Privacy Policy – Wellness Hub TH
Privacy Policy
Effective Date: 1 June 2025 | Last Updated: 1 June 2025
This Privacy Policy describes how Wellness Hub TH (operating under the legal name LESLIE PARRA LLC, hereinafter referred to as “we,” “us,” or “our”) collects, uses, stores, discloses, and protects your personal data when you visit or interact with our website at thetomorrowthailand.net (the “Website”). We are committed to safeguarding your personal information and respecting your rights under applicable privacy laws, including Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
Please read this policy carefully before using our Website or submitting any personal information to us. By accessing or using our Website, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Website immediately.
1. Introduction and Scope
Wellness Hub TH operates the Website located at thetomorrowthailand.net, providing wellness-related information, resources, and services to individuals primarily in Thailand and across the region. This Privacy Policy applies to all personal data collected through:
- Our Website and any subdomains thereof;
- Contact forms, inquiry forms, and any other web-based submission forms;
- Automatic technical data collection via cookies and similar tracking technologies;
- Any direct communication with our team via email, phone, or other channels linked from our Website.
This policy does not apply to third-party websites, applications, or services linked from our Website. We encourage you to review the privacy policies of any third-party platforms you visit.
2. Data Controller Information
For the purposes of applicable data protection law, the Data Controller responsible for your personal data is:
- Company Name: Wellness Hub TH
- Legal Entity Name: LESLIE PARRA LLC
- Website: thetomorrowthailand.net
- Email Address: [email protected]
- Phone: +18314807147
- Mailing Address: 500 S Florida Ave Ste 415, Lakeland, Florida, 33801-5276, United States
If you have any questions, concerns, or requests relating to your personal data or this Privacy Policy, please contact us using the details provided above or see Section 14 for privacy inquiry instructions.
3. Personal Data We Collect
We collect only the personal data that is necessary to provide our services and respond to your inquiries. The categories of personal data we collect include:
3.1 Information You Provide Directly
When you complete and submit a contact form, inquiry form, or any other interactive form on our Website, we collect the following information:
- Full Name: To identify you and personalise our communication with you.
- Email Address: To respond to your inquiry and send relevant communications.
- Phone Number: To contact you by telephone if required or requested.
- Message Content: The details, questions, or comments you choose to submit through the form.
- Any additional information you voluntarily include in your submission.
3.2 Automatically Collected Technical Data
When you visit our Website, certain technical data is collected automatically through cookies, server logs, and similar technologies, including:
- IP Address: Used for security, fraud prevention, and geographic analysis.
- Browser Type and Version: To optimise website performance and compatibility.
- Operating System: For technical diagnostics and Website improvement.
- Pages Visited and Time Spent: To understand user behaviour and improve content.
- Referral URLs: The page or source from which you arrived at our Website.
- Date and Time of Visit: For security monitoring and server log analysis.
- Device Type: Desktop, tablet, or mobile, for responsive design purposes.
3.3 Data We Do Not Collect
We do not intentionally collect sensitive personal data (as defined under the PDPA), including racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health information, or criminal records, unless explicitly required and consented to for a specific purpose. We do not collect payment or financial information directly through this Website.
4. How We Process Your Form Submissions
When you submit a contact form on our Website, the following processing steps occur:
- Your form submission data (name, email, phone, message) is transmitted over an encrypted HTTPS connection to our web server.
- The data is processed by our server-side application and forwarded to our designated team email inbox for review.
- A member of our team will review your inquiry and respond to you via the email address or phone number you provided, typically within 1–3 business days.
- Your submission may be stored in our email system and/or a customer relationship management (CRM) tool for record-keeping and follow-up purposes.
- We do not sell, rent, or trade your form submission data to any third party for marketing purposes.
The legal basis for processing your contact form data is your consent (given at the time of submission) and our legitimate interest in responding to inquiries about our wellness services, in accordance with Section 24 and Section 26 of the PDPA.
