Privacy Policy
Last updated: May 2026 · Version 2.0
MINAIRAL CO., LTD. ('MINAIRAL', 'we', 'us') is committed to protecting the personal data of all individuals who visit or transact on shop.minairal.com ('Website'). This Privacy Policy explains how we collect, use, store, share, and protect your personal data in accordance with Thailand's Personal Data Protection Act B.E. 2562 ('PDPA') and related regulations.
1. Data Controller
| Data Controller | MINAIRAL CO., LTD. (บริษัท มิโนรอล จำกัด) |
|---|---|
| Address | 138/42 Moo 2, Tambon Bo Phut, Koh Samui, Surat Thani 84320, Thailand |
| Privacy Contact | legal@minairal.com |
| DPO | Not formally designated. All data protection enquiries: legal@minairal.com |
2. Personal Data We Collect
2.1 Data You Provide Directly
- Identity: first name, last name
- Contact: email address, phone number, delivery and installation address
- Account: login credentials (password stored in encrypted/hashed form), order history, preferences
- Transaction: order details, payment method type, payment confirmation reference (MINAIRAL does not receive or store full card numbers or bank account details)
- PromptPay: phone number or national ID if provided for refund processing purposes
- Communications: messages and enquiries sent to our support team
2.2 Data Collected Automatically
- Technical: IP address, browser type and version, device type, operating system, screen resolution
- Usage: pages visited, time on site, referral source, click behaviour, cart actions
- Cookie and tracking data: as detailed in the Cookie Policy
2.3 Data Received from Third Parties
| Source | Data Received | Purpose |
|---|---|---|
| Payment gateway (card payments) | Payment authorisation status, transaction reference, masked card details (last 4 digits only) | Order confirmation and fraud prevention |
| PromptPay / BOT network | Transfer confirmation reference, transaction amount | Payment verification |
| Meta (Facebook/Instagram Pixel) | Ad interaction events (page views, add-to-cart, purchase events). Requires consent | Ad effectiveness measurement and remarketing. Consent-based only |
| TikTok Pixel | Ad interaction events (page views, add-to-cart, purchase events). Requires consent | Ad effectiveness measurement and TikTok audience targeting. Consent-based only |
| Google Ads / Google Shopping | Ad click data, conversion events. Requires consent | Google Ads campaign measurement and Google Shopping performance. Consent-based only |
| Shopify | Platform-level analytics, store operations, checkout behaviour | Store management and performance analytics |
3. Legal Bases for Processing
| Purpose | Legal Basis | Retention |
|---|---|---|
| Process and fulfil orders | Performance of contract (PDPA s.24(3)) | 7 years (Revenue Code) |
| Customer account management | Performance of contract | Account duration + 1 year |
| Customer support & after-sales | Performance of contract / Legitimate interest | 3 years from last contact |
| Delivery & installation coordination | Performance of contract | 2 years from delivery |
| Transactional emails (order, delivery) | Performance of contract | Duration of relationship |
| Payment processing & fraud prevention | Performance of contract / Legal obligation | 7 years (Revenue Code) |
| PromptPay refund processing | Performance of contract | Until refund confirmed + 1 year |
| Marketing emails / SMS (opt-in) | Explicit consent (PDPA s.19) | Until consent withdrawn |
| Meta Ads remarketing (Pixel) | Explicit consent, Direct Marketing Act 2024 | 90 days (Meta retention) |
| TikTok Ads (Pixel) | Explicit consent, Direct Marketing Act 2024 | 13 months (TikTok retention) |
| Google Ads / Shopping (tags) | Explicit consent, Direct Marketing Act 2024 | 13 months (Google retention) |
| Website analytics (Shopify / GA4) | Legitimate interest / Consent (cookies) | 13 months |
| Legal & accounting compliance | Legal obligation (Revenue Code) | 7 years |
Important
All advertising platform pixels and tags (Meta, TikTok, Google Ads, Google Shopping) are activated ONLY after the Customer provides explicit consent via the cookie banner. No advertising data is transmitted before consent is granted.
All advertising platform pixels and tags (Meta, TikTok, Google Ads, Google Shopping) are activated ONLY after the Customer provides explicit consent via the cookie banner. No advertising data is transmitted before consent is granted.
