Legal Framework Documentation
Privacy Policy
GDPR & Thailand PDPA Compliance statement
Last updated: June 23, 2026
Manage Your Personal Data
Under GDPR & PDPA, you can instantly request data export (portability) or account erasure. Click below to enter our interactive privacy panel.
Go to GDPR/PDPA Rights Center →1. Introduction
Ghotelior ("we", "us", or "our") operates the Ghotelior hotel channel management platform and direct booking engines. We are committed to protecting the personal data of our hotel partners, affiliate brokers, and booking guests. This Privacy Policy describes how we collect, use, process, and disclose your personal data in compliance with the EU General Data Protection Regulation (GDPR) and the Thailand Personal Data Protection Act B.E. 2562 (PDPA).
2. Personal Data We Collect
We collect personal data that you provide directly to us or that is transmitted to us automatically when using Ghotelior:
- Account Information: Name, email address, password, phone number, and profile picture for hotel partners, staff, and affiliates.
- Booking Details: Guest name, email address, phone number, check-in/check-out dates, room choices, special requests, and payment status (note: raw credit card details are processed solely by secure payment processors).
- Affiliate Profile Details: Display name, social links, website, bank transfer payout details.
- Technical Logs & Tracking: IP address, device specifications, browser type, navigation patterns, and cookie consents (including our 30-day affiliate tracking cookie).
3. Purposes and Legal Bases for Processing
We process personal data under the following legal bases:
- Performance of Contract: Processing reservations, syncing bookings between channel OTAs, and distributing affiliate commissions.
- Consent: Setting analytics or marketing cookies, sending newsletters, and storing marketing settings.
- Legal Obligation: Complying with financial auditing, taxation, and immigration reporting rules in Thailand.
- Legitimate Interests: Protecting Ghotelior against fraudulent bookings, double bookings, rate disparity, and maintaining portal security.
4. Your Data Subject Rights
Under GDPR and Thailand PDPA, you have significant rights regarding your data. You can exercise these directly in our Privacy Settings portal:
- Right to Access & Portability: You can request a machine-readable copy (JSON) of all personal data we store about you.
- Right to Erasure (Right to Be Forgotten): You can request that we delete or anonymize your personal details.
- Right to Rectification: You can correct any inaccurate personal details in your account profile.
- Right to Object or Restrict Processing: You can withdraw consent for tracking and analytics at any time.
5. Contact and Data Protection Officer (DPO)
For any privacy-related queries, to file complaints, or to contact our DPO, please email privacy@ghotelior.com. You also have the right to lodge complaints with the Thailand Personal Data Protection Committee (PDPC) or your local EU supervisory authority.