Privacy Policy

1. Overview

Muang Ridge ("we," "us," or "our") is committed to handling personal data with care, transparency, and respect for the individuals whose information we hold. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to your data.

This policy applies to all personal data processed through our website at muang-ridge.pro, through our contact and enquiry forms, and in the course of our consulting engagements. It is written in accordance with Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA) and its subsequent amendments and subordinate regulations.

2. Data Controller

The data controller responsible for your personal data is:

If you have questions about how your personal data is handled, you may contact us directly at the address or email above.

3. Personal Data We Collect

We collect personal data only when you provide it to us voluntarily, or when it is generated through your use of our website. The categories of data we may collect include:

• Contact information: your name, email address, phone number, and organization name, as submitted through our enquiry or contact form.
• Communication content: the content of messages, questions, or descriptions of your situation that you share with us.
• Technical data: IP address, browser type and version, device type, pages visited, time on page, and referring URL — collected automatically through analytics tools when you visit our website.
• Cookie data: preference signals and session identifiers stored in your browser. See Section 8 for details.
• Engagement data: during consulting engagements, we may receive additional organizational data shared with us as part of the scoping and delivery process. This data is governed by the confidentiality terms in your engagement letter.

We do not collect sensitive personal data as defined by the PDPA (such as health data, biometric data, or racial or ethnic origin data) through this website.

4. Legal Basis for Processing

Under the PDPA, we process your personal data on the following legal bases depending on the purpose:

• Consent: for the use of non-essential cookies and for marketing communications, where you have given your express consent.
• Contractual necessity: to respond to your enquiries and to fulfil our obligations under a consulting engagement agreement.
• Legitimate interests: to operate and improve this website, to protect the security of our systems, and to understand how our services are used — where these interests are not overridden by your rights and interests.
• Legal obligation: where processing is required to comply with applicable Thai law or regulatory requirements.

5. How We Use Your Personal Data

We use personal data for the following purposes:

• To respond to your messages, questions, and enquiries.
• To conduct consulting engagements that you have commissioned.
• To send administrative communications related to your engagement (such as scheduling, deliverable status, or invoicing).
• To analyse website traffic and usage patterns to improve the quality and relevance of our website content.
• To comply with our legal and regulatory obligations under Thai law.
• To detect and prevent fraud and security incidents.

We do not use your personal data for profiling, automated decision-making, or targeted advertising.

6. Data Sharing and Disclosure

We do not sell, rent, or trade personal data to third parties. We may share personal data in the following limited circumstances:

• Service providers: we use a small number of third-party service providers (such as website hosting, email delivery, and analytics) who process data on our behalf. These providers are contractually bound to process data only for the purposes we specify and in accordance with applicable law.
• Legal requirements: we may disclose personal data if required to do so by law, court order, or regulatory authority in Thailand.
• Professional advisors: in limited circumstances, we may share information with legal or financial advisors bound by confidentiality obligations.

Any transfer of personal data to service providers outside Thailand is conducted in accordance with the cross-border transfer requirements of the PDPA, including the use of appropriate safeguards.

7. Data Retention

We retain personal data for as long as is reasonably necessary for the purposes described in this policy, or as required by applicable law.

• Website enquiries that do not lead to an engagement: personal data is retained for up to 12 months from the date of contact, after which it is securely deleted.
• Consulting engagement data: records related to completed engagements are retained for up to 7 years from the end of the engagement, in accordance with Thai accounting and tax record-keeping requirements.
• Technical and analytics data: aggregated website analytics data may be retained for up to 24 months. Non-aggregated technical data is not retained beyond 90 days.

When personal data is no longer needed, we delete or anonymize it in a secure and irreversible manner.

8. Cookies

Our website uses cookies and similar technologies. For a full explanation of the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

In summary, we use strictly necessary cookies (which operate without consent) and optional analytics and tracking cookies (which require your consent). You may withdraw your consent to optional cookies at any time by adjusting your browser settings or using the cookie preference tool on our website.

9. Your Rights Under the PDPA

The Thailand Personal Data Protection Act grants data subjects a set of rights in relation to their personal data. Where applicable, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: request that inaccurate or incomplete personal data be corrected.
• Erasure: request that your personal data be deleted, where there is no lawful basis for its continued retention.
• Restriction: request that we limit the processing of your personal data in certain circumstances.
• Data portability: receive your personal data in a structured, commonly used, and machine-readable format, where technically feasible.
• Objection: object to processing carried out on the basis of legitimate interests.
• Withdrawal of consent: withdraw any consent you have previously given, at any time, without affecting the lawfulness of prior processing.
• Complaint: lodge a complaint with Thailand's Personal Data Protection Committee (PDPC) if you believe your rights have been infringed.

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframes prescribed by the PDPA — generally within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encrypted data transmission (HTTPS), access controls, and secure document handling procedures within our team.

While we take reasonable precautions, no data transmission over the internet or electronic storage system is entirely without risk. We encourage you to contact us promptly if you believe your personal data may have been compromised.

11. Data Relating to Minors

Our website and services are directed at business professionals and organizations. We do not knowingly collect personal data from individuals under the age of 20, which is the age of majority in Thailand. If we become aware that we have inadvertently collected personal data from a minor, we will delete that data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational circumstances. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website following the posting of changes constitutes your acknowledgment of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or to the handling of your personal data, please contact us: