Privacy Policy

Last updated: July 23, 2025

This Privacy Policy explains how One Day Cafe ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our website, mobile application, visit our physical location, or use any of our services including account registration, reservations, loyalty program, and payment processing.

Information We Collect

We collect information you provide directly to us, information we collect automatically when you use our services, and information from third-party sources.

Personal Information You Provide

• Account registration information (name, email address, phone number)
• Profile information and preferences
• Reservation and booking details
• Payment information (processed securely through third-party processors)
• Loyalty program participation and activity
• Communication preferences and language settings
• Feedback, reviews, and customer service communications
• Marketing communication preferences

Information Collected Automatically

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, click patterns)
• Location data (with your permission)
• WiFi usage data when connected to our network
• Cookies and similar tracking technologies
• Session recordings for user experience improvement
• Error logs and performance data

Information from Third Parties

• Social media login information (if you choose to connect accounts)
• Payment processor information for transaction processing
• Analytics providers for website usage insights
• Security services for fraud prevention
• Marketing partners for promotional activities

Information Collected at Physical Location

• CCTV footage for security and safety purposes
• WiFi connection logs and usage data
• Point-of-sale transaction information
• Loyalty card usage and rewards activity
• Reservation check-in and usage patterns

How We Use Your Information

We use your personal information for the following purposes, based on legitimate business interests, contract performance, legal obligations, or your consent:

Service Provision and Management

• Creating and managing your user account
• Processing reservations and bookings
• Managing loyalty program participation and rewards
• Processing payments and transactions
• Providing customer support and responding to inquiries
• Sending service-related notifications and updates

Communication and Marketing

• Sending promotional offers and marketing communications (with consent)
• Providing information about new services and features
• Conducting customer satisfaction surveys
• Sending newsletters and updates about our business
• Responding to your questions and feedback

Service Improvement and Analytics

• Analyzing usage patterns to improve our services
• Conducting research and analytics for business insights
• Testing new features and functionality
• Personalizing your experience and recommendations
• Optimizing website performance and user experience

Legal and Security Purposes

• Complying with legal obligations and regulations
• Preventing fraud and ensuring security
• Protecting our rights and property
• Enforcing our Terms & Conditions
• Responding to legal requests and court orders
• Maintaining records for business and legal purposes

Sharing Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

Service Providers and Business Partners

• Payment processors (PromptPay, credit card processors) to complete transactions
• Cloud hosting providers for data storage and website functionality
• Analytics providers to understand website usage and improve services
• Email service providers for communication and marketing
• Customer support platforms for providing assistance
• Security services for fraud prevention and system protection

Legal Requirements and Protection

• Law enforcement agencies when required by law or legal process
• Government authorities for regulatory compliance
• Legal advisors and courts in connection with legal proceedings
• Other parties when necessary to protect our rights or property
• Emergency responders when necessary to protect health and safety

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the new entity, subject to the same privacy protections.

Data Security and Protection

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

Security Measures We Implement

• Encryption of sensitive data in transit and at rest
• Secure authentication systems and access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection and privacy
• Secure data centers with physical and digital protections
• Regular backup and disaster recovery procedures
• Monitoring systems for detecting unauthorized access

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention Periods

• Account information: Retained while your account is active and for 3 years after closure
• Transaction records: Retained for 7 years for tax and legal compliance
• Marketing communications: Until you unsubscribe or withdraw consent
• CCTV footage: Retained for 30 days unless required for security investigations
• Website analytics: Aggregated data retained indefinitely, personal data for 26 months
• Customer support records: Retained for 2 years after resolution

Your Privacy Rights

Under Thai Personal Data Protection Act (PDPA) and other applicable privacy laws, you have the following rights regarding your personal information:

Data Subject Rights

• Right to Access: Request copies of your personal information we hold
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information under certain circumstances
• Right to Restrict Processing: Request limitation of how we process your information
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days as required by law.

Limitations on Rights

• Some rights may not apply in certain circumstances (e.g., legal obligations)
• We may need to verify your identity before processing requests
• Some information may be retained for legal or business purposes
• Certain requests may incur reasonable administrative fees
• We may refuse requests that are manifestly unfounded or excessive

International Data Transfers

Your personal information may be transferred to and processed in countries outside Thailand. We ensure appropriate safeguards are in place to protect your information in accordance with applicable laws.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.