Whatsapp Facebook-messenger Youtube Instagram
Advanced
Search

Privacy Policy

Effective date: 18th September 2025

This Privacy Policy explains how [Mermaid Homes Co., Ltd.] (“Mermaid Homes“, “we“, “us“, or “our“) collects, uses, discloses, and safeguards personal data when you visit www.mermaidhomes.com, use our services, contact us, or interact with our advertisements and social media (collectively, the “Services“).

We are a real‑estate brokerage and property marketing business based in [Phuket, Thailand]. We are committed to protecting your privacy and handling your personal data transparently and in accordance with applicable laws, including the Thailand Personal Data Protection Act B.E. 2562 (2019) (PDPA), the EU/UK GDPR, and (where applicable) the California Consumer Privacy Act (CCPA/CPRA).

Quick summary (non‑legal): We collect the minimum data needed to show listings, respond to inquiries, arrange viewings, and run our website. We do not knowingly sell your data. You can ask us to access, correct, delete, or stop certain uses of your data at any time. See Your Rights & Choices below.

1) Who we are (Data Controller)

  • Legal entity: Mermaid Homes Co., Ltd.

When we determine the purposes and means of processing, we act as Data Controller. In certain activities (e.g., using cloud tools) we may act as a Data Processor for property owners/partners.

2) Personal data we collect

We collect and process the following categories of personal data:

A. You provide directly

  • Identification & contact: name, email, phone/WhatsApp/LINE ID, address, nationality.
  • Property preferences: location, budget, bedroom/bath count, lifestyle needs.
  • Inquiry details: messages, call notes, viewing requests, offer details.
  • Transactional: offer/booking records, KYC information (if required), documents you upload.
  • Communications: feedback, testimonials, survey responses.

B. Collected automatically

  • Usage data: pages viewed, referring/exit pages, time on page, clicks, scrolls.
  • Device & network: IP address, device type, browser type/version, OS, approximate location (derived from IP).
  • Cookies & similar tech: identifiers to remember preferences, analyze site performance, and measure ads. See Cookies & Tracking below.

C. From third parties

  • Lead sources/portals (e.g., property marketplaces), ad platforms, social media, analytics providers.
  • Public sources (e.g., land office publications), anti‑fraud and KYC services (where legally required).

We do not request sensitive data unless required by law (e.g., identity verification for transactions). If we must collect such data, we will do so only with a lawful basis and appropriate safeguards.

3) Purposes and legal bases

We use personal data for:

  1. Providing the Services: responding to inquiries, sending property details, arranging viewings, facilitating offers/tenancies/sales.
    Legal basis: performance of a contract or steps prior to entering into a contract; legitimate interests.
  2. Customer support & communications: sending confirmations, reminders, and service messages.
    Legal basis: performance of a contract; legitimate interests.
  3. Marketing: sending newsletters, new listings, price drops, and event invitations; showing ads (including retargeting).
    Legal basis: consent (where required) and/or legitimate interests. You may opt out at any time.
  4. Analytics & improvement: measuring website performance, diagnosing issues, and improving UX.
    Legal basis: legitimate interests; consent for non‑essential cookies where required.
  5. Security & fraud prevention: protecting accounts, preventing spam, safeguarding property access, complying with KYC/AML where applicable.
    Legal basis: legitimate interests; legal obligations.
  6. Legal & compliance: responding to lawful requests, enforcing agreements, maintaining records.
    Legal basis: legal obligations; establishment, exercise, or defense of legal claims.

4) Cookies & tracking technologies

We use cookies and similar technologies (e.g., pixels, SDKs, local storage) to:

  • Remember preferences (e.g., language, saved searches),
  • Conduct analytics (e.g., Google Analytics 4),
  • Measure marketing effectiveness and retarget ads (e.g., Meta Pixel, Google Ads),
  • Enhance security (e.g., bot detection/reCAPTCHA).

You can manage cookies in your browser settings and (where available) via our cookie banner. Non‑essential cookies are used only with your consent where required by law. [Link to Cookie Settings / Cookie Policy]

5) How we share personal data

We share personal data only as needed and with safeguards:

  • Service providers (processors): hosting (e.g., WordPress), theme/plugins, email/SMS/WhatsApp tools, analytics, security, CRM, document e‑signature, payment gateways (if used).
  • Real‑estate counterparties: property owners, landlords, tenants, buyers, sellers, co‑brokers, developers—strictly for facilitating viewings, offers, or transactions you request.
  • Professional advisors & compliance: lawyers, auditors, notaries, KYC/AML providers, and regulators when legally required.
  • Business transfers: in a merger, acquisition, or asset sale, subject to confidentiality.

We do not permit vendors to use your data for their own marketing without your consent. We do not knowingly sell personal information. See California Addendum for “share”/“sell” definitions under CPRA.

6) International transfers

We operate in Thailand and may use cloud services located in other countries (e.g., Singapore, EU, US). Where we transfer personal data internationally, we implement appropriate safeguards (e.g., standard contractual clauses, intra‑group agreements, or PDPA‑compliant mechanisms) and ensure the recipient provides an adequate level of protection.

