This policy explains how International Real Estate Service (Thailand) Co., Ltd. ("IRES", "we", "us") handles personal data on iresthailand.com and our digital surfaces. It is written to satisfy the EU General Data Protection Regulation (GDPR), the EU ePrivacy directive, and Thailand's Personal Data Protection Act B.E. 2562 (PDPA).
If anything here is unclear, email dsar@iresthailand.com.
1. Who is the data controller
International Real Estate Service (Thailand) Co., Ltd.
- Juristic Person Registration No. 0205566035581
- Registered office: 391/121 Moo 10, Nong Prue, Bang Lamung, Chonburi 20150, Thailand
- Director: Mrs. Unchalee Cotte
- Privacy contact: dsar@iresthailand.com
2. What we collect, why, and our lawful basis
2.1 Information you give us directly
| Data | Purpose | Lawful basis (GDPR Art 6) |
|---|---|---|
| Name, email, phone, message in contact forms | Respond to enquiries; broker-client communication | Performance of pre-contract / our legitimate interest in running a real estate brokerage |
| Property preferences, budget, location, timing | Match you to listings, build a personalised dossier | Performance of pre-contract / your consent for personalisation (BID) |
| WhatsApp conversation content | Brokerage service delivery | Performance of pre-contract |
2.2 Information collected automatically
We record anonymous behavioural signals (pageviews, clicks, scroll depth, drawer opens) under our legitimate interest in measuring how the site performs and improving it. No personal data is collected at this layer; the visitor identifier is a random UUID stored in your browser. With your additional marketing consent, the same signals also feed our Behavioural Intelligence Design (BID) dossier system, which infers your buying trajectory from observed actions and adapts what we show you in real time, and are mirrored to Meta via Pixel and Conversions API for ad measurement. The signal taxonomy:
| Event | What it captures |
|---|---|
pageview | Path, referrer, timestamp, anonymous visitor UUID |
search_open / search_query_typed / search_submit | That you opened search, debounced query terms (300ms), submitted query string |
nav_click / logo_click / footer_*_click | Internal navigation pattern |
phone_click / whatsapp_click / email_click | Contact intent signals (we record the click; the actual call/message is outside our scope) |
dossier_open | Saved-property count + open intent |
language_toggle | Language preference signal |
client_error | JavaScript errors (debugging only; never user-content) |
Lawful basis: for anonymous analytics and client_error debugging, our legitimate interest in operating and improving the site (GDPR Art 6(1)(f); Thai PDPA service-quality basis). For marketing, BID personalisation, Meta Pixel, and Conversions API, your explicit consent (GDPR Art 6(1)(a); PDPA Section 19).
Visitor identifier: a UUIDv4 stored in your browser's localStorage as ires_visitor_id. Anonymous, randomly generated, not derived from any personal data. You can opt out of analytics in the cookie banner, in which case no events emit and the identifier is unused.
3. Sub-processors
We share personal data with the following processors strictly to deliver this site:
- Supabase (database + edge functions, hosted in Singapore region). Site backend, BID event store
- Cloudflare (Supabase's CDN edge). Request routing
- Caddy server on DigitalOcean (Frankfurt). Static site hosting
- Meta Platforms Ireland Limited. Meta Pixel and Conversions API for advertising attribution (only with your marketing consent)
- Cloudinary. Property image delivery
- MapTiler. Area map tiles (only when a map is rendered; rendered client-side by the MapLibre library, which is not a separate processor)
- Resend. Transactional email delivery for dossier magic-link sign-in (only when you choose to save your dossier)
- Google Fonts (CDN). Geist webfont delivery
Each processor is bound by data-processing terms and Standard Contractual Clauses where relevant for cross-border transfers.
4. International transfers
Data may leave Thailand and the EEA when stored on or routed through the processors above. We rely on Standard Contractual Clauses (EU) and adequacy assessments (Thai PDPA) to maintain protection.
5. Retention
| Data | Retention |
|---|---|
| Contact-form submissions, lead records | 3 years from last interaction (commercial limitation period) |
| BID funnel events, visitor UUID | 24 months from last event; anonymised thereafter |
| WhatsApp conversation logs | 3 years from last message |
| Server access logs | 30 days |
6. Your rights
You have the right to:
- Access a copy of the personal data we hold about you
- Rectify inaccurate data
- Erase your data ("right to be forgotten") subject to legal retention obligations
- Restrict or object to processing
- Portability: receive your data in a structured, machine-readable format
- Withdraw consent at any time without affecting prior lawful processing
- Lodge a complaint with the Office of the Personal Data Protection Committee (Thailand) or your local supervisory authority (EU)
To exercise any of these, visit /data-rights or email dsar@iresthailand.com. We respond within 30 days.
7. Cookies and similar storage
See the dedicated Cookie Policy. In short: essential storage runs without consent. Functional, analytics, and marketing categories are off until you opt in via the consent banner.
8. Children
This site is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has submitted data, contact us and we will erase it.
9. Changes to this policy
Material changes will be notified on this page with a new "Last updated" date. If a change requires renewed consent, the consent banner will re-appear.
10. Thai-language version
A Thai-language translation of this policy is in preparation. Where Thai PDPA requires materially-affecting information in Thai, contact dsar@iresthailand.com for an interim summary.