5. Purposes of Data Processing
We process your personal data for the following specific and legitimate purposes:
- To respond to your inquiries, questions, and requests submitted through the Website;
- To provide, manage, and improve our wellness information and services;
- To maintain the security and integrity of our Website and IT systems;
- To comply with applicable legal obligations under Thai law and international regulations;
- To analyse usage patterns and improve the Website’s content, functionality, and user experience;
- To detect, investigate, and prevent fraudulent or unauthorised activity;
- To communicate important updates about changes to our services or this Privacy Policy.
We will not process your personal data for purposes incompatible with those described above without first notifying you and, where required, obtaining your additional consent.
6. Cookie Policy
Our Website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytical data. A cookie is a small text file placed on your device when you visit a website. Cookies allow us to recognise your browser and remember certain information about your visit.
6.1 Types of Cookies We Use
- Strictly Necessary (Functional) Cookies: These cookies are essential for the Website to operate correctly. They enable core functionalities such as security, session management, and form processing. These cookies cannot be disabled without affecting Website functionality. No consent is required for strictly necessary cookies under applicable law.
- Analytics Cookies (Optional): With your consent, we may use analytics cookies to collect anonymised data about how visitors interact with our Website — including pages visited, time on site, and navigation paths. This data helps us improve our content and user experience. You may opt out of analytics cookies at any time via our cookie preference centre or browser settings.
- Performance Cookies: These cookies help us understand which parts of the Website are most popular and how visitors navigate through the site, enabling us to make data-driven improvements.
6.2 Managing Your Cookie Preferences
You have the right to accept or refuse non-essential cookies. You can manage your cookie preferences in the following ways:
- Through our cookie consent banner displayed upon your first visit to the Website;
- Via your web browser settings (please refer to your browser’s help documentation for instructions);
- By contacting us directly at [email protected] to request that cookies be disabled for your sessions.
Please note that disabling certain cookies may affect the functionality and your experience of the Website. Strictly necessary cookies cannot be disabled as they are required for basic Website operations.
6.3 Cookie Retention
Session cookies are deleted when you close your browser. Persistent cookies remain on your device for a defined period (typically 12 months) or until you delete them manually. Each cookie’s specific duration is outlined in our cookie consent tool.
7. Third-Party Services and External Resources
Our Website may load resources or use services provided by third parties. These third parties may process certain technical data about your visit. Below we describe the primary third-party services integrated into our Website:
7.1 Google Fonts
We use Google Fonts, a font delivery service provided by Google LLC (headquartered in the United States). When a page on our Website is loaded, your browser may send a request to Google’s servers to retrieve the required fonts. This request may include your IP address and browser information. Google’s processing of this data is governed by Google’s Privacy Policy. We use Google Fonts to ensure consistent, accessible typography across different devices and browsers.
7.2 Tailwind CSS CDN
Our Website may load Tailwind CSS via a Content Delivery Network (CDN). When your browser fetches the stylesheet from a CDN server, standard connection data (including your IP address) may be logged by the CDN provider. This is a standard technical process inherent to how CDN-hosted resources function. The CDN is used solely for delivering styling assets and does not collect personal data on our behalf.
7.3 Web Hosting and Server Infrastructure
Our Website is hosted on servers provided by our web hosting provider. This provider processes certain technical data (including server logs and IP addresses) as a necessary part of delivering the Website to your device. Our hosting provider acts as a data processor on our behalf and is contractually bound to handle your data securely and in accordance with applicable law.
7.4 Email Service Provider
Form submission data may be transmitted to and stored within our email service infrastructure. This service processes data on our behalf and is subject to data processing agreements that ensure your information is handled appropriately.
We do not permit third-party service providers to use your personal data for their own independent marketing or commercial purposes beyond what is strictly necessary to deliver their technical services to us.
8. International Data Transfers
As some of our third-party service providers (including Google LLC for Google Fonts and certain CDN providers) are headquartered or operate servers outside of Thailand, your personal data or technical connection data may be transferred to, stored in, or processed in countries outside of Thailand, including the United States and European Union member states.
Where such international transfers occur, we take reasonable steps to ensure that your data receives an adequate level of protection, including by:
- Relying on third-party providers that are certified under internationally recognised data protection frameworks;
- Ensuring that contractual protections (such as standard contractual clauses) are in place where required;
- Selecting reputable vendors that demonstrate compliance with applicable international data protection standards.
