Mahanakorn Partners Group Co., Ltd. (“MPG”, “we”, “us”, or “our”) is committed to protecting the privacy, confidentiality, and security of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and all applicable regulations.

This Privacy Policy explains:

·        What personal data we collect

·        How we collect, use, disclose, and safeguard personal data

·        Your rights as a data subject

·        How to contact us

Please read this Privacy Policy carefully.

1. Categories of Personal Data Collected

We may collect the following categories of personal data:

1.1 Data you provide

·        Name, title, company information

·        Email address, phone number, physical address

·        Documents submitted for onboarding or service engagement

·        Information contained in email or online correspondence

1.2 Automatically collected data

·        IP address, device identifiers

·        Cookies and website analytics

·        Access logs, browsing activity, usage patterns

1.3 Data from third parties

·        Public databases and regulators

·        Business partners and service providers

·        Information provided by clients during service delivery

We do not collect sensitive personal data unless:

(a) required by law, or

(b) explicitly consented to by you.

2. Purpose of Processing Personal Data

We process personal data for the following lawful purposes under the PDPA:

2.1 For service delivery

·        Providing legal, tax, accounting, auditing, compliance, and consulting services

·        Managing client engagements and onboarding

·        Performing identity verification and due diligence

·        Communicating service updates or responding to enquiries

2.2 For business operations

·        Internal administration and record keeping

·        Billing, payment processing, and accounting

·        Maintaining IT and cybersecurity systems

·        Data analytics and service improvement

2.3 For legal and regulatory compliance

·        Complying with Thai laws and regulatory requests

·        Responding to court orders or government authorities

·        Preventing fraud, misconduct, or misuse of services

2.4 For marketing (with consent)

·        Sending newsletters, legal updates, invitations, and publications

·        Providing tailored materials that may be of interest

You may withdraw consent for marketing at any time.

3. Disclosure of Personal Data

We may disclose personal data to the following parties only where permitted by the PDPA:

·        Our affiliated companies and subsidiaries

·        External service providers (IT hosting, cloud services, software, consultants)

·        Auditors, accountants, external legal advisors

·        Government agencies, regulators, courts, or authorities

·        Third parties as necessary for service execution

We do not sell or trade personal data.

Cross-border transfers may occur for hosting, cloud services, or international engagement. Such transfers comply with PDPA requirements, ensuring appropriate safeguards.

4. Protection and Retention of Personal Data

We implement appropriate technical, administrative, and physical safeguards to protect personal data from:

·        Loss

·        Unauthorized access

·        Alteration

·        Disclosure

Personal data is retained only:

·        As long as necessary to fulfil service purposes

·        As required by law (e.g., revenue code, accounting regulations)

·        For the duration needed to protect legal claims

When retention is no longer necessary, data is securely deleted or anonymized.

5. Rights of Data Subjects

Under the PDPA, you have the following rights:

5.1 Right to Access

Request access to and a copy of your personal data.

5.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

5.3 Right to Erasure

Request deletion, destruction, or anonymization of personal data where legally applicable.

5.4 Right to Withdraw Consent

Withdraw consent at any time for processing that relies on consent.

5.5 Right to Data Portability

Request transfer of personal data in a readable electronic format.

5.6 Right to Restrict Processing

Request suspension of data processing in certain circumstances.

5.7 Right to Object

Object to processing for:

·        Direct marketing

·        Research purposes

·        Processing based on legitimate interests

5.8 Right to Lodge a Complaint

Submit complaints to Thailand’s PDPC if you believe your rights were violated.

Requests will be responded to within a reasonable period and in accordance with the PDPA.

6. Deletion of Personal Data

Upon your request, and where legally appropriate, we will delete, destroy, or anonymize personal data within 90 days, unless:

·        We are required by law to retain it, or

·        It remains necessary to protect our legal rights

Certain non-identifying data may be retained for fraud prevention and audit purposes.

7. Storage and Security Measures

Your personal data may be stored in:

·        On-premise systems

·        Secure cloud environments

·        Third-party hosting facilities

We ensure that all service providers follow comparable security standards and confidentiality obligations.

However, no electronic storage system is 100% secure. We continuously update and refine security measures.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Significant changes will be notified via:

·        Email, or

·        Notice on our website

Continued use of our services after the effective date constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or wish to exercise your PDPA rights, please contact:

Mahanakorn Partners Group Co., Ltd.

Kian Gwan House III, 9th Floor

152 Wireless Road, Lumpini, Pathumwan

Bangkok 10330, Thailand

Tel: +66 2 651 5107

Email: info@mahanakornpartners.com