Legal Document

Privacy Policy

Last Updated: 17 April 2025 · Effective: 17 April 2025

Data Controller: Cinderpath · 76 Beach Road, Bang Lamung, Chonburi 20150, Thailand

Introduction

Cinderpath is committed to handling personal data with care and transparency. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have under Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and applicable regulations.

This policy applies to data collected through our website at cinderpa.live, through our contact forms, and in the course of consulting engagements. By using our website or providing us with your personal data, you acknowledge this policy.

Questions about this policy can be directed to: [email protected]

Data We Collect

We may collect the following categories of personal data:

Contact data: name, email address, phone number — provided via our website contact form or direct correspondence
Engagement data: information about your organisation, operating context, and the purpose of your enquiry, shared in the course of consulting discussions
Technical data: IP address, browser type, pages visited, and session duration — collected automatically via cookies and analytics tools
Communications data: emails, messages, and written correspondence exchanged with Cinderpath

Legal basis for processing: We process personal data on the basis of (a) your consent, where explicitly given; (b) our legitimate interest in responding to enquiries and delivering consulting services; and (c) contractual necessity where an engagement agreement exists.

Data retention: Contact and enquiry data is retained for up to 24 months. Engagement documents and correspondence are retained for up to 5 years for business record purposes. Technical/analytics data is retained for up to 12 months.

How We Use Your Data

Personal data is used for the following purposes:

Responding to enquiries submitted via our contact form or by email
Preparing and delivering consulting engagement scope documents and outputs
Maintaining records of consulting engagements for our internal business purposes
Analysing website usage patterns to improve the functionality of our website
Complying with legal obligations under Thai law

We do not use personal data for unsolicited marketing. We do not sell, rent, or trade personal data to third parties for their commercial purposes.

Third-party sharing: We may share data with service providers who support our website infrastructure (hosting, analytics). These providers are contractually required to handle data securely and not to use it for their own purposes.

Data Protection Measures

Cinderpath takes reasonable technical and organisational steps to protect personal data from unauthorised access, disclosure, alteration, or destruction. Measures in place include:

HTTPS encryption for all data transmitted via our website
Access controls limiting internal access to personal data to those with a legitimate need
Secure storage of engagement records with access restricted to the named consultant and practice administration
Periodic review of data handling practices

In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will notify the affected parties and, where required, the Personal Data Protection Committee (PDPC) in Thailand within the timeframe required by the PDPA.

Cookies

Our website uses cookies to support basic functionality and, where consent is given, to analyse site usage. Cookie categories used include essential session cookies, preference cookies, and optional analytics cookies. You can manage cookie preferences at any time via our Cookie Policy page.

Your Rights Under the PDPA

Under Thailand's Personal Data Protection Act, you have the following rights in relation to your personal data:

Right of access: to request a copy of the personal data we hold about you
Right to rectification: to request correction of inaccurate or incomplete data
Right to erasure: to request deletion of your data, subject to legal retention obligations
Right to data portability: to receive your data in a structured, commonly used format
Right to object: to object to processing based on legitimate interest
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
Right to lodge a complaint: with the Personal Data Protection Committee (PDPC), the supervisory authority in Thailand

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving a valid request.

Third-Party Links

Our website may contain links to external websites. Cinderpath is not responsible for the privacy practices of those sites and encourages users to review the privacy policies of any external site they visit.

Children's Privacy

Our services are directed at business organisations and their leadership representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data to us, please contact us at [email protected] so we can remove it.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where material changes are made, we will update the "Last Updated" date at the top of this page. Continued use of our website after a policy update constitutes acceptance of the revised terms.

10.

Contact for Privacy Matters

For all data protection enquiries, requests, or complaints, contact Cinderpath at:

Cinderpath

76 Beach Road, Bang Lamung, Chonburi 20150, Thailand

Email: [email protected]

Phone: +66 38 425 7918