Privacy Policyนโยบายความเป็นส่วนตัว隐私政策
Alter Capital Co., Ltd. (operating as Alteryse, "we", "our", or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (alteryse.com), engage our services, or contact us in any capacity. It has been prepared in compliance with the Thailand Personal Data Protection Act B.E. 2562 (PDPA) and reflects internationally recognised privacy best practices.
Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood how we handle your personal data. If you do not agree with any part of this policy, please discontinue use of our website and services.
Table of Contents
1 Data Controller
The data controller responsible for your personal data is:
898/253 Pave Prachauthit 90, Phrasamut Chedi, Samut Prakan 10290, Thailand
Email: management@alteryse.com
Telephone: (+66) 61 556 6539
As a data controller, we determine the purposes and means of processing your personal data. Where we engage third parties to process data on our behalf, those parties act as data processors and are bound by written agreements that restrict their use of your data to the purposes we specify.
2 Information We Collect
We collect and process several categories of personal data, depending on how you interact with us:
2.1 Identity & Contact Data
- Full name, preferred name, and title
- Job title and name of employing organisation
- Email address, telephone number, and postal address
- Nationality (where relevant to a service engagement)
2.2 Engagement & Service Data
- Details of the services you have enquired about or retained us to provide
- Correspondence, instructions, and documents shared with us during a consultancy or legal engagement
- Meeting notes, records of advice provided, and related work product
- Payment and billing information (processed through our secure accounting systems)
2.3 Website Usage Data
- IP address and browser type
- Pages visited, time spent, and referral source
- Device identifiers and operating system
- Cookie data (see Section 10)
2.4 Communication Data
- Enquiries and messages submitted through our contact form
- Email correspondence with our team
- Feedback and satisfaction responses
We do not intentionally collect sensitive personal data (such as health information, racial or ethnic origin, religious beliefs, or criminal records) unless it is strictly necessary for a specific engagement and you have given explicit written consent.
3 How We Collect Your Data
We collect personal data through the following means:
- Directly from you — when you complete our contact form, send us an email, call us, or engage us for services
- Automatically — through cookies and standard web analytics tools when you visit our website
- From third parties — such as referral partners, public business registers, or professional directories, where permitted by applicable law
- In the course of service delivery — documents, instructions, and communications you provide during an active consultancy or legal engagement
4 How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Details |
|---|---|
| Responding to enquiries | To reply to messages sent through our contact form or by email, and to schedule consultations |
| Delivering services | To provide the business consultancy, legal advisory, branding, and related services you have retained us for |
| Client relationship management | To manage our ongoing relationship with you, including issuing invoices, sending engagement letters, and maintaining accurate records |
| Marketing communications | To send you newsletters, thought leadership content, or service updates — only with your prior consent, and you may withdraw consent at any time |
| Legal & regulatory compliance | To meet obligations under Thai law, including tax, anti-money laundering, and professional regulatory requirements |
| Website improvement | To analyse how our website is used and improve its content, structure, and user experience |
| Security & fraud prevention | To protect our systems, clients, and organisation against unauthorised access or misuse |
We will not use your personal data for purposes that are incompatible with those described above without first notifying you and, where required, obtaining your consent.
5 Legal Basis for Processing
Under the Thailand PDPA, we process your personal data on one or more of the following legal bases:
- Consent (Section 19, PDPA) — where you have given clear, informed, and freely given consent, such as for marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Contractual necessity (Section 24(3), PDPA) — where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, such as providing our consultancy or legal services.
- Legal obligation (Section 24(4), PDPA) — where processing is necessary to comply with a legal obligation to which we are subject under Thai law, such as maintaining accounting records or responding to regulatory enquiries.
- Legitimate interests (Section 24(5), PDPA) — where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include improving our services, maintaining security, and managing our business relationships.
6 Data Sharing & Disclosure
We treat your personal data with the utmost confidentiality. We do not sell, rent, or trade your personal data to any third party for commercial purposes. We may disclose your data only in the following limited circumstances:
6.1 Service Providers
We engage trusted third-party service providers to support our operations, including IT infrastructure providers, accounting and practice management software, and email delivery services. These providers act as data processors on our behalf and are contractually prohibited from using your data for any purpose other than providing the agreed service.
6.2 Professional Advisers
We may share your information with our external auditors, accountants, insurers, or legal advisers, where strictly necessary for them to provide their services to us.
