Privacy Policy

The data controller is Samujana Ltd, 63/154 Moo 5, Plai Laem Soi 11, Koh Samui, Surat Thani 84320, Thailand. For any privacy enquiry, please contact reservations@samujana.com or call +66 (0) 77 423 465.

We collect personal information in the following ways:

• Information you give us directly — your name, date of birth, nationality, passport or ID details (where required by Thai immigration law), home address, email address, phone number, emergency contact, guest names and ages, travel dates, flight details, dietary requirements, accessibility needs, allergies and other health-related preferences you choose to share, special-occasion details (anniversaries, birthdays, weddings), villa and experience preferences, and any messages you send us.
• Reservation and payment information — booking history, rate plan, deposits, invoices, and partial payment-card information. Card numbers are processed by our PCI-DSS compliant payment providers; we do not store full card numbers on our own systems.
• On-property information — services requested during your stay (in-villa dining, private chef, spa, transfers, excursions, Kids Club, butler requests), folio charges, CCTV footage in common and perimeter areas for safety and 24-hour security, and incident reports where relevant.
• Wedding and event information — guest lists, supplier details, menu and beverage selections, ceremony requirements, and photographs or video where you have engaged our team or contracted suppliers.
• AI Concierge interactions — the messages, prompts, preferences, and conversation history you submit to our AI Concierge chat, together with any context you provide about your stay or trip. See Section 6 for details.
• Website and device information — IP address, device and browser type, language, referring URL, pages viewed, approximate location derived from IP, and interactions with the site. We use cookies and similar technologies as described in Section 9.
• Information from third parties — travel agents, tour operators, online travel agencies (OTAs), wedding planners, corporate organisers, and partners who book on your behalf; and publicly available information where relevant to a wedding or VIP arrangement.

We do not intentionally collect personal information from children under 16. Where children are part of a booking, we process only the minimum information needed (such as name and age) and rely on the booking adult to provide it.

We use your information to:

• respond to enquiries, prepare quotes, and confirm reservations;
• deliver your stay — including villa allocation, airport and in-island transfers, housekeeping, in-villa dining, private chef and BBQ service, spa and wellness, excursions such as the Kindred Spirit catamaran, Kids Club, weddings and private events;
• personalise your experience based on your stated preferences and previous stays (for example, pillow preference, dietary needs, or favoured experiences);
• process payments, deposits, refunds, and folio settlement;
• comply with Thai law, including immigration registration (TM30), tax and accounting obligations, and health and safety requirements;
• operate, secure, and improve our website, booking systems, and AI Concierge, including fraud prevention and abuse detection;
• send service messages relating to your booking and, where you have opted in, marketing communications about offers, experiences, and events; and
• defend or pursue legal claims and protect the safety of guests, staff, and the property.

Where the GDPR or PDPA applies, we rely on the following legal bases:

• Contract — to take steps at your request and to perform your booking.
• Legal obligation — to comply with immigration, tax, accounting, and safety laws.
• Legitimate interests — to operate and improve the estate, our website, and our AI Concierge; to ensure security and prevent fraud; and to communicate with past guests in a way they would reasonably expect.
• Consent — for marketing emails, certain cookies, AI Concierge use, and any sensitive information (such as health, dietary, or accessibility needs) you voluntarily share.

We do not sell or rent your personal information. We share it only with:

• Service providers who operate our estate and digital services — including property management and booking systems, payment processors, cloud hosting and email providers, analytics partners, and the AI model providers that power our AI Concierge (see Section 6).
• Trusted partners on-property — for example, transport operators, the Kindred Spirit catamaran, spa therapists, private chefs, photographers, and wedding suppliers — strictly to deliver services you have requested.
• Travel agents and OTAs who made or manage your booking on your behalf.
• Authorities — where required by Thai law (including immigration via TM30), by court order, or to protect the safety of guests, staff, or the property.
• Professional advisors — auditors, insurers, and lawyers, under appropriate confidentiality obligations.

Our AI Concierge is a generative-AI chat assistant that helps you explore villas, experiences, policies, and itinerary ideas. To make it useful, the following applies:

• What is processed — the messages, questions, and preferences you submit; the system prompt that tells the assistant about Samujana's villas, rates, inclusions, dining and experiences; and limited technical metadata (timestamp, error codes).
• Where it runs — your messages are sent to third-party large language model providers (such as OpenAI and Google) via our AI gateway in order to generate responses. These providers process your messages under their own privacy and security terms and, under our configuration, do not use them to train their public foundation models.
• Conversation history — by default, your chat history is stored in your own browser (localStorage) on the device you used and is not associated with a Samujana account. Clearing your browser data removes that history. Where you actively send a chat to our team (for example, to convert it into a booking enquiry), we retain a copy as part of our normal correspondence.
• What to avoid sharing — please do not enter payment-card details, passwords, government ID numbers, or sensitive health information into the AI Concierge. For anything confidential, contact reservations@samujana.com.
• Accuracy — AI responses can be incorrect or out of date. Pricing, availability, inclusions, and policies are confirmed only in writing by our reservations team.

Samujana operates from Thailand, and some of our service providers (including AI model providers, cloud hosting, and analytics) are based outside Thailand, including in jurisdictions such as the United States and the European Union. Where we transfer personal information internationally, we rely on appropriate safeguards — such as standard contractual clauses, adequacy decisions, or your explicit consent — as required by applicable law.

We retain personal information for as long as needed to provide our services and to meet legal, accounting, and security requirements. Typical retention periods:

• Reservation and stay records — up to 10 years to meet Thai accounting and tax law.
• Immigration records (TM30) — as required by Thai authorities.
• CCTV footage — typically 30 days, longer only where an incident is under review.
• Marketing preferences — until you withdraw consent or we no longer need them.
• AI Concierge logs on our infrastructure — kept only as long as needed for abuse prevention and service improvement, then deleted or anonymised.

Our website uses essential cookies to function (for example, to remember your AI Concierge chat in your browser), plus optional analytics and performance cookies to understand how the site is used so we can improve it. Where required by law, we ask for your consent before non-essential cookies are set. You can control cookies through your browser settings; some features (such as the AI Concierge history) may not work if you disable storage.

We use a combination of organisational and technical measures to protect personal information — including access controls, encrypted transport (HTTPS), encrypted storage for sensitive data, vendor due diligence, and staff training. No system can be guaranteed completely secure, but we work to minimise risk and to respond promptly to any incident.

Subject to applicable law, you may:

• request access to the personal information we hold about you;
• request correction of inaccurate or incomplete information;
• request deletion of your information where there is no overriding legal reason to keep it;
• object to or restrict certain processing, including direct marketing;
• request a portable copy of information you provided to us;
• withdraw consent at any time without affecting prior lawful processing; and
• lodge a complaint with your local data protection authority — in Thailand, the Personal Data Protection Committee (PDPC).

To exercise any of these rights, email reservations@samujana.com. We may need to verify your identity before responding.

With your consent, we may send you occasional emails about Samujana offers, new villas, experiences, and seasonal events. Every marketing email contains an unsubscribe link, and you can opt out at any time by emailing us.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be highlighted on our website or, where appropriate, communicated to you directly.

For any question about this policy or how we handle your information, contact:

Samujana Ltd
63/154 Moo 5, Plai Laem Soi 11
Koh Samui, Surat Thani 84320, Thailand
Email: reservations@samujana.com
Phone: +66 (0) 77 423 465