Privacy Policy

Effective Date: [ 1 September 2025 ]
(“Effective Date”)

1. Introduction

Vault Mark Co., Ltd., having its registered office at [ 725 S‑Metro Building, Sukhumvit Road, Khlong Ton Nuea, Watthana, Bangkok 10110, Thailand ] (“Vault Mark”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal data that we collect, use, disclose and otherwise process in connection with our website(s), digital marketing services, advertising services, analytics services, influencer services and other related business operations (collectively, our “Services”).
This Privacy Policy explains how we handle your personal data, your rights, and how you can contact us. By accessing or using our website and/or engaging our Services, you acknowledge that you have read and accept this Privacy Policy.

2. Scope

This Policy applies to all personal data we collect from:

  • Visitors to our website(s);
  • Prospective, current or former clients or business partners;
  • Contacts of our clients or partners (such as employees or agents of our client);
  • Users of our services, including influencers, vendors, subcontractors, applicants, etc.
    It covers personal data collected in any manner (online, offline, via telephone, email, in person) and processed by us for the purposes set out below.

3. Definitions

  • Personal Data / “personal information” means any information relating to an identified or identifiable natural person.
  • Sensitive Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade‑union membership, genetic data, biometric data, health data, or data concerning a person’s sex life or sexual orientation.
  • Processing means any operation performed on personal data — collection, use, disclosure, storage, deletion, etc.
  • Controller / Processor as applicable under Thai PDPA.

4. What Personal Data We Collect

We may collect the following types of personal data depending on context:

  • Identity data: name, job title, corporate affiliation, employer, professional role;
  • Contact data: email address (work and/or personal), telephone number (mobile, landline), postal address;
  • Device / technical data: IP address, browser type and version, operating system, device identifiers, referral source, pages visited on the website, time stamps, cookies and similar tracking technologies;
  • Usage data: how you use our website, interact with our Services, features accessed or used;
  • Service‑related data: client preferences, service delivery records, communications with us, project details, contract records;
  • Marketing data: your preferences, communication history, consent records;
  • Any other personal data which you voluntarily provide to us (e.g., via forms, email, telephone).

We do not generally collect Sensitive Personal Data unless explicitly required for a specific purpose (and with separate consent or legal basis as required).

5. Legal Basis for Processing (for clients, partners or EU/EEA‑based persons)

Where applicable (e.g., for contacts based in the EU/EEA), we process your personal data on one or more of the following legal bases:

  • Your consent (which you may withdraw at any time);
  • Performance of a contract to which you are a party (or taking steps at your request prior to entering into a contract);
  • Compliance with a legal obligation to which we are subject (e.g., record‑keeping, regulatory matters);
  • Our legitimate interests (provided they do not override your rights and freedoms) — e.g., improving our website and Services, marketing our Services, fraud prevention, network and information security.

Under Thai PDPA, we will rely on equivalent lawful bases (consent, contractual necessity, legal obligation, legitimate interest) and ensure that your rights are respected.

6. Purposes of Processing Your Personal Data

We use personal data for the following purposes:

  • To deliver our Services to you (or to your organisation) including onboarding, project management, reporting, analytics, communications etc.;
  • To respond to your enquiries, provide support, communicate service updates and contract‑related notifications;
  • To manage our business relationship with you (or your organisation) including invoicing, contract performance, audits, compliance;
  • To send you marketing communications about our services (subject to your consent where required) and offers that we believe may interest you;
  • To monitor, analyse and improve our website, Services, marketing campaigns, user experience, performance, detection and prevention of fraud, security threats;
  • To comply with applicable laws, regulations, court orders or requests from law‑enforcement, regulatory or governmental authorities;
  • For any other purpose with your consent or as permitted by law.

If we intend to process your personal data for any additional purpose that is materially different from the above, we will provide you with notice and seek your consent if so required.

