Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Social Sisters Society collects, uses, stores and protects your personal data. It applies to all visitors, members and customers of our website at socialsisterssociety.com.

We are committed to protecting your privacy in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and, where applicable to our EU-resident visitors and members, the EU General Data Protection Regulation 2016/679 (“GDPR”).

Please read this policy carefully. By using our website or becoming a member, you acknowledge that you have read and understood how we handle your personal data.

1. Who We Are

Social Sisters Society is a private limited company registered in Surat Thani, Thailand. We are the data controller responsible for your personal data.

Contact: socialsisterssocietythailand@gmail.com

If you have any questions about this policy or how we handle your data, please contact us at the email address above.

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Account & Identity Data

Name, email address, and account login credentials provided when you create a member account.

2.2 Contact Data

Name, email address, phone number, and message content submitted through our contact form or by email.

2.3 Membership & Profile Data

Your membership plan, join date, membership status, and the interests and availability preferences you nominate in your member profile. We use this profile information in aggregate to understand what our members enjoy and when they are available, so that we can plan events that suit our community. We do not make automated decisions based on this data, and we do not sell or share it with third parties for marketing purposes.

2.4 Booking & Transaction Data

Event bookings, ticket purchase history, and transaction records. Payment processing is handled entirely by our third-party providers — PayPal and Stripe. We do not receive or store your full card number, CVV, or bank details. We receive only a transaction confirmation and a partial reference from the payment provider.

2.5 Communications Data

Records of communications between you and Social Sisters Society, including emails, enquiries, and support requests.

2.6 Data We Do Not Collect

We do not use Google Analytics, Meta Pixel, or any third-party tracking or advertising cookies. We do not collect sensitive personal data such as health information, nationality, or biometric data.

3. How We Collect Your Data

We collect data directly from you when you:

  • Create a member account or complete your member profile
  • Purchase a membership plan or event ticket
  • Submit a contact or enquiry form
  • Register for or attend an event
  • Correspond with us by email
  • Subscribe to our mailing list

We do not purchase data from third parties or obtain your data from public sources.

4. Why We Use Your Data & Our Legal Basis

We only process your personal data where we have a lawful basis to do so. The following sets out each purpose, the data used, and the legal basis under both GDPR and the PDPA.

4.1 To fulfil your membership or booking contract

Data used: Account data, membership data, booking and transaction data.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b); PDPA s.24(3)).
This includes creating and managing your account, processing your membership subscription, issuing event tickets, and communicating with you about your bookings.

4.2 To process payments

Data used: Booking and transaction data, shared with PayPal and/or Stripe.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b); PDPA s.24(3)).
Payment data is processed by PayPal and Stripe directly. Each has its own privacy policy which we encourage you to review.

4.3 To plan and improve our events

Data used: Aggregated member profile data (interests and availability preferences).
Legal basis: Legitimate interests (GDPR Art. 6(1)(f); PDPA s.24(5)) — specifically, our interest in designing events that meet our members’ needs. This interest is not overridden by your rights because the data is used only internally, is not shared, and you have full control over what you nominate in your profile.
You may update or remove your interests and availability preferences from your member profile at any time.

4.4 To respond to enquiries

Data used: Contact data, communications data.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f); PDPA s.24(5)) — to respond to questions you have initiated.

4.5 To send you marketing communications

Data used: Name and email address.
Legal basis: Consent (GDPR Art. 6(1)(a); PDPA s.19). We will only send marketing emails if you have separately opted in. You may withdraw your consent at any time by clicking “unsubscribe” in any email or by contacting us directly. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.

4.6 To comply with legal and financial obligations

Data used: Transaction and booking records, account data.
Legal basis: Legal obligation (GDPR Art. 6(1)(c); PDPA s.24(1)) — including obligations under Thai tax and accounting law (Revenue Code B.E. 2481) which require us to retain financial records for a minimum of five years.

