Privacy Policy
Last updated: 2 July 2026
Nannies Chiang Mai ("we", "us", "our") operates the website nannieschiangmai.com and provides nanny placement and childcare services in Chiang Mai, Thailand. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with Thailand's Personal Data Protection Act (PDPA) B.E. 2562 (2019) and where applicable, the EU General Data Protection Regulation (GDPR).
1. Data we collect
1.1 Data you provide directly
- Contact information: Name, email address, phone number, WhatsApp/LINE ID
- Family details: Children's ages, care schedule, special requirements (allergies, dietary needs, medical conditions), home address or hotel/Airbnb address
- Communication records: Messages, emails, and call notes between you and our team
- Payment information: Transaction receipts (we do not store full card numbers — payments are processed by PromptPay, Wise, or your card provider)
1.2 Data collected automatically
- Usage data: IP address, browser type, pages visited, referring URLs, UTM parameters, and similar technical data collected via website analytics
- Cookies: We use essential cookies for site functionality. We do not use third-party advertising cookies without your consent.
2. How we use your data
- To process your nanny request and match you with suitable candidates
- To communicate with you about bookings, scheduling, and service updates
- To send you an auto-reply confirmation when you submit a request
- To maintain records for service quality, safety, and dispute resolution
- To comply with legal and regulatory obligations under Thai law
- To improve our website, services, and customer experience
We do not sell your personal data to third parties.
3. Legal basis for processing (GDPR)
For users in the European Economic Area, we process your data on the following legal bases:
- Contractual necessity: To fulfill your booking request and provide our services
- Legitimate interests: To improve our services, ensure safety, and prevent fraud
- Consent: For marketing communications (if you opt in) and non-essential cookies
- Legal obligation: To comply with Thai tax, labour, and safety regulations
4. Data sharing
We share your data only with:
- Assigned nannies: Your name, address, children's details, and care instructions necessary for providing the service
- Service providers: Airtable (lead database), Resend (email delivery), and Cloudflare (web hosting) — all under their respective data processing agreements
- Legal authorities: If required by Thai law, court order, or to protect the safety of a child
All third-party processors are bound by confidentiality obligations and process data only on our instructions.
5. Data retention
- Active client records: Retained for the duration of your engagement with us
- Inactive client records: Retained for 3 years after your last booking, then deleted or anonymised
- Lead data (unconverted): Retained for 12 months, then deleted
- Financial records: Retained for 5 years as required by Thai tax law
6. Your rights
Under the PDPA and/or GDPR, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of your data (subject to legal retention requirements)
- Object to or restrict certain processing of your data
- Request data portability (receive your data in a structured, machine-readable format)
- Withdraw consent for processing based on consent (without affecting lawfully processed data)
- Lodge a complaint with the Thai Personal Data Protection Committee or your local data protection authority
To exercise any of these rights, email hello@nannieschiangmai.com.
7. Data security
We implement appropriate technical and organisational measures to protect your data, including:
- TLS encryption for all data transmitted between your browser and our servers
- Access controls limiting data to authorised personnel only
- Regular security reviews of our hosting and database infrastructure
- Background checks on all staff who handle client data
In the event of a data breach affecting your rights, we will notify you and the relevant authorities within 72 hours, as required by PDPA Section 39 and GDPR Article 33.
8. International data transfers
Your data may be processed by our service providers (Cloudflare, Airtable, Resend) whose servers may be located outside Thailand. We ensure these transfers are protected by appropriate safeguards, including standard contractual clauses and the service providers' own compliance certifications.
9. Children's data
Our service is designed for families with children. We collect children's data (age, dietary needs, medical conditions) only through you, the parent or legal guardian, and only for the purpose of providing safe childcare. We do not market directly to children, and children cannot create accounts on our website.
10. Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "last updated" date. We will notify you of material changes by email or a prominent notice on our website.
11. Contact
If you have any questions about this Privacy Policy or how we handle your data, contact us:
- Email: hello@nannieschiangmai.com
- WhatsApp: +66 95 ··· ····
- LINE: @nannieschiangmai