Privacy Policy

Our Platform provides digital queue management and customer flow solutions for restaurants, clinics, retail businesses, service centers, and other organizations. Features may include:

• Queue registration
• QR code queue access
• Real-time wait tracking
• LINE & Telegram notifications for End Users
• Email invitations and login for Business Client staff
• Reservation and booking management
• Analytics and operational insights
• Customer support services

The Platform may be used by:

• Business customers ("Business Clients")
• Individual end users joining queues ("End Users")

We may collect the following categories of personal data:

We process personal data for the following purposes:

• Providing queue management services
• Managing reservations and appointments
• Sending queue notifications and updates
• Authenticating users
• Customer support
• Improving platform performance and features
• Security monitoring and fraud prevention
• Billing and payment processing
• Legal and regulatory compliance
• Statistical analysis and reporting
• Algorithmic Optimization: Anonymizing and aggregating operational data (such as party sizes, wait times, and venue context) to train our algorithms, predict queue behaviors, and generate statistical insights. Once anonymized, this mathematical data can no longer identify an individual and is exempt from PDPA deletion requests.

We will only process personal data for lawful purposes under the PDPA.

Under the PDPA, we rely on one or more of the following legal bases:

• Contractual necessity
• Legitimate interests
• Consent
• Compliance with legal obligations
• Prevention or suppression of danger to life, body, or health

Where consent is required, users may withdraw consent at any time.

We may use cookies and similar technologies to:

• Maintain user sessions
• Improve system functionality
• Analyze usage patterns
• Enhance user experience

Users may disable cookies through browser settings, although some features may not function properly.

We may disclose personal data to:

• Cloud hosting providers
• Notification and messaging providers
• Payment processors
• IT and security service providers
• Analytics providers
• Government authorities where legally required

We require third parties processing personal data on our behalf to implement appropriate security and confidentiality measures.

We do not sell personal data.

Personal data may be transferred to and stored on servers located outside Thailand.

Where international transfers occur, we will implement appropriate safeguards as required under the PDPA, including:

• Contractual protections
• Adequate data protection standards
• Organizational security measures

We retain personal data only for as long as necessary for:

• Service delivery
• Legal compliance
• Dispute resolution
• Legitimate business purposes

Data Anonymization & Deletion: For End Users who opt-in, personally identifiable information (such as Names, LINE IDs, or Telegram IDs) is retained to allow the Business Client to track return visits, queue history, and customer loyalty. This data is retained for as long as the Business Client requires it for these CRM purposes, or until the End User explicitly requests deletion. Upon a valid deletion request, the personal data is soft-deleted (replaced with NULL values). We permanently retain only non-identifiable, mathematical traffic data for our own algorithmic training and platform optimization.

We implement reasonable technical and organizational security measures, including:

• Encryption
• Access controls
• Authentication mechanisms
• Monitoring and logging
• Secure cloud infrastructure
• Role-based permissions

However, no electronic transmission or storage system can be guaranteed to be completely secure.

Under the PDPA, users may have the following rights:

• Right to access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Right to withdraw consent
• Right to lodge complaints with the Personal Data Protection Committee (PDPC)

Requests may be submitted using the contact details below.

HawDi Technologies acts strictly as a Data Processor on behalf of the Business Client. We do not control how the Business Client chooses to interact with End Users. All End User requests regarding data deletion, access, or consent withdrawal must be directed to the respective Business Client (the restaurant or venue).

Where Business Clients collect personal data from their own customers using our Platform, the Business Client acts as the data controller for such customer data.

Business Clients are responsible for:

• Providing required privacy notices
• Obtaining necessary consent
• Ensuring lawful collection and processing
• Responding to data subject requests

We act as a data processor where applicable.

Our Platform is not intended for children under 20 years of age without parental or guardian consent, unless otherwise permitted under applicable Thai law.

If we become aware that personal data has been collected unlawfully from a child, we may delete such information.

We may update this Privacy Policy from time to time.

Updated versions will be published on our website or Platform with a revised effective date.

Continued use of the Platform after updates constitutes acknowledgment of the updated Privacy Policy.

If you have questions regarding this Privacy Policy or wish to exercise your rights under the PDPA, please contact:

MyTurn Support

Email: support@findmyturn.com

Address: Bangkok, Thailand (Head Office)

This Privacy Policy shall be governed by and interpreted in accordance with the laws of the Kingdom of Thailand, including the Personal Data Protection Act B.E. 2562 (2019).