Privacy Policy

1. Introduction

Modelyn ("we", "us", "our") is a business model advisory practice operating from Bangkok, Thailand. We are committed to handling personal data responsibly and in compliance with the Personal Data Protection Act B.E. 2562 (PDPA) and other applicable Thai law. This Privacy Policy explains what personal data we collect, how we use it, how long we retain it, and what rights you hold in relation to it.

This policy applies to personal data collected through our website, our enquiry forms, and in the course of advisory engagements. If you have questions about this policy or about how your data is handled, contact us at [email protected].

2. Data We Collect

We collect personal data in the following circumstances:

• Enquiry submissions: Name, email address, phone number (optional), and any information you include in your message via our contact form.
• Engagement context: During advisory engagements, we may collect and process professional information including name, job title, business name, and contact details. We may also handle company financial and commercial data shared for the purposes of the engagement.
• Website analytics: Technical data including IP address, browser type, pages visited, and time on site — collected via analytics tools where you have provided consent.
• Cookies: Cookie consent status and preferences, stored in your browser's local storage. See our Cookie Policy for details.

We do not collect sensitive personal data (as defined under the PDPA) unless required by law or with explicit consent.

3. Legal Basis for Processing

We process personal data on the following legal bases:

• Consent: Where you have provided explicit consent, such as when submitting an enquiry form or accepting analytics cookies.
• Contract performance: Where processing is necessary to carry out an advisory engagement you have contracted for.
• Legitimate interests: For routine communication, operational administration, and improving our services — where our interests do not override your data protection rights.
• Legal obligation: Where we are required to process data under applicable Thai law.

4. How We Use Personal Data

Personal data is used for the following purposes:

• Responding to enquiries and assessing whether an advisory engagement is appropriate.
• Conducting and delivering advisory engagements as scoped and agreed.
• Communicating with you about the status of an engagement or follow-up matters.
• Improving our website based on aggregate analytics data.
• Complying with legal and regulatory obligations.

We do not use personal data for advertising purposes. We do not sell personal data to third parties. We do not use personal data to send unsolicited marketing communications.

5. Data Retention

We retain personal data only for as long as is necessary for the purpose for which it was collected:

• Enquiry data: Retained for 12 months from the date of the enquiry. If an engagement follows, data is retained for the duration of the engagement plus 3 years.
• Engagement data: Retained for 5 years following the close of the engagement, to meet standard commercial record-keeping requirements.
• Analytics data: Retained in anonymised aggregate form for 24 months.
• Cookie preferences: Stored locally in your browser until cleared or withdrawn.

6. Data Protection Measures

We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss. These measures include:

• Encrypted transmission of data submitted via web forms (TLS/HTTPS).
• Access controls limiting data access to advisors directly involved in the relevant engagement.
• Secure document handling for engagement-related commercial data shared by clients.
• No third-party sharing of engagement data outside of what is strictly necessary for service delivery.

In the event of a personal data breach that may affect your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with the requirements of the PDPA.

7. Cookies

Our website uses cookies for essential functionality and, with your consent, for analytics purposes. Cookie consent is managed through the cookie banner on our homepage. You can adjust your preferences at any time via our Cookie Policy page.

8. Third-Party Services

We may use the following third-party services in connection with our website and operations:

• Google Analytics: Website analytics — only where you have consented to analytics cookies.
• Google Maps: Embedded map on our homepage for location display purposes only.

These services operate under their own privacy policies, which govern their use of any data they receive.

9. Your Rights

Under the PDPA and applicable Thai data protection law, you have the following rights in relation to personal data we hold about you:

• Right of access: Request confirmation of whether we hold personal data about you, and a copy of that data.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data, subject to applicable retention obligations.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to data portability: Request a copy of data provided by you in a structured, machine-readable format.
• Right to lodge a complaint: Lodge a complaint with the Personal Data Protection Committee of Thailand if you believe your rights have been infringed.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

11. Children's Privacy

Our services are directed to business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data has been collected from a person under 18 without verified parental consent, we will delete that data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will update the "Last Updated" date at the top of this document. Continued use of our website following a policy update constitutes acceptance of the revised policy. We recommend reviewing this page periodically.

13. Contact

For all data protection enquiries:

• Email: [email protected]
• Address: Modelyn Co., Ltd., 28/4 Thonglor Road, Khlong Tan Nuea, Watthana, Bangkok 10110, Thailand