Lao Tour Pass logo

Lao Tour Pass Privacy Policy

Effective Date: 2026-03-04 · Last Updated: 2026-03-04

Lao Tour Pass (hereinafter referred to as the “Company” or the “Service”) values users’ personal information and makes every effort to process and protect such information safely in accordance with applicable laws, regulations, and privacy principles. This Privacy Policy explains the standards regarding how the Company collects, uses, stores, and discloses personal information through the Lao Tour Pass website, mobile application, electronic ticket issuance/verification, customer support, and related services (collectively, the “Service”).

Article 1 (Purpose of this Privacy Policy)

This Privacy Policy is intended to inform users of the purposes and methods by which personal information provided during the use of the Service is processed, and the measures the Company takes to protect personal information.

Article 2 (Categories of Personal Information Collected)

The Company may collect the following personal information to provide the Service.

1. When Registering / Creating an Account

  • Required Information: Name (or nickname), email address, password (for accounts created under the Company’s own account system), country/language settings
  • Optional Information: Profile information, consent to receive marketing communications

2. When Purchasing / Booking Tickets

  • Required Information: Purchaser name, contact information (email/mobile phone), payment-related information (payment method identifier, payment approval information, transaction number, etc.), purchase details (tourist site, ticket type, quantity, date/time of use)
  • Optional Information: Visitor information (e.g., companion name(s), depending on service configuration), special requests

3. When Using Tickets / Admission Verification (QR Code Scanning)

  • Required Information: Electronic ticket identification information, QR code/barcode value, admission time, verification terminal/device identification information, tourist site identification information, usage status (used/unused/cancelled)
  • Optional Information: Error logs generated during the ticket verification process

4. When Contacting Customer Support / Submitting Inquiries or Complaints

  • Required Information: Inquirer’s name, contact information (email/phone number), inquiry details
  • Optional Information: Attachments (receipt, screenshot, etc.)

5. Information That May Be Collected Automatically During Service Use

  • Device information (OS version, device model, app version, language settings)
  • Log information (IP address, access date/time, usage records, cookie/session information, error records)
  • Location information (only where the user has separately consented)
  • Push token (where the user has consented to receive notifications)

Article 3 (Purposes of Collection and Use of Personal Information)

The Company processes personal information for the following purposes:

1. Member Management and Identity Verification

User identification, account creation/maintenance, login support, identity verification, prevention of unauthorized use

2. Provision of Services

Providing tourist site information, issuing electronic tickets, generating QR codes, processing reservations/purchases, admission verification, and purchase history inquiries

3. Payment and Settlement Processing

Processing payment requests/approvals/cancellations, verifying transaction records, processing refunds, settlement and accounting, fraud detection

4. Customer Support and Dispute Response

Responding to inquiries, handling complaints, delivering notices, user protection, legal dispute response

5. Service Improvement and Operational Stability

Improving service quality, analyzing system failures, improving usability, security monitoring, statistical analysis

6. Marketing / Promotions (with Separate Consent)

Providing event, benefit, and promotional information, and personalized content/notifications

Article 4 (Legal Basis for Processing and Consent)

The Company may process personal information based on the following:

  • User consent
  • Processing necessary for the performance of a service agreement and provision of the Service
  • Compliance with legal obligations
  • The Company’s legitimate interests (e.g., security, prevention of misuse, service improvement), to the extent permitted

※ The detailed legal basis may vary depending on applicable laws and jurisdiction.

Article 5 (Retention and Use Period of Personal Information)

The Company will promptly destroy personal information once the purpose of collection and use has been achieved. However, if retention is required by applicable laws or internal policies, the information may be retained as follows:

1. Member Information

Retained until account withdrawal (membership termination). However, it may be retained for a certain period after withdrawal (e.g., 30 days to 1 year) for prevention of misuse and dispute response.

2. Transaction / Payment / Settlement Information

Retained for a certain period in accordance with applicable laws or for accounting/tax purposes (e.g., transaction records, payment records, refund records).

3. Customer Inquiry / Complaint Records

Retained for a certain period after completion of complaint handling (for dispute response purposes).

4. Access Records / Logs

Retained for a certain period within the scope necessary for security, incident response, and misuse detection.

※ Actual retention periods must be finalized in accordance with the laws of the country of operation and applicable regulations.

