Privacy Policy

High Level Thai (HLT) Digital Marketing Agency

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction

High Level Thai ("HLT," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) ("PDPA") and other applicable Thai laws.

This policy applies to all personal data we process through our website, AI-powered business systems, mobile applications, and related services (collectively, the "Services").

Data Controller Information:

Company Name: High Level Thai Co., Ltd.

Address: [Insert registered office address in Thailand]

Email: [email protected]

Phone: [Insert Thai phone number]

Data Protection Officer: [Insert DPO contact information]

2. Personal Data We Collect

2.1 Information You Provide Directly

We collect personal data you voluntarily provide when:

Business Registration & Account Setup:

Full name and business owner details

Business name and registration information

Email address and phone numbers

Business address and location

Industry type and business size

Tax identification numbers

Bank account information (for billing)

Service Usage:

Customer appointment data

Staff recruitment preferences

Marketing campaign preferences

Communication preferences

Technical support requests

Feedback and survey responses

Payment Information:

Credit card details (processed securely through third-party providers)

Billing address

Payment history and transaction records

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

Technical Data:

IP address and device identifiers

Browser type and version

Operating system information

Website usage patterns and analytics

Cookies and similar tracking technologies

Login times and frequency of use

AI System Data:

Call recordings and transcripts (for AI phone assistant)

Chat logs and customer interactions

Website visitor behavior and booking patterns

Review and feedback data

Staff recruitment interactions

2.3 Information from Third Parties

We may receive personal data from:

Google My Business and Google Analytics

Facebook and Instagram business accounts

LINE Official Account data

Payment processors and financial institutions

Business verification services

Recruitment platforms and job boards

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the PDPA:

3.1 Consent (Section 19)

Marketing communications and promotional materials

Non-essential cookies and tracking technologies

Optional features and enhancements

Market research and surveys

3.2 Contract Performance (Section 24(1))

Providing our AI-powered business services

Processing payments and billing

Customer support and technical assistance

Account management and administration

3.3 Legitimate Interests (Section 24(5))

Website security and fraud prevention

System optimization and performance monitoring

Business analytics and service improvement

Legal compliance and regulatory reporting

3.4 Legal Obligation (Section 24(2))

Tax reporting and financial record keeping

Anti-money laundering compliance

Regulatory reporting requirements

Court orders and legal proceedings

4. How We Use Your Personal Data

4.1 Primary Business Purposes

Service Delivery: Operating AI phone assistants, booking systems, and business management tools

Customer Support: Responding to inquiries and providing technical assistance

Billing & Payments: Processing transactions and maintaining financial records

Account Management: Managing user accounts and access permissions

4.2 AI System Operations

Call Management: AI phone assistant processing and call routing

Staff Recruitment: Candidate screening and applicant management

Customer Interaction: Automated responses and booking confirmations

Business Analytics: Performance tracking and optimization recommendations

4.3 Marketing & Communications (with consent)

Sending service updates and feature announcements

Marketing newsletters and promotional offers

Product recommendations and business insights

Industry news and educational content

4.4 Legal & Compliance

Maintaining records as required by Thai law

Fraud prevention and security monitoring

Responding to legal requests and court orders

Protecting our rights and interests

5. Data Sharing and Disclosure

5.1 Service Providers and Partners

We may share your personal data with trusted third parties who assist in operating our business:

Technology Partners:

Cloud hosting providers (with data residency in Thailand where required)

AI and machine learning service providers

Payment processors and financial institutions

Communication platform providers (LINE, Facebook, Google)

Professional Services:

Legal advisors and auditors

Accounting and tax preparation services

Business consultants and contractors

Security and fraud prevention services

5.2 Legal Requirements

We may disclose personal data when required by:

Thai courts and legal authorities

Regulatory bodies and government agencies

Law enforcement investigations

Tax authorities and financial regulators

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections.

5.4 Cross-Border Transfers

If we transfer personal data outside Thailand, we ensure adequate protection through:

Adequacy decisions by the Personal Data Protection Committee

Standard contractual clauses approved by Thai authorities

Binding corporate rules and certification schemes

Your explicit consent for specific transfers

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

6.1 Account and Service Data

Active accounts: Throughout the service relationship plus 7 years

Payment records: 5 years after final transaction (tax law requirement)

Customer support records: 3 years after resolution

Marketing data: Until consent is withdrawn

6.2 AI System Data

Call recordings: 12 months (or as required for service improvement)

Chat logs: 24 months for quality assurance

Analytics data: 36 months in aggregated, anonymized form

Recruitment data: 12 months after hiring decision

6.3 Legal and Compliance Data

Tax records: 5 years (as required by Thai Revenue Code)

Financial records: 5 years (as required by Accounting Act)

Legal proceedings: Until resolved plus applicable limitation periods

7. Your Rights Under the PDPA

As a data subject, you have the following rights:

7.1 Right to Access (Section 30)

Request copies of your personal data we hold

Information about how we process your data

Details of data sharing and transfers

7.2 Right to Rectification (Section 31)

Correct inaccurate or incomplete personal data

Update your account information and preferences

Modify contact details and communication settings

7.3 Right to Erasure (Section 32)

Delete your personal data when no longer necessary

Remove data processed based on withdrawn consent

Erase data processed unlawfully

7.4 Right to Restrict Processing (Section 33)

Limit how we use your personal data

Temporarily suspend processing during disputes

Restrict automated decision-making

7.5 Right to Data Portability (Section 34)

Receive your data in a structured, machine-readable format

Transfer data to another service provider

Export your business and customer data

7.6 Right to Object (Section 35)

Object to processing for direct marketing

Opt-out of automated decision-making

Challenge processing based on legitimate interests

7.7 Right to Withdraw Consent (Section 19)

Withdraw consent for marketing communications

Revoke permission for optional data processing

Update privacy preferences at any time

How to Exercise Your Rights:

Email: [email protected]

Phone: [Insert phone number]

Written request to our registered office

Through your account settings (for certain rights)

Response Time: We will respond to your request within 30 days of receipt.

