Legal

Privacy Policy

Last updated: April 2026  ·  Effective: April 2026

Baan Crest ("we", "our", or "us") respects your privacy. This policy describes how we collect, use, store, and protect personal data when you visit our website or engage with our consulting services. It is written in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

By using our website or submitting an enquiry, you acknowledge that you have read this policy.

1. Who We Are

Baan Crest is a business consulting firm registered and operating in Thailand. Our registered address is 315 Ratchadaphisek Road, Din Daeng, Bangkok 10400. We are the data controller for personal data collected through this website and our service engagements.

2. Data We Collect

2.1 Data You Provide Directly

  • Name and contact information (email address, phone number)
  • Organisation name and job title
  • Messages or enquiries submitted through our contact form
  • Service preferences or consultation notes shared in correspondence

2.2 Data Collected Automatically

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited, time spent, and referral sources
  • Cookie and tracking data (see Section 8)

We collect and process personal data only where a lawful basis applies under the PDPA. Depending on how you interact with us, that basis may be:

  • Consent — where you have given clear, informed consent (e.g., subscribing to updates, accepting non-essential cookies)
  • Contractual necessity — where processing is required to deliver a service you have engaged us for
  • Legitimate interests — where processing is proportionate and does not override your rights (e.g., website security, analytics)
  • Legal obligation — where applicable Thai law requires us to retain or disclose information

4. How We Use Your Data

  • To respond to enquiries and arrange consultations
  • To deliver contracted consulting services and produce deliverables
  • To send relevant service-related communications you have requested
  • To improve our website and understand how visitors engage with it
  • To comply with legal, regulatory, or accounting obligations
  • To protect the security and integrity of our systems

We do not use your data for unsolicited marketing without your prior consent, and we do not sell personal data to third parties.

5. Data Sharing

We may share personal data with:

  • Service providers acting on our behalf (e.g., hosting, email delivery, analytics platforms) — subject to data processing agreements
  • Professional advisors such as legal counsel or accountants — only to the extent necessary
  • Regulatory authorities — where required by Thai law or court order

All third-party processors we engage are required to protect your data and use it only for the specified purposes.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy. Specific retention periods are:

  • Contact form submissions: up to 24 months from last interaction
  • Consulting engagement records: up to 7 years, in line with Thai accounting and contract law
  • Website analytics data: up to 26 months in aggregate form

When data is no longer required, we securely delete or anonymise it.

7. Your Rights Under the PDPA

As a data subject under Thai law, you have the following rights:

  • Right to be informed — to know how your data is used
  • Right of access — to request a copy of personal data we hold about you
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure — to request deletion where there is no lawful reason for continued processing
  • Right to restriction — to limit how we process your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — at any time, without affecting previous lawful processing

To exercise any of these rights, please contact us using the details in Section 13. We will respond within 30 days.

8. Cookies

Our website uses cookies and similar tracking technologies. You may configure your cookie preferences through the consent banner when you first visit. For full details, please read our Cookie Policy.

9. Security

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss. These include encrypted data transmission (HTTPS), access controls, and regular review of our data handling practices. No method of internet transmission is entirely secure; we encourage you to take care when sharing sensitive information online.

10. International Data Transfers

Where personal data is transferred outside Thailand — for example, to cloud service providers with servers in other jurisdictions — we ensure that appropriate safeguards are in place, consistent with PDPA requirements. This may include contractual protections or adequacy determinations.

11. Children's Data

Our website and services are directed at business professionals and organisations, not individuals under the age of 20. We do not knowingly collect personal data from minors. If you believe we have done so inadvertently, please contact us and we will delete the data promptly.

12. Policy Changes

We may update this policy from time to time to reflect changes in our practices or legal requirements. The date at the top of the page reflects the most recent revision. Continued use of our website following a material update constitutes acknowledgement of the revised policy.

13. Contact Us

For questions about this policy, to exercise your data rights, or to make a complaint:

You also have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your data rights have been infringed.

Related Policies

Terms & Conditions Cookie Policy