RU +66 99 471 1043 WhatsApp
Legal

Privacy Policy

How BURO collects, uses and protects your personal data. This document is drawn up in line with the PDPA (Thailand, 2019), the GDPR (EU 2016/679) and Russian Federal Law No. 152-FZ.

Revision of 5 June 2026 · BURO PHUKET CO., LTD. · 49, 31-32 Bandon-Cherngtalay Rd, Choeng Thale, Thalang District, Phuket 83110, Thailand

1. General provisions

This Privacy Policy (the "Policy") sets out how the personal data of users of the website buro.co.th (the "Site") is processed and protected by BURO PHUKET CO., LTD. ("BURO", "we", the "operator") — a legal entity registered in the Kingdom of Thailand.

The Policy is drawn up in line with the Thai Personal Data Protection Act B.E. 2562 / 2019 ("PDPA"), the EU General Data Protection Regulation (Regulation EU 2016/679, "GDPR") and Russian Federal Law No. 152-FZ "On Personal Data".

By using the Site, submitting a request or contact form, or contacting us in any other way, you confirm that you have read this Policy and agree to the processing of your personal data on the terms set out here. If you do not agree with the Policy, please refrain from using the Site and from sharing your data with us.

2. Key terms

  • Personal data — any information relating to a directly or indirectly identified natural person (the data subject).
  • Processing — any operation performed on personal data: collection, recording, storage, use, transfer, anonymization, deletion.
  • Operator — BURO PHUKET CO., LTD., which determines the purposes and means of processing personal data.
  • Data subject — a user of the Site whose personal data is processed.
  • Consent — your free, specific and informed expression of permission to process your data.

3. What data we process

We process only the data you provide yourself, or that is transmitted automatically when you use the Site:

  • Identification — first name, last name, country of residence (optional).
  • Contact — phone, email, and messenger accounts (WhatsApp, Telegram) you provide to get in touch.
  • Request parameters — budget, purchase goal (investment / living / relocation), preferred area, property type, timeline.
  • Technical data — IP address, device and browser type and version, language, operating system, UTM tags, referral source (referrer), pages visited, date and time of visit, actions on the Site.
  • Cookie and analytics data — collected only after your consent (see section 6).

Through the Site we do not collect bank card details, passport data, or special categories of personal data (health, religious or political views, etc.).

4. Sources of data

We obtain personal data: directly from you (request forms, messenger correspondence, phone enquiries, email); automatically when you use the Site (cookies, analytics systems — after consent); and, in certain cases, from public sources or partners if you reached us through them.

5. Purposes and legal grounds for processing

We process personal data for the following purposes:

  • to contact you about your request and prepare a personalized shortlist of properties;
  • to support the transaction — consultations, document checks, due diligence, completion, property handover;
  • to answer your questions and enquiries;
  • to improve the Site and the quality of our service based on anonymized statistics;
  • to send you information about suitable properties and services — only with your consent;
  • to comply with the requirements of applicable law.

The legal grounds for processing are: your consent; performance of a contract or steps taken at your request prior to entering into one; our legitimate interest in developing and protecting our services; and legal requirements.

6. Cookies and web analytics

The Site uses cookies and web-analytics systems (potentially including Google Analytics, Yandex Metrica, Microsoft Clarity, Cloudflare Web Analytics, Meta advertising pixels and others). Necessary technical cookies keep the Site running. Analytics and marketing scripts load only after your consent in the cookie banner; until then, no web-analytics data is collected.

You can change or withdraw your decision at any time, and also manage cookies in your browser settings:

7. Disclosure to third parties

We do not sell your personal data. Disclosure to third parties takes place only to the extent necessary to provide our services and on confidentiality terms: to technical contractors (hosting, CRM, mailing and messenger services), lawyers, interpreters, developers and partners — to support your specific transaction — as well as to government authorities in the cases expressly provided for by law.

8. Cross-border transfer

Because our technical contractors and services may be located in different countries, your data may be transferred and processed outside your country of residence, including in Thailand and EU countries. In such cases we take reasonable measures to ensure an adequate level of data protection in accordance with applicable law.

9. Retention periods

Personal data is kept no longer than necessary for the purposes of processing, or for the period required by law. Once those purposes are achieved, or upon your reasoned request, the data is deleted or anonymized — except where the law requires us to keep it longer.

10. Data security

We take organizational and technical measures to protect personal data against unauthorized access, alteration, disclosure or destruction: restricting employee access, encrypting data in transit (HTTPS), and using secure storage and backup services. It is impossible to fully eliminate the risks of transmitting data over the internet, so we cannot guarantee absolute security, but we work continuously to improve it.

11. Your rights

In accordance with the PDPA, GDPR and 152-FZ, you have the right to:

  • obtain information about the processing of your data and request a copy of it;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data (the "right to be forgotten");
  • withdraw consent previously given for processing;
  • restrict processing or object to it;
  • receive your data in a structured format (the right to data portability);
  • lodge a complaint with the data-protection supervisory authority.

To exercise any of these rights, send a request to our email (see section 14). We will respond within a reasonable period as established by applicable law.

12. Children's data

The Site and services are intended for persons over 18. We do not knowingly collect personal data from minors. If we become aware that data was provided by a minor without the consent of a legal guardian, we will delete it.

13. Changes to the Policy

We may update this Policy from time to time. The current version is always published on this page with its date. Material changes take effect upon publication. We recommend reviewing the Policy periodically.

14. Contact

For any questions about the processing of personal data, or to exercise your rights, write to us:

We reply within 10 minutes WhatsApp