Privacy Policy

1. Introduction

Credivex ("we," "our," or "us") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you interact with our legal services, visit our website, or communicate with our firm. We process personal information in accordance with Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA") and applicable data protection regulations.

This policy applies to all individuals whose personal data we process in connection with our legal services, including clients, prospective clients, opposing parties, witnesses, and website visitors. By providing personal information to us or using our services, you acknowledge the practices described in this Privacy Policy.

2. Data Controller Information

The data controller responsible for your personal information is:

3. Personal Data We Collect

We collect and process the following categories of personal information:

3.1 Contact Information

Name, business name, address, email address, telephone number, and other contact details you provide when engaging our services or inquiring about our practice.

3.2 Professional Information

Position, employer, professional credentials, and business relationships relevant to the legal matter or transaction.

3.3 Transaction Information

Details about banking transactions, financial arrangements, regulatory matters, and other information necessary for providing legal services.

3.4 Communications

Content of correspondence, meeting notes, legal advice, and other communications related to our services.

3.5 Website Usage Data

When you visit our website, we may collect IP address, browser type, pages visited, time spent on pages, and other usage statistics through cookies and similar technologies.

4. Legal Basis for Processing

We process personal data based on the following legal grounds under the PDPA:

4.1 Contract Performance

Processing necessary to perform our legal services engagement with you or to take steps at your request before entering into an engagement.

4.2 Legal Obligation

Processing required to comply with legal and regulatory obligations, including anti-money laundering requirements, client identification procedures, and professional conduct rules.

4.3 Legitimate Interest

Processing necessary for our legitimate business interests, such as managing client relationships, improving our services, maintaining records, and protecting against legal claims.

4.4 Consent

For certain processing activities, such as marketing communications, we obtain your explicit consent before collecting or using your personal data.

5. How We Use Personal Data

We use personal information for the following purposes:

• Providing legal services and advice related to banking and finance law
• Communicating with clients about matters, transactions, and regulatory developments
• Managing our client relationships and professional obligations
• Maintaining accurate records and documentation as required by law and professional standards
• Conducting conflict of interest checks before accepting new engagements
• Processing payments and managing billing arrangements
• Complying with legal and regulatory requirements, including anti-money laundering obligations
• Improving our services and website functionality
• Sending relevant legal updates and firm newsletters (with consent)
• Protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities

6. Data Sharing and Disclosure

We may share personal information with the following categories of recipients:

6.1 Service Providers

Third-party service providers who assist with document management, IT services, cloud storage, and other operational functions. These providers are contractually bound to protect personal data and use it only for specified purposes.

6.2 Professional Advisors

Other legal counsel, accountants, experts, and consultants involved in transactions or matters where sharing is necessary for providing legal services.

6.3 Regulatory Authorities

Government agencies, regulatory bodies, and courts when required by law or professional obligations, including the Lawyers Council of Thailand, Bank of Thailand, Securities and Exchange Commission, and other relevant authorities.

6.4 Transaction Parties

Other parties involved in transactions where disclosure is necessary for completing the legal work, such as counterparties, lenders, borrowers, and their respective counsel.

6.5 Business Transfers

In connection with any merger, sale of firm assets, financing, or acquisition of all or a portion of our practice by another firm, personal data may be transferred to the acquiring entity.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and professional obligations. Specific retention periods include:

• Client matter files: Retained for a minimum of 10 years following matter completion as required by professional standards
• Financial records: Retained for 7 years following the relevant fiscal year
• Marketing communications: Until you withdraw consent or we determine the information is no longer necessary
• Website usage data: Typically retained for 12-24 months

After the applicable retention period expires, we securely delete or anonymize personal data unless longer retention is required by law or to protect legal rights.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Security measures include:

• Secure document management systems with access controls and encryption
• Regular security assessments and updates to protect against vulnerabilities
• Staff training on data protection obligations and confidentiality requirements
• Confidentiality agreements with all employees and service providers
• Physical security measures for office premises and document storage
• Incident response procedures for potential data breaches

While we employ reasonable security measures, no system is completely secure. We cannot guarantee the absolute security of personal data transmitted to or stored by us.

9. Your Rights

Under the PDPA, you have the following rights regarding your personal data:

9.1 Right of Access

Request access to personal data we hold about you and receive information about how we process it.

9.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure

Request deletion of personal data in certain circumstances, subject to legal and professional retention obligations.

9.4 Right to Data Portability

Receive personal data you provided to us in a structured, commonly used format and transmit it to another controller.

9.5 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

9.6 Right to Withdraw Consent

Withdraw consent for processing activities that rely on your consent, without affecting the lawfulness of processing based on consent before withdrawal.

9.7 Right to Lodge a Complaint

Lodge a complaint with the Personal Data Protection Committee if you believe we have violated your data protection rights.

To exercise these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law, typically within 30 days. Some rights may be limited by legal or professional obligations to retain certain information.

10. Cookies and Website Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze site usage. For detailed information about our cookie practices, please see our Cookie Policy.

11. International Data Transfers

Personal data may be transferred to and stored in jurisdictions outside Thailand when necessary for providing legal services or fulfilling our obligations. When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or other mechanisms approved under the PDPA. We take steps to ensure that personal data receives an adequate level of protection regardless of where it is processed.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice such as through email or a website announcement. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

14. Contact Information

If you have questions about this Privacy Policy or our data protection practices, please contact us: