Privacy Policy
Last Updated: 10 June 2025 · Effective: 10 June 2025
Nestvault ("we", "us", "our") is committed to handling your personal data with care and transparency. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what your rights are under Thai law — principally the Personal Data Protection Act B.E. 2562 (PDPA). Our registered address is 210 Charoen Nakhon Road, Khlong Ton Sai, Bangkok 10600, Thailand. Questions about this policy may be directed to [email protected].
1. What Data We Collect
When you contact us through our website form, enquire about an offering, or participate in a Nestvault session, we may collect the following categories of personal data:
- Contact details: full name, email address, telephone number
- Communication preferences and enquiry content
- Website usage data via analytics cookies (if accepted)
- Session context: general notes about your stated goals, relevant to service delivery only
We do not collect financial account numbers, scheme membership codes, or document content. Our records vault setup service guides you in organising your own documents; we do not store copies of those documents.
2. How We Collect Data
- Contact forms on this website
- Email and telephone correspondence
- Session intake forms or notes, where applicable
- Cookies and analytics tools (subject to your consent — see Section 7)
3. Legal Basis for Processing
- Contract: To deliver the offering you have enquired about or enrolled in
- Legitimate interest: To respond to enquiries, maintain records of completed engagements, and improve our services
- Consent: For optional analytics and marketing cookies; for follow-up communications beyond the scope of a service enquiry
- Legal obligation: To comply with applicable Thai law where required
4. How We Use Your Data
- To respond to your enquiry or service request
- To deliver and manage the session-based offering you have enrolled in
- To send session notes and materials relevant to your engagement
- To maintain an administrative record of completed engagements for accounting purposes
- To improve our materials and processes based on anonymised aggregate feedback
We do not use your data for automated decision-making or profiling. We do not sell your data to third parties.
5. Data Retention
- Enquiries that do not lead to an engagement: 12 months from last contact
- Active client records: for the duration of the engagement plus 36 months
- Financial transaction records: 7 years, in accordance with Thai Revenue Code requirements
- Analytics data: as configured by the analytics provider (typically 14 months)
6. Third-Party Services
We use the following third-party services which may process data on our behalf:
- Google Analytics (website usage analytics, subject to your cookie consent)
- Email service providers for sending session notes and correspondence
- Payment processors for fee collection (data is processed by the provider, not retained by us)
We do not use Facebook Pixel or advertising tracking tools in a way that shares your personal data with advertisers.
7. Cookies
This website uses essential cookies required for basic functionality and, with your consent, analytics cookies to understand how our site is used. You may manage your preferences at any time through our Cookie Policy page. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
8. Data Security
- Access to personal data is restricted to team members who require it to deliver the relevant service
- Data is stored on systems protected by current security practices including access controls and secure transmission (HTTPS)
- In the event of a data breach that affects your personal data and meets the threshold for notification under the PDPA, we will notify the relevant authority within 72 hours and affected individuals without undue delay
9. Your Rights Under the PDPA
Under Thailand's Personal Data Protection Act, you have the following rights regarding personal data we hold about you:
- Right to access: request a copy of the data we hold
- Right to rectification: request correction of inaccurate data
- Right to erasure: request deletion of data we no longer have a legal basis to retain
- Right to data portability: receive your data in a structured, machine-readable format
- Right to object: object to processing carried out on the basis of legitimate interest
- Right to withdraw consent: at any time for consent-based processing
- Right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
10. External Links
Our site may contain links to official Thai government sources (e.g. Social Security Office, Revenue Department) and other external sites. We are not responsible for the privacy practices of those sites. We recommend reviewing their policies when you visit.
11. Children's Privacy
Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected such data, please contact us so we can delete it promptly.
12. Changes to This Policy
We may update this policy when our practices or applicable law changes. Material changes will be communicated by updating the "Last Updated" date at the top of this page. Continued use of our website after a change constitutes acceptance of the updated policy.
13. Contact for Data Enquiries
Nestvault — Data Privacy
210 Charoen Nakhon Road, Khlong Ton Sai, Bangkok 10600, Thailand
Email: [email protected]
Phone: +66 96 358 2741