lucky lukes logo

Privacy Policy

Lucky Luke’s Tiki Joint – Privacy Policy

Effective Date: 1 August 2025

1. Introduction

Lucky Luke’s Tiki Joint (“we,” “our,” or “us”) is committed to protecting your privacy in compliance with Thailand’s Personal Data Protection Act (PDPA) and the Department of Thai Traditional and Alternative Medicine (DTAM) telemedicine regulations.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you:

  • Visit our dispensary in person

  • Receive telemedicine consultations from licensed Thai Traditional Medicine (TTM) doctors

  • Interact with us online (website, applications, social media, messaging apps)

2. Types of Personal Data We Collect

2.1 Identity Information

  • Full name, gender, date of birth, nationality

  • Thai ID card, passport, or equivalent document details (including copies for verification)

  • Signature, occupation, membership information, and other identifiers

2.2 Contact Information

  • Home and mailing address

  • Email address, phone number

  • Messaging app IDs (e.g., LINE, WhatsApp, Facebook, Instagram)

2.3 Medical & Sensitive Data (collected only with explicit consent)

  • Medical history, allergies, current medications, lifestyle information

  • Telemedicine consultation notes and TTM prescriptions

  • Biometric data (fingerprints, facial images) if required for verification

  • Criminal history (only when required by law)

2.4 Financial & Transaction Data

  • Payment details, transaction records, invoices

  • Information required for tax, accounting, or compliance purposes

2.5 Technical & Usage Data

  • IP address, browser type, device ID, MAC address, operating system

  • Website/app usage logs, cookies, plug-ins, location data (where permitted)

2.6 Behavioural Data

  • Purchase history, service preferences, and interaction patterns

3. Purpose & Legal Basis for Processing

We collect and use personal data for:

  1. Legal compliance with PDPA, DTAM, and Thai cannabis regulations

  2. Identity verification (must be 20+ with a valid prescription)

  3. Medical assessment by licensed TTM doctors

  4. Service delivery — booking, dispensing products, payment processing

  5. Security & fraud prevention — CCTV monitoring, system protection

  6. Customer support & communication

  7. Marketing — only with your explicit opt-in consent

Legal bases under PDPA include:

  • Explicit consent for sensitive data

  • Contractual necessity for service provision

  • Legal obligation under Thai law

  • Legitimate interests (e.g., service improvement, fraud prevention)

4. Data Retention

  • Medical records — 3 years from your last consultation (DTAM requirement)

  • Other personal data — up to 10 years for legal, tax, and business purposes, unless you request earlier deletion

5. Data Sharing & Transfers

We may share your personal data with:

  • Licensed TTM doctors for prescription and consultation

  • Payment providers, banks, and accounting services

  • IT and cloud service providers

  • Government authorities when legally required

  • Overseas partners, only with PDPA-compliant safeguards and, if necessary, your explicit consent

6. Security Measures

We apply technical and organizational safeguards, including:

  • Encryption in transit and at rest

  • Role-based access control and authentication

  • Secure telemedicine platforms meeting DTAM standards

  • Regular security audits and staff training

7. Your Rights Under PDPA

You have the right to:

  • Access and obtain a copy of your data

  • Correct or update your data

  • Withdraw consent at any time

  • Request deletion or anonymisation (subject to legal retention requirements)

  • Object to certain processing activities, including direct marketing

  • File a complaint with the Personal Data Protection Committee (PDPC)www.pdpc.or.th

Requests can be made by contacting our DPO (see Section 11).

8. Cookies & Tracking

We use cookies to:

  • Improve website performance and security

  • Analyse site usage trends

You can disable cookies in your browser, but certain features may not work properly. Marketing/analytics cookies are only used with your explicit consent.

9. Cross-Border Transfers

If personal data is transferred internationally, we will:

  • Ensure the receiving country has adequate data protection standards, or

  • Use approved contractual clauses and seek your consent where required

10. Policy Updates

We may update this Privacy Policy from time to time. Changes will be posted on our website with the revised effective date.

11. Contact Us – Data Protection Officer (DPO)

If you have questions, concerns, or requests regarding this policy:

Lucky Luke’s Tiki Joint – Data Protection Officer
📧 Email: DPO@luckylukestikijoint.com
📞 Phone: +66 65 241 0420
📍 Address: Sukhumvit soi, 52/4 Soi Nana Nuea, Khlong Toei Nuea, Watthana, Bangkok 10110