Information We Collect

Data You Provide Directly

When you register for our programs or contact us, we collect information that helps us deliver our educational services effectively. This includes your name, email address, phone number, and professional background details. If you're enrolling in a program, we also gather information about your educational goals and experience level to tailor course recommendations.

Automatically Collected Information

Our platform collects technical data to improve your experience and maintain security. This includes:

• IP addresses and device identifiers for security monitoring
• Browser type and operating system information
• Pages visited and time spent on our platform
• Course progress and engagement metrics
• Referral sources and navigation patterns

Payment Information

We work with certified payment processors in Thailand to handle transactions securely. We don't store complete credit card numbers on our servers. Payment processors maintain this information according to PCI-DSS standards, and we only retain transaction records needed for accounting and support purposes.

How We Use Your Information

Your data serves specific purposes that directly relate to delivering quality education and maintaining our platform. We don't use your information for unrelated marketing or sell it to third parties.

We occasionally send updates about new courses or industry insights related to corporate finance. You can opt out of these communications anytime through your account settings or by clicking unsubscribe links in our emails.

Data Sharing and Third Parties

We're selective about who handles your data. Here's who might access your information and why:

Service Providers

• Cloud hosting providers for platform infrastructure (servers located in Singapore and Thailand)
• Email service providers for course communications and updates
• Payment processors authorized to operate in Thailand
• Analytics tools for understanding platform usage patterns
• Customer support software for managing inquiries efficiently

All service providers sign data processing agreements requiring them to protect your information and use it only for specified purposes. They can't use your data for their own marketing or share it with others.

Legal Requirements

We may disclose information when legally required by Thai authorities or to protect our rights and safety. This happens rarely and only when we have a valid legal basis. We'll notify you about such requests unless prohibited by law.

Your Rights Under Thailand PDPA

Thailand's Personal Data Protection Act gives you substantial control over your information. Here's what you can do and how to exercise these rights:

Access and Portability

You can request a copy of all personal data we hold about you. We'll provide this in a structured format within 30 days. If you want to transfer your data to another service, we'll help with that too.

Correction and Updates

Found outdated information in your profile? You can update most details directly through your account dashboard. For information you can't change yourself, contact us at [email protected] and we'll make corrections within 15 business days.

Deletion Requests

You can ask us to delete your account and associated data. We'll process this within 30 days, though we might need to retain certain information for legal compliance (like transaction records for tax purposes). We'll clearly explain what must be kept and why.

Object to Processing

If you disagree with how we're using your data, you can object to specific processing activities. We'll review your request and either stop that processing or explain why we need to continue for legitimate reasons.

How to Exercise Your Rights

• Email us at [email protected] with your request
• Include your full name and account email for verification
• Specify which right you want to exercise and provide relevant details
• We'll respond within 30 days with actions taken or reasons for any limitations

If you're not satisfied with our response, you can file a complaint with Thailand's Personal Data Protection Committee.

Data Security Measures

Protecting your information isn't just about technology. It's about processes, training, and constant vigilance. Here's how we approach security:

Technical Safeguards

• Industry-standard encryption for data transmission (TLS 1.3)
• Encrypted storage for sensitive personal information
• Regular security audits and vulnerability assessments
• Multi-factor authentication options for account access
• Automated backup systems with encrypted storage
• Network monitoring and intrusion detection systems

Organizational Measures

Our team members receive regular training on data protection and privacy requirements. Access to personal data is restricted based on job requirements, and we maintain detailed logs of who accesses what information. All staff sign confidentiality agreements covering data handling.

Incident Response

If a data breach occurs, we have procedures to contain it quickly and assess the impact. Under Thailand's PDPA, we're required to notify authorities within 72 hours of discovering a breach that poses risks to your rights. We'll also inform affected users directly with details about what happened and steps you should take.

Data Retention and Deletion

We don't keep your data forever. Retention periods depend on the type of information and our legal obligations:

• Active account data: Maintained while your account remains active plus 90 days after closure
• Course completion records: Kept for 7 years to support credential verification
• Financial records: Retained for 5 years as required by Thai accounting regulations
• Marketing communications: Stored until you unsubscribe or request deletion
• Technical logs: Typically maintained for 12 months for security analysis

After retention periods expire, we securely delete or anonymize information so it can no longer identify you. Deletion methods include cryptographic erasure and physical destruction of backup media.

International Data Transfers

Our primary servers are located in Thailand and Singapore. Some service providers operate from other countries, which means your data might be processed outside Thailand. When this happens, we ensure appropriate safeguards are in place.

Transfer Mechanisms

For transfers outside Thailand, we use standard contractual clauses approved by data protection authorities. These contracts require recipients to maintain protection levels comparable to Thailand's PDPA requirements. We also assess the privacy laws of destination countries before approving transfers.

Service providers in countries with adequate data protection frameworks (like EU member states or Japan) benefit from Thailand's recognition of these jurisdictions as providing sufficient protection.

Cookies and Tracking Technologies

Our platform uses cookies and similar technologies to function properly and understand how people use our services. Most cookies are essential for basic functionality, but some help us analyze and improve the experience.

Types of Cookies We Use

• Essential cookies: Required for login, course access, and security features
• Functional cookies: Remember your preferences and settings
• Analytics cookies: Help us understand usage patterns and improve our platform
• Performance cookies: Monitor platform speed and identify technical issues

You can control cookie preferences through your browser settings. Blocking essential cookies might affect platform functionality, but you can disable analytics cookies without losing access to courses.

Children's Privacy

Our corporate finance programs target working professionals and aren't designed for anyone under 18. We don't knowingly collect information from minors. If we discover we've accidentally gathered data from someone underage, we'll delete it promptly and may restrict account access.

Parents or guardians who believe their child provided information to us should contact [email protected] immediately so we can address the situation.

Changes to This Policy

We update this privacy policy occasionally to reflect new practices, legal requirements, or platform features. When we make significant changes, we'll notify you by email or through a prominent notice on our platform at least 30 days before the new policy takes effect.

Minor updates (like clarifications or contact information changes) might not trigger individual notifications, but we'll always update the "Effective Date" at the top of this policy. Checking back periodically helps you stay informed about how we protect your data.