In accordance with Section 28 of Thailand’s PDPA, we will only transfer personal data internationally where the destination country has adequate data protection standards or appropriate safeguards are in place. By using our Website, you acknowledge that your data may be processed internationally as described in this section.
9. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention guidelines are as follows:
- Contact Form Submissions: Retained for a maximum of 2 years from the date of submission, unless an ongoing business relationship or legal obligation requires longer retention.
- Email Correspondence: Retained for up to 3 years for business records, compliance, and dispute resolution purposes.
- Server and Access Logs: Typically retained for 90 days for security and diagnostic purposes, then securely deleted.
- Analytics Data: Retained in anonymised or aggregated form for up to 26 months if analytics cookies are in use.
- Cookie Data: Session cookies expire upon browser closure; persistent cookies expire within 12 months unless reset by a return visit.
When personal data is no longer required, we will securely delete, destroy, or anonymise it in accordance with our data retention procedures and applicable PDPA requirements. You may also request early deletion of your data as described in Section 10.
10. Your Rights Under Thai Law (PDPA)
Thailand’s Personal Data Protection Act B.E. 2562 (2019) grants you the following rights regarding your personal data. We are committed to honouring these rights in a timely and transparent manner.
- Right to be Informed (Section 23 PDPA): You have the right to be informed about how your personal data is collected and used, which is the purpose of this Privacy Policy.
- Right of Access (Section 30 PDPA): You have the right to request a copy of the personal data we hold about you and information about how it is being processed.
- Right to Rectification (Section 34 PDPA): You have the right to request that inaccurate, incomplete, or outdated personal data be corrected or updated.
- Right to Erasure / Right to be Forgotten (Section 33 PDPA): You have the right to request the deletion or destruction of your personal data when it is no longer necessary for the purposes it was collected, when you withdraw consent, or when it has been unlawfully processed.
- Right to Restriction of Processing (Section 34 PDPA): You have the right to request that we restrict the processing of your personal data under certain circumstances, for example while a dispute about accuracy is resolved.
- Right to Data Portability (Section 31 PDPA): Where technically feasible and applicable, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to request that it be transferred to another data controller.
- Right to Object (Section 32 PDPA): You have the right to object to the processing of your personal data where processing is based on legitimate interests, and we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to Withdraw Consent (Section 19 PDPA): Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
- Right to Lodge a Complaint: If you believe your rights have been violated, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand or the relevant supervisory authority.
To exercise any of the above rights, please submit a written request to us using the contact details provided in Section 14. We will respond to your request within 30 days of receipt, as required by the PDPA. In complex cases, we may require up to an additional 60 days, in which case we will notify you of the extension and the reasons for the delay. We will not charge a fee for responding to rights requests unless they are manifestly unfounded, excessive, or repetitive.
11. Data Security Measures
We take the security of your personal data seriously and implement a range of technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, disclosure, or destruction. Our security measures include:
- SSL/TLS Encryption: All data transmitted between your browser and our server is encrypted using industry-standard Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocols. Our Website uses HTTPS to ensure secure communication.
- Access Controls: Access to personal data stored on our systems is restricted to authorised personnel only, on a need-to-know basis. All staff with access to personal data are trained in data protection responsibilities.
- Secure Email Handling: Form submission data transmitted via email is handled through secured email systems with appropriate authentication and access restrictions.
- Regular Security Reviews: We periodically review our data handling practices, systems, and vendor contracts to identify and address potential security vulnerabilities.
- Data Minimisation: We collect only the minimum personal data necessary to achieve the stated purpose, reducing the risk associated with data breaches.
- Incident Response: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals promptly, in accordance with Section 37 of the PDPA.
While we take all reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and we encourage you to exercise caution when submitting personal information online.
12. Children’s Privacy
Our Website and services are not directed at children under the age of 20 years (the age of majority in Thailand for consent purposes under the PDPA and the Civil and Commercial Code). We do not knowingly collect personal data from individuals under 20 years of age without verified parental or guardian consent.