7) Data retention

We keep personal data only as long as necessary for the purposes above, including to meet legal, accounting, or reporting requirements. Typical retention periods are:

  • Inquiries & lead records: [12–24 months] after last contact,
  • Viewing/offer/contract files: [5–10 years] (subject to statutory requirements),
  • Marketing lists: until you unsubscribe or we delete inactive contacts,
  • Cookie identifiers: per our Cookie Policy.

When data is no longer needed, we securely delete or anonymize it.

8) Security

We use administrative, technical, and physical controls to protect personal data (e.g., access controls, encryption in transit, backups, least‑privilege access, staff training). However, no method of transmission or storage is 100% secure.

9) Your rights & choices

Your rights depend on your location. Subject to legal limits, you may have the right to:

  • Access a copy of your personal data,
  • Correct inaccurate or incomplete data,
  • Delete your data (erasure),
  • Restrict or object to certain processing,
  • Port your data to another service,
  • Withdraw consent where processing is based on consent,
  • Opt out of marketing communications at any time.

10) Children’s privacy

Our Services are not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

11) Third‑party links & social media

Our website may contain links to third‑party sites and features (e.g., Google Maps, Facebook/Instagram, Trustindex reviews). We are not responsible for their privacy practices. Review their policies before providing personal data.

12) Automated decision‑making

We do not use automated decision‑making that produces legal or similarly significant effects without human involvement.

13) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new Effective date and, where appropriate, notify you by email or website notice. Your continued use of the Services after changes take effect indicates your acknowledgment.

14) Contact us

  • WhatsApp: +66 65-476-5114

If you are in the EU/UK, you may also contact your local data protection authority. If you are in Thailand, you may contact the PDPC.

Jurisdiction‑Specific Addenda

Use the addenda that apply to your audience. Remove sections that do not apply.

A) Thailand PDPA Addendum

  • Controller: Mermaid Homes Co., Ltd.
  • Purposes: as listed above. We rely on consent where required (e.g., marketing), contract, legitimate interests, and legal obligations.
  • Your PDPA rights include: access; rectification; erasure; restriction/objection; data portability; withdrawal of consent; and the right to lodge a complaint with the PDPC.
  • Cross‑border transfers: We will implement PDPA‑compliant safeguards when transferring data outside Thailand.
  • Marketing consent: You can withdraw consent or opt out at any time via unsubscribe links or by contacting us.

B) EU/EEA & UK GDPR Addendum

  • Legal bases: contract (Art. 6(1)(b)), legal obligation (Art. 6(1)(c)), legitimate interests (Art. 6(1)(f)), consent (Art. 6(1)(a)) where required.
  • Data subject rights: access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent.
  • Representative (if required): [Appoint an EU/UK representative if you regularly target those regions].
  • Transfers: we use appropriate safeguards (e.g., SCCs).
  • Complaints: You may lodge a complaint with your local supervisory authority.

C) California (CCPA/CPRA) Addendum

  • Categories collected (may include): identifiers (name, email, phone), commercial info (viewings, offers), internet/network activity (usage data), geolocation (approximate), inferences (preferences), and professional information (if shared by you).
  • Sources: you, your devices, service providers, property portals, and public sources.
  • Business purposes: to provide Services, security, debugging, analytics, internal research, and quality assurance.
  • Selling/Sharing: We do not sell personal information for money. We may share identifiers and internet activity with ad partners for cross‑context behavioral advertising. You can opt out via Do Not Sell or Share My Personal Information links or cookie settings.
  • Sensitive information: collected only if required for compliance (e.g., KYC) and not used to infer characteristics.
  • Retention: kept only as long as reasonably necessary for stated purposes.
  • Your CPRA rights: know, delete, correct, opt out of sale/share, limit use of sensitive info, and non‑discrimination for exercising rights.

Service & Plugin Disclosures (Website)

Tailor this to your actual stack. Remove items you don’t use.

  • WordPress Core & Hosting: stores functional cookies and server logs for security and performance.
  • Elementor / Houzez Theme: may process layout preferences and performance data to render pages.
  • Analytics: [Google Analytics 4] for traffic and performance (IP masking, data retention period [●]).
  • Advertising: [Meta Pixel / Google Ads] for measurement and retargeting; disable via cookie banner/preferences.
  • Maps/Fonts: [Google Maps embed, Google Fonts] may receive IP and device info when assets load.
  • Forms & CRM: [Contact Form, HubSpot/Zoho/etc.] captures inquiry details for follow‑up.
  • Reviews Widget: [Trustindex Facebook Reviews] loads content from Facebook/Trustindex and may set third‑party cookies.
  • Security: [reCAPTCHA/Cloudflare/Wordfence] to prevent spam and attacks (collects device/behavioral signals).
  • Email & Messaging: [SMTP provider / WhatsApp Business / LINE OA] processes communications metadata.