Privacy Policy

1. Introduction

Mekong Data ("we", "us", "our"), a company registered in Thailand and operating from 118 Charoen Krung Road, Bang Rak, Bangkok 10500, is committed to protecting the personal data of everyone who interacts with our services and our website. This policy explains what data we collect, how we use it, and what rights you have in relation to it. It applies to our website at mekongda.cyou and to all services we deliver.

This policy is written to meet the requirements of Thailand's Personal Data Protection Act B.E. 2562 (PDPA). Where clients are based in other jurisdictions, we aim to meet the requirements of applicable law in those regions as well.

2. Data We Collect

We collect personal data in the following ways:

• Contact forms: name, email address, phone number, and any message content you provide.
• Project engagements: business information, workflow descriptions, and operational data you share with us as part of a Source Review, Channel Integration, or Watershed Support engagement.
• Website analytics: anonymised page view data, device type, and approximate geographic location via cookies (see section 5).
• Email correspondence: messages sent to our email addresses, which we retain for the period of our engagement and for a reasonable period thereafter.

We do not collect sensitive personal data (as defined under the PDPA) through our website or standard service processes.

3. How We Use Your Data

Personal data is used for the following purposes:

• Responding to enquiries submitted through our contact form or by email.
• Delivering agreed services, including conducting workflow reviews and configuring AI tools.
• Sending project updates and monthly summaries to Watershed Support clients.
• Improving our website based on anonymised usage patterns.
• Fulfilling our legal and contractual obligations.

The legal basis for processing is: (a) performance of a contract or pre-contractual steps at your request; (b) legitimate interests in operating our business; (c) your consent, where we have asked for it and you have given it.

4. Data Retention

We retain personal data for as long as necessary for the purpose for which it was collected:

• Contact enquiries that do not lead to a project: deleted or anonymised after 12 months.
• Active client data: retained for the duration of the engagement and for three years after the engagement closes.
• Financial records: retained for seven years as required by Thai tax law.

5. Cookies

Our website uses cookies to understand how visitors use the site. Essential cookies are required for the site to function. Analytics cookies are optional and are only set with your consent. For full details, see our Cookie Policy.

6. Data Sharing

We do not sell personal data to third parties. We may share data with:

• Service providers who help us operate our business (e.g. email hosting, cloud storage), bound by appropriate data processing agreements.
• Regulatory authorities or law enforcement, where required by Thai law or a valid legal order.

In all project work, data handling is governed by a separate written agreement between Mekong Data and the client before any work begins.

7. Data Security

We take reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, or loss. These include encrypted storage, access controls limited to staff who need the data for their role, and a policy of deleting data when the retention period has passed. In the event of a data breach that is likely to affect your rights, we will notify you and the relevant supervisory authority within the timeframes required by law.

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies separately.

9. Children's Privacy

Our services are directed at business operators and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data through our website, please contact us so we can remove it.

10. Your Rights

Under the PDPA and applicable data protection law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (subject to our retention obligations).
• Object to or restrict processing in certain circumstances.
• Withdraw consent at any time, where consent is the legal basis for processing.
• Lodge a complaint with the Office of the Personal Data Protection Committee (Thailand).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of our website or services after changes take effect constitutes acceptance of the revised policy.

12. Contact

For any questions about this policy or how your data is handled:

• Email: [email protected]
• Post: Mekong Data, 118 Charoen Krung Road, Bang Rak, Bangkok 10500, Thailand