1. Data Controller
Chai Compass ("the firm," "we," "us," or "our") is the data controller for personal data processed through this website and in the course of our advisory services. Our registered details are:
157 Sathorn Nua Road, Silom, Bangrak
Bangkok 10500, Thailand
Tel: +66 2 286 4513
Email: [email protected]
2. Personal Data We Collect
We collect personal data in the categories described below, depending on how you interact with us:
| Category | Examples | Source |
|---|---|---|
| Contact data | Full name, email address, telephone number | You provide directly via enquiry form or email |
| Professional data | Company name, job title, industry, tax identification number | Provided during engagement onboarding |
| Financial data | Income information, asset descriptions, filing status — only where relevant to service delivery | Provided by you or obtained with your consent from third-party sources |
| Usage data | IP address, browser type, pages visited, session duration | Automatically collected via cookies and analytics tools |
| Communication data | Content of emails and messages you send us | Received directly from you |
We do not intentionally collect sensitive personal data (such as racial or ethnic origin, health data, or biometric data) unless expressly required by the nature of your engagement and with your explicit consent.
3. Legal Basis for Processing
Under the PDPA, we rely on the following lawful bases for processing your personal data:
- Contractual necessity — processing is required to perform our advisory services or to take steps at your request before entering a contract.
- Legal obligation — we may be required by Thai law (including tax, anti-money-laundering, and accounting regulations) to process or retain certain data.
- Legitimate interests — for analytics, service improvement, and fraud prevention, where our interests do not override your rights and freedoms.
- Consent — for marketing communications and non-essential cookies, where we obtain your prior consent and you retain the right to withdraw it at any time.
4. Purposes of Processing
We use your personal data for the following purposes:
- Responding to enquiries and providing requested advisory services
- Preparing engagement letters, position papers, and filings on your behalf
- Administering and billing for services rendered
- Meeting our obligations under Thai tax, accounting, and professional regulations
- Maintaining records required by the Revenue Department or other regulatory bodies
- Improving our website through aggregate, anonymised usage analysis
- Sending service updates or relevant information where you have consented to receive them
We will not use your personal data for purposes incompatible with those stated above without first notifying you and, where required, obtaining your consent.
5. Retention Periods
We retain personal data for no longer than is necessary for the purposes for which it was collected:
| Data Type | Retention Period | Basis |
|---|---|---|
| Client engagement files | 10 years from engagement close | Thai Accounting Act and Revenue Code requirements |
| Website enquiry records | 3 years from last contact | Legitimate interests (dispute resolution, service continuity) |
| Marketing consent records | Until consent is withdrawn + 1 year | Compliance with PDPA consent records requirement |
| Website usage / analytics data | 26 months (Google Analytics default) | Legitimate interests — anonymised after initial processing |
| Financial and tax data | 5–10 years depending on tax type | Revenue Code audit limitation periods |
Following expiry of the applicable retention period, data is securely deleted or anonymised.
6. Disclosure to Third Parties
We do not sell or rent your personal data. We may share data with the following categories of recipients, only to the extent necessary:
- IT service providers — hosting, email, and CRM platforms operating under data processing agreements with adequate security obligations
- Analytics providers — Google Analytics (subject to data processing addendum); data is processed in anonymised or pseudonymised form where possible
- Professional consultants — lawyers, co-advisors, or specialist consultants engaged under confidentiality obligations to assist in your matter
- Regulatory authorities — the Revenue Department of Thailand, Anti-Money Laundering Office (AMLO), or other bodies where required by law or legal process
Any third party receiving your data is required to handle it in accordance with applicable data protection law and our instructions.
7. International Data Transfers
Some of our IT service providers and analytics tools may process data outside Thailand. Where such transfers occur, we take steps to ensure appropriate safeguards are in place, including:
- Use of Standard Contractual Clauses or equivalent mechanisms recognised under the PDPA
- Transfer only to countries or organisations with adequate data protection standards
- Minimisation of data transferred to the minimum necessary for the specific processing purpose
You may request details of the specific safeguards applicable to any transfer by contacting us at the address in Section 13.
8. Your Rights Under the PDPA
Thailand's PDPA grants you the following rights in relation to your personal data, subject to certain legal exceptions:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you and information on how it is used |
| Rectification | Request correction of inaccurate or incomplete personal data |
| Erasure | Request deletion of personal data where it is no longer necessary or where consent has been withdrawn |
| Restriction | Request that we restrict processing of your data in certain circumstances |
| Data portability | Receive your personal data in a structured, machine-readable format where processing is based on consent or contract |
| Objection | Object to processing based on legitimate interests or for direct marketing purposes |
| Withdraw consent | Withdraw consent at any time where processing is consent-based, without affecting the lawfulness of prior processing |
To exercise any of these rights, please contact us in writing at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with Thailand's Personal Data Protection Committee (PDPC).
9. Security Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These include:
- TLS encryption for all data transmitted through our website
- Access controls limiting data access to personnel with a legitimate need
- Regular review of data storage systems and access logs
- Staff training on data protection obligations
No method of transmission over the internet is completely secure. While we take all reasonable precautions, we cannot provide an absolute assurance of data security. In the event of a data breach affecting your rights and freedoms, we will notify you and the PDPC as required by law.
10. Cookies
Our website uses cookies and similar technologies. Please refer to our Cookie Policy for full details on the categories of cookies used, their purposes, and how to manage your preferences.
11. Minors
Our services are intended for adults aged 20 or over, or individuals who have reached the age of majority in their jurisdiction. We do not knowingly collect personal data from individuals under these ages. If you believe we have inadvertently collected such data, please contact us and we will take steps to delete it promptly.
12. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offering. Material changes will be notified on our website with a revised effective date. We encourage you to review this page periodically.
13. Contact and Complaints
For any questions about this Privacy Policy, to exercise your data subject rights, or to report a concern regarding our data practices, please contact:
157 Sathorn Nua Road, Silom, Bangrak
Bangkok 10500, Thailand
Email: [email protected]
Tel: +66 2 286 4513
You also have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your data protection rights have been infringed.