Privacy Policy

Privacy Policy for Spin Siam

Effective Date: September 19, 2025

At Spin Siam (“we,” “us,” or “our”), we operate an e-commerce platform selling vinyl records and related products through our website [https://spinsiam.com] (the “Site”). We are committed to protecting your personal data in compliance with Thailand’s Personal Data Protection Act (PDPA) B.E. 2562 (2019) and other applicable laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our Site, make a purchase, or interact with our services. By using our Site, you consent to the practices described in this policy.

If you do not agree with this Privacy Policy, please do not access or use our Site or services.

1. Information We Collect

We collect personal data about you in the following ways:

a. Personal Data You Provide

  • Identity and Contact Information: Full name, email address, phone number, billing and shipping address, and payment details (e.g., credit card information processed securely via third-party payment gateways) when you create an account, place an order, or contact us.
  • Account Preferences: Music preferences (e.g., genres like rock, jazz, or pop), order history, and saved addresses if you create an account.
  • Communications: Information you provide when you contact customer support, sign up for newsletters, or participate in surveys, promotions, or contests.

b. Personal Data Collected Automatically

  • Device and Usage Data: IP address, browser type, device type, operating system, pages visited, time spent on the Site, and referring URLs, collected via cookies, web beacons, or similar technologies.
  • Approximate Location: Derived from your IP address to tailor content or comply with Thai regulations.
  • Transaction Data: Details of your purchases, such as vinyl record titles, quantities, and delivery information.

c. Personal Data from Third Parties

We may receive personal data from:

  • Payment Processors: Transaction details from providers like Stripe or PayPal.
  • Shipping Partners: Delivery status from companies like Thailand Post or DHL.
  • Analytics Providers: Usage data from tools like Google Analytics.
  • Marketing Partners: Information for joint promotions, only with your explicit consent.

Payment Processing and Third-Party Services

We use Stripe, a third-party payment processor, to securely process payments, prevent fraud, authenticate users, and provide related services such as analytics. When you make a payment on our website, we share certain personal information with Stripe, including your name, email address, payment details (e.g., credit card or bank account information), and billing/shipping address, as necessary to complete the transaction and comply with legal obligations.

Stripe may use this information to operate and improve its services, including for fraud prevention, authentication, and analytics. For more details on how Stripe handles your data, please review Stripe’s Privacy Policy and Privacy Center.

Stripe’s Privacy Policy: https://stripe.com/privacy
Stripe’s Privacy Center: https://stripe.com/legal/privacy-center.

Cookies and Tracking: Stripe may use cookies or similar technologies to facilitate payments and prevent fraud. You can learn more about Stripe’s use of cookies in their Cookie Policy.

Stripe’s Cookie Policy: https://stripe.com/cookies

Your Rights: Under applicable data protection laws (e.g., GDPR, CCPA), you may have rights to access, correct, delete, or restrict the use of your personal data. To exercise these rights, please contact us at contact@spinsiam.com. We obtain your consent, where required, to share your data with Stripe for payment processing.

Data Transfers: Personal data shared with Stripe may be transferred to and processed in countries outside your jurisdiction, including the United States, in accordance with Stripe’s Data Transfers Addendum.

Stripe’s Data Transfers Addendum: https://stripe.com/legal/dta

We ensure appropriate safeguards are in place for such transfers.

If you have questions about our use of Stripe or data practices, please contact us.

d. Legal Basis for Collection

Under the PDPA, we collect and process your personal data based on:

  • Consent: For marketing, personalized recommendations, or non-essential cookies.
  • Contractual Necessity: To process orders, deliver products, and manage your account.
  • Legal Obligation: To comply with Thai laws, such as tax reporting.
  • Legitimate Interests: For fraud prevention, website analytics, and improving our services, provided your rights are not overridden.

2. How We Use Your Personal Data

We use your personal data to:

  • Process and fulfill your orders for vinyl records, including payment processing and shipping.
  • Manage your account and provide customer support.
  • Send you order confirmations, shipping updates, and responses to inquiries.
  • Provide personalized recommendations (e.g., vinyl records based on your purchase history), with your consent.
  • Send marketing communications, such as newsletters about new releases or promotions, with your explicit consent.
  • Analyze Site usage to improve our services and user experience.
  • Detect and prevent fraud or unauthorized activities.
  • Comply with legal obligations under Thai law, such as tax or accounting requirements.

