Liva.com Asia Co Ltd, a company domiciled in Thailand, is a Subsidiary of the Liva Core Group, whose parent company Liva Core is domiciled in France. Thus, by browsing one of our websites you mainly access the services of the Liva Reservation Platform belonging to Liva Core. Therefore, the security and confidentiality of your personal data are covered by the measures, provided for by the General Data Protection Regulations, implemented by Liva Core for all subsidiaries of the Liva Core Group. This privacy policy allows you to understand how your data is processed within the Liva Core Group and the rights you can exercise.
Being domiciled in Thailand, Liva.com Asia Co Ltd takes into account the Thai legislation relating to the protection of personal data Personal Data Protection Act or PDPA. The PDPA law is developed on the basis of the GDPR of the European Union, however certain particularities specific to the PDPA may apply.
The PDPA applies to organizations located in Thailand, whether they collect and use data in Thailand or not. It also applies to organizations located outside Thailand if they offer goods and services to data subjects in Thailand, or if they monitor the behavior of data subjects in Thailand. The PDPA applies to data subjects in Thailand and makes no explicit reference to their nationality or place of residence in relation to the processing of personal data.
The Liva Booking Platform
Liva Core is the owner of an online platform that the company operates and which provides Users with Booking Service(s) (in particular, information, search and booking management) mainly in the transport and tourism sectors. All of the tools made available, including its plugins, directly or indirectly, are hereinafter referred to as the Liva Booking Platform.
The Liva Booking Platform has been designed in compliance with the principle of data minimization which consists of collecting only necessary personal data (data minimization); we notify you when a collection is not strictly necessary.
The processing of personal data, as detailed below, is carried out as part of the provision and use of the
Liva Booking Platform, which is offered via different websites and in different countries. This privacy policy is intended to provide a general overview of our privacy practices.
Definitions
The terms defined in this Privacy Policy supplement or clarify the terms defined in the General Conditions.
Liva Booking Platform: Booking engine type software enriched with its plugins, developed by Liva Core together forming a comprehensive search and booking solution.
Website(s): Websites whose domain name belongs to Liva Core (example: liva.com, phuketferry.com, ferrysamui.com, baliferry.com, etc.).
Transport(s): The various services and products, core and related, of the Transport Provider(s) that the User(s) can order, purchase, rent, book or consume .
Transport Provider(s): The provider of any product or service available on the Liva Booking Platform for a Booking(s).
Booking Service(s): Online order, purchase, payment or booking services for different products and services on Liva Booking Platform.
Booking(s): The order of a Service or Product available and completed on the Liva Booking Platform.
User(s): Anyone using a Website(s) or the Liva Booking Platform. User account: User account on the Liva Booking Platform.
Liva Core Group: All Liva Core Group companies, notably Liva Core (parent company) and its subsidiaries (such as Liva.com or Liva.com Asia).
Recipient(s): Any natural or legal person who receives personal data from Liva Core, this may include Liva Core employees or external entities (for example: Transport Provider(s), partners, banking establishments, etc.).
Personal data: Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by a reference to an identifier, such as name, identification number, location data, online identifier, or one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Purpose(s): The main objectives assigned to the processing and the substantial functions implemented.
Data subject: User(s) or Customers whose Personal Data is collected and integrated into the Processing of the Personal Data of Liva Core.
Controller: The company Liva Core is the entity responsible for processing personal data for the processing activities listed in this privacy policy and carried out as part of the Booking Service(s) offered via the Liva Booking Platform and its Website(s), unless otherwise indicated or explicitly stated.
Processor: Any natural or legal person who processes Personal Data on behalf of Liva Core.
Personal data processing: Any operation or set of operations relating to Personal Data, regardless of the process used, such as collection, recording, organization, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, broadcast or any other form of making available, reconciliation or interconnection, as well as blocking, erasure or destruction.
Transparency and detailed information
First of all, transparency is expressed by reminding you what information you are entitled to access regarding the processing activities. Therefore, in case you consider that information is missing or is not sufficiently clear in this Privacy Policy, we invite you to contact our DPO who will endeavor to answer your questions.
The information relating to the processing activities of your personal data that we share with you:
- The identity and contact details of the data controller.
- Contact details of the data protection officer.
- Recipients or categories of recipients.
- Where applicable, the legitimate interests pursued by the data controller or by a third party.
