Privacy Policy

Last updated: March 20, 2026

YMCA Chiang Mai ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

1. Information We Collect

We collect information that you provide directly to us, including: Personal Information: - Full name, email address, phone number - Date of birth and gender - Home address and preferred branch location - Emergency contact information Account Information: - Login credentials (email and encrypted password) - Profile preferences and settings - Privacy and notification preferences Transaction Information: - Donation records and amounts - Membership subscription details - Program enrollment and event registration history Automatically Collected Information: - Browser type, device information, and operating system - IP address and approximate location - Pages visited, time spent, and navigation patterns - Referral source and search terms (when analytics cookies are accepted)

2. How We Use Your Information

We use the information we collect for the following purposes: - Service Delivery: Managing your membership, processing donations, enrolling you in programs, and registering you for events - Communication: Sending membership updates, event notifications, newsletters, and important announcements - Personalization: Tailoring content and recommendations based on your interests and activity - Analytics: Understanding website usage patterns to improve our services (only with your consent) - Security: Protecting against unauthorized access, fraud, and maintaining data integrity - Legal Compliance: Meeting our obligations under Thai law, including the Personal Data Protection Act (PDPA)

3. Cookies and Tracking

Our website uses cookies categorized as follows: Necessary Cookies (Always Active) Essential for website functionality, including authentication sessions (Supabase), security tokens, and user preferences. These cannot be disabled. Analytics Cookies (Requires Consent) Google Analytics 4 (GA4) helps us understand how visitors interact with our site — page views, session duration, traffic sources, and popular content. Data is anonymized and aggregated. Marketing Cookies (Requires Consent) Used for advertising campaigns on platforms like Google Ads and Facebook. These cookies help deliver relevant ads and measure campaign effectiveness. You can manage your cookie preferences at any time using the cookie banner at the bottom of the page, or by clearing your browser cookies and revisiting the site.

4. Data Protection & Security

We implement appropriate technical and organizational measures to protect your data: - Encryption: All data transmitted via HTTPS/TLS encryption - Access Control: Role-based access control (RBAC) ensures only authorized personnel access your information - Database Security: Row-Level Security (RLS) policies on our database - Audit Logging: All administrative actions are logged for accountability - Password Security: Passwords are hashed and never stored in plain text - Regular Reviews: Periodic security assessments and updates

5. Data Sharing & Third Parties

We do not sell your personal information. We may share data with: - Supabase: Our database and authentication provider (data stored securely in cloud infrastructure) - Vercel: Our website hosting provider - Google Analytics: Website usage analytics (only with your consent) - Payment Processors: When processing donations (transaction data only) - Legal Authorities: When required by law or to protect our rights All third-party providers are bound by their own privacy policies and data protection agreements.

6. Your Rights (PDPA Compliance)

Under Thailand's Personal Data Protection Act (PDPA), you have the right to: - Access: Request a copy of your personal data we hold - Correction: Request correction of inaccurate or incomplete data - Deletion: Request deletion of your personal data (subject to legal retention requirements) - Restriction: Request restriction of processing in certain circumstances - Portability: Request your data in a commonly used, machine-readable format - Withdrawal: Withdraw consent for data processing at any time - Objection: Object to data processing based on legitimate interests To exercise any of these rights, contact us at privacy@ymca-chiangmai.org.

7. Data Retention

We retain your personal data only as long as necessary: - Active Membership Data: For the duration of your membership plus 2 years - Donation Records: 7 years (as required by Thai tax law) - Account Data: Until you request deletion - Analytics Data: Aggregated data retained indefinitely; individual data deleted after 26 months - Audit Logs: Retained for 3 years for security purposes

8. Children's Privacy

We are committed to protecting children's privacy. For members under 18, we require parental or guardian consent before collecting personal information. Parents and guardians may review, modify, or request deletion of their child's information at any time.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights: YMCA Chiang Mai 123 Santitam Road, Suthep, Mueang Chiang Mai Chiang Mai 50200, Thailand Data Protection Officer: Somchai Prasert Email: privacy@ymca-chiangmai.org Phone: +66 53 123 456 For complaints, you may also contact the Office of the Personal Data Protection Commission (PDPC) of Thailand.