Privacy Policy

1. Data We Collect

When you use our website or contact us, we may collect the following categories of personal data:

• Identity data: name, initials, or any alias you choose to provide
• Contact data: email address and telephone number
• Enquiry content: the substance of any message submitted through our contact form
• Technical data: IP address, browser type, pages visited, and time of access — collected automatically via cookies and server logs
• Cookie preferences: your consent choices, stored locally on your device

We do not request sensitive personal data (such as medical, financial, or identification document information) through our website. Where a client matter involves such data, it is handled under separate client engagement terms and legal professional privilege.

2. How We Use Your Data

We use personal data for the following purposes:

• Responding to enquiries — to reply to messages sent through the contact form or by email (lawful basis: legitimate interests)
• Client matter management — where a formal engagement is entered, to carry out the agreed services (lawful basis: performance of contract)
• Website operation — to maintain and improve the functioning of our website (lawful basis: legitimate interests)
• Analytics — where consent is given, to understand how the site is used (lawful basis: consent)
• Legal compliance — to comply with applicable laws and professional obligations (lawful basis: legal obligation)

We do not use your data for direct marketing without your consent, and we do not profile visitors for advertising purposes.

3. Data Sharing

We do not sell personal data. We share data only in the following limited circumstances:

• Service providers: third-party tools that support our website operation (hosting, analytics) under data processing agreements
• Professional advisors: where necessary and under confidentiality obligations
• Legal requirement: where disclosure is required by Thai law or court order

All third-party tools are selected on the basis of their data protection standards. We review these arrangements periodically.

4. Data Retention

We retain personal data for the following periods:

• Enquiry data (non-client): up to 12 months from the date of last contact
• Client matter files: 7 years from the conclusion of the matter, in accordance with professional obligations
• Technical/analytics data: up to 26 months, depending on the service used
• Cookie preference records: 12 months, or until preferences are updated

Data is securely deleted or anonymised at the end of the relevant retention period.

5. Data Protection Measures

We apply the following security measures to protect personal data:

• Encrypted transmission (HTTPS/TLS) for all data sent via the website
• Access restricted to named practitioners and authorised support personnel
• Physical and logical access controls on file storage systems
• Regular review of third-party data processor arrangements
• Incident response procedures for any suspected data breach

In the event of a data breach likely to affect your rights, we will notify you and the relevant authority as required under the PDPA.

6. Cookies

Our website uses cookies to support its operation and, where you consent, to analyse usage patterns. Essential cookies are required for the site to function and cannot be declined. Optional analytics and preference cookies are set only with your consent. For full details of the cookies we use, see our Cookie Policy.

7. Your Rights Under the PDPA

Under the Personal Data Protection Act B.E. 2562 (Thailand), you have the following rights:

• Right of access: to request a copy of the personal data we hold about you
• Right to rectification: to request correction of inaccurate or incomplete data
• Right to erasure: to request deletion of personal data in certain circumstances
• Right to data portability: to receive your data in a machine-readable format where applicable
• Right to object: to object to processing based on legitimate interests
• Right to withdraw consent: at any time where processing is based on consent, without affecting prior processing
• Right to lodge a complaint with the Office of the Personal Data Protection Committee (PDPC) in Thailand

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies directly before sharing personal information with them.

9. Children's Privacy

Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected such data without appropriate parental consent, we will take steps to delete it promptly.

10. Policy Updates

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Material changes will be communicated via a notice on our website. Continued use of the site following any update constitutes acceptance of the revised policy.