Privacy Policy

1. Introduction

Confluvio is committed to protecting the privacy and personal information of individuals who interact with our legal services. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA) and applicable data protection principles.

This policy applies to personal data collected through our website, email communications, and in the course of providing legal advisory services related to mergers, acquisitions, and corporate transactions.

If you have questions regarding this Privacy Policy or our data handling practices, please contact us at [email protected].

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

• Submit inquiries through our website contact form
• Request information about our services via email or telephone
• Engage us for legal advisory services
• Attend meetings or consultations with our attorneys
• Correspond with us regarding ongoing matters

This information may include your name, email address, telephone number, company affiliation, position, and details about your inquiry or legal matter.

2.2 Information Collected During Service Provision

When you engage our legal services, we may collect additional information necessary to provide competent representation, including:

• Corporate documentation and business records
• Financial information related to transactions
• Details about individuals involved in transactions (directors, shareholders, key personnel)
• Contract and agreement documentation
• Regulatory and compliance information

2.3 Technical Information

Our website may collect certain technical information automatically, including:

• IP address and browser type
• Pages visited and time spent on our website
• Referring website addresses
• Device information and operating system

This information is collected through cookies and similar technologies. Please refer to our Cookie Policy for detailed information about our use of cookies.

3. How We Use Your Information

3.1 Legal Basis for Processing

We process personal data based on the following legal grounds under the PDPA:

• Consent: When you provide explicit consent through form submissions or service agreements
• Contract Performance: Processing necessary to fulfill our legal services engagement
• Legitimate Interest: Processing required for our business operations and service improvement
• Legal Obligation: Compliance with Thai legal and professional conduct requirements

3.2 Purposes of Data Processing

We use collected information for the following purposes:

• Responding to inquiries about our services
• Providing legal advisory services and representation
• Conducting legal due diligence and transaction documentation
• Coordinating with regulatory authorities on behalf of clients
• Maintaining client files and engagement records
• Billing and financial administration
• Improving our service offerings and website functionality
• Complying with legal and regulatory obligations
• Protecting against fraud and maintaining security

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We may share personal information with trusted third-party service providers who assist in our business operations, including:

• IT service providers and cloud storage platforms
• Document management and data room operators
• Professional liability insurance providers
• Accounting and auditing firms

These service providers are contractually obligated