Article 6 (Provision of Personal Information to Third Parties)

In principle, the Company does not provide users’ personal information to external parties. However, exceptions may apply in the following cases:

  • Where the user has given prior consent
  • Where required by law or upon a lawful request from an investigative/supervisory authority
  • Where provision is necessary within the scope required for service delivery (e.g., tourist site operators, payment institutions)

Examples of Third Parties to Whom Information May Be Provided

  • Tourist site operators / admission management entities: For ticket verification and admission processing
  • Payment gateways / financial institutions / electronic payment partners: For payment approval/cancellation/refund processing
  • Government / public authorities (where required by applicable laws): For legal compliance, audit, and supervisory response purposes

When providing personal information to third parties, the Company will notify users of legally required matters (recipient, purpose, items provided, retention period, etc.) and obtain consent where required.

Article 7 (Outsourcing of Personal Information Processing)

The Company may entrust certain tasks to external service providers for operation of the Service. In such cases, the Company will manage and supervise such providers through contractual arrangements to ensure that personal information is processed safely.

Tasks That May Be Outsourced

  • Cloud server operation / hosting
  • Payment processing (PG / financial integration)
  • SMS / email / push notification delivery
  • Data analytics / log monitoring
  • Security solution operation

Where the entrusted service providers and details of outsourced tasks are finalized, the Company may disclose or notify users of such information.

Article 8 (Cross-Border Transfer)

Due to service operation requirements, personal information may be processed on servers located outside the user’s country or through overseas service providers’ systems (e.g., cloud infrastructure, global email/notification services). Where cross-border transfer is necessary, the Company will take required measures in accordance with applicable laws and notify users accordingly.

Examples of Notice Items

  • Categories of personal information to be transferred
  • Country of transfer
  • Date/time and method of transfer
  • Recipient and contact information
  • Purpose of use and retention period

Article 9 (Use of Cookies and Similar Technologies)

The Company may use cookies and similar technologies to improve convenience and service quality in the web service.

1. Purposes of Use

  • Maintaining login sessions
  • Storing user environment settings (language/country, etc.)
  • Analyzing service usage statistics
  • Security and abnormal activity detection

2. User Choices

Users may refuse or delete cookies through browser settings. However, restricting cookies may limit the use of certain Service functions.

Article 10 (Procedures and Methods of Destruction of Personal Information)

The Company will promptly destroy personal information when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.

1. Destruction Procedure

Upon occurrence of a valid ground for destruction, the Company selects the data to be destroyed in accordance with internal policies and applicable laws and then destroys it.

2. Destruction Methods

  • Electronic files: Deleted using technical methods that make recovery impossible
  • Paper documents: Destroyed safely by shredding or incineration

Article 11 (Users’ Rights and How to Exercise Them)

To the extent permitted under applicable laws, users may exercise the following rights regarding their personal information:

  • Request access to personal information
  • Request correction/amendment of personal information
  • Request deletion of personal information
  • Request suspension of processing of personal information
  • Withdraw consent
  • Withdraw consent to receive marketing communications

Users may make such requests through the settings menu within the Service or via the contact information below, and the Company will process them without undue delay in accordance with applicable laws. However, certain requests may be restricted where information must be retained under law.

Article 12 (Children’s Personal Information)

Where the Company processes personal information of children requiring legal protection, the Company will comply with applicable laws and required procedures, including obtaining consent from a parent or legal guardian where necessary.

Article 13 (Measures to Ensure the Security of Personal Information)

The Company implements the following protective measures to ensure the safe processing of personal information:

  • Minimization of access rights and access control management
  • Retention of access logs and access control
  • Encryption of data in transit (e.g., TLS/SSL)
  • Protection measures for passwords/authentication information
  • Security updates and vulnerability inspections
  • Internal employee training and supervision of outsourced providers
  • Operation of incident and breach response procedures

Article 14 (Privacy Officer / Contact Information)

The Company operates the following contact channel for inquiries, complaint handling, and requests to exercise rights related to personal information:

Email: privacy@laotourpass.com

Article 15 (Changes to this Privacy Policy)

The Company may revise this Privacy Policy in accordance with changes in laws, service content, or operational policies. If there is a material change, the Company will provide prior notice through the Service’s notices, website, or app screens.