- Where applicable, the fact that the controller intends to transfer personal data to a third country or to an international organization.
- The duration of data retention.
- The existence of the right to request from the controller access to your personal data, rectification or erasure thereof, or the restriction of processing relating to the data subject, or the right to object processing and the right to data portability.
- Where applicable, the existence of the right to withdraw consent at any time.
- The right to lodge a complaint with a supervisory authority.
- The information on whether the requirement to provide personal data is of a regulatory or contractual nature or whether it conditions the conclusion of a contract and whether the data subject is obliged to provide the personal data, as well as the possible consequences of non-provision of this data.
- The existence of automated decision-making, including profiling.
- The information about any further processing of personal data for a purpose.
- The data controller and the objectives of collecting this data (purposes).
- The legal basis for data processing.
- The mandatory or optional nature of the data collection in order to manage your request and the reminder of the categories of the processed data.
- The source of the data (when other data than those provided via the online service are used to process your request).
- The categories of data subjects.
- The recipients of the data (in principle, only our company, unless otherwise specified when transmission to a third party is necessary).
- The duration of data retention.
- Security measures (general description).
- The possible existence of data transfers outside the European Union or automated decision-making.
- Your rights and how to exercise them.
Data sources
Data subject
The Booking Service(s) offered by Liva Core requires you to communicate certain information to enable you to make a Booking(s). All personal data is then provided to us in general by you, the data subject concerned by the processing. You can also share certain information of your own volition in order to benefit from a better quality of service during Transport(s) (e.g. special need for accessibility). In this case, be sure to only communicate the strictly necessary information, including in free text fields (for example the “message” field in a form). Likewise during your communication with our Customer Service, via our contact form, our messaging or any other solutions external to the Liva Booking Platform that we use, social networks or specialized service providers, such as Zendesk, Whatsapp, Messenger, Instagram, X (Twitter).
Other User(s)
In order to respect the principle of minimizing the processing of personal data, the email of the people accompanying you is not required during the Booking(s), consequently, Liva Core cannot enter directly into contact with the accompanying persons. Therefore, we ask you to ensure the accuracy of the data that you may share with us concerning them, and then to share with them, as soon as possible, the link to this Privacy Policy page, in order to inform them about the processing of their data and their rights.
Automatically
When browsing our Website(s) or using the Liva Booking Platform, certain information about you is automatically collected.
Accessible to the public
For Professional Clients or Partners, certain publicly accessible legal data, concerning the legal entity for which they act, may be provided by specialized partners.
Partners
Business partners such as Liva Core Group subsidiaries.
Service Provider(s)
The Booking Service(s) provided by the Liva Booking Platform uses external service providers. In certain situations, these service providers may be required to send us certain information about you, mainly in order to finalize a Booking(s).
Transport Provider(s)
The Transport Provider(s) may contact us and share information about you in limited cases, for example in the event of a difficulty encountered with your Booking(s), or in the event of a dispute with you. Liva Core then ensures that it only collects the strictly necessary data and limits its access to authorized recipients (for example, a litigation manager).
Social networks
You can log in to your User account by associating it with your account on a social network. This method of connecting via a social network may involve an exchange of data. You can object to this method simply by choosing to connect with your email.
Processing activities
The purposes of the processing activities are based on the following legal bases described in the General Data Protection Regulation (GDPR): your consent (which you can withdraw at any time), performance of a contractual or pre-contractual obligation, legal duty, legitimate interest.
Booking(s)
Purpose
Allow the User(s) to search for and, then,complete and manage their Booking(s) online as smoothly and comfortably as possible. To clarify, this involves any communication relating to your Booking(s) (confirmations, reminders, invoicing, modifications, online registration, if necessary, with the Transport Provider(s)).
Subsequent Purpose(s): Proposals for services closely linked to the Booking(s) (e.g.: additional proposals, anniversary date offers).
Legal basis
6.1.b - the processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject.
Data provision requirement
Liva Core cannot complete the Booking(s) if the required data is not communicated by the User(s).