7. Sharing and Disclosure of Personal Data

We may share or disclose your personal data in the following situations:

  • With our trusted service providers and subcontractors who assist us in operating our business, delivering Services, maintenance of our website, hosting, analytics, marketing platforms, data storage providers — provided they are bound by appropriate data‑protection obligations;
  • With our affiliates and business partners in connection with service delivery, marketing partnerships or co‑operations;
  • If we are legally required to disclose personal data (e.g., pursuant to court order, government investigation or regulatory requirement);
  • In connection with a business transaction (e.g., merger, acquisition, sale of assets) — where the acquiring entity will assume our data‑protection obligations;
  • With your consent or at your request.

We will not sell or rent your personal data to third parties for marketing purposes without your explicit consent.

8. International Transfers

If your personal data is transferred outside Thailand (or the country where you reside), we will ensure that appropriate safeguards are in place (for example, the recipient is located in a jurisdiction with adequate data protection laws, or we put in place contractual data‑transfer safeguards, binding corporate rules or other transfer mechanisms recognised under Thai PDPA and relevant international law) and we will inform you of the transfer via this Policy or separate notice.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in Section 6, or to comply with our legal, regulatory or reporting obligations, or to establish, exercise or defend legal claims. When no longer required, we will securely delete, anonymise or irreversibly aggregate your personal data.

10. Cookies and Tracking Technologies

Our website uses cookies, web‑beacons, pixels, and similar technologies for various purposes, including authentication, security, analysing website usage, marketing and personalisation. You may set or amend your browser controls to accept or refuse cookies. Please note that blocking or deleting certain cookies may affect your ability to use parts of our website or Services.

We may provide a separate cookie‑banner or preference centre where you can manage your choices in respect of cookies. We encourage you to review our Cookie Policy (or the relevant section here) for further detail.

11. Security

We implement appropriate technical and organisational security measures intended to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These include (but are not limited to) encryption, access controls, secure servers, firewalls, regular vulnerability assessments, staff training. However, no security system is perfect — we cannot guarantee absolute security of any data transmitted to or via our website or Services.

12. Your Rights

Depending on your country of residence and applicable law (including Thai PDPA, EU GDPR or other) you may have the following rights in respect of your personal data:

  • Access – you may request confirmation of whether we process your personal data, and if so a copy of such data;
  • Rectification – you may request correction of inaccurate or incomplete data;
  • Deletion (Erasure) – you may request deletion of personal data, provided that doing so does not conflict with our legal or contractual obligations;
  • Restriction of Processing – you may request that we restrict the processing of your personal data in certain circumstances;
  • Portability – if applicable, you may request a copy of your personal data in a structured, commonly‑used machine‑readable format;
  • Objection – you may object to our processing of your personal data in certain circumstances (including direct marketing) and we will cease unless we have compelling legitimate grounds;
  • Withdraw Consent – if we rely on consent, you may withdraw it at any time (withdrawal will not affect the lawfulness of processing carried out prior to withdrawal);
  • Lodge a Complaint – you may lodge a complaint with the relevant supervisory authority (in Thailand: the Personal Data Protection Committee (“PDPC”)) if you believe your rights have been infringed.

To exercise any of these rights, please contact us at the contact details below. We will respond within a reasonable timeframe (and in no case later than the maximum period required by law) and may ask for identity verification to protect data security.

13. Children’s Privacy

Our Services are not directed to children under the age of 13 (or under the minimum age in your jurisdiction). We do not knowingly collect or solicit personal data from children. If you believe we have collected personal data from a child without parental consent, please contact us and we will take steps to delete such data.

14. Third‑Party Links and Services

Our website may contain links to third‑party websites, plug‑ins and applications. Clicking on those links may allow other parties to collect or share personal data about you. We do not control such third parties and are not responsible for their privacy practices — you should read their privacy policies before providing them any personal data.

15. Changes to this Privacy Policy

We may change this Privacy Policy from time to time (for example, to reflect changes in our business practices, legal/regulatory developments or new features). If we make material changes, we will notify you (for example by posting a prominent notice on our website or sending you an email) and update the “Effective Date” above. Your continued use of our website or Services after the changes means you accept the updated Policy.

16. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our personal‑data practices, you may contact us at:
Vault Mark Co., Ltd.
Address: 725 S‑Metro Building, Sukhumvit Road, Khlong Ton Nuea, Watthana, Bangkok 10110, Thailand
Phone: +66 (0) 2096–6489
Email: info@vaultmark.com