Last Updated: January 2026

Introduction

Welcome to ArtisanThai.com, operated by ArtisanThai (“we”, “us”, or “our”), a Thai herbal wellness e-commerce business based in Thailand. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website and purchase our tea products. By using our website, you agree to the practices described in this policy.

Who This Policy Applies To
This Privacy Policy applies to visitors and customers of ArtisanThai.com from all countries, including the United States, the United Kingdom, Thailand, Canada, Australia, New Zealand, and other regions where our tea products are offered. Depending on where you live, different data protection laws may apply (such as the UK General Data Protection Regulation (UK GDPR), the EU GDPR where relevant, the Thailand Personal Data Protection Act B.E. 2562 (PDPA), and applicable US, Canadian, Australian and New Zealand federal, state or regional privacy laws). We aim to handle your personal information in a way that is consistent with these requirements.

Data Controller
ArtisanThai is the data controller responsible for your personal information. If you have any questions about how we use your personal data, please contact us using the details in the “Contact Us” section below.

Information We Collect

Personal Information:

  • Contact Details: Name, email address, phone number, and shipping address.

  • Payment Information: Billing address and limited payment details necessary to process your order. Full card details are handled securely by our payment providers (including Stripe, Omise, and/or PayPal) and are not stored by us. We are PCI-DSS compliant through our use of certified payment processors.

Non-Personal Information:

  • Browser and Device Information: IP address, browser type, device type, and operating system.

  • Website Usage Information: Pages visited, time spent on the site, referral URLs, and general interaction data collected through analytics and session-recording tools.

Information Collected Through Live Chat (Tidio)

  • Chat Details: When you use our Tidio live chat, we may collect your name, email address, and the content of your messages so we can respond to your enquiries.

  • Technical Data: Tidio may collect technical information (such as IP address and browser details) to operate the chat service and improve performance.

How We Use Your Information
We use the information we collect to:

  • Process and fulfill your orders and provide customer support.

  • Communicate with you about your orders, deliveries, and product information.

  • Send you marketing communications (where permitted) about new products, offers, and updates, which you can opt out of at any time.

  • Operate and improve our website, services, and user experience.

  • Personalize your shopping experience and show relevant content.

  • Comply with legal and regulatory obligations and help prevent fraud or misuse of our services.

  • Advertising and Analytics: We may use cookies and similar technologies for advertising and analytics, including remarketing with services such as Google Ads, to show ads based on your past interactions with our website. You can manage your advertising preferences through your browser settings, our cookie banner, and relevant ad settings pages.

Legal Bases for Processing (UK, EU and Thailand)
Where UK, EU or Thai data protection laws apply, we rely on the following legal bases to process your personal information:

  • Performance of a contract: To process and deliver your orders, take payment, provide customer support, and manage your account.

  • Legal obligation: To comply with accounting, tax, and other legal or regulatory requirements.

  • Legitimate interests: To operate, improve and protect our business and services (for example, to prevent fraud, maintain website security, respond to general enquiries, and understand how our site is used), where these interests are not overridden by your rights.

  • Consent: For certain activities such as sending marketing emails or SMS, using non-essential cookies and similar technologies for analytics and advertising, and operating optional tools like Tidio live chat where required. You can withdraw your consent at any time as described in this policy.

US, Canadian, Australian and New Zealand Residents
For visitors and customers in the United States, Canada, Australia and New Zealand, we use your information as described in this policy to provide our services, operate our website, communicate with you, and run our marketing and analytics activities in accordance with applicable laws. Where local or state privacy laws give you additional rights (including, for California residents, rights under the CCPA/CPRA), we will honour those rights upon request.

Consent for Email, SMS, and Live Chat Communications
By providing your contact details (such as email address or phone number) or initiating a chat with us, you consent to us contacting you in order to respond to your enquiry, process your order, or send you service-related messages. Where you agree, we may also send you marketing communications via email or SMS, including promotions and product updates. You can withdraw your consent at any time by using the unsubscribe link in our emails, replying “STOP” to SMS messages, or contacting us using the details in the “Contact Us” section.

How We Share Your Information
We may share your information with:

  • Payment Processors: We use certified payment service providers including Stripe, Omise, and/or PayPal to process your payments. These providers are PCI-DSS Level 1 certified and process your card data in accordance with applicable payment card industry standards. We do not store your full card details on our servers.

  • Service Providers: Trusted third parties that help us operate our business, such as delivery and logistics partners, email/SMS providers (including Brevo/Sendinblue and Omnisend), live chat providers (including Tidio), analytics and session‑recording providers (including Google Analytics and Browsee), fraud‑prevention providers (including FraudLabs Pro / our anti‑fraud tools), conditional content tools (including If‑So), and SEO/analytics tools (such as SearchAtlas where active). These parties process your data only as needed to provide their services to us and are bound by appropriate data protection agreements.

  • Legal and Regulatory Authorities: When required to comply with applicable laws, regulations, or legal processes, or to protect our rights and the rights of others.

  • Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your information may be transferred as part of that transaction.

  • Advertising and Analytics Partners: Third-party vendors may use cookies and similar technologies to collect information about your online activities on our website and other sites to provide you with interest-based advertising where permitted by law.

Nothing in this section limits any non‑excludable rights you may have under applicable data protection law or under the terms of your chosen payment provider.

