Legal
Privacy Policy
Last Updated: 14 March 2025 | Tessara
Tessara ("we", "us", "our") is committed to handling personal information with care and transparency. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have regarding your personal information.
This policy applies to personal data collected through our website at tessaraaz.info, our contact forms, and in the course of our consulting engagements. It is prepared in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA).
1. Data Controller
The data controller responsible for your personal data is:
Tessara
91/2 Sathorn Nua Road, Silom, Bang Rak, Bangkok 10500, Thailand
Email: [email protected]
Phone: +66 2 634 8271
2. Personal Data We Collect
Information you provide directly
- Name, email address, phone number — submitted via our contact forms
- Message content — text entered in the message field on our contact form
- Company name and role — if shared voluntarily during enquiries or engagements
Information collected automatically
- Browser type, device type, and operating system
- IP address and approximate geographic location
- Pages viewed, time spent on pages, and referral source
- Cookie identifiers (see our Cookie Policy)
Information from engagements
In the course of advisory engagements, we may collect additional organizational and personal information shared by clients or their representatives. This data is handled under the terms of our engagement agreements and is subject to strict confidentiality provisions.
3. Legal Basis for Processing
- Consent — for analytics cookies and marketing communications, where we obtain your consent before processing
- Contractual necessity — to deliver advisory services you have engaged us for
- Legitimate interests — to respond to enquiries, maintain security, and improve our services, where our interests do not override your rights
- Legal obligation — where processing is required to comply with Thai law or other applicable regulations
4. How We Use Your Data
- To respond to enquiries and schedule initial consultations
- To deliver and manage consulting engagements
- To send relevant updates about our services (where consent has been given)
- To understand how our website is used and improve its content
- To comply with legal and regulatory obligations
5. Data Sharing
Tessara does not sell, rent, or share personal data with third parties for commercial purposes. Data may be shared in the following limited circumstances:
- Service providers — such as website hosting and analytics providers, who process data on our behalf under data processing agreements
- Legal requirements — where we are required to disclose information by law, court order, or government authority
- Business transfers — in the unlikely event of a merger or acquisition, subject to appropriate confidentiality protections
We do not share client engagement data with any third party without explicit written consent.
6. Data Retention
We retain personal data for as long as necessary to fulfil the purposes outlined in this policy:
- Contact form enquiries: up to 24 months from last contact
- Client engagement records: up to 7 years to meet professional and legal obligations
- Analytics data: up to 26 months (standard retention for analytics services)
- Cookie consent records: 13 months
7. Data Security
We take appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or misuse. These include:
- Encrypted transmission (HTTPS) for all website interactions
- Access controls limiting data to staff with a legitimate need
- Secure storage for engagement documentation
- Regular review of security practices
In the event of a personal data breach that poses a risk to individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware, and affected individuals where required.
8. Cookies
Our website uses cookies to support functionality and understand how visitors interact with our content. For full details on the cookies we use and how to manage your preferences, see our Cookie Policy.
9. Your Rights
Under Thailand's PDPA, you have the following rights regarding your personal data:
- Right to access — to request a copy of the personal data we hold about you
- Right to rectification — to request correction of inaccurate or incomplete data
- Right to erasure — to request deletion of your data where no legitimate basis for retention exists
- Right to data portability — to receive your data in a structured, commonly used format
- Right to object — to object to processing based on legitimate interests
- Right to withdraw consent — to withdraw consent at any time where processing is consent-based, without affecting lawfulness of prior processing
- Right to lodge a complaint — with the Personal Data Protection Committee of Thailand
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
10. Third-Party Links
Our website may contain links to external websites. Tessara is not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.
11. Children's Privacy
Our services are intended for business professionals and organizations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has submitted personal data to us, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, the revised policy will be published on this page with an updated date. Continued use of our website following any changes constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related enquiries or to exercise your data rights:
Tessara — Data Protection Contact
91/2 Sathorn Nua Road, Silom, Bang Rak, Bangkok 10500
Email: [email protected]
Phone: +66 2 634 8271
This policy applies to personal data processed by Tessara in connection with its website and advisory services. Governing law: Kingdom of Thailand. Supervisory authority: Personal Data Protection Committee (PDPC), Thailand.