Privacy notice

1. Who we are

BeAnywhere (“we”, “us”) operates the website and related services (the “Service”). The legal entity acting as data controller is identified on the Service (including business registration details where we publish them) or available on request using the contact details below.

2. Scope of this notice

This notice describes how we collect, use, disclose, and protect personal data when you use the Service, in line with the PDPA, subsidiary regulations, and guidelines issued by the Personal Data Protection Committee (“PDPC”) where applicable. If you interact with landlords, agents, or other third parties through the Service, their privacy practices are governed by their own notices.

3. Personal data we may collect

Depending on how you use the Service, we may process:

• Identity & contact: name, email, phone, country of residence, account identifiers;
• Account & technical: login details (hashed where applicable), device/browser type, IP address, approximate location, cookies and similar identifiers;
• Usage: pages viewed, searches, favourites, support messages, and interaction logs;
• Listing-related: information you submit about properties, availability, pricing, and media you upload;
• Communications: records of correspondence with us.

We generally do not aim to collect sensitive personal data (as defined in the PDPA). If you voluntarily provide such data, we will process it only where permitted by law and with appropriate safeguards.

4. Sources

We obtain personal data directly from you, automatically through your use of the Service, and in some cases from service providers, public sources, or counterparties you authorise.

5. Purposes and legal bases

We process personal data for purposes that may include:

• Providing, securing, and improving the Service (performance of a contract; legitimate interests in operating a safe platform);
• Account registration, authentication, customer support (contract; legitimate interests);
• Displaying listings, search, maps, and recommendations (contract; legitimate interests);
• Analytics, debugging, fraud prevention, and misuse detection (legitimate interests; legal obligation where applicable);
• Complying with Thai law, court orders, and regulatory requests (legal obligation);
• Marketing relevant to our services, where permitted (consent where required under the PDPA; legitimate interests where consent is not mandatory and you have not objected where applicable).

Where the PDPA requires consent and no other lawful basis applies, we will ask for your consent separately (for example for certain cookies or electronic direct marketing) and you may withdraw consent without affecting lawfulness of processing before withdrawal, subject to exceptions under the PDPA.

6. Disclosure of personal data

We may disclose personal data to:

• Vendors who host, analyse, secure, or support the Service, acting under our instructions as processors where required;
• Other users where you use features that share your contact details or messages;
• Professional advisers, law enforcement, regulators, or courts when required or permitted by Thai law.

We require processors to implement appropriate measures consistent with the PDPA and, where applicable, to record processing activities and assist with data subject requests.

7. Cross-border transfers

If we transfer personal data outside Thailand, we will do so in accordance with Chapter 4 of the PDPA and applicable sub-regulations, which may include your consent, adequacy decisions, appropriate safeguards such as standard contractual clauses, or other permitted grounds. You may contact us for further information on safeguards where the law entitles you to receive it.

8. Retention

We retain personal data only as long as necessary for the purposes in section 5, unless a longer period is required for legal claims, regulatory compliance, or legitimate business needs permitted by the PDPA. Criteria include the nature of data, legal limitation periods, and whether you maintain an ongoing relationship with us.

9. Security

We implement technical and organisational measures appropriate to the risks, in line with PDPA requirements and good industry practice. No online system is completely secure; please use strong passwords and protect your devices.

10. Your rights under the PDPA

Subject to conditions and exemptions in the PDPA, you may have rights to:

• access and obtain a copy of your personal data;
• request rectification of inaccurate or incomplete data;
• request erasure, restriction, or object to certain processing;
• request portability where processing is automated and based on consent or contract as prescribed;
• withdraw consent where processing is consent-based;
• lodge a complaint with the PDPC or another competent authority in Thailand.

To exercise rights, contact us at hello@beanywhere.com or via our contact page. We may need to verify your identity before responding. If we refuse a request, we will explain the grounds where required by law.

11. Cookies and similar technologies

We use cookies, pixels, and similar tools as described in our cookie controls (where available) and privacy settings. For non-essential cookies, we will request consent where required by the PDPA and applicable notifications from the PDPC.

12. Minors

The Service is not directed at children without parental involvement. If you believe we have collected personal data from a minor in breach of the PDPA, contact us and we will take appropriate steps.

13. Automated decision-making

We do not use purely automated decision-making that produces legal or similarly significant effects concerning you without human involvement, except where we inform you otherwise and provide rights available under the PDPA.

14. Changes

We may update this notice to reflect changes to processing or legal requirements. The “last updated” date below will be revised, and where the PDPA requires, we will notify you by appropriate means.

15. Contact

For privacy enquiries or to contact our data protection contact (or Data Protection Officer, if appointed), email hello@beanywhere.com.