Privacy Notice

Salmon, as the provider of the Chat Management Platform, issues this Privacy Notice to inform our customers, service users, and related parties of our policies and practices regarding the collection, use, disclosure, and protection of personal data in accordance with the Personal Data Protection Act 2019 (“PDPA”) of Thailand.

We recognize the importance of personal data and are committed to ensuring that your data is handled securely, lawfully, and transparently.

1. Collection of Personal Data

• Identity Information: Full name, national identification number, company or organization Information.
• Contact Information: Email, Telephone Number, Postal Address, Social Media Accounts (Line, Facebook, Instagram, TikTok, Shopee, WhatsApp, etc.)
• Transactional Information: Purchase details, tax invoices, payment records.
• Technical Information: IP address, cookies, browser type, device information, usage logs.
• Organizational Data: Information relating to internal usage where the platform integrates with customer systems.

2. Purpose of Processing

• To provide, manage, and improve our services.
• To verify identity and process service requests.
• To issue invoices, receipts, and comply with tax regulations.
• To communicate regarding service updates, inquiries, or promotions (with consent).
• To conduct research, analytics, and system development.
• To comply with applicable laws and regulations.

3. Legal Basis for Processing

• Contractual necessity: To deliver services requested by the user.
• Legal obligation: Compliance with applicable laws such as tax and accounting requirements.
• Legitimate interests: Improvement of services, fraud prevention, and system security.
• Consent: For purposes beyond the scope of service delivery, such as marketing communications.

4. Data Security Measures

• Encryption: Data is encrypted both in transit (TLS 1.2/1.3) and at rest (AES-256).
• Access Control: Restricted access on a need-to-know basis, with Multi-Factor Authentication (MFA).
• Audit & Logging: Continuous monitoring, logging, and audit trails of system activities.
• Security Testing: Regular vulnerability assessments and penetration testing.
• Incident Response: Notification to affected data subjects and PDPC within 72 hours.

5. Disclosure of Personal Data

We will not sell, rent, or disclose personal data to unauthorized third parties. Disclosure may occur only under the following circumstances:

• With your prior consent.
• When required by law, regulation, or court order.
• Use of Data Processors and Sub-Processors (e.g., cloud providers, payment processors) under binding Data Processing Agreements (DPAs).

6. Cross-Border Data Transfers

Where personal data is transferred outside Thailand, we ensure adequate safeguards in accordance with PDPA (e.g., Standard Contractual Clauses).

7. Data Retention

We retain personal data only as long as necessary to fulfill stated purposes or legal requirements. Once unnecessary, data will be securely deleted or anonymized.

8. Data Subject Rights

• Right to access and obtain a copy of your personal data.
• Right to request rectification of inaccurate or incomplete data.
• Right to request deletion or destruction of data (Right to be Forgotten).
• Right to withdraw consent at any time.
• Right to restrict or object to processing of personal data.
• Right to data portability, where applicable.

9. Use of Cookies

Our platform uses cookies and similar technologies to enhance user experience, analyze site traffic, and improve service functionality. You may disable cookies through browser settings, but some features may not function properly.

10. Amendments to this Privacy Notice

We may update this Privacy Notice periodically to reflect service, operational, or legal changes. Updates will be published on our website.

11. Account Deletion

You may request deletion of your account anytime by contacting contact@codelabdev.co. Once processed, your personal data will be permanently erased and unrecoverable.

12. Contact Information & Data Protection Officer (DPO)