Chang Arch Business Consulting
Legal

Privacy Policy

Last updated: April 5, 2026

This Privacy Policy describes how Chang Arch ("we", "our", or "the Company") collects, uses, stores, and discloses personal data in connection with our website at chang-arch.biz and our consulting services. This policy is prepared in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and applies to all individuals whose personal data we process.

By using our website or engaging our services, you acknowledge that you have read and understood this policy. If you have questions about how we handle your personal data, please contact us using the details at the end of this document.

1. Data Controller

Chang Arch is the data controller for personal data processed in connection with this website and our services.

  • Business name: Chang Arch
  • Address: 164 Charoen Krung Road, Samphanthawong, Bangkok 10100, Thailand
  • Phone: +66 2 419 7386
  • Email: [email protected]

2. Personal Data We Collect

We collect personal data in the following circumstances:

  • Contact form submissions: Name, email address, phone number, and any information you choose to include in your message.
  • Service engagements: Business contact details, organisational information, and professional background necessary to deliver our consulting services.
  • Website usage data: IP address, browser type, device information, pages visited, and referring URLs, collected through analytics tools.
  • Communications: Content of emails and correspondence between you and our team.

We do not collect sensitive personal data (as defined under the PDPA, such as health data, racial or ethnic origin, or religious beliefs) unless specifically required and with your explicit consent.

3. Lawful Basis for Processing

We process your personal data on the following legal bases under the PDPA:

  • Contractual necessity: To deliver the consulting services you have engaged us for and to manage our relationship with you.
  • Legitimate interests: To operate and improve our website, respond to enquiries, and maintain business records.
  • Consent: For marketing communications and non-essential cookies, where we request your explicit consent before processing.
  • Legal obligation: Where processing is required to comply with applicable Thai laws and regulations.

4. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Responding to enquiries submitted through our contact form or by phone or email.
  • Delivering and administering consulting engagements you have contracted with us.
  • Sending service-related communications such as engagement updates, meeting confirmations, and deliverable notifications.
  • Improving the content and functionality of our website through anonymised usage analysis.
  • Maintaining accurate business records and fulfilling our accounting and legal obligations.
  • With your consent, sending occasional updates about our services or thought leadership content.

We do not sell, rent, or trade your personal data with third parties for their own marketing purposes.

5. Data Sharing and Third-Party Processors

We may share your personal data with trusted third parties where necessary to operate our business, including:

  • Website hosting and infrastructure providers who process data on our behalf under data processing agreements.
  • Analytics services (such as Google Analytics) that collect anonymised usage data to help us understand how our website is used.
  • Email service providers used to manage communication between our team and clients.
  • Professional advisors including legal counsel and accountants, where disclosure is necessary and subject to professional confidentiality obligations.
  • Government authorities, where we are legally required to disclose information.

Where third-party processors handle personal data on our behalf, we ensure they apply appropriate technical and organisational security measures consistent with this policy.

6. International Data Transfers

Some of the third-party service providers we use may store or process data in countries outside Thailand. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent protections as recognised under the PDPA.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. In general:

  • Contact form enquiries that do not result in an engagement are retained for up to 12 months.
  • Client engagement records are retained for seven years following the end of the engagement, in accordance with Thai accounting and commercial record-keeping obligations.
  • Website analytics data is retained in anonymised or aggregated form for up to 26 months.

When retention periods expire, data is securely deleted or anonymised.

8. Your Rights Under the PDPA

As a data subject under the PDPA, you have the following rights:

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that inaccurate or incomplete data be corrected.
  • Right to erasure: You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Where processing is based on consent or contract, you may request a copy of your data in a structured, commonly used format.
  • Right to object: You may object to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your rights have not been respected.

9. Data Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encrypted data transmission, and regular review of our data handling practices. No method of electronic transmission or storage is fully secure, and we cannot provide an absolute guarantee of security; however, we take reasonable steps to protect the data you entrust to us.

10. Cookies

Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for full details of the cookies we use, their purposes, and how to manage your preferences.

11. Links to Third-Party Websites

Our website may contain links to external websites that are not operated by us. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal data.

12. Children's Privacy

Our website and services are directed at business professionals and are not intended for use by children under the age of 20. We do not knowingly collect personal data from individuals under this age. If we become aware that such data has been collected, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

  • Email: [email protected]
  • Phone: +66 2 419 7386
  • Post: Chang Arch, 164 Charoen Krung Road, Samphanthawong, Bangkok 10100, Thailand