4. Cross-Border Data Transfers
MINAIRAL uses third-party services that involve transferring personal data outside Thailand. The following table documents each transfer, destination, and applicable safeguard in accordance with PDPA Sections 28 to 29 and the PDPC Cross-Border Transfer Notification (effective March 2024):
| Service / Provider | Data Transferred | Destination | Safeguard |
|---|---|---|---|
| Shopify (store platform) | Customer identity, contact, order history, browsing behaviour | USA / Canada | Shopify Data Processing Agreement, Standard Contractual Clauses (SCCs) |
| Payment gateway (card) | Transaction reference, masked card data, amount | Thailand / regional processing | PCI-DSS certified, Bank of Thailand regulated |
| PromptPay / BOT network | Transfer confirmation, amount | Thailand (domestic) | BOT-regulated domestic network, no cross-border transfer |
| Meta (Facebook/Instagram) | Pixel event data (page views, conversions), consent-based | USA / Ireland | Meta Data Processing Terms, SCCs, consent required |
| TikTok | Pixel event data (page views, conversions), consent-based | USA / Singapore | TikTok Data Processing Agreement, SCCs, consent required |
| Google Ads / Shopping / Analytics | Ad click data, conversion events, analytics, consent-based | USA / EEA | Google Ads & Analytics DPA, SCCs, consent required |
Customers may request information about the specific safeguards in place for any cross-border transfer by contacting privacy@minairal.com.
5. How We Use Your Data
- To process, confirm, and fulfil your orders (purchases, delivery coordination, installation booking)
- To process payments via the accepted payment methods and manage refunds
- To send transactional communications (order confirmation, dispatch notification, filter replacement reminders)
- To manage your customer account and order history
- To respond to customer service and after-sales enquiries
- To measure and improve the performance of our advertising campaigns on Meta, TikTok, and Google, subject to your consent
- To personalise advertising shown to you on Meta, TikTok, and Google platforms, subject to your consent
- To analyse Website traffic and user behaviour to improve Website performance, subject to your consent
- To comply with legal obligations under Thai law (tax, accounting, consumer protection)
6. Data Sharing
We do not sell your personal data. We share data only with:
| Recipient | Data Shared | Basis |
|---|---|---|
| Courier and logistics partners | Name, delivery address, phone number, order reference | Performance of contract, delivery |
| Payment gateway provider | Transaction amount, currency, order reference | Performance of contract, payment processing |
| Shopify (platform provider) | Full order and customer data as required to operate the store | Data processing agreement |
| Meta / TikTok / Google (ad platforms) | Pixel event data only, consent-based, no personally identifiable data sent directly | Explicit consent |
| MINAIRAL installation subcontractors | Name, installation address, phone number, appointment date | Performance of contract, installation service |
| Government authorities | As required by Thai law (Revenue Department, DBD, courts) | Legal obligation |
| Professional advisors | As required for legal, accounting, or audit purposes | Legitimate interest, confidentiality obligations apply |
7. Your Rights Under the PDPA
| Right | Description | How to Exercise |
|---|---|---|
| Right to be informed | Know what data we collect and how we use it | This Privacy Policy |
| Right of access | Receive a copy of personal data MINAIRAL holds about you | Email privacy@minairal.com |
| Right to rectification | Correct inaccurate or incomplete data | Email privacy@minairal.com |
| Right to erasure | Request deletion where legally permitted ('right to be forgotten') | Email privacy@minairal.com |
| Right to restriction | Restrict processing in certain circumstances | Email privacy@minairal.com |
| Right to portability | Receive your data in a structured, machine-readable format | Email privacy@minairal.com |
| Right to object | Object to processing based on legitimate interests or direct marketing | Email or cookie settings |
| Withdraw consent | Withdraw marketing or advertising cookie consent at any time | Cookie Settings in site footer |
We respond to all requests within 30 days. You have the right to lodge a complaint with Thailand's Personal Data Protection Committee (PDPC) if you believe your rights have been violated.
8. Data Security
We implement appropriate technical and organisational security measures including: SSL/TLS encryption for all Website transmissions; PCI-DSS compliant payment processing (no card data stored by MINAIRAL); access controls and role-based authentication for internal systems; and regular security reviews.
In the event of a personal data breach presenting a risk to your rights, we will notify the PDPC within 72 hours and inform affected individuals without undue delay in accordance with PDPA Section 37.
9. Children's Data
Our Website is not directed at individuals under 20 years of age. We do not knowingly collect personal data from minors. Contact privacy@minairal.com if you believe a minor has submitted data through our Website.
10. Cookies & Advertising Technologies
We use cookies and tracking pixels from Meta, TikTok, and Google on the Website. All advertising tracking is consent-based. Full details are provided in the Cookie Policy.
11. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices, the services we use, or legal requirements. Material changes are communicated by email or via a prominent Website notice at least 30 days before taking effect. The updated date is shown at the top of this Policy.
12. Contact
| Data protection enquiries | privacy@minairal.com |
|---|---|
| General support | support@minairal.com |
| Address | MINAIRAL CO., LTD. │ 138/42 Moo 2, Tambon Bo Phut, Koh Samui, Surat Thani 84320 |
| PDPC complaint | https://www.pdpc.or.th |