Data Processors & Third-Party Services
To operate ArtisanThai.com, we rely on several third‑party services that act as data processors on our behalf. In particular:

  • Browsee (session recording and heatmaps): We use Browsee to analyse how visitors use our site, including session recordings, clicks, scrolls, and mouse movements, in order to improve usability and detect issues. Session recordings may incidentally capture keystrokes and on‑screen content. Please avoid entering sensitive information into free‑text fields that is not required for your order. Where required by law, Browsee is only activated after you consent to analytics cookies, and you can withdraw consent via our cookie banner or your browser settings at any time.

  • Omnisend (email and SMS marketing): Omnisend is used to manage our email newsletters, marketing campaigns, and certain automated messages. Omnisend processes contact details (such as your email address, name, and country) and engagement data (such as email opens and link clicks) so that we can send you relevant communications and honour your subscription preferences. You can unsubscribe at any time using the link in our emails or by contacting us, and we will pass your request to Omnisend where necessary.

  • FraudLabs Pro / Anti‑Fraud tools: We use fraud‑prevention services such as FraudLabs Pro to help detect and prevent fraudulent or high‑risk orders. These tools may process your IP address, approximate geolocation, device and browser information, and order details (such as name, email, billing and shipping address, and transaction value) to generate a fraud‑risk score. This processing is carried out on the basis of our legitimate interest in preventing fraud and protecting our business and customers.

  • If‑So (conditional content and personalisation): If‑So may use information such as your approximate geolocation (derived from IP address), device type, and referral source to display localised or tailored content on our website (for example, highlighting relevant shipping information). This helps us show information that is more useful for your location and device. Where required, this type of profiling is only enabled after you accept non‑essential cookies.

  • SearchAtlas (SEO and analytics, where in use): If SearchAtlas or similar SEO tools load tracking scripts on the frontend, they may collect standard web analytics data such as IP address, browser and device information, and page‑view data to help us monitor site performance and search visibility. This processing is limited to what is necessary for analytics and optimisation and, in cookie‑consent regions, will respect your cookie preferences.

For more detailed information about the cookies and scripts used by these services, and how to manage or withdraw your consent, please see our Cookie Policy and our cookie/consent banner on the site.

International Data Transfers
As an international e-commerce business, your personal data may be transferred to and processed in countries other than your country of residence, including Thailand and other countries where our service providers operate. When we transfer personal data from the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO) or the European Commission. For transfers from Thailand, we ensure compliance with the PDPA’s requirements for cross-border transfers. If you would like more information about the safeguards we use, please contact us.

Cookies and Tracking Technologies
We use cookies and similar technologies to:

  • Enable core site functionality, such as shopping cart and checkout features.

  • Enhance your browsing experience and remember your preferences.

  • Analyze website traffic, performance, and usage patterns.

  • Support advertising, remarketing, and measurement of our marketing campaigns.

Third-Party Cookies and Remarketing
Third-party vendors, including advertising and analytics providers, may use cookies and similar technologies to show ads based on your prior visits to our website and to measure ad performance. You can manage or disable cookies through your browser settings. Some services also provide their own opt-out options for personalised advertising.

Cookie Consent
Where required by law (for example in the UK, EU and Thailand), we will ask for your consent before setting non-essential cookies or using them for analytics and advertising purposes. You can manage your cookie preferences at any time through your browser settings and, where available, through our cookie or consent banner.

Tidio Live Chat
We use Tidio live chat to provide real-time support on our website. When you use the chat, Tidio may process personal data such as your name, email address, IP address and the content of your messages so that we can respond to your enquiries. This processing is carried out on our behalf and in accordance with applicable data protection laws. In some cases, this may involve transferring your data to countries outside your own, including countries that may not provide the same level of data protection as your home jurisdiction. Where this happens, we take steps to ensure that appropriate protections are in place (for example, by using standard contractual clauses or equivalent safeguards where required). You do not have to use live chat; you can always contact us via our contact form or by email instead.

Data Security
We implement technical and organisational measures designed to protect your personal information against unauthorised access, disclosure, alteration, or destruction. Our website uses SSL/TLS encryption (HTTPS) for all data transmissions. Payments are processed through PCI-DSS certified providers and card data never touches our servers. While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet or electronic storage is completely secure.

Data Retention
We keep your personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, including providing our services, processing orders, complying with legal, tax and accounting obligations, resolving disputes, and enforcing our agreements. Order data is typically retained for up to 7 years to comply with Thai tax and accounting law. When we no longer need your information for these purposes, we will delete it or anonymise it in line with our retention policies.

Your Rights
Depending on your location and applicable law, you may have the right to:

  • Access the personal information we hold about you.

  • Request correction or updating of your personal information if it is inaccurate or incomplete.

  • Request deletion of your personal information, subject to legal and contractual obligations.

  • Object to or request restriction of certain processing activities.

  • Opt out of marketing communications at any time.

  • Where applicable, request a copy of your data in a commonly used, machine-readable format (data portability).

  • Right to lodge a complaint: If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at [www.ico.org.uk](https://www.ico.org.uk). If you are located in Thailand, you may contact the Personal Data Protection Committee (PDPC). If you are in the EU/EEA, you may contact your local data protection supervisory authority.

To exercise these rights or submit a privacy-related request, please contact us using the details in the “Contact Us” section of this policy. We will respond within the timeframes required by applicable law (typically 30 days).

Children’s Privacy
Our website is not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

Third-Party Links
Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any updates will be posted on this page with an updated revision date. We recommend reviewing this policy periodically to stay informed about how we handle your information.

Contact Us
If you have any questions or concerns about this Privacy Policy or how we handle your personal information, or to exercise any of your data rights, please contact us via our contact page at https://www.artisanthai.com/contact-us.