Privacy Policy
Privacy Policy
Effective date: 14 August 2025
This Privacy Policy explains how Isla (“Isla Studio & Café”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you visit our website and online booking pages, use our services, or interact with us via messaging and social platforms.
If you do not agree with this Policy, please do not use our website or services.
1) Who we are & contact details
Controller: Isla Wellness Co. Ltd., operating as Isla Studio & Café
Registered address: Isla Studio., Chaweng, Koh Samui, Surat Thani, Thailand
Contact email (privacy): islastudiopro@gmail.com
2) What information we collect
We collect information that you provide directly and that is generated through your use of our site and services:
a) Identification & contact
Name, email, phone number, country, preferred language.
b) Booking & purchase
Class bookings, membership selections, visit history, payment status (handled by payment processors), gift card details, invoice details.
c) Communications
Messages you send to us via email, website forms, WhatsApp/Line, Instagram, Facebook, or other platforms; your marketing preferences.
d) Device & usage
IP address, device/browser type, pages visited, referring URLs, session information, approximate location, cookies and similar technologies (see Cookies section).
e) User-generated content
Reviews, feedback, survey responses, or content you voluntarily share with us.
f) Sensitive data
We do not require health/medical data to book classes. Please avoid sharing health information online. If you choose to disclose such information (e.g., injuries) for safety, we process it only to provide the requested service and with your consent.
3) How we use your information (purposes)
We use personal information to:
Provide and manage bookings, memberships, and customer accounts.
Process payments and send confirmations/receipts.
Communicate about schedules, changes, and support requests.
Send marketing communications where permitted (you can opt out anytime).
Improve our website, services, and customer experience (analytics, troubleshooting).
Ensure safety, prevent fraud/abuse, and comply with legal obligations.
4) Legal bases (EEA/UK GDPR) & lawful grounds (Thailand PDPA)
Where applicable, we rely on:
Contract: to provide the services you request (e.g., processing a class booking).
Consent: for certain marketing, cookies/analytics, or optional disclosures (you may withdraw consent at any time).
Legitimate interests: to run and protect our business, personalize communications, and improve services (balanced against your rights).
Legal obligation: to meet accounting, tax, and regulatory requirements.
Vital interest (rare): to protect your vital interests in emergencies.
5) Cookies, pixels & similar technologies
We use cookies and similar technologies (including analytics and advertising pixels) to operate the site, remember preferences, measure performance, and personalize marketing.
You can manage preferences via our cookie banner (where available) and/or your browser settings.
Blocking some cookies may impact site functionality.
Typical partners may include analytics, advertising, booking, and payment providers.
6) Payment processing & third-party partners
We use reputable third-party providers to operate parts of our service. These providers act as processors or independent controllers (depending on the service). Typical categories include:
Booking & scheduling (e.g., class management/checkout pages).
Payment processing (e.g., card payments, fraud prevention).
Communications (e.g., WhatsApp Business/Line, email service providers, live chat).
Analytics & advertising (e.g., Google Analytics, Meta/TikTok pixels).
Website hosting & security.
We share only the information necessary for each purpose. These partners are contractually required to protect your data in line with applicable laws.
7) International data transfers
Your information may be transferred to and processed in countries outside your country of residence, including countries that may have different data-protection laws (e.g., the United States). Where required, we use safeguards such as Standard Contractual Clauses or equivalent mechanisms to protect your information.
8) How we protect your information
We use technical and organizational measures appropriate to the risk, including encryption in transit where feasible, access controls, and data minimization. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
9) Data retention
We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy, including to meet legal, accounting, or reporting obligations. Typical retention periods:
Account, booking, and transaction records: up to 7 years (to satisfy legal/tax requirements).
Marketing data: until you opt out or become inactive for 24 months.
Support and messaging logs: typically 24 months, unless needed longer to resolve an issue.
We will delete or anonymize data when no longer needed.
10) Your rights
Your rights depend on your location, but may include:
Thailand (PDPA)
Request access and a copy of your data.
Request correction or deletion of your data.
Withdraw consent where processing is based on consent.
Object to or restrict certain processing.
Request data portability (where applicable).
Lodge a complaint with Thailand’s Office of the Personal Data Protection Committee (PDPC).
EEA/UK (GDPR)
Rights of access, rectification, erasure, restriction, objection, and data portability.
Where processing is based on consent, the right to withdraw consent at any time.
Right to complain to your local supervisory authority.
US (California and similar laws, where applicable)
Right to know/access, correct, delete, and opt out of certain “sale” or “sharing” of personal information and targeted advertising.
You will not be discriminated against for exercising these rights.
How to exercise your rights
Contact us at islastudiopro@gmail.com. We may need to verify your identity. We aim to respond within 30 days (or the period required by law).
11) Marketing communications
You can opt out of marketing emails at any time via the unsubscribe link or by contacting us. Service and transactional messages (e.g., booking confirmations) are still sent as needed.
12) Messaging apps & social platforms
If you contact us via WhatsApp/Line/Instagram/Facebook or similar, your messages and profile information are processed by those platforms under their own terms and privacy policies. Avoid sharing sensitive information via public or unsecured channels.
13) Children’s privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. For the EEA/UK, we do not knowingly collect data from children under 16 without appropriate consent.
14) CCTV & in-studio notices (on-site)
For safety and security, some areas of our studio premises may use CCTV. Separate in-studio signage will provide details. CCTV footage is retained for a limited period unless required to investigate an incident.
15) Sharing for legal reasons and business transfers
We may disclose information if required by law, to protect our rights, customers, the public, or to detect/prevent fraud or security issues. If we undergo a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.
16) Links to other websites
Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies.
17) Changes to this Policy
We may update this Policy from time to time. The “Effective date” at the top shows when it was last updated. Significant changes will be posted on this page (and, where appropriate, notified to you).
18) How to contact us
If you have questions or requests regarding this Policy or your personal information, contact us at:
Email: islastudiopro@gmail.com
Postal: Isla Wellness Co. LTD, Koh Samui, Surat Thani, Thailand
Last updated: 14 August 2025