Dasar privasi

The controller responsible for processing personal data in connection with this website is Heritage Media Labs, Thailand. You can reach us using the contact details published in the header/footer of this website (including the telephone number shown).

If we appoint a data protection officer (DPO) or a PDPA contact person, we will publish those details here.

GDPR: If you are located in the European Economic Area or the United Kingdom, or if our processing falls within the territorial scope of the GDPR (e.g. offering services to people in the EEA/UK), the GDPR grants you the rights described in section 7.

Thai PDPA: If you are in Thailand or our processing is otherwise subject to the PDPA, the PDPA grants you the rights described in section 8.

Where both regimes apply, we will honour the stronger protection where required.

• Server and security logs: When you visit the site, our hosting infrastructure may automatically process technical data such as IP address, date/time, requested URL, user agent, and HTTP status. This is needed to deliver the page and maintain security.
• Communications: If you call or email us, we process the information you provide (e.g. name, company, phone, email, project details) to respond and, if applicable, to prepare or perform a contract.
• Consent storage (local storage): If you use the cookie banner, we store your choice (e.g. “essential only” or “accept all”) in your browser’s localStorage so we do not ask you again on every visit.

• Providing the website: Legitimate interests (Art. 6(1)(f) GDPR) and, where strictly necessary, performance of steps prior to a contract (Art. 6(1)(b)).
• Security and abuse prevention: Legitimate interests (Art. 6(1)(f) GDPR).
• Responding to enquiries: Legitimate interests and/or contract (Art. 6(1)(b)/(f) GDPR).
• Non-essential cookies or similar technologies: Only if and when we use them—consent (Art. 6(1)(a) GDPR), where required.

At present, this site is designed to avoid non-essential third-party trackers. If we add analytics or embedded media, we will update this policy and, where required, ask for consent before loading them.

Under the Thai PDPA, we rely on appropriate bases such as: consent (where required), legitimate interests, performance of a contract, legal obligation, or other bases permitted by law—depending on the specific processing activity.

We collect personal data only for lawful purposes relevant to our operations and limit processing to what is necessary.

We retain server logs in line with our hosting provider’s configuration and our security needs, then delete or anonymise them when no longer necessary. Business correspondence is retained for the period needed to handle your request and for any legal, tax, or compliance obligations.

Subject to conditions in the GDPR, you may have the right to: access, rectification, erasure, restriction of processing, data portability, objection, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

Where the PDPA applies, you may have rights including: to access and obtain a copy of your personal data, to rectify inaccurate data, to erase or anonymise data in prescribed cases, to restrict certain processing, to object in certain cases, to withdraw consent (without affecting prior lawful processing), to lodge a complaint with the Personal Data Protection Committee (PDPC), and other rights as provided by law.

Requests can be submitted using the contact details on this website. We may need to verify your identity before responding.

If we transfer personal data outside Thailand or the EEA/UK, we will use appropriate safeguards required by applicable law (such as adequacy decisions or standard contractual clauses) and document them as needed.

This brochure website is intended to minimise transfers: we do not load third-party fonts or analytics by default.

We use browser localStorage to remember your privacy choice from the banner (key such as hml_privacy_consent). This is strictly necessary to respect your preference and is not used for advertising.

If we introduce optional cookies (e.g. analytics), we will list them here and obtain consent where required before they are set.

We may update this policy when our website, legal requirements, or practices change. The “last updated” date at the bottom will be revised accordingly. Material changes may be highlighted on the site.