Privacy Policy
Last Updated: 28 February 2026 · Effective: 28 February 2026
1. Introduction
Siam Arai ("we," "us," "our") is committed to handling personal data responsibly and transparently. This Privacy Policy explains what personal data we collect, how we use it, and the rights available to you under Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and other applicable data protection standards.
This policy applies to personal data collected through our website at https://siamaraesi, through direct client engagement, and through communications with our team.
If you have any questions about this policy, contact us at privacy@siamaraesi.
2. Data We Collect
We may collect the following categories of personal data:
- Contact information: Name, email address, phone number provided through our contact form or direct communications.
- Organizational information: Company name, role, and industry shared during engagement inquiries or scoping conversations.
- Communication data: Content of emails, messages, and other correspondence with our team.
- Website usage data: Pages visited, time on site, referring pages, and device/browser information collected via cookies and analytics tools (where consent is given).
- Engagement records: Notes, deliverables, and records related to advisory services provided to you or your organization.
We collect personal data only when you provide it directly, through cookies where you have given consent, or through the provision of our advisory services.
3. How We Use Your Data
We use personal data for the following purposes:
- Service delivery: To provide the advisory engagements and programs you or your organization have engaged us for.
- Communication: To respond to enquiries, schedule consultations, and manage ongoing client relationships.
- Website improvement: To understand how visitors use our website and make it more useful (analytics, where consented).
- Legal compliance: To meet obligations under applicable Thai law, including tax and contractual record-keeping requirements.
- Business records: To maintain accurate records of services provided and client communications for the duration required by law.
We do not use personal data for automated profiling or algorithmic decision-making that would have significant effects on individuals.
4. Legal Basis for Processing
Under the PDPA, we process personal data on the following legal bases:
- Contractual necessity: Processing required to perform advisory services you have engaged us for.
- Consent: For analytics cookies and marketing communications, where you have provided explicit consent.
- Legitimate interests: For responding to enquiries and maintaining business records, where our interests do not override your rights.
- Legal obligation: Where required by Thai law or court order.
5. Data Retention
We retain personal data for the following periods:
- Client engagement records: 7 years after engagement completion, as required for Thai tax and legal purposes.
- Enquiry and contact data (non-clients): 2 years from last contact, unless you request deletion earlier.
- Website analytics data: Aggregated data retained for 26 months; personal identifiers anonymized after 14 months.
- Cookie consent records: Retained for 3 years to demonstrate compliance.
After retention periods expire, data is securely deleted or anonymized.
6. Data Protection Measures
We implement the following measures to protect personal data:
- Encrypted data transmission (TLS) for all website communications.
- Access to personal data restricted to team members who need it for their role.
- Confidentiality obligations apply to all Siam Arai team members and any contracted third parties.
- Regular review of data storage and access controls.
- Incident response procedures in place in case of a suspected data breach.
In the event of a personal data breach that is likely to result in high risk to your rights and freedoms, we will notify you without undue delay as required by the PDPA.
7. Cookies
Our website uses cookies to improve the user experience and to understand website usage. We use essential cookies (required for basic functionality) and optional analytics and preference cookies (only with your consent).
For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.
8. Third-Party Data Sharing
We do not sell personal data to third parties. We may share personal data in the following limited circumstances:
- Service providers: Trusted third-party providers assisting with website hosting, email delivery, or analytics (bound by data processing agreements).
- Legal requirements: Where required by Thai law, court order, or lawful request from a government authority.
- Business transfers: In the event of a merger or acquisition, where personal data may transfer to a successor entity under equivalent protections.
Third-party tools we may use include analytics services (where consented). We review third-party providers for compliance with applicable data protection standards.
9. Your Rights Under the PDPA
As a data subject under Thailand's Personal Data Protection Act, you have the following rights:
- Right to access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate personal data.
- Right to erasure: Request deletion of personal data where there is no longer a lawful basis for processing.
- Right to restriction: Request that we restrict processing of your data in certain circumstances.
- Right to data portability: Receive your data in a structured, commonly used format where processing is based on consent or contract.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, contact us at privacy@siamaraesi. We will respond within 30 days. You also have the right to lodge a complaint with Thailand's Personal Data Protection Committee (PDPC).
10. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies independently.
11. Children's Privacy
Our services are directed at business professionals and organizations. We do not knowingly collect personal data from individuals under the age of 20 (the age of majority in Thailand). If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website or services after changes are posted constitutes acceptance of the revised policy.
13. Contact Information
Data Controller: Siam Arai
Address: 518 Ploenchit Road, Pathum Wan, Bangkok 10330, Thailand
Privacy Contact: privacy@siamaraesi