Privacy Notice

02 December 2020

1. Introduction

Thai Airways International Public Company Ltd. (THAI), 89 Vibhavadi Rangsit Road, Bangkok 10900, realizes the importance of personal data of our customers.

This privacy notice applies to the collection and processing of your personal information in relation to:

  • Your use of our websites, provided under,,,, and
  • Your use of our products and other commercial services such as flights, buying tickets, catering, cargo, giveaways, and others.
  • Your use of our other commercial services, such as buying tickets and interacting with us in relation to our services and products.
  • Your use of our loyalty program Royal Orchid Plus (“ROP”).
  • Your bookings and interactions regarding our travel arrangement program Royal Orchid Holidays (“ROH”).
  • Your use of mobile application provided by THAI.

This privacy notice also describes your data protection rights. More information about your rights, and how to exercise them, is set out in Section 7 below.

2. What information do we collect?

We generally collect your personal data, either directly from you or from authorised representatives, through our websites, mobile services, and other channels including our ticketing counters and airport operations or from third parties including other airlines, travel agency, the International Air Transport Association (IATA) and from IT services providers for the global travel and tourism industry, who are operating inter alia the computer reservations systems (CRS) for many airlines.

We collect and process personal data about you when you interact with us and our websites and when you purchase tickets or other goods and services from us.

This includes:

  • Basic Personal information e.g., name, gender, date of birth, passport or other personal identification numbers, images, photographs, videos, CCTV footage, voice recordings
  • Contact information e.g., address, phone number, email address
  • Payment information e.g., credit or debit card information, including the name of cardholder, card number, billing address and expiry date
  • Travel information e.g., flight/hotel/car/tour information, dietary and seating or other service preferences, PNR, ticket number, ROH Confirmation number, air waybill number
  • Membership information e.g., frequent-flyer program number, mileage transactions
  • Feedback information e.g., feedback, complaint, survey
  • Shareholder information e.g., number of shares held
  • Log data and device information e.g., IP address, cookies
  • Tracking information e.g., cookies and similar technologies
  • Sensitive information e.g., medical records

In justified cases we collect and process your personal data relating to your health status when you inform us about your medical conditions (such as needing a specific medication), we will ask you for your consent to process such data.

3. How do we use this information, and what is the legal basis for this use?

We process your personal data according to the purposes and limited to what is necessary for the following purposes:

  • To fulfil a contract, or take steps linked to a contract: this is relevant where you make a ticket booking or reservation or purchase any other products or services from us. This includes:
    • Verifying your identity
    • Taking payments
    • Communicating with you
    • Providing customer services, including arrangement of air transportation, processing your travel arrangements, and arranging the delivery of other products, benefits or services;
    • Processing your enrolment to our frequent-flyer program and managing your account;
    • Managing shareholder
    • Complying with entry/exit regulations of Border authorities (Immigration, Customs, etc.).
  • As required to conduct our business and pursue our legitimate interests, in particular:
    • We will use your information to provide products and services you have requested, and respond to any comments, queries or complaints you may send us;
    • We will monitor use of our websites and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;
    • We will use information you provide to personalise our websites, products or services for you;
    • If you provide a credit or debit card as payment, we will also use third parties to check the validity of the sort code, account number and card number you submit in order to prevent fraud (see data sharing in item 6);
    • We will trace back customer activities to prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, in accordance with applicable law;
    • We will use information you provide to investigate any complaints received from you or from others, about our website or our products or services;
    • We will use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
    • We will use data of some individuals to invite them to take part in market research;
    • We will process your data for purposes such as accounting, billing and auditing;
    • In some cases, we will also use your data for statistical research and analytic purposes;
    • In some cases, we will contact you for product or customer satisfaction surveys;
    • We will use personal data to ensure flight safety and security and to prepare for and prevent emergencies;
    • We will monitor who are in our areas to support the protection of our properties and safety, to investigate unauthorized physical access and accident or crime;
    • We will take your photos or VDO in our events.
  • Where you give us consent:
    • We will send you newsletters containing news concerning our company and our products, services and special offers.
    • We will send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners.
    • We will place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used.
    • We create your profile for marketing purposes in order to deliver advertisements that match your interests.
    • On other occasions we ask you for consent, we use the data for the purpose which we explain at that time.
  • For purposes which are required by law and regulation:
    • In response to requests by government or law enforcement authorities conducting an investigation.
  • For purposes which are required by vital interest:
    • We will use your personal data for carrying humanitarian support to you and your family in case you are victim during the aftermath of an aviation accident or humanitarian crisis involving THAI anywhere system-wide.