Categories of data likely to be processed
- User Account - Creation and authentication: First name, Last name, Email
- User Account - Profile: Title, Nationality, Date of birth, Telephone number
- Booking - Customer information: Title, Nationality, Date of birth, Telephone number
- Booking - Contact information: Email, Telephone number
Payment is made by the User(s) directly to our partner offering the payment gateway; Liva Core does not intervene in the processing of your data related to payment (Payment - Credit Card: Name of holder, Card number, Expiry date, CVC/CVV). Our partner for payment management is Omise, PCI Thailand certified payment gateway (Omise Co., Ltd. 1448/4 J2 Building, Crystal Design Center (CDC), Soi Ladprao 87 (Chandrasuk), Praditmanutham Road, Khongchan, Bangkapi, Bangkok 10240 Thailand). As part of the payment management for your Booking(s) with your credit card, we may share personal data about you with this partner, including actions relating to payment, oppositions, reimbursements or even fraud prevention. See Omise's privacy policy.
Storage duration
As long as the User account is active and up to 5 years from the last Booking(s). User account
Purpose
User(s) can create an account on our websites. The information you provide to us is used to manage this account and allow you to take advantage of each Booking Service(s) offered on Liva Booking Platform (for example: carry out a search, book, consult your Booking(s), configure your account, save your personal information).
Legal basis
6.1.a - the data subject has consented to the processing of his or her personal data for one or more specific purposes.
Data provision requirement
Liva Core cannot complete the creation of your User account if the required data is not communicated by the User(s).
Categories of data likely to be processed
- User Account - Creation and authentication: First name, Last name, Email
- User Account - Profile: Title, Nationality, Date of birth, Telephone number
- Booking - Customer information: Title, Nationality, Date of birth, Telephone number
- Booking - Contact information: Email, Telephone number
Storage duration
As long as the User account is active and until its deletion, or 3 years from the date of the last activity.
Customer service
Purpose
The aim of Customer Service is to assist you during your Booking(s) (for example: with creation/management of your account, payment, invoicing) and each time you contact us for any other reason relating to your Booking(s) (for example: about your Transport Provider(s), complaints). In order to guarantee the quality of our customer service, it is made available to you via different tools, in several languages and from different geographic zones. This allows us to ensure its maximum availability.
Legal basis
6.1.a - the data subject has consented to the processing of his or her personal data for one or more specific purposes.
Data provision requirement
Liva Core cannot provide customer support if the required data is not provided.
Categories of data likely to be processed
- User Account - Creation and authentication: First name, Last name, Email
- User Account - Profile: Title, Nationality, Date of birth, Telephone number
- Booking - Customer information: Title, Nationality, Date of birth, Telephone number
- Booking - Contact information: Email, Telephone number
Our main partner for customer service management is Zendesk, a cloud based customer service platform offering ticketing and, more generally, customer support solutions. We may share your personal data with this partner, as part of the support that we offer you at all stages of your Booking(s). This mainly concerns information that you share with our Customer Service, for example, when using services such as “Support chat talk”. See Zendesk's privacy policy.
Storage duration
As long as the User Account is active, or until consent is withdrawn and 3 years from your last request for assistance.
Accounting and invoicing
Purpose
We keep invoices and other mandatory documents as part of your Booking(s), which may include your personal data, in order to meet our general accounting and taxation obligations.
Legal basis
6.1.c - the processing is necessary for compliance with a legal obligation to which the data controller is subject.
Categories of data likely to be processed
- User Account - Profile: Title, Nationality, Date of birth, Telephone number
- Booking - Customer information: Title, Nationality, Date of birth, Telephone number
Storage duration
10 years from the end of the current fiscal year. Safety and prevention
Purpose
Ensuring the security of User(s) data is a priority concern for Liva Core. Specifically, this involves detecting and preventing any suspicious events on the Liva Booking Platform and all of the Website(s) of Liva Core Group.
Legal basis
6.1.c - the processing is necessary for compliance with a legal obligation to which the data controller is subject.
EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 relating to the protection of individuals with regard to the processing of personal data and the free movement of such data, known as General Data Protection Regulation - GDPR.
Legal obligation for security and protection of personal data (article 32 of the GDPR).
Categories of data likely to be processed
- User Account - Creation and authentication: First name, Last name, Email
- User Account - Profile: Title, Nationality, Date of birth, Telephone number
- Booking - Customer information: Title, Nationality, Date of birth, Telephone number
- Booking - Contact information: Email, Telephone number
- Browsing: Media type (computer, mobile, tablet, etc.), Display format, IP address, Browser, Language, Connection timestamp, Conversion tunnel, referring URL
- Logging: User Activities, Identifiers, Connection Timestamps, IP Address
Storage duration
As long as the User Account is active and until its deletion or 5 years from the last activity.