3. Disclosure of Your Personal Data

We may disclose your personal data in the following circumstances:

  • Data Processors: To trusted third-party service providers (e.g., payment processors, shipping companies, website hosting providers, or email marketing platforms) who are contractually obligated to protect your data and comply with the PDPA.
  • Business Partners: For joint marketing or promotions, only with your explicit consent.
  • Legal Compliance: To comply with Thai laws, court orders, or requests from authorities like the Personal Data Protection Committee (PDPC) or other government bodies.
  • Business Transfers: In the event of a merger, acquisition, or sale of our business, your data may be transferred to the acquiring entity, with appropriate safeguards.
  • Emergencies: To protect our rights, property, or safety, or that of our customers or the public.

We do not sell your personal data to third parties for their marketing purposes.

4. Your Rights Under the PDPA

As a data subject under Thailand’s PDPA, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data, subject to legal exceptions (e.g., tax records).
  • Right to Restrict Processing: Request restriction of data processing in certain cases.
  • Right to Data Portability: Request your data in a structured, commonly used format.
  • Right to Object: Object to processing for marketing or other purposes based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with the Personal Data Protection Committee (PDPC) if you believe we have violated your rights.

To exercise these rights, contact us at contact@spinsiam.com. We will respond within 30 days, as required by the PDPA, and may request identity verification.

5. Consent for Data Processing

Where required by the PDPA, we will obtain your explicit consent before:

  • Sending marketing communications (e.g., newsletters or promotional offers).
  • Using non-essential cookies or tracking technologies for analytics or advertising.
  • Processing sensitive personal data (if applicable).

You may withdraw consent at any time by contacting us or using the unsubscribe link in our emails.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of payment information using SSL/TLS protocols.
  • Secure storage of data with restricted access.
  • Regular security assessments of our systems and third-party providers.

However, no online system is completely secure. We cannot guarantee absolute security, but we strive to protect your data in line with PDPA requirements.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by Thai law:

  • Order and transaction data: Retained for 5 years to comply with Thai Revenue Department tax requirements.
  • Account data: Retained until you request deletion or your account is inactive for 2 years.
  • Marketing data: Retained until you withdraw consent or opt out.

After the retention period, we will securely delete or anonymize your data.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze Site usage:

  • Essential Cookies: Necessary for Site functionality (e.g., shopping cart, login sessions).
  • Analytics Cookies: To understand how users interact with the Site (e.g., Google Analytics).
  • Marketing Cookies: For personalized ads, with your consent.

You can manage cookies via your browser settings or our cookie consent tool (if applicable). Disabling cookies may affect Site functionality.

9. International Data Transfers

Spin Siam is based in Thailand. Your personal data may be transferred to and processed in other countries (e.g., the United States) by our service providers (e.g., cloud hosting or payment processors). We ensure such transfers comply with PDPA requirements, using safeguards like Standard Contractual Clauses or agreements with data processors. By using our Site, you consent to these transfers where necessary.

10. Third-Party Links

Our Site may contain links to third-party websites (e.g., social media platforms or payment gateways). We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.

11. Children’s Privacy

Our Site and services are not intended for individuals under 20 years of age, as defined by the PDPA for consent purposes. We do not knowingly collect personal data from children under 20 without parental consent. If we discover such data has been collected, we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or Thai legal requirements. We will notify you of significant changes by posting the updated policy on our Site with a new “Effective Date” or via email. Your continued use of the Site after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or wish to exercise your PDPA rights, please contact:

Spin Siam
Email: contact@spinsiam.com
Address: 168/33 Moo 7, Ton Pao, San Kamphaeng, Chiang Mai, 50130
Phone: 0802333663

Office of the Personal Data Protection Committee (PDPC)
Address: สำนักงานคณะกรรมการคุ้มครองข้อมูลส่วนบุคคล เลขที่ 120 หมู่ 3 ชั้น 5-7 ศูนย์ราชการเฉลิมพระเกียรติ 80 พรรษา 5 ธันวาคม 2550 (อาคาร ซี) ซอยแจ้งวัฒนะ 7 ถนนแจ้งวัฒนะ แขวงทุ่งสองห้อง เขตหลักสี่ กรุงเทพฯ 10210
Website: www.pdpc.or.th