Privacy Policy

Introduction

ruhlama ("we," "us," or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect information when you engage our business consulting services or interact with our website.

This policy complies with the Personal Data Protection Act B.E. 2562 (2019) of Thailand (PDPA) and other applicable data protection regulations. By using our services or website, you consent to the practices described in this policy.

Data Collection Information

Personal Data We Collect

We collect the following categories of personal information:

• Contact information: name, email address, phone number, business address
• Professional information: job title, company name, industry sector
• Engagement information: project requirements, service preferences, communication records
• Financial information: billing details, payment information (processed through secure third-party providers)
• Website usage data: IP address, browser type, pages visited, time spent on pages

How We Collect Data

• Directly from you when you submit contact forms, request consultations, or engage our services
• Through cookies and similar technologies when you visit our website
• From publicly available sources for business development and market research purposes
• Through business communications including emails, phone calls, and meetings

Legal Basis for Processing

We process personal data based on:

• Consent: You have given explicit consent for processing your personal data for specific purposes
• Contract: Processing is necessary for performing our consulting services
• Legitimate Interest: Processing supports our business operations, marketing, and service improvement
• Legal Obligation: Compliance with Thai laws, regulations, and professional standards

Data Retention Periods

• Active client data: Duration of engagement plus seven years for professional liability purposes
• Prospective client inquiries: Three years from last contact
• Financial records: Ten years in accordance with Thai accounting requirements
• Website analytics: 26 months from data collection
• Marketing communications: Until consent is withdrawn or three years from last engagement

Data Usage Explanation

How We Use Personal Data

• Service Delivery: Providing consulting engagements, deliverable preparation, project communications
• Client Communications: Responding to inquiries, scheduling meetings, sharing project updates
• Billing and Payment: Processing invoices, managing payment transactions, maintaining financial records
• Service Improvement: Analyzing engagement outcomes, refining methodologies, quality assurance
• Marketing Communications: Sending newsletters, service announcements, industry insights (with consent)
• Legal Compliance: Meeting professional obligations, regulatory requirements, contractual commitments

Data Sharing with Third Parties

We may share personal data with:

• Service Providers: Payment processors, cloud storage providers, email service platforms
• Professional Advisors: Legal counsel, accountants, insurance providers (under confidentiality obligations)
• Analytics Providers: Google Analytics, website performance monitoring services
• Legal Authorities: When required by law, court order, or regulatory request

All third-party service providers are bound by contractual obligations ensuring appropriate data protection standards. We do not sell personal data to third parties.

Data Protection Measures

Security Measures

• Encryption: All data transmissions use SSL/TLS encryption protocols
• Access Controls: Role-based access restrictions limiting data access to authorized personnel only
• Secure Storage: Cloud storage with encryption at rest through AWS servers in Singapore
• Regular Audits: Quarterly security assessments and vulnerability testing
• Staff Training: Annual data protection training for all team members handling personal information

Breach Notification

In the event of a data breach affecting personal information, we will notify affected individuals and relevant authorities within 72 hours as required by PDPA. Notifications will include the nature of the breach, data affected, and measures taken to address the incident.

Cookie Information

We use cookies and similar technologies to enhance website functionality and analyze usage patterns. Cookie categories include:

• Essential Cookies: Required for website operation and security
• Analytics Cookies: Track website usage to improve user experience
• Preference Cookies: Remember user settings and choices

For detailed information about our cookie usage, please review our Cookie Policy.

User Rights Section

Under the PDPA, you have the following rights regarding your personal data:

Right to Access

Request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data where there is no compelling reason for continued processing, subject to legal retention requirements.

Right to Data Portability

Receive your personal data in a structured, commonly used format and transmit it to another data controller.

Right to Object

Object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Withdraw consent for data processing at any time, without affecting the lawfulness of processing before withdrawal.

Right to Lodge Complaint

File a complaint with the Personal Data Protection Committee of Thailand if you believe your data protection rights have been violated.

To exercise these rights, contact us at [email protected]. We will respond to requests within 30 days.

Third-Party Links

Our website may contain links to external websites operated by third parties. We are not responsible for the privacy practices or content of these external sites. We recommend reviewing the privacy policies of any third-party websites you visit.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that personal data from a person under 18 has been collected, we will take steps to delete such information.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. Material changes will be communicated through email notification to active clients and website notice. The "Last Updated" date at the top of this policy indicates the most recent revision.