Data sharing
Liva Core shares your data within the Liva Core Group and with third parties, within the limits of what is necessary in order to achieve the purposes of each processing. Aside from the Transport Provider(s) that you have selected, these third parties may also include other
third parties that are used for offering you our Booking Service(s), in particular via the Liva Booking Platform (example: banking establishments or even subsidiaries of the Liva Core).
Liva Core is a company with an international dimension which relies on a network of subsidiaries and partners. In addition, our tourism-related activity is intrinsically cross-border; our User(s) make Booking(s) on the Liva Booking Platform from different countries and with Transport Provider(s) located in other countries.
In this context, when your personal data is transmitted to different countries subject to different legislations, Liva Core puts in place the necessary measures so that the cross-border processing of your data complies with European regulations relating to data protection, while taking into account the requirements related to the transfers with countries outside the EU. Liva Core implements protective, contractual, organizational and technical measures in order to guarantee the protection of the transfers mentioned. You may contact us (dpo@livacore.com) to obtain more information on this subject.
Within Liva Core Group
Your personal data may be transmitted from or to each company in Liva Core Group, particularly in order to provide our Booking Service(s), ensure our Customer Service, or prevent any personal data breach. Liva Core relies on its subsidiaries, that are present in different regions, in order to offer better services. Your personal data may be shared with the subsidiaries of Liva Core Group, for example, when you request Customer Service.
With the Transport Provider(s) of your Booking(s)
At the stage of finalizing your Booking(s), some of your personal data, necessary for the Transport Provider(s) to ensure its service, are communicated to it. The information may vary depending on the Booking(s) and the requirements of the Transport Provider(s),Generally, it is data relating to Booking - Contact information: Email, Telephone number.
We remind you that the Transport Provider(s) provide you with a Transport(s) service that is completely independent of the Booking Service(s) that we offer you. Please read the privacy policy of the Transport Provider(s), before finalizing your Booking(s), in order to approve the framework in which they process your personal data, in particular when they ask you to communicate complementary personal data to them (for example, in order to comply with the requirements of their insurance policy).
With social networks
Liva Core has implemented multiple functionalities developed and made available by social networks, which implies the transmission of certain categories of your personal data with these networks, when you consent to their use.
Login via Facebook, Instagram or Google account
In addition to a standard connection to the User account via an email address, Liva Core also offers the User(s) the opportunity to connect to their User account on the Liva Booking Platform using their own identifiers on their Facebook, Instagram or Google accounts.
- By connecting via their Google account, the User(s) consents to Google sharing their name, email address, language preference and profile photo with Liva Core.
- By connecting via their Facebook account, the User(s) consents to Facebook sharing with Liva Core to receive information that they may choose to share, such as their email address. When you use Facebook to connect to Liva Booking Platform, Facebook uses cookies and similar technologies that share information about you with Facebook.
- By connecting via their Instagram account, the User(s) consents to Instagram sharing with Liva Core to receive information that they may choose to share, such as their email address. When you use Instagram to connect to Liva Booking Platform, Instagram uses cookies and similar technologies that share information about you with Instagram.
The User(s) can freely dissociate his Facebook, Instagram or Google account from his User account on the Liva Booking Platform.
Facebook, Instagram or Google may possibly cross-reference data concerning you collected from the Liva Booking Platform with other data concerning you collected on other sites or applications, this cross-referencing may allow indirect access to certain personal data concerning you, we invite you to read the privacy policies of Facebook, Instagram and Google before using their connection service to the Liva Booking Platform.
Implementation of extensions connected to social networks
The Liva Booking Platform has implemented connection extensions with social networks, their functions consist of allowing you, for example, to “connect with” or even “share” certain information on your Facebook, Twitter, Instagram or Google accounts. We invite you to check your sharing settings on your social network accounts, in order to control the visibility of the data thus shared and possibly visible to others.
Social media messaging services
The Liva Booking Platform has implemented social networking messaging services to allow you to communicate in the way that suits you with the Liva Core teams.
Before using them, we invite you to read the privacy policies of the Whatsapp, Messenger and Line, available on the Liva Booking Platform.