6.3 Legal & Regulatory Disclosure
We may disclose your personal data if required to do so by law, court order, regulatory authority, or enforcement agency, or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of others.
6.4 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of all or a portion of our business, personal data held by us may be transferred to the relevant party, subject to appropriate confidentiality obligations and notification to you.
7 International Data Transfers
Our primary operations are based in Thailand and we store data predominantly within the country. However, some of our third-party technology providers (such as cloud hosting or email platforms) may process data in other jurisdictions.
Where personal data is transferred outside Thailand, we ensure that appropriate safeguards are in place in accordance with Section 28 of the PDPA, including:
- Transfers to countries with an adequate level of data protection as determined by the Personal Data Protection Committee of Thailand
- Contractual clauses that impose equivalent privacy obligations on the recipient
- Your explicit consent, where required
8 Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:
| Category of Data | Retention Period |
|---|---|
| Enquiry and contact form records (where no engagement follows) | 2 years from the date of enquiry |
| Client engagement records (contracts, advice, correspondence) | 10 years from the end of the engagement |
| Accounting and billing records | 5 years (as required by Thai accounting law) |
| Marketing consent records | Until consent is withdrawn, plus 1 year thereafter |
| Website usage and analytics data | 26 months from collection |
On expiry of the applicable retention period, personal data is securely deleted or anonymised. In certain circumstances, we may retain data for longer periods where required by law, regulatory guidance, or to defend or establish legal claims.
9 Your Rights Under the PDPA
As a data subject under the Thailand PDPA, you have the following rights with respect to your personal data:
- Right to be informed (Section 23) — to receive clear information about how your data is collected and used, which this policy provides.
- Right of access (Section 30) — to request a copy of the personal data we hold about you and information about how it is being used.
- Right to rectification (Section 34) — to request that inaccurate or incomplete personal data be corrected or updated.
- Right to erasure (Section 33) — to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent and there is no other legal basis for processing.
- Right to restriction of processing (Section 34) — to request that we temporarily stop processing your data in certain circumstances, such as while a correction request is being assessed.
- Right to data portability (Section 31) — to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another organisation, where technically feasible.
- Right to object (Section 32) — to object to processing carried out on the basis of legitimate interests or for direct marketing purposes.
- Right to withdraw consent — where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal.
- Right to lodge a complaint — to file a complaint with the Personal Data Protection Committee of Thailand (PDPC) if you believe your rights have been violated.
We may need to verify your identity before processing a rights request. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.
10 Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your browsing experience and help us understand how our site is used.
10.1 What Are Cookies?
Cookies are small text files placed on your device by a website you visit. They are widely used to make websites work more efficiently and to provide information to website owners.
10.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Necessary for the website to function (e.g., security tokens, session management) | Session |
| Functional | Remember your preferences such as language selection | Up to 1 year |
| Analytics | Help us understand how visitors use our website (anonymised aggregate data) | Up to 26 months |
10.3 Managing Cookies
You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information about managing cookies, visit allaboutcookies.org.
11 Third-Party Links
Our website may contain links to external websites, platforms, or resources operated by third parties. This Privacy Policy applies solely to our website and services. We are not responsible for the privacy practices, content, or security of any third-party sites. We encourage you to review the privacy policy of any external site you visit before providing your personal data.
12 Children's Privacy
Our website and services are not directed at, nor intended for use by, individuals under the age of 18 ("minors"). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a minor without verifiable parental consent, we will take prompt steps to delete that information. If you believe we have collected data from a minor, please contact us immediately at management@alteryse.com.
13 Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal obligations, or applicable regulations. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Post the revised policy on our website
- Where required by law or where the changes are significant, notify you directly by email
Your continued use of our website or services following the posting of changes constitutes your acknowledgment of the modified policy. We encourage you to review this page periodically to stay informed about how we protect your data.
14 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the details below. We are committed to resolving any privacy-related issues promptly and transparently.
Data Controller
Alter Capital Co., Ltd. (Alteryse)
898/253 Pave Prachauthit 90, Phrasamut Chedi, Samut Prakan 10290, Thailand
Email: management@alteryse.com
Telephone: (+66) 61 556 6539
You also have the right to lodge a complaint with the Personal Data Protection Committee of Thailand (PDPC) if you believe your personal data rights have been infringed.