements (tax, AML, property registration). For AML/KYC, data may be kept 5–10 years under Thai law. Afterward, data is deleted or anonymized.

5. Data Sharing with Third Parties

We may share with:

  • Service providers (hosting, analytics, IT).
  • Thai authorities (Land Dept, Revenue Dept, AML Office).
  • Legal advisors, auditors, regulators.
  • Marketing/retargeting partners (with consent).
  • In mergers or acquisitions.
  • Where legally compelled by court order.

6. International Data Transfers

Your data may be transferred outside Thailand. Safeguards under PDPA/GDPR (SCCs, adequacy, or consent) apply. Transfers to non-adequate jurisdictions (e.g., US, Russia) are protected by SCCs or explicit consent.

7. User Rights

Under PDPA you have:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Data portability
  • Withdraw consent
  • File complaint with PDPC Thailand.

EU/EEA and California users have equivalent rights under GDPR/CCPA.

8. Confidentiality and Security

We use technical/organizational measures (encryption, access controls, ISO 27001 standards) to protect data from unauthorized access or misuse. A Data Protection Officer (DPO) may be appointed as required.

9. Marketing & Opt-out

You may opt-out of marketing communications anytime via unsubscribe link or by contacting us directly.

10. Children’s Privacy

Our services are not directed at individuals under 20 years old. Parental consent required under Section 19 PDPA.

11. Changes to this Policy

We may update this Policy. Updates will be posted with revised dates.

12. Contact Information

MUTTI DEVELOPING CO., LTD.
123/66 Moo 9, Thep Krasattri Sub-district, Thalang District,
Phuket Province, Thailand 83110
Email: [email protected]
Phone: +66 62 210 8989
DPO Contact Pavel: +66 62 210 8989