4.7 To keep our website and systems secure

Data used: Account data, session data.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f); PDPA s.24(5)) — to prevent fraud, abuse, and unauthorised access.

5. Cookies

Our website uses only essential cookies — small files necessary to operate the site. These include cookies that keep you logged in, protect your session, and enable forms and the checkout process to function. We do not use analytics, advertising, or tracking cookies.

Because we use only essential cookies, we do not require your consent to place them. You can manage or delete cookies at any time through your browser settings, however disabling essential cookies may prevent you from using certain features of the site such as logging in or completing a booking.

6. Who We Share Your Data With

We do not sell your personal data. We share your data only in the following limited circumstances:

6.1 Payment processors

PayPal (PayPal Holdings, Inc. / PayPal (Europe) S.à r.l. et Cie, S.C.A.) and Stripe (Stripe, Inc. / Stripe Payments Europe, Ltd.) process payments on our behalf. Each acts as an independent data controller for the payment data they receive. Please review their privacy policies at paypal.com and stripe.com respectively.

6.2 Website and hosting providers

Our website is built on WordPress and hosted by a third-party provider. These providers access data only as necessary to maintain the technical operation of our services and are contractually bound to protect it.

6.3 Legal requirements

We may disclose your data if required to do so by Thai law, a court order, or a competent regulatory authority.

7. International Data Transfers

Social Sisters Society is based in Thailand. When data is transferred to or processed by providers located in other countries (including the United States and the European Economic Area), we ensure appropriate safeguards are in place.

PayPal and Stripe both operate entities within the European Economic Area and are subject to GDPR obligations for EU-resident users. Where transfers occur to countries without an adequacy decision, we rely on Standard Contractual Clauses or equivalent safeguards recognised under the PDPA and GDPR.

If you would like more information about the specific safeguards in place for any transfer, please contact us.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law. Our standard retention periods are:

  • Account and profile data — for the duration of your active membership, plus 3 years after termination or closure of your account.
  • Booking and payment records — 7 years from the date of the transaction, in line with Thai Revenue Code requirements for financial records.
  • Contact and enquiry data — 12 months after your enquiry is resolved.
  • Marketing consent records — 3 years from the date consent is withdrawn, to demonstrate compliance.
  • Event attendance records — 3 years from the date of the event.

After these periods, data is securely deleted or irreversibly anonymised.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include secure HTTPS transmission, access controls, and working only with reputable service providers.

No method of transmission over the internet is completely secure. If you have reason to believe your data has been compromised, please contact us immediately at socialsisterssocietythailand@gmail.com.

10. Your Rights

You have the following rights in relation to your personal data. To exercise any of these rights, please use our Data Rights Request form or contact us directly at socialsisterssocietythailand@gmail.com. We will respond within 30 days.

Rights under both the PDPA and GDPR

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure — to ask us to delete your data where we no longer have a lawful basis to hold it.
  • Right to restriction — to ask us to pause processing of your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, machine-readable format (applies to data processed by automated means on the basis of consent or contract).
  • Right to withdraw consent — where processing is based on your consent (e.g. marketing emails), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Additional rights under GDPR (EU residents)

  • Right to object — to object to processing based on legitimate interests, including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Right not to be subject to automated decision-making — we do not make automated decisions that produce legal or similarly significant effects about you.
  • Right to lodge a complaint — if you are an EU resident and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

Rights under the PDPA (Thailand)

  • You also have the right to lodge a complaint with the Thailand Personal Data Protection Committee (PDPC) if you believe your rights under the PDPA have been infringed.

11. Children

Our services are exclusively for women aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes — changes that affect how your data is used or your rights — we will notify you by email before the changes take effect and, where required, ask for your renewed consent. Minor or clarificatory changes will be posted here with an updated “last updated” date.

We encourage you to review this policy periodically.

Social Sisters Society · Surat Thani, Thailand · socialsisterssocietythailand@gmail.com