Privacy Policy.

Last updated

June 28th 2025

Address

136/24 Moo 3, Tambon Pak Nam Pran, Pranburi, Prachuap Khiri Khan 77220, Thailand

Introduction

Nayuran (“Nayuran,” “we,” “our,” or “us”) designs and operates integrated active‑living campuses, wellness studios, educational programmes and digital platforms that promote healthy longevity. Protecting your privacy is integral to our mission. This Privacy Policy explains how we collect, use, disclose, and safeguard your Personal Data when you interact with our websites, mobile applications, physical campuses and related services (collectively, the “Services”).

This Policy is prepared in accordance with the Personal Data Protection Act B.E. 2562 (2019) of Thailand (“PDPA”), and—where applicable—the EU General Data Protection Regulation (“GDPR”) and other regional laws.

Information you provide

Personal Information

·       Identity & Contact Data: Full name, postal address, email address, telephone number, national ID/passport (where required). Purpose: create accounts, verify identity, manage bookings.

·       Health & Lifestyle Data (optional): Wellness goals, activity preferences, accessibility needs. Purpose: personalise programmes and campus experiences.

·       Transaction & Financial Data: Billing address, payment‑card details (processed via PCI‑DSS‑compliant gateways), tax documentation. Purpose: process payments, issue invoices, manage refunds.

·       Membership & Project Data: Campus enrolment details, booking history, feedback, communications. Purpose: deliver and improve Services, maintain service history.

Project Information

Providing certain data is necessary for us to deliver the Services. Where information is optional, we will request your consent before collection.

Information automatically collected

Website Usage

·       • Usage & Device Data – IP address, device type, operating system, browser version, referring URLs, pages viewed, clicks, session timestamps, and error logs.

·       • Cookies & Similar Technologies – Essential cookies (site operation), analytics cookies (usage insights), preference cookies (remember settings), and marketing cookies (shown only after you consent via our cookie banner).

Cookies and Tracking

We use various types of cookies to enhance your experience on our website. These include essential cookies for website functionality, analytics cookies for performance measurement, preference cookies to remember your choices and improve user experience, and marketing cookies (only with your consent) to provide relevant advertising and promotional content.

How we use your information

How & Why we use your data

·       Deliver Services – create accounts, schedule classes, personalise wellness plans, provide support.

·       Payment & Invoicing – process transactions and manage refunds.

·       Improve Services – analyse usage, develop new programmes, secure our platforms.

·       Marketing – send newsletters and event invitations (opt‑out any time).

·       Compliance & Security – fulfil statutory duties, respond to lawful requests, maintain safety logs.

Service Improvement

We analyze collected data to continuously improve our services. This includes analyzing user behavior patterns, improving website functionality, enhancing our service offerings, optimizing user experience, and debugging technical issues. These improvements help us better serve our clients and streamline our processes.

Communication

We use your contact information to send service updates and notifications, project status updates, subscription information, marketing communications (only with your consent), and newsletter distribution (for opt-in subscribers only). These communications keep you informed about your projects and our services.

Data storage and security

Data storage

Your data is stored using secure cloud storage providers with industry-standard encryption. We conduct regular security audits to ensure data integrity and limit staff access to only those who need it for service delivery. Our secure backup systems ensure your data is protected against loss while maintaining confidentiality.

Data retention

We retain active client data throughout your service period with us. Archived data is kept for 10 years after project completion for reference and legal purposes. Financial records are retained as required by law. You have the option to request data deletion at any time, subject to our legal obligations.

Security Measures

We implement comprehensive security measures including SSL/TLS encryption for data transmission, secure password policies, two-factor authentication options, regular security updates, and ongoing employee security training. These measures work together to protect your information from unauthorized access or disclosure.

Information sharing

Third-Party Service Providers

·       We never sell Personal Data.

·       Trusted service partners (e.g., payment processors, cloud hosts, email providers) receive data under strict agreements.

·       Within the Nayuran group for internal administration and combined offerings.

·       When required by law or to defend our legal rights.

·       With your explicit consent, e.g., when referring you to specialist healthcare providers.

Legal Requirements

We may disclose your information when required by law, including in response to court orders, legal obligations, government requests, to protect our rights, or to enforce our terms of service. We will notify you of such disclosures when legally permitted to do so.

Your rights and choices

Access Rights

·       Access – request a copy of your data.

·       Correct – update inaccuracies.

·       Erase or Anonymise – remove data no longer necessary.

·       Object or Restrict – limit processing in certain cases.

·       Withdraw Consent – at any time (does not affect prior lawful processing).

·       Data Portability – receive data you provided in a structured format.

·       Complain – to Thailand’s Personal Data Protection Committee (PDPC).

EU/EEA residents also have GDPR rights (Articles 12‑22). California residents may exercise CCPA rights to know, delete, and opt‑out of certain data uses.

Control Options

You maintain control over your data through various options including the ability to opt-out of marketing communications, manage cookie preferences, unsubscribe from newsletters, request account deletion, and submit data removal requests. These controls ensure you can manage how we use your information.

Childrens privacy

Our Services target adults. We do not knowingly collect data from anyone under 13 years old. Users aged 13‑17 require parental consent. If we learn we hold data from a child, we delete it promptly.

International data transfers

We do not provide services to children under 13 years of age. We do not knowingly collect personal data from minors. If you are under 18, you must have parent or guardian consent to use our services. If we discover we have inadvertently collected information from a child, we will delete it immediately.

Changes to privacy policy

We may update this Policy to reflect operational or legal changes. We will post the revised Policy with a new “Effective date” and provide 30‑days’ advance notice via email or website banner for material changes. Continued use after the effective date constitutes acceptance.

Specific rights by region

European users (GDPR)

If you are located in the European Economic Area, you have additional rights under GDPR including the right to access your personal data, rectification of inaccurate data, erasure of your data, restriction of processing, data portability, objection to processing, and rights related to automated decision making and profiling.


California users (CCPA)

California residents have specific rights under CCPA including the right to know what personal information is collected, whether personal information is sold or disclosed, the right to opt-out of the sale of personal information, access to personal information, and the right to equal service and price regardless of exercising privacy rights.

Other Regions

We comply with all applicable regional privacy laws and provide additional rights as required by local legislation. We maintain awareness of local data protection standards and adjust our practices to ensure compliance with regional requirements wherever we operate.

Compliance and Governance

We conduct annual compliance reviews, staff security training, and maintain ISO 27001‑aligned practices. Our Data Protection Office monitors PDPA sub‑regulations and international standards to ensure continual improvement.

We maintain compliance with GDPR, CCPA, Privacy Shield certification requirements, all applicable local privacy laws, and industry standards for data protection. Our compliance efforts are ongoing and regularly reviewed to ensure we meet or exceed all legal requirements.

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein.