Privacy policy.

1. INTRODUCTION

Chicken Tenders ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website chickentenderspad.com or purchase our products.

This Privacy Policy complies with:

  • Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA")

  • Electronic Transactions Act B.E. 2544 (2001)

  • Consumer Protection Act B.E. 2522 (1979)

  • International best practices (GDPR-aligned)

Please read this Privacy Policy carefully. By using our Site, you consent to the practices described herein.

2. DATA CONTROLLER INFORMATION

Data Controller: Chicken Tenders
Registered Location: Thailand
Contact Email: operations@chickentenderspad.com
Website: https://www.chickentenderspad.com

3. INFORMATION WE COLLECT

We collect information that you provide directly to us and information automatically collected when you use our Site.

3.1 Personal Data You Provide

When you create an account or place an order:

  • Full name

  • Email address

  • Phone number

  • Shipping address

  • Billing address

  • Payment information (processed by third-party payment processors)

When you contact customer service:

  • Name

  • Email address

  • Phone number

  • Order number

  • Content of your communications

When you subscribe to our newsletter or marketing:

  • Email address

  • Name (optional)

  • Preferences

When you participate in surveys or promotions:

  • Any information you choose to provide

3.2 Automatically Collected Information

When you visit our Site, we automatically collect:

  • IP address

  • Browser type and version

  • Device type and operating system

  • Pages viewed and time spent on pages

  • Referring website

  • Date and time of visit

  • Clickstream data

  • Cookies and similar tracking technologies (see Section 9)

3.3 Information from Third Parties

We may receive information from:

  • Payment processors (transaction confirmation, fraud prevention data)

  • Shipping carriers (delivery status)

  • Marketing partners (if you interact with our ads on other platforms)

  • Social media platforms (if you connect your account)

4. LEGAL BASIS FOR PROCESSING (PDPA COMPLIANCE)

Under the PDPA, we process your personal data based on the following legal grounds:

4.1 Consent

  • Marketing communications

  • Newsletter subscriptions

  • Optional data collection (surveys, preferences)

4.2 Contract Performance

  • Processing and fulfilling your orders

  • Providing customer service

  • Managing your account

4.3 Legal Obligation

  • Tax and accounting records

  • Consumer protection law compliance

  • Responding to legal requests

4.4 Legitimate Interest

  • Fraud prevention and security

  • Website analytics and improvement

  • Business development and research

  • Protecting our rights and property

Important: You have the right to withdraw consent at any time (see Section 12 - Your Rights).

5. HOW WE USE YOUR INFORMATION

We use your personal data for the following purposes:

5.1 Order Processing and Fulfillment

  • Process your orders and payments

  • Verify your identity

  • Ship products to you

  • Send order confirmations and shipping notifications

  • Handle returns and refunds

5.2 Customer Service

  • Respond to your inquiries and requests

  • Provide technical support

  • Resolve disputes

  • Enforce our Terms of Service

5.3 Marketing and Communications

  • Send promotional emails about new products, special offers (with consent)

  • Provide product recommendations

  • Conduct surveys and gather feedback

  • Send administrative messages (order updates, policy changes)

5.4 Website Improvement

  • Analyze how visitors use our Site

  • Improve Site functionality and user experience

  • Develop new features and products

  • Conduct research and analytics

5.5 Security and Fraud Prevention

  • Detect and prevent fraud, abuse, and illegal activity

  • Protect the security of our Site and systems

  • Verify accounts and activity

  • Monitor for security threats

5.6 Legal Compliance

  • Comply with applicable laws and regulations

  • Respond to legal requests and prevent harm

  • Maintain records as required by law

6. HOW WE SHARE YOUR INFORMATION

We do not sell your personal data. We share your information only in the following circumstances:

6.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

Payment Processors:

  • [Payment gateway names - e.g., Stripe, Omise, PayPal]

  • Purpose: Process payments securely

  • Data shared: Payment information, transaction details

Shipping Carriers:

  • Kerry Express, Flash Express, Ninja Van, [International carriers]

  • Purpose: Deliver your orders

  • Data shared: Name, phone number, shipping address, order details

Email Service Providers:

  • [e.g., Mailchimp, SendGrid]

  • Purpose: Send transactional and marketing emails

  • Data shared: Email address, name, order history

Web Hosting and Cloud Services:

  • [e.g., Squarespace, AWS, Google Cloud]

  • Purpose: Host our website and store data

  • Data shared: All data stored on our Site

Analytics Providers:

  • Google Analytics, Facebook Pixel, [others]

  • Purpose: Analyze website traffic and user behavior

  • Data shared: Usage data, cookies, device information

Customer Service Tools:

  • [e.g., Zendesk, Intercom]

  • Purpose: Manage customer support

  • Data shared: Contact information, communication history

6.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy:

  • Your data may be transferred to the successor entity

  • We will notify you via email and/or prominent notice on our Site

6.3 Legal Requirements

We may disclose your information if required to:

  • Comply with laws, regulations, or legal process

  • Respond to government or law enforcement requests

  • Enforce our Terms of Service

  • Protect our rights, property, or safety

  • Prevent fraud or illegal activity

6.4 With Your Consent

We may share your information for other purposes with your explicit consent.

Data Processing Agreements: All third-party service providers are contractually required to:

  • Process data only for specified purposes

  • Implement appropriate security measures

  • Comply with data protection laws

  • Not use your data for their own purposes

7. INTERNATIONAL DATA TRANSFERS

7.1 Thailand-Based Operations

Our primary operations and data storage are in Thailand. However, some service providers may process data in other countries, including:

  • United States (cloud hosting, payment processing)

  • Singapore (regional data centers)

  • European Union (analytics services)

7.2 Safeguards

When transferring data internationally, we ensure:

  • Service providers comply with PDPA and GDPR standards

  • Standard contractual clauses are in place

  • Adequate data protection measures are implemented

  • Transfers comply with Thai data protection laws

8. DATA RETENTION

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy, or as required by law.

8.1 Retention Periods

Account Data:

  • Active accounts: Retained while account is active

  • Inactive accounts: Deleted after 3 years of inactivity (or upon request)

Order and Transaction Data:

  • Retained for 7 years for tax and accounting purposes (Thai law requirement)

  • Then securely deleted or anonymized

Marketing Data:

  • Retained until you unsubscribe or withdraw consent

  • Then deleted within 30 days

Customer Service Data:

  • Retained for 2 years after last interaction

  • Then securely deleted

Website Analytics Data:

  • Aggregated data retained indefinitely

  • Individual user data deleted after 26 months

8.2 Deletion Requests

You may request deletion of your data at any time (see Section 12 - Your Rights). We will comply within 30 days, except where we must retain data for legal obligations.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Site. We use cookies and similar technologies to enhance your experience and analyze Site usage.

9.2 Types of Cookies We Use

Essential Cookies:

  • Required for Site functionality

  • Enable shopping cart, checkout, account login

  • Cannot be disabled without affecting Site functionality

Analytics Cookies:

  • Track how visitors use our Site

  • Help us improve Site performance

  • Examples: Google Analytics

Marketing Cookies:

  • Track your visits across websites

  • Enable targeted advertising

  • Examples: Facebook Pixel, Google Ads

Preference Cookies:

  • Remember your settings and preferences

  • Improve user experience

9.3 Cookie Management

You can control cookies through:

  • Browser settings (block, delete, or receive notifications)

  • Opt-out tools provided by third parties

  • Our cookie consent banner (when applicable)

Note: Blocking essential cookies may prevent you from using certain Site features.

9.4 Do Not Track

Our Site does not currently respond to "Do Not Track" signals. You can still control tracking through browser settings and opt-out tools.

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration.

10.1 Security Measures

Technical Safeguards:

  • SSL/TLS encryption for data transmission

  • Secure servers and databases

  • Regular security audits and updates

  • Firewall protection

  • Access controls and authentication

Organizational Safeguards:

  • Employee training on data protection

  • Limited access to personal data (need-to-know basis)

  • Confidentiality agreements with staff and contractors

  • Incident response procedures

Payment Security:

  • We do NOT store complete credit card information

  • Payment data is processed by PCI-DSS compliant providers

  • Tokenization and encryption protect payment information

10.2 Your Responsibility

You are responsible for:

  • Keeping your account password secure

  • Not sharing your login credentials

  • Logging out after using shared devices

  • Notifying us immediately of unauthorized access

10.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights:

  • We will notify you within 72 hours (as required by PDPA)

  • We will report the breach to the Personal Data Protection Committee

  • We will provide information about the breach and mitigation steps

No System is 100% Secure: Despite our efforts, no security measures are perfect. We cannot guarantee absolute security.