8. Data Security

8.1 Technical Safeguards

Encryption: Data encrypted in transit and at rest using industry-standard protocols

Access Controls: Role-based access with multi-factor authentication

Network Security: Firewalls, intrusion detection, and security monitoring

Regular Updates: Security patches and system updates applied promptly

8.2 Organizational Measures

Staff Training: Regular privacy and security training for all employees

Background Checks: Screening of personnel with data access

Incident Response: Documented procedures for security breaches

Third-Party Audits: Regular security assessments and certifications

8.3 AI System Security

Secure Processing: AI models trained on anonymized data where possible

Data Minimization: AI systems access only necessary data

Audit Trails: Comprehensive logging of AI system interactions

Human Oversight: Regular review of automated decisions

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies (No consent required):

Session management and user authentication

Security features and fraud prevention

Basic website functionality and navigation

Load balancing and performance optimization

Analytics Cookies (Consent required):

Google Analytics for website usage statistics

Conversion tracking and marketing effectiveness

User behavior analysis and service improvement

A/B testing and feature optimization

Marketing Cookies (Consent required):

Facebook and Google advertising pixels

Retargeting and personalized advertisements

Social media integration and sharing features

Cross-platform campaign tracking

9.2 Managing Cookie Preferences

You can control cookies through:

Our cookie consent banner and preference center

Browser settings and privacy controls

Opt-out tools provided by advertising networks

Direct contact with our privacy team

10. Children's Privacy

Our Services are designed for businesses and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly and notify the parents or guardians if required by law.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

11.1 Authority Notification

We will notify the Personal Data Protection Committee within 72 hours of becoming aware of the breach, including:

Nature and scope of the breach

Categories and approximate number of affected individuals

Likely consequences and measures taken

Contact point for further information

11.2 Individual Notification

We will inform affected individuals without undue delay if the breach is likely to result in high risk, providing:

Clear description of the breach

Likely consequences and our response

Measures taken to address the breach

Recommendations for protecting yourself

12. International Data Transfers

When transferring personal data outside Thailand, we ensure adequate protection through:

12.1 Adequacy Decisions

Countries or organizations recognized by the Personal Data Protection Committee

Jurisdictions with substantially similar data protection laws

International agreements and treaties

12.2 Appropriate Safeguards

Standard contractual clauses approved by Thai authorities

Binding corporate rules and certification schemes

Codes of conduct and professional standards

Specific authorization from the Personal Data Protection Committee

12.3 Your Rights for Cross-Border Transfers

Right to be informed about international transfers

Right to object to transfers to specific countries

Right to request additional safeguards

Right to receive copies of transfer agreements

13. Automated Decision-Making

13.1 AI System Decisions

Our AI systems may make automated decisions regarding:

Customer call routing and response priorities

Staff candidate screening and ranking

Marketing campaign optimization

Fraud detection and prevention

13.2 Your Rights

You have the right to:

Not be subject to solely automated decision-making

Request human review of AI-generated decisions

Express your point of view and contest decisions

Obtain meaningful information about the logic involved

13.3 Safeguards

We implement safeguards including:

Regular testing for bias and discrimination

Human oversight and intervention capabilities

Transparent explanations of decision criteria

Appeal processes for contested decisions

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will:

Post the updated policy on our website with the effective date

Notify you via email for material changes affecting your rights

Provide 30 days' notice before significant changes take effect

Maintain previous versions for reference

Significant changes requiring consent:

New purposes for data processing

Additional categories of personal data collected

Changes to data retention periods

New international data transfers

15. Contact Information

15.1 Data Protection Officer

Name: [Insert DPO name]
Email: [email protected]
Phone: [Insert phone number]
Address: [Insert office address]

15.2 Privacy Inquiries

General Privacy Questions:
Email: [email protected]
Phone: [Insert phone number]

Data Subject Rights Requests:
Email: [email protected]
Subject Line: "Data Rights Request - [Your Request Type]"

15.3 Complaints

If you believe we have violated your privacy rights, you may:

Contact our Data Protection Officer directly

File a complaint with the Personal Data Protection Committee

Seek legal remedies through Thai courts

Contact consumer protection agencies

Personal Data Protection Committee:
Website: https://www.pdpc.go.th/
Email: [email protected]
Phone: 1111 (Government Call Center)

16. Definitions

Personal Data: Information relating to an identified or identifiable natural person, including names, identification numbers, location data, online identifiers, and factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

Sensitive Personal Data: Data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health information, sexual orientation, or criminal history.

Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

Data Controller: The person or entity who determines the purposes and means of processing personal data.

Data Processor: The person or entity who processes personal data on behalf of the data controller.

Consent: Freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.

17. Governing Law

This Privacy Policy is governed by:

Personal Data Protection Act B.E. 2562 (2019)

Electronic Transactions Act B.E. 2544 (2001)

Computer Crime Act B.E. 2560 (2017)

Consumer Protection Act B.E. 2562 (2019)

Other applicable Thai laws and regulations

Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of Thai courts.

Last Updated: January 1, 2025
Version: 1.0

For questions about this Privacy Policy or our data practices, please contact us at [email protected] or [insert phone number].

This Privacy Policy is available in both Thai and English. In case of any discrepancy between the two versions, the Thai version shall prevail as required by law.