Faraway Yachting is a yacht-charter brokerage operating from 40/1 Moo 9, Chalong, Mueang Phuket District, Phuket 83130, Thailand. For the purposes of EU and UK data-protection law, where it applies to processing of personal data we carry out, we are the data controller.

We can be contacted about any privacy matter at booking@faraway-yachting.com or in writing at the address above. Where a Client is resident in the EU or UK, we will respond to data-subject requests within thirty days. For all other Clients, we apply the same standard as a matter of policy.

We only collect personal data that we genuinely need to plan, book, and support your charter, or to comply with the law.

Enquiry data. When you write to us via the website form, WhatsApp, email, phone, Line or Telegram, we record what you tell us: typically your name, contact details, the region and dates you're considering, group size, budget range, and any preferences or accessibility needs.

Booking data. Once you proceed to a booking, the Operator will require additional information for the Charter Contract: full legal names of all guests, dates of birth, nationalities, passport numbers, and (for skippered or bareboat Charters) sailing qualifications and experience for the nominated skipper.

Payment data. We do not store full card numbers on our own systems. Where you pay by bank transfer, we hold the standard transactional information (your name, bank, amount, reference) for accounting and audit purposes. Where you pay through a card processor, that processor (not us) holds your card data subject to PCI-DSS.

Website data. We log basic technical information about visits to the website — IP address, browser type, pages viewed, referrer — for security and analytics. We do not run third-party advertising trackers.

Where EU or UK data-protection law applies, we rely on the following lawful bases.

Contract. To plan, book, and support a Charter you have requested, we process your data on the basis that this processing is necessary to take steps at your request prior to a contract, and to perform that contract once it is in place.

Legitimate interests. We use enquiry and visit data to operate the website securely, to prevent fraud, and to provide aftercare such as following up on a charter that has just ended. We have weighed these interests against your rights and consider them proportionate.

Legal obligation. We retain financial records and bookkeeping data for the period required by Thai tax and accounting law (currently seven years).

Consent. We only send marketing emails (the monthly newsletter) where you have actively subscribed. Every newsletter contains a one-click unsubscribe link; we honour unsubscriptions immediately, with no follow-up.

We share your data only where necessary and only with the parties listed below.

Operators. The Operator of the yacht you book receives the personal data required to issue the Charter Contract and to comply with port, customs, and immigration requirements. Operators are independent businesses with their own privacy practices; we choose Operators who handle data responsibly and require them to do so contractually.

Service providers. We use a small number of carefully selected processors to run our business: a Workspace email and document provider (Google Workspace), a website host (Vercel), a database we operate ourselves on hosted infrastructure, an accounting software provider, and standard messaging platforms (WhatsApp, Line, Telegram) on which our customer conversations take place. Each is bound by their own published terms and, where relevant, by data-processing agreements.

Authorities. We will disclose data to regulators, tax authorities, courts, or law-enforcement bodies where we are legally compelled to do so. We do not provide voluntary disclosures.

We do not sell, rent, or barter your personal data to anyone, ever. There are no advertising-network partners, no data brokers, and no "marketing partners" in our supply chain.

Faraway Yachting is based in Thailand. Some of our service providers (email, hosting, messaging) operate from servers in the European Union, the United Kingdom, the United States, and Singapore. Your personal data may therefore be transferred to and processed in those countries.

Where data flows from the EU or UK to a country without an adequacy decision, we rely on the European Commission Standard Contractual Clauses (or the UK International Data Transfer Addendum) signed with the relevant processor, supplemented by technical safeguards such as in-transit and at-rest encryption.

Enquiries that do not become bookings are kept for twenty-four months from your last message, so we can pick up where you left off if you return to plan a different trip. After that, your enquiry record is deleted from our active systems.

Booking records are kept for seven years after the end of the relevant tax year, in line with Thai accounting and tax-record requirements. After that, financial records are deleted and any associated personal data is anonymised or removed.

Newsletter subscriptions are kept for as long as you remain subscribed. On unsubscribe we keep your email address only on a suppression list (so we never email you again by mistake); this is a legitimate-interests basis we will document on request.

Website logs are kept for ninety days for security purposes, then deleted.

Whatever law applies to your data, we will honour the following rights as a matter of company policy. EU and UK residents have these rights as a matter of law.

Access. You can ask for a copy of the personal data we hold about you. We will provide it in a standard format within thirty days.

Correction. You can ask us to correct any inaccurate or incomplete data we hold about you. We update on receipt and propagate the correction to any Operator who already received it.

Deletion. You can ask us to delete your data. We will do so unless we are legally required to keep it (typically: bookings within the seven-year accounting retention window).

Objection and restriction. You can object to particular processing or ask us to restrict it pending a query. Common cases: stop using my data for newsletter, stop sharing my data with a specific Operator.

Portability. Where we rely on contract or consent, you can ask for your data in a machine-readable format and to have it transmitted to another controller.

Complaint to a regulator. EU residents can complain to their national data-protection authority; UK residents can complain to the Information Commissioner's Office (ico.org.uk). We would always prefer the chance to put a concern right ourselves first — email booking@faraway-yachting.com.

This website uses a minimum set of cookies. Strictly necessary cookies (used to remember whether you have dismissed the cookie banner, to keep your currency preference, and to maintain a session if you log in to the Mission Control portal) are set without consent because the site cannot function without them.

We use first-party analytics to understand which pages people read and where they leave. We do not use Google Analytics, Meta Pixel, or any third-party ad-network tracker. Aggregated analytics data does not identify individuals.

You can clear cookies at any time using your browser controls. Doing so will reset your currency preference and (if logged in) log you out.

We take pragmatic, sailor-grade care of your data. Our customer database runs on encrypted disk; backups are encrypted and stored in geographically separate locations; access to client records is restricted to the small operating team and is logged. Provider credentials are stored using authenticated encryption with rotating keys. Our website is served exclusively over HTTPS.

No system is perfect. In the event of a personal-data breach affecting your information, where the breach is likely to result in a risk to your rights, we will notify you and the relevant regulator within seventy-two hours of becoming aware of it, in line with GDPR Article 33.

For any privacy matter — to exercise a right, to ask a question, or to make a complaint — write to our Data Protection lead at booking@faraway-yachting.com with "Privacy" in the subject line, or by post to the office address above. Please include enough detail to identify the data you are asking about; we may ask for a proof of identity for deletion or access requests.

We will revise this policy whenever our practices change. The version above is the one in force; the 'Last updated' date at the top reflects the most recent revision. Material changes will be flagged on our home page for at least thirty days. Older versions are archived internally and available on request.