Legal Information

Privacy Policy

Last updated: 19 May 2026

1. Data Controller

Thongthai Intertrade Co., Ltd.
Nonthaburi · Bangkok Metropolitan Region · Thailand
Contact for data-protection enquiries: sales@thongthai-ltd.com

2. What this policy covers

This Privacy Policy explains how Thongthai Intertrade Co., Ltd. ("we", "us") handles personal data collected through the website thongthai-ltd.com (and its alias www.thongthai-ltd.com). It is intended to comply with the EU General Data Protection Regulation (GDPR) and the Thai Personal Data Protection Act (PDPA).

3. Personal data we collect

3.1 Information you provide

When you submit a trade enquiry through the contact form on our website, we collect:

  • First and last name
  • Email address
  • Phone number (optional)
  • Role (buyer, supplier, broker, partner, general, careers)
  • Commodity of interest (optional)
  • Subject and message content

This information is used exclusively to respond to your enquiry, to verify counterparties before commercial commitment, and — if relevant — to deliver requested commercial information.

3.2 Information collected automatically

We use a privacy-friendly, self-hosted instance of Plausible Analytics to understand traffic patterns. Plausible does not use cookies, does not collect personal data, does not generate persistent identifiers and does not track users across websites. The collected information includes:

  • Page URL visited
  • Referring website (where you came from)
  • Country (derived from anonymized IP)
  • Browser and device type
  • Conversion events (e.g. contact-form submissions, including chosen role and commodity)

All data is aggregated. No personal profile is built. Read more about Plausible's data policy at plausible.io/data-policy.

4. Legal basis (GDPR Art. 6)

  • Contact form data — Art. 6(1)(b): pre-contractual measures at your request. Art. 6(1)(f): legitimate interest in commercial communication and counterparty screening.
  • Analytics — Art. 6(1)(f): legitimate interest in understanding site usage. No personal data is processed.
  • Server logs — Art. 6(1)(f): legitimate interest in security, abuse detection and operational stability.

5. How long we keep data

  • Contact-form submissions: retained for the duration of the commercial conversation plus 3 years for record-keeping, then deleted unless a contractual relationship requires longer retention.
  • Analytics data: aggregated indefinitely (no personal identifiers).
  • Server logs: 30 days, then automatic rotation.

6. Sharing data

We do not sell your data. We do not share your data with third parties for marketing purposes. Limited sharing occurs only with:

  • Our SMTP relay provider (all-inkl.com) — solely to deliver email correspondence triggered by your contact-form submission.
  • Self-hosted analytics — Plausible runs on our own infrastructure; no data is transmitted to third-party trackers.
  • Google Maps — when the embedded map iframe loads, your IP address is transmitted to Google. To prevent this, do not interact with the contact section's map.

7. International data transfers

The website is hosted on infrastructure operated by dotrockets Services LLP. The data controller (Thongthai Intertrade Co., Ltd.) is based in Thailand. Where data is transferred from the EU to Thailand, we rely on appropriate safeguards under the EU's adequacy framework and GDPR Chapter V.

8. Your rights

Under GDPR (EU visitors) and the Thai PDPA (Thai visitors), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data ("right to be forgotten")
  • Object to processing
  • Request restriction of processing
  • Data portability
  • Withdraw consent at any time (where consent was the basis)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email sales@thongthai-ltd.com. We respond within 30 days.

9. Cookies

This website does not set tracking or marketing cookies. The only cookies that may be set are strictly necessary for basic site functionality and do not require consent under GDPR.

10. AI and search-engine crawlers

We explicitly permit reputable AI crawlers (GPTBot, ChatGPT-User, ClaudeBot, anthropic-ai, Claude-Web, PerplexityBot, Google-Extended, CCBot, Applebot-Extended) to index the website, so AI-search systems may cite us. This indexing concerns only public website content — never form submissions or any personal data.

11. Security

Site traffic is fully TLS-encrypted (Let's Encrypt). The contact-form backend uses authenticated SMTP over SSL. Standard server-security hardening is applied.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be highlighted in this section for at least 30 days.