Privacy & PDPA Compliance

Privacy policy for Miss Grand Songkhla Satun

This notice explains what personal data we collect, the reasons we use it, how long we retain it, and the rights guaranteed to contestants, guests, and partners under the Thai PDPA.

Updated · 19 November 2025

What we collect

We only request information that is necessary for operations, safety, or legal duties.

  • Identity & contact. Full name, nationality, date of birth (when eligibility must be verified), national ID or passport number (only when legally required), phone number, email, postal address, and preferred language.
  • Application & portfolio. Education history, professional experience, community projects, measurements, photos, videos, questionnaire answers, guardian consent letters, and any supporting documents you submit.
  • Usage & device signals. IP address, browser type, device model, interaction logs, referral sources, and cookie-based analytics that help us understand how visitors navigate the site.
  • Transactions & compliance. Ticket bookings, payment confirmations (processed via PCI-DSS compliant gateways), invoices, tax documents, and correspondence used to meet PDPA and other legal obligations.

Why we use your data

Every activity has a lawful basis such as consent, contractual necessity, legitimate interest, or legal obligation.

Competition operations

  • Confirm eligibility, identity, and residency requirements.
  • Coordinate rehearsals, fittings, mentoring sessions, and live broadcasts.
  • Issue agreements, emergency notices, and logistics updates to contestants and guardians.

Guest & partner services

  • Fulfil ticket reservations, merchandise orders, and hospitality requests.
  • Share event highlights or offers from aligned partners only after you opt in.
  • Measure high-level audience interest so we can improve programming and experience design.

Legal & security duties

  • Comply with the Thai Personal Data Protection Act (PDPA) and international standards.
  • Respond to lawful requests from regulators, courts, or law-enforcement agencies.
  • Prevent fraud, abuse of credentials, and threats to the health and safety of participants.

Who processes your data

We rely on vetted processors bound by confidentiality obligations and equivalent security standards.

  • Application & portfolio system. Encrypted storage of contestant submissions, measurement data, and judging notes.
  • Ticketing & payment partners. Handle seat reservations, QR passes, and cashless payments under PCI-DSS controls.
  • Email and notification platform. Send transactional updates and consent-based newsletters with audit logs for compliance.

Personal data is retained for no longer than five years after a season unless law requires a longer period. When it is no longer needed, we delete it or anonymise it irreversibly.

Safeguards

  • Technical controls. TLS 1.3 encryption in transit, hashed secrets at rest, daily integrity monitoring, role-based access, and geo-fenced admin consoles.
  • Organisational controls. PDPA training for every staff member, vendor NDAs, privacy-by-design checklists, and rehearsal drills for incident response.

Your PDPA rights

You can exercise these rights free of charge unless a request is manifestly excessive or repetitive.

  • Right to be informed about how and why your data is processed.
  • Right to access and obtain a copy of personal data we hold about you.
  • Right to correct inaccurate, incomplete, or outdated information.
  • Right to request deletion when the data is no longer necessary or legally required.
  • Right to restrict or object to specific processing activities.
  • Right to withdraw consent without affecting past lawful processing.
  • Right to data portability when technically feasible.

How to reach our privacy team

Provide your request details, contact information, and identification documents so we can respond quickly.

  • Secure contact form. Submit a PDPA request through the Contact page and choose the subject “Data access/erasure”.
  • Physical submission. Deliver a signed request and a certified copy of your ID to the Miss Grand Songkhla Satun office or registration counter during business hours.
  • Response time. We answer every verified request within 30 business days. If we need more time, we will notify you with the reason and extended timeline.

If you are under 20, please submit every request with your lawful guardian as required by PDPA Section 20.