If you are under 20 years of age, please do not submit personal information through our Website without the knowledge and consent of your parent or legal guardian. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at [email protected] so that we can take appropriate steps to delete such data from our records.
Under Section 20 of the PDPA, where we become aware that personal data has been collected from a minor without appropriate consent, we will take immediate steps to delete or cease processing such data.
13. Legal Basis for Processing (PDPA Compliance)
Under Thailand’s PDPA, we are required to have a valid lawful basis for each processing activity. The following bases apply to our data processing activities:
- Consent (Section 19 PDPA): Processing of contact form submissions and optional analytics cookies is based on your explicit consent, given at the time of form submission or via the cookie consent banner.
- Legitimate Interests (Section 24(5) PDPA): Certain processing activities — such as maintaining server security, fraud prevention, and improving Website functionality — are based on our legitimate business interests, provided such interests are not overridden by your rights and freedoms.
- Legal Obligation (Section 24(6) PDPA): Where required by Thai law or regulatory authority, we may process and retain personal data to comply with our legal obligations.
- Contractual Necessity: If you engage with our services, processing may be necessary to fulfil the terms of a service agreement or pre-contractual steps at your request.
14. Contact for Privacy Inquiries
If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, or if you wish to exercise any of your rights under the PDPA, please contact our privacy team using the following details:
- Company: Wellness Hub TH (LESLIE PARRA LLC)
- Email: [email protected]
- Phone: +18314807147
- Address: 500 S Florida Ave Ste 415, Lakeland, Florida, 33801-5276, United States
- Website: thetomorrowthailand.net
When contacting us regarding a privacy matter, please include your full name, contact information, and a clear description of your request or concern so that we can respond efficiently. We aim to acknowledge all privacy inquiries within 5 business days and to provide a full response within 30 days.
If you are not satisfied with our response to a privacy complaint, you have the right to escalate your complaint to the Personal Data Protection Committee (PDPC) under the Office of the National Digital Economy and Society Commission (ONDE), which is the supervisory authority for data protection matters in Thailand.
15. Changes to This Privacy Policy
We reserve the right to update, amend, or revise this Privacy Policy at any time to reflect changes in our business practices, legal obligations, or applicable regulations. When we make material changes to this policy, we will take the following steps to notify you:
- Update the “Last Updated” date at the top of this page;
- Post a prominent notice on our Website homepage or a banner within the Website for a reasonable period following the update;
- Where required by law or where changes significantly affect your rights, we may contact you directly via the email address you provided, if applicable.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of the Website after any changes to this Privacy Policy constitutes your acknowledgment of the updated terms. If you do not agree with the revised policy, you should discontinue use of our Website and may contact us to request deletion of your personal data.
16. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of the Kingdom of Thailand, including but not limited to the Personal Data Protection Act B.E. 2562 (2019), the Computer Crimes Act B.E. 2550 (2007), and any other relevant Thai legislation concerning data protection and electronic transactions.
Any disputes arising from or relating to this Privacy Policy or our data processing practices shall be subject to the exclusive jurisdiction of the courts of Thailand. However, nothing in this clause limits your rights to bring a complaint before the Personal Data Protection Committee or any other competent regulatory authority in Thailand.
17. Definitions
For the purposes of this Privacy Policy, the following definitions apply:
- “Personal Data” means any information relating to an identified or identifiable natural person, as defined in Section 6 of Thailand’s PDPA.
- “Processing” means any operation or set of operations performed on personal data, including collection, recording, storage, use, disclosure, transfer, or deletion.
- “Data Controller” means the person or entity that determines the purposes and means of processing personal data — in this case, Wellness Hub TH.
- “Data Processor” means a person or entity that processes personal data on behalf of the Data Controller, such as our hosting provider or email service.
- “Consent” means a freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data for stated purposes.
- “Cookies” means small text files stored on your device by your web browser at the request of a website.
- “PDPA” means Thailand’s Personal Data Protection Act B.E. 2562 (2019).
This Privacy Policy was prepared for Wellness Hub TH (LESLIE PARRA LLC) operating at thetomorrowthailand.net. For privacy inquiries, contact [email protected]. © 2025 Wellness Hub TH. All rights reserved.