4. Withdrawing consent or otherwise objecting to direct marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your personal data for other purposes, such as those set out above.

You have an unconditional right to opt-out of direct marketing at any time. You can do this by following the instructions in the communications we send you, or by contacting us using the details set out in section 9.

5. Cookies

When you visit our websites, we may place cookies on your devices and use those cookies to collect personal data. You can find out more in ourCookie Notice.

6. Who will we share your personal data with, where and when?

If necessary for the provision of services to you, we will share your data with other service providers who take part in the provision of the respective services to you. This may include:

  • Other airlines, business partners
  • Ground handling service providers, who assist in services such as check-in and baggage handling
  • Providers of accommodation, other tourism services, payment and shipment service
  • IT providers of the aviation sector
  • Government agencies where requested by the respective applicable law

Personal data will also be shared with third party service providers who will process it on behalf of THAI for the purposes identified above. Such third parties include data processors that we use for the provision of certain services such as enabling our customers to book flights, validate payment through credit card, facilitating frequent-flyer program operations, etc. as well as providers of website hosting, maintenance, call centre operation and identity checking. In this case, we use additional safeguards to protect your personal data such as “Data Processing and Transfer Agreement” and “Standard Contractual Clauses” for sharing to the processor outside EU/EEA or Thailand.

We process your data mainly within the Kingdom of Thailand and EU. If you acquire services that involve the transfer of your data to other countries, such as international flight connections, we will also transfer your data to these other countries. In this respect we also refer to the general privacy policy of the International Air Transport Association (IATA)

When you are under the EU General Data Protection Regulation (GDPR), in some cases when we transfer your data to countries outside of the EU or EEA, we use additional safeguards to protect your personal data, such as the EU Commission approved “Standard Contractual Clauses”. A copy of the clauses can be provided for your review on request to the contact details provided in section 9.

7. What rights do you have?

You have the right to ask us for information about our data processing or for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required to keep by law or when we have compelling legitimate interests in retaining the data.

We will provide you with a copy of your personal data when you (or, in case of children under 16, your parents or representatives) request to do.Click here for more information.

We shall inform you without delay within 30 days after receiving of the request. This period may be prolonged for a further month, if several data subjects exercise their rights and their cooperation is necessary to a reasonable extent. If we refuse to take action on the request of the data subject, we shall inform you of the reasons for the refusal.

When you are under the Thailand Personal Data Protection Act (PDPA) or the EU General Data Protection Regulation (GDPR), to exercise any of these rights you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to THAI data protection authority or EU data protection authority where you live, work or where you believe a breach may have occurred.

8. When is it mandatory to provide data to us?

In some cases it may be necessary that you provide us with data, in order for us to enter into a contract with you and to provide you with the services that you request. In such cases we will not be able to submit these services to you without the data.

9. How can you contact us if you have any questions?

We hope that we can satisfy queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, or would like to opt out of direct marketing, you can send your request to;

Privacy Office
Thai Airways International Public Company Ltd.
89 Vibhavadi Rangsit Road, Bangkok 10900, Thailand
Or email

THAI has appointed EU representative for the purposes of the GDPR.
If you are in EU and would like to contact us, you can also send your request to;

Thai Airways International Public Company Ltd.
ZEIL 127
60313 Frankfurt

10. How long will THAI retain your data?

In general, THAI will retain your personal data as long as it is needed for the respective purpose of data processing and applicable law then, thereafter, to comply with any applicable recordkeeping provisions. Personal data may also be contained in backup files which we keep for information security purposes and regularly delete when the backup period is over.

Where we process registration data, we do this for as long as you are an active user of our services.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

Previous Privacy Notice