Legal
Privacy Policy
This policy describes how Khon Weave collects, uses, stores, and protects personal data provided through this website or in the course of an engagement, in accordance with the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand.
Last reviewed: 1 January 2026
1. Data Controller
The data controller responsible for the personal data processed under this policy is:
91 Asoke-Din Daeng Road, Makkasan, Bangkok 10400, Thailand
Telephone: +66 2 758 4129
Email: [email protected]
2. Personal Data We Collect
We collect personal data through several channels, including our website contact form, email correspondence, telephone calls, and the delivery of consulting engagements.
| Category | Examples | Source |
|---|---|---|
| Identity data | Name, job title, organisation name | Contact form, correspondence |
| Contact data | Email address, phone number, postal address | Contact form, correspondence |
| Engagement data | Business context, notes from meetings, deliverable documents | Consulting engagement |
| Technical data | IP address, browser type, pages visited, session duration | Website analytics tools |
| Communication data | Emails, call notes, meeting summaries | Direct communication |
We do not intentionally collect sensitive personal data (such as health, financial account, or biometric data) through this website. If the nature of an engagement requires handling such data, we will seek explicit consent and put appropriate safeguards in place.
3. Purposes and Legal Basis
We process personal data only for specific, identified purposes and rely on one or more lawful bases for each activity.
Responding to enquiries
When you submit the contact form or contact us directly, we use your information to respond and assess fit for an engagement. Basis: Legitimate interest / Pre-contractual steps
Delivering consulting services
Personal data gathered during an engagement is used to fulfil the contracted scope of work, including analysis, reporting, and facilitation. Basis: Contract performance
Legal and compliance obligations
We retain certain records as required by Thai law, including tax and accounting records. Basis: Legal obligation
Website analytics
Technical data is used to understand how visitors interact with our website and to improve its content and performance. Basis: Consent (where required)
Service updates and follow-up
With your consent, we may send relevant updates or information about our services. You may withdraw consent at any time. Basis: Consent
4. Retention
We retain personal data only for as long as necessary for the purposes described, or as required by law. Our general retention guidelines are as follows:
- Enquiry data (where no engagement follows): up to 12 months from last contact.
- Engagement records (contracts, deliverables, correspondence): 7 years from engagement completion, in line with standard commercial and tax record requirements.
- Marketing data (where consent has been given): until you withdraw consent or 3 years of inactivity, whichever is sooner.
- Technical/analytics data: as governed by the respective analytics platform's data retention settings.
6. International Data Transfers
Our operations are based in Thailand. Where we use third-party service providers that may process data outside of Thailand (for example, cloud infrastructure providers), we take steps to ensure that appropriate safeguards are in place — such as standard contractual clauses or adequacy determinations — in line with PDPA requirements and any supplementary guidance from the Personal Data Protection Committee.
7. Security
We implement reasonable organisational and technical measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted transmission (HTTPS), access controls, and regular review of our data handling practices.
No digital transmission or storage system can be made completely secure. If you have reason to believe your interaction with us has been compromised, please contact us immediately at [email protected].
8. Your Rights Under PDPA
As a data subject, you have the following rights with respect to your personal data. These rights may be subject to certain conditions and limitations under applicable law.
Access
Request a copy of the personal data we hold about you.
Rectification
Ask us to correct inaccurate or incomplete personal data.
Erasure
Request deletion of your data in certain circumstances.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests.
Restriction
Ask us to restrict processing in certain circumstances.
Withdraw Consent
Withdraw consent at any time where processing is consent-based.
Lodge a Complaint
File a complaint with the Office of the Personal Data Protection Committee (PDPC).
To exercise any of these rights, please contact us at [email protected] or by telephone at +66 2 758 4129. We will respond within 30 days of receiving a valid request.
10. Minors
Our website and services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 20. If we become aware that such data has been collected without appropriate parental or guardian consent, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. The date of the most recent revision is shown at the top of this page.
Where changes are material, we will take reasonable steps to notify you — for example by updating a notice on our website or contacting you directly if we hold your contact details.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us by any of the means below. We treat all privacy-related enquiries with care and confidentiality.
Telephone
+66 2 758 4129Post
91 Asoke-Din Daeng Road,
Makkasan, Bangkok 10400