02 December 2020
Thai Airways International Public Company Ltd. (THAI), 89 Vibhavadi Rangsit Road, Bangkok 10900, realizes the importance of personal data of our customers.
This privacy notice applies to the collection and processing of your personal information in relation to:
This privacy notice also describes your data protection rights. More information about your rights, and how to exercise them, is set out in Section 7 below.
We generally collect your personal data, either directly from you or from authorised representatives, through our websites, mobile services, and other channels including our ticketing counters and airport operations or from third parties including other airlines, travel agency, the International Air Transport Association (IATA) and from IT services providers for the global travel and tourism industry, who are operating inter alia the computer reservations systems (CRS) for many airlines.
We collect and process personal data about you when you interact with us and our websites and when you purchase tickets or other goods and services from us.
In justified cases we collect and process your personal data relating to your health status when you inform us about your medical conditions (such as needing a specific medication), we will ask you for your consent to process such data.
We process your personal data according to the purposes and limited to what is necessary for the following purposes:
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your personal data for other purposes, such as those set out above.
You have an unconditional right to opt-out of direct marketing at any time. You can do this by following the instructions in the communications we send you, or by contacting us using the details set out in section 9.
When you visit our websites, we may place cookies on your devices and use those cookies to collect personal data. You can find out more in ourCookie Notice.
If necessary for the provision of services to you, we will share your data with other service providers who take part in the provision of the respective services to you. This may include:
Personal data will also be shared with third party service providers who will process it on behalf of THAI for the purposes identified above. Such third parties include data processors that we use for the provision of certain services such as enabling our customers to book flights, validate payment through credit card, facilitating frequent-flyer program operations, etc. as well as providers of website hosting, maintenance, call centre operation and identity checking. In this case, we use additional safeguards to protect your personal data such as “Data Processing and Transfer Agreement” and “Standard Contractual Clauses” for sharing to the processor outside EU/EEA or Thailand.
When you are under the EU General Data Protection Regulation (GDPR), in some cases when we transfer your data to countries outside of the EU or EEA, we use additional safeguards to protect your personal data, such as the EU Commission approved “Standard Contractual Clauses”. A copy of the clauses can be provided for your review on request to the contact details provided in section 9.
You have the right to ask us for information about our data processing or for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required to keep by law or when we have compelling legitimate interests in retaining the data.
We will provide you with a copy of your personal data when you (or, in case of children under 16, your parents or representatives) request to do.Click here for more information.
We shall inform you without delay within 30 days after receiving of the request. This period may be prolonged for a further month, if several data subjects exercise their rights and their cooperation is necessary to a reasonable extent. If we refuse to take action on the request of the data subject, we shall inform you of the reasons for the refusal.
When you are under the Thailand Personal Data Protection Act (PDPA) or the EU General Data Protection Regulation (GDPR), to exercise any of these rights you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to THAI data protection authority or EU data protection authority where you live, work or where you believe a breach may have occurred.
In some cases it may be necessary that you provide us with data, in order for us to enter into a contract with you and to provide you with the services that you request. In such cases we will not be able to submit these services to you without the data.
We hope that we can satisfy queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, or would like to opt out of direct marketing, you can send your request to;
Thai Airways International Public Company Ltd.
89 Vibhavadi Rangsit Road, Bangkok 10900, Thailand
Or email firstname.lastname@example.org
THAI has appointed EU representative for the purposes of the GDPR.
If you are in EU and would like to contact us, you can also send your request to;
Thai Airways International Public Company Ltd.
In general, THAI will retain your personal data as long as it is needed for the respective purpose of data processing and applicable law then, thereafter, to comply with any applicable recordkeeping provisions. Personal data may also be contained in backup files which we keep for information security purposes and regularly delete when the backup period is over.
Where we process registration data, we do this for as long as you are an active user of our services.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.