Privacy Policy

Last updated: July 2026

At Thaitop, we share Thailand’s hidden gems, cultural experiences, and local secrets with travelers worldwide. This Privacy Policy explains what personal data we actually collect, why, and who we work with to run Thaitop.co — in plain language, matching exactly what happens on the site today.

Scope

This policy applies to information collected through our website, thaitop.co. Thaitop does not currently operate a mobile app.

Data Controller

Thaitop is operated by Chayada UG (haftungsbeschränkt), Ria-Thiele Straße 31, 40549 Düsseldorf, Germany. For any data protection questions, contact us at:

Email: privacy@thaitop.co

What Personal Data We Collect

Directly From You

  • Email address — if you sign up for our newsletter (hero sign-up, exit-intent offer, or bundle landing page), via MailerLite.
  • Name, email, and message — if you contact us through our contact form. This is sent directly to us and is not added to any mailing list.

Automatically

  • Device and usage data — approximate location, browser type, and which pages you visit, collected via Google Analytics 4, only after you consent via our cookie banner.
  • Affiliate click data — if you click a booking link (hotels, flights, tours, or insurance), our affiliate networks, Involve.Asia and Travelpayouts, set a tracking cookie so we can earn a commission if you book. This also only happens with your consent.
  • Essential technical data — needed to run the site securely (e.g., remembering your cookie preferences). These do not require consent, as the site cannot function without them.

Thaitop does not use advertising or retargeting pixels, does not run AI-driven personalization, does not embed third-party media (e.g., YouTube or Instagram) on the site, and does not offer user accounts. Our quizes and widgets run entirely in your browser — no answers or personal data are sent to us or anyone else.

How We Use Your Information

The table below shows exactly what we use your data for, and the legal basis for each, in line with GDPR Article 6.

Purpose
Data Used
Legal Basis
Third Party Involved
Run and secure the website
Technical/session data (essential cookies)
Legitimate interest
None
Understand site traffic and content performance
Device ID, approximate location, browsing behavior
Consent
Google Analytics 4 (Google Ireland Ltd.)
Send the newsletter
Email address
Consent
MailerLite (UAB “MailerLite”, Lithuania)
Respond to contact inquiries
Name, email, message content
Legitimate interest
None — message sent to Chayada UG only
Track affiliate bookings for commission
Click ID, referral data, IP address
Consent
Involve.Asia; Travelpayouts

How We Share Your Information

We only share personal data with the specific processors named above — Google (Analytics), MailerLite (newsletter), Involve.Asia and Travelpayouts (affiliate tracking) — each strictly for the purpose stated. We do not sell personal data, and we do not share data with data brokers, demographic data providers, or advertising networks, because we do not work with any.

We may disclose data if legally required to do so by a competent authority, or in the event of a merger, acquisition, or asset sale involving Chayada UG — in which case your data would remain subject to an equivalent privacy standard.

International Data Transfers

MailerLite is based in the EU (Lithuania) — no international transfer occurs for newsletter data. Google Analytics may involve a transfer of data to the United States; Google self-certifies under the EU-U.S. Data Privacy Framework as the transfer safeguard. We recommend visiting Google’s own policy pages for the current status of this certification, as transfer mechanisms can change.

Cookies

We use a small, specific set of cookies, managed through our cookie consent tool, which lets you accept or decline each category individually:

  • Essential — always on, required for the site to function.
  • Analytics — Google Analytics 4, off by default until you consent.
  • Affiliate Partners — Involve.Asia and Travelpayouts tracking, off by default until you consent.

You can change your preferences at any time via the cookie settings link in our website footer.

Your GDPR Rights

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request erasure of your data, under certain conditions
  • Restrict how we process your data in specific cases
  • Receive your data in a portable, machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (e.g., unsubscribe from the newsletter)
  • Lodge a complaint with your local Data Protection Authority

To exercise any of these rights, email us at privacy@thaitop.co with the subject line “GDPR Privacy Rights Request.” We will respond within 30 days.

Data Retention

Data Category
Retention Period
Newsletter / email marketing data
Until you unsubscribe, or 24 months after your last open/click, whichever comes first
Contact form inquiries
12 months after the inquiry is resolved
Analytics data (GA4)
14 months (Google Analytics default retention setting)
Affiliate tracking data
Set by Involve.Asia and Travelpayouts respectively — not controlled by Thaitop directly
Server/hosting logs
30–90 days, per hosting provider default

Data Security

We use reasonable technical and organizational measures (e.g., encryption in transit, access controls, and a reputable hosting provider) to protect your data against unauthorized access or loss. No system is completely secure, and we continue to review and improve these measures.

Children’s Privacy

Thaitop is not directed at children under 16, and we do not knowingly collect data from them. If we become aware that we have inadvertently collected a child’s data, we will delete it promptly.

Third-Party Websites

Our site contains links to external sites, including our affiliate booking partners. We are not responsible for the privacy practices of these third parties, and we encourage you to review their own privacy policies before providing any personal data to them.

Changes to This Policy

We may update this policy as our practices evolve. Material changes will be reflected by an updated “Last updated” date at the top of this page.

Contact Us

For any questions about this policy or your data:

Email: privacy@thaitop.co

Post: Thaitop, c/o Chayada UG (haftungsbeschränkt), Ria-Thiele Straße 31, 40549 Düsseldorf, Germany