With our advisors
In certain cases, we may share certain strictly necessary personal data about you with our advisors (internal or external). This may involve, for example, law firms (themselves subject to an obligation of confidentiality) in the case of litigation management or to simply respond to a complaint.
With the authorities
In certain cases, when the law or any other legal obligation requires it from us, or in order to defend our rights, we are required to share certain strictly necessary personal data concerning you with certain authorities.
Data retention and transfer
We have chosen to store the majority of data with providers whose servers are located in the European Union area and which ensure one of the highest levels of data security on the market.
The hosting of the Liva Booking Platform and our Website(s) as well as the optimization and security of the databases are provided by our subcontractor OVH (head office: 2 rue Kellermann - 59100 Roubaix - France), we control the main parameters of the platform including the choice of data location in data centers located in the Europe zone:
« When the customer chooses a service in which one or more data centers in the European Union are used: In this case, the customer's data will never be transferred outside: member countries of the European Union or recognized countries by the European Commission as having a sufficient level of protection [...] ». OVH.
We invite you to consult OVH privacy policy for further details on the security measures implemented and the documentation relating to compliance.
We may transfer data outside the European Union, either on the basis of a so-called adequacy decision of the recipient's country, or on the basis of appropriate guarantees implemented by the recipient.
For each processing the data is kept for the period necessary for the specific purpose of the processing (according to the form provided in the register of “processing activities”). Additional retention period may be added to this initial period according to the legal requirement applicable to the processing in question, during which the data is kept in intermediate archives with restricted access. At the end of the established retention periods, we delete the personal data from our databases.
Security measures
We pay particular attention to the confidentiality and security of your personal data. Liva Core has established an authorization management policy, this is an organizational security measure aimed at regulating access to the Liva Core Group information system by all of our teams (employees and service providers). This measure helps to strengthen the protection of your personal data against any illegitimate access, in order to preserve their confidentiality and integrity.
We have put in place a whole series of technical measures (example: pseudonymization, anonymization, firewall, database backups) to ensure the availability of your data.
Two-factor authentication to connect to the User account helps limit the risk of fraudulent connection.
Personal data relating to children
Liva Core does not offer any Booking Service(s) to people under the age of 16; these young people cannot create a User account on the Liva Booking Platform or make Booking(s). The User(s) must be at least 16 years old to access the Liva Core Booking Service(s). Liva Core may only process children's personal data when it has been transmitted by, or with the consent of, one of the parents (or legal guardians).
Exercise your rights
Data subjects have the right to request from the controller access to personal data, rectification (completed, clarified, updated) or erasure thereof, or restriction of processing personal data relating to the concerned person, or the right to object to the processing and the right to data portability (within the conditions set by the regulation).
The protection of your personal data is a priority, we have therefore designated an external data protection officer "DPO" (within the meaning of article 13.1.b of the GDPR) to the CNIL, the supervisory authority in France. The certificate of appointment of the data protection officer is available at the following link
You may have already created a User account on the Liva Booking Platform, in which case please note that the User(s) can frequently make changes or even delete some of their own personal data without requiring our intervention. Requesting deletion of your User account is possible from your account.
If certain personal data concerning you is not accessible from your User account, you can contact our DPO for any request on this subject.
In order to facilitate the exercise of your rights, we have made several means of communication available to you, so you can:
- Contact our data protection officer at the following email address: dpo@liva.com.
- Send us a letter to the following postal address: Liva Core, 2 avenue du Président Pierre Angot, 64000 Pau, France.
- Contact us via the form available on the website: https://www.phuketferry.com/privacy-policy.html, https://www.ferrysamui.com/privacy-policy.html, https://www.liva.com/privacy-policy.html.
We will tell you if it is necessary to attach documents to your request in order to confirm your identity (your identity document, for example).
You have the right to lodge a complaint with a supervisory authority, the supervisory authority in France is the CNIL.
- Postal address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, France
- Telephone: +33 (0)1 53 73 22 22
- Submit a complaint online at the following link: https://www.cnil.fr/fr/plaintes/ (customer service for complaints)
General
The French language version of this Privacy Policy shall prevail in all respects and prevail in the event of inconsistencies with the translated versions, if any. All other language versions of this Privacy Policy are provided for convenience only.
Send a request to our Data Protection Officer
All data collected by this form will be redirected to the email dpo@liva.com only. The response will be by default by email unless otherwise requested.