1. GENERAL PROVISIONS

This Privacy and Personal Data Protection Policy (the “Policy”) is adopted by MERU ESTATE CO., LTD., a company established under the laws of Thailand, with its registered office at 128/66 Moo.5, Rassada Sub-District, Mueang Phuket District, Phuket Province, Phuket 83000, Thailand (the “Controller” or “we”).
This Policy is prepared in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable laws governing personal data protection. It defines our approach to the collection, processing, storage, and protection of personal data received from users (“Data Subjects”, “you”) via the website https://meruestate.com/ (the “Website”) and other related communication channels.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

The Controller processes personal data according to the following GDPR-aligned principles:

• Lawfulness, fairness, and transparency;
• Purpose limitation;
• Data minimization;
• Accuracy;
• Storage limitation;
• Integrity and confidentiality;
• Accountability.

3. DATA SUBJECT RIGHTS

Under GDPR, you have the following rights:

• Access – to know whether your data is being processed, and if so, receive a copy;
• Rectification – to correct inaccurate or incomplete data;
• Erasure (“right to be forgotten”) – to request deletion under certain conditions;
• Restriction – to limit processing in certain cases;
• Objection – to object to processing based on legitimate interest or direct marketing;
• Data portability – to receive your data in a structured, commonly used format;
• Withdraw consent – at any time, without affecting the lawfulness of prior processing;
• Lodge a complaint – with the competent supervisory authority.

To exercise your rights, contact us at: info@meruestate.com

4. PURPOSES OF PROCESSING AND LEGAL GROUNDS

We process personal data only where we have a legal basis under GDPR. The purposes and lawful bases include:
4.1 Contractual purposes (Article 6(1)(b) GDPR):

• To fulfill agreements or pre-contractual obligations at the data subject’s request.
• Includes: name, surname, email, phone (including messengers like WhatsApp, Telegram).

4.2 Consent-based purposes (Article 6(1)(a) GDPR):

• Sending newsletters, marketing, personalized offers.
• Providing consultations, property selections, and thematic guides.
• Website analytics and improvement.

4.3 Legitimate interest (Article 6(1)(f) GDPR):

• Enhancing user experience and system security.
• Tracking effectiveness of marketing campaigns.

4.4 Legal obligation (Article 6(1)(c) GDPR):

• Where processing is required by applicable laws in Thailand or under EU law.

5. CATEGORIES OF PERSONAL DATA PROCESSED

We process the following categories of personal data:

• Identification data: full name, email address, phone number;
• Contact preferences: preferred messenger or method of communication;
• Technical data: IP address, cookies, browser type, referral sources;
• Communication history: inquiries, requests, preferences;
• Usage data: behavior on the Website, interaction with ads and emails.

We do not process special categories of data (sensitive data) or biometric data.


6. COOKIES AND TRACKING TECHNOLOGIES (COOKIE POLICY)

We use cookies and analytics tools (Google Tag, Facebook Pixel, Tilda metrics) to:

• Analyze Website usage;
• Improve functionality and performance;
• Personalize user experience.

Consent Mechanism: When visiting the Website, you are shown a cookie banner. Continuing to use the Website or clicking “Accept” constitutes your consent to the use of cookies.

You may disable cookies in your browser settings. More details can be found in our Cookie Policy (or adjust link based on final location).

7. DATA RETENTION

Personal data is kept for no longer than is necessary for the purposes for which it is processed:

• Contractual data: 3 years from contract fulfillment or last communication;
• Marketing data: until consent is withdrawn;
• Cookie data: as per cookie expiration or until cleared by user.

8. DATA SECURITY

We implement legal, organizational, and technical measures to safeguard personal data, including:

• Access controls (passwords, encryption);
• Secure storage (physical and cloud-based);
• Antivirus and firewall protections;
• Staff confidentiality agreements and training.

In the event of a data breach, we will notify the supervisory authority and affected users where legally required.

9. SHARING OF PERSONAL DATA

We may share personal data with:
Data processors under signed Data Processing Agreements (DPAs), including:

• Tilda Publishing – Website hosting and form collection;
• Unisender SMART – Email marketing platform;
• AMOcrm – CRM automation and client tracking;
• Google and Facebook – analytics providers (cookie-based);

Supervisory or governmental authorities – where required by law.
Each third party is contractually obliged to implement appropriate security measures.
We do not sell or rent personal data to any third parties.

10. INTERNATIONAL DATA TRANSFERS

We do not intentionally transfer your personal data outside the European Economic Area (EEA). If such transfer becomes necessary (e.g., due to third-party service providers), we will ensure:

• Standard Contractual Clauses (SCCs), or
• Other GDPR-compliant safeguards are in place.

11. YOUR RIGHTS AND CONTACT

To exercise your rights under GDPR or to make a request regarding your data, please contact: MERU ESTATE CO., LTD.
128/66 Moo.5, Rassada Sub-District, Mueang Phuket District, Phuket Province, Phuket 83000, Thailand
info@meruestate.com
 +66 98 013 85 81
You also have the right to lodge a complaint with your local Data Protection Authority in the EU.

12. FINAL PROVISIONS

We may update this Policy to reflect changes in legal or business requirements. The updated version will be posted on this page with the revision date.
Last updated: August 30, 2025
If you do not agree with this Policy, you should refrain from using the Website.