Cookie Policy

This Cookie Policy was last updated on 10 May 2026 and applies to citizens and legal permanent residents of other applicable regions.

1. Introduction

Our website, https://www.scramblethailand.com (hereinafter: "the website") uses cookies and other related technologies (for convenience all technologies are referred to as "cookies"). Cookies are also placed by third parties we have engaged. In the document below we inform you about the use of cookies on our website.

2. What are cookies?

A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.

3. What are scripts?

A script is a piece of program code that is used to make our website function properly and interactively. This code is executed on our server or on your device.

4. What is a web beacon?

A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website that is used to monitor traffic on a website. In order to do this, various data about you is stored using web beacons.

5. Cookies

5.1 Technical or functional cookies

Some cookies ensure that certain parts of the website work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you do not need to repeatedly enter the same information when visiting our website and, for example, the items remain in your shopping cart until you have paid. We may place these cookies without your consent.

6. Placed cookies

352_consent_plugin

Functional

Cookie Name Purpose Expiry
352_consent Stores the consent preferences of the data subject. Session
352_consent_cid Pseudonymous client identifier for consent logging. Session

woocommerce

Functional

Cookie Name Purpose Expiry
wc_cart_created Timestamp when the cart was created. Session
woocommerce_cart_hash Stores a hash of the shopping cart contents. Session
woocommerce_items_in_cart Indicates whether items are in the cart. Session
wp_woocommerce_session_* Unique session identifier for the customer. Session

wordpress_core

Functional

Cookie Name Purpose Expiry
comment_author_* Stores commenter name for convenience. Session
comment_author_email_* Stores commenter email for convenience. Session
comment_author_url_* Stores commenter URL for convenience. Session
wordpress_logged_in_* Authentication cookie for logged-in users. Session
wordpress_sec_* Secure authentication cookie. Session
wordpress_test_cookie Tests whether the browser accepts cookies. Session
wp-settings-* Stores user interface customisation settings. Session
wp-settings-time-* Timestamp for wp-settings cookie. Session

7. Consent

When you visit our website for the first time, we will show you a pop-up with an explanation about cookies. As soon as you click on "Save preferences", you consent to us using the categories of cookies and plug-ins you selected in the pop-up, as described in this Cookie Policy. You can disable the use of cookies via your browser, but please note that our website may no longer work properly.

7.1 Manage your consent settings

You can change your cookie preferences at any time using the button below:

8. Enabling/disabling and deleting cookies

You can use your internet browser to automatically or manually delete cookies. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser.

Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our website again.

9. Your rights with respect to personal data

You have the following rights with respect to your personal data:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

To exercise these rights, please contact us. Please refer to the contact details at the bottom of this Cookie Policy. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to submit a complaint to the supervisory authority (the data protection authority). For more information about how we handle personal data, please see our Privacy Policy.

10. Contact details

For questions and/or comments about our Cookie Policy and this statement, please contact us by using the following contact details:

Scramble Thailand
32/13 Soi Ari 2
Phaya Thai,
Khet Phaya Thai, Krung Thep Maha Nakhon
th

Website: https://www.scramblethailand.com
Email: [email protected]
Phone number: +66 8 5488 8005

11. Additional information for data subjects under Thailand — Personal Data Protection Act B.E. 2562

Important — not legal advice

The clauses below are a starting point for compliance with the Thailand Personal Data Protection Act B.E. 2562 (PDPA). They are generated automatically and do not constitute legal advice. We strongly recommend that you have a qualified Thai data-protection lawyer review and tailor these clauses to your specific processing activities, lawful bases, retention practices, and contractual arrangements before publishing.

11.1 Scope of this section

This section provides additional information for individuals whose personal data is processed in connection with the Thailand Personal Data Protection Act B.E. 2562 (the "PDPA"). It applies in addition to, and not in substitution of, the rest of this Cookie Policy and our Privacy Policy.

In line with the extraterritorial scope of the PDPA, this section also applies where we offer goods or services to data subjects in Thailand, or where our processing relates to monitoring the behaviour of data subjects taking place in Thailand, even if we are established outside of Thailand.

11.2 Lawful bases for processing

In accordance with sections 19 to 22 of the PDPA, we process your personal data only where one or more of the following lawful bases applies:

  • You have given consent in accordance with section 23 of the PDPA;
  • The processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;
  • The processing is necessary for compliance with a legal obligation to which we are subject;
  • The processing is necessary to prevent or suppress a danger to a person's life, body or health;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • The processing is necessary for the legitimate interests pursued by us or by a third party, except where such interests are overridden by your fundamental rights.

Where we rely on legitimate interests, we have carried out a balancing exercise and concluded that our interests are not overridden by your rights and freedoms. You may request further information about that balancing exercise at any time.

11.3 Consent

Where we rely on consent as the lawful basis for processing your personal data, that consent is requested and recorded in accordance with section 23 of the PDPA. Consent is requested in writing or by electronic means, and the request is presented in a form that is clearly distinguishable from other matters, in language that is easy to understand, and not deceptive or misleading as to the purpose of the processing.

You may withdraw your consent at any time by the same means it was given. Withdrawal is as easy as the original consent and does not affect the lawfulness of processing carried out before the withdrawal. We will inform you of the consequences of withdrawal before you withdraw, where any consequences exist.

Where consent is required from a minor under twenty (20) years of age and the activity is one for which the minor cannot give consent on their own under the Civil and Commercial Code, consent is obtained from the holder of parental power. Where the data subject is under ten (10) years of age, consent is obtained from the holder of parental power.

