Data Protection Policy

1. Who We Are

MeloClassic (“we”, “our”, “us”) operates the online classical CD store at www.meloclassic.com. We are the data controller responsible for the personal data you provide when shopping with us. We are committed to protecting your personal data in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (PDPA), which has been fully in force since 1 June 2022.

2. What Data We Collect

When you visit or purchase from our store, we may collect:

  • Name, email address, phone number, and delivery/billing address
  • Payment information (processed securely by Stripe and Pay Solutions — we do not store card details)
  • Order history and purchase preferences
  • IP address, browser type, and website usage data via cookies
  • Communications you send us (emails, enquiries, and reviews)

3. Why We Collect Your Data

We collect and use your personal data for the following purposes:

  • To process and fulfil your orders and deliver CDs to you
  • To send order confirmations, invoices, and shipping updates
  • To handle returns, refunds, and customer support enquiries
  • To improve our website and product offerings
  • To send marketing emails, only with your explicit consent
  • To comply with applicable legal and tax obligations in Thailand

4. Legal Basis for Processing

Under the PDPA, we process your data on the following legal bases:

  • Contract: Processing necessary to fulfil your order
  • Legal obligation: Tax records and regulatory compliance
  • Consent: Marketing emails and non-essential cookies (you may withdraw at any time)
  • Legitimate interests: Fraud prevention and website security

5. Who We Share Your Data With

We only share your data when necessary, with trusted third parties including:

  • Payment processors (Stripe and Pay Solutions) — for secure transaction processing
  • Shipping and logistics partners — to deliver your order
  • Email service providers — for order notifications
  • Website hosting and analytics providers

We do not sell your personal data to any third party.

6. International Data Transfers

Some of our service providers (such as Stripe) are based outside Thailand. When we transfer your data internationally, we ensure appropriate safeguards are in place as required by the PDPA cross-border transfer regulations (March 2024).

7. How Long We Keep Your Data

We retain your personal data only as long as necessary:

  • Order and customer account data: 5 years (Thai tax law requirements)
  • Marketing consent records: Until you withdraw consent
  • Website usage data: 13 months
  • Customer support communications: 2 years

8. How We Protect Your Data

We implement appropriate technical and organisational security measures, including:

  • SSL/HTTPS encryption on all pages of our website
  • PCI-DSS compliant payment processing via Stripe
  • Restricted staff access to customer personal data
  • Regular security reviews of our systems and processes

9. Your Rights Under the PDPA

As a data subject under Thailand’s Personal Data Protection Act, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Correction: Ask us to correct inaccurate or incomplete information
  • Right to Erasure: Request that we delete your personal data
  • Right to Object: Object to certain types of processing of your data
  • Right to Restriction: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format

To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days of receiving your request.

10. Cookies

We use essential cookies to operate our store and optional analytics cookies to understand how customers use our website. You will be asked for your consent before any non-essential cookies are placed on your device.

You can manage or withdraw your cookie preferences at any time via the cookie settings link in our website footer.

11. Marketing Communications

We will only send you marketing emails if you have given us your explicit consent. You may unsubscribe at any time by:

  • Clicking the unsubscribe link in any marketing email we send
  • Contacting us directly using the details in Section 12

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

12. Data Breaches

In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify the relevant Thai authorities and affected individuals as required under the PDPA.

13. Contact Us

For any questions about this policy, to exercise your rights, or to raise a concern, please contact us:

Website:www.meloclassic.com
Email:info@meloclassic.com

If you are not satisfied with our response, you have the right to lodge a complaint with Thailand’s Personal Data Protection Committee (PDPC) at www.pdpc.or.th.

This policy is reviewed annually or whenever significant changes to our data processing activities occur. We will notify you of material changes via email or a prominent notice on our website.

My selected CDs 0