11. THIRD-PARTY LINKS

Our Site may contain links to third-party websites, social media platforms, or services. This Privacy Policy does not apply to those third parties.

We are not responsible for:

  • Privacy practices of third-party websites

  • Content or security of linked sites

  • Data collection by third parties

We recommend: Review the privacy policies of any third-party sites you visit.

12. YOUR RIGHTS (PDPA DATA SUBJECT RIGHTS)

Under Thailand's PDPA, you have the following rights regarding your personal data:

12.1 Right to Access

  • Request a copy of the personal data we hold about you

  • Receive information about how we process your data

12.2 Right to Rectification

  • Request correction of inaccurate or incomplete data

  • Update your account information at any time

12.3 Right to Erasure ("Right to be Forgotten")

  • Request deletion of your personal data

  • Subject to legal retention requirements (e.g., tax records)

12.4 Right to Restrict Processing

  • Request that we limit how we use your data

  • Applies in specific circumstances (e.g., disputing data accuracy)

12.5 Right to Data Portability

  • Receive your data in a structured, commonly used format

  • Transfer your data to another service provider

12.6 Right to Object

  • Object to processing based on legitimate interests

  • Object to direct marketing at any time

12.7 Right to Withdraw Consent

  • Withdraw consent for marketing communications

  • Unsubscribe from emails via link in each message

  • Contact us to withdraw consent for other purposes

12.8 Right to Lodge a Complaint

12.9 How to Exercise Your Rights

To exercise any of these rights:

  1. Email us at: operations@chickentenderspad.com

  2. Provide your name, email, and specific request

  3. Verify your identity (we may request additional information)

  4. We will respond within 30 days

Free of Charge: Exercising these rights is generally free. We may charge a reasonable fee for excessive or repeated requests.

13. CHILDREN'S PRIVACY

Our Site and products are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children.

If you are under 18:

  • Do not use our Site or provide any personal information

  • Have a parent or guardian make purchases on your behalf

If we discover we have collected data from a child:

  • We will delete it immediately

  • Parents may contact us to request deletion

14. MARKETING COMMUNICATIONS

14.1 Opt-In

We will only send marketing emails if you:

  • Create an account and opt-in to marketing

  • Subscribe to our newsletter

  • Provide explicit consent

14.2 Opt-Out

You can stop receiving marketing emails at any time by:

  • Clicking "Unsubscribe" in any marketing email

  • Logging into your account and updating preferences

  • Emailing us at operations@chickentenderspad.com

Transactional Emails: You cannot opt-out of essential transactional emails (order confirmations, shipping notifications, password resets) while you have an active account.

14.3 SMS Marketing (if applicable)

If we offer SMS marketing:

  • We will obtain explicit consent before sending SMS

  • You can opt-out by replying "STOP" to any SMS

  • Standard message and data rates may apply

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices

  • Legal or regulatory requirements

  • New features or services

15.1 Notification of Changes

Material changes:

  • We will notify you via email

  • We will post a prominent notice on our Site

  • We will update the "Last Updated" date

Your continued use of the Site after changes constitutes acceptance of the updated Privacy Policy.

15.2 Review Regularly

We encourage you to review this Privacy Policy periodically.

16. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: operations@chickentenderspad.com
Subject Line: "Privacy Inquiry"
Response Time: We will respond within 30 days

For PDPA-related inquiries: Personal Data Protection Committee (Thailand)
Website: https://www.pdpc.or.th
 Phone: +65 6377 3131

17. CONSENT AND ACKNOWLEDGMENT

BY USING OUR SITE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.

For marketing purposes: Your consent is explicit and can be withdrawn at any time without affecting the lawfulness of processing based on consent before withdrawal.

END OF PRIVACY POLICY