11.4 Sensitive personal data

In accordance with sections 24 and 25 of the PDPA, we process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behaviour, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data that may affect the data subject in the same manner as prescribed by the Personal Data Protection Committee, only where:

  • You have given explicit consent;
  • The processing is necessary to prevent or suppress a danger to a person's life, body or health where you are unable to give consent at the time;
  • The processing is carried out in the course of the legitimate activities of a foundation, association or any other not-for-profit body with a political, religious, philosophical or trade-union aim, on condition that the processing relates solely to the members or to former members of the body, or to persons who have regular contact with it in connection with its purposes;
  • The personal data have been manifestly made public by you;
  • The processing is necessary for the establishment, compliance with, exercise or defence of legal claims;
  • The processing is necessary for compliance with a law for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care, treatment, the management of health or social care systems and services, public-interest archiving, scientific or historical research, or statistical purposes; or any other public-interest purpose where suitable safeguards are in place.

11.5 Information provided at collection

In accordance with sections 26 and 27 of the PDPA, before or at the time of collecting personal data we inform you of: the purposes of the collection, use or disclosure; the personal data to be collected and the period for which it will be retained (or, where this is not possible, the criteria used to determine that period); the categories of recipients of the personal data; the contact details of the data controller and, where applicable, the data protection officer; and your rights under the PDPA, including the right to withdraw consent.

A consolidated description of our processing activities, retention periods, recipients and your rights is set out in our Privacy Policy.

11.6 Cross-border transfers of personal data

Where Scramble Thailand transfers your personal data outside Thailand, the transfer is carried out in accordance with section 28 of the PDPA. We transfer personal data only where the destination country or international organisation has been determined by the Personal Data Protection Committee (the "PDPC") to provide an adequate standard of personal data protection, or where one of the statutory exceptions applies, including: compliance with the law; your explicit consent after being informed of the inadequate standard of protection at the destination; performance of a contract to which you are a party; preventing or suppressing a danger to life, body or health where you are unable to give consent at the time; or carrying out activities of substantial public interest.

In the absence of an adequacy determination or a statutory exception, we may rely on appropriate safeguards such as binding corporate rules or standard contractual provisions submitted to and certified by the PDPC, in accordance with the Committee's notifications.

11.7 Your rights under the PDPA

In accordance with sections 30 to 31 (and related provisions) of the PDPA, you have the following rights in respect of your personal data:

  • Right of access: to request access to your personal data and to obtain a copy of it.
  • Right to rectification: to request that inaccurate or incomplete personal data be corrected or completed.
  • Right to erasure: to request that your personal data be deleted, anonymised or destroyed where one of the statutory grounds applies.
  • Right to restriction: to request that the processing of your personal data be suspended in the circumstances set out in the PDPA.
  • Right to object: to object to the processing of your personal data, including in connection with direct marketing, profiling and processing for scientific, historical or statistical purposes.
  • Right to data portability: to receive your personal data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller.
  • Right to withdraw consent: to withdraw a previously given consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to complain: to lodge a complaint with the Personal Data Protection Committee where you consider that our processing of your personal data infringes the PDPA.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request without undue delay and in accordance with the time limits prescribed by the PDPC.

11.8 Data Protection Officer

Section 37 of the PDPA requires a Data Protection Officer to be appointed where the data controller or processor is a public authority, where its core activities consist of operations that, by virtue of their nature, scope or purpose, require regular and systematic monitoring of personal data on a large scale, or where its core activities consist of large-scale processing of sensitive personal data.

Where we are required to appoint a Data Protection Officer, the contact details of that officer are published in our Privacy Policy and notified to the Personal Data Protection Committee. The Data Protection Officer is the point of contact for data subjects on all issues related to the processing of their personal data and the exercise of their rights under the PDPA.

11.9 Notification of personal data breaches

In accordance with section 39 of the PDPA, in the event of a personal data breach, we will notify the Office of the Personal Data Protection Committee within seventy-two (72) hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, together with the remedial measures taken or proposed. Notification to you is not required where we have implemented appropriate technical and organisational measures rendering the personal data unintelligible, where we have taken subsequent measures ensuring that the high risk is no longer likely to materialise, or where notification would involve disproportionate effort, in which case we will issue a public communication or equivalent measure.

11.10 Penalties for non-compliance

For information only: the PDPA provides for administrative fines of up to five million Thai Baht (฿5,000,000) per violation, criminal penalties including fines and imprisonment of up to one (1) year for certain breaches involving sensitive personal data, and civil liability that may include punitive damages of up to twice the amount of actual damages.

These penalties are set out in the PDPA itself and are administered by the Office of the Personal Data Protection Committee, the Public Prosecutor and the Thai courts as applicable.

11.11 Supervisory authority

The supervisory authority responsible for monitoring the application of the PDPA is:

Office of the Personal Data Protection Committee (PDPC)
Ministry of Digital Economy and Society, Bangkok, Thailand
https://www.pdpc.or.th/

You have the right to lodge a complaint with the Personal Data Protection Committee where you consider that our processing of your personal data infringes the PDPA.

11.12 Reminder: this is not legal advice

The information set out in this section is provided as a starting point for compliance with the Thailand PDPA and does not constitute legal advice. Your processing activities, retention practices, contractual arrangements and risk profile may require additional or different disclosures. We strongly recommend obtaining advice from a qualified Thai data-protection lawyer before relying on this section.

This Cookie Policy was synchronised with cookiedatabase.org on 10 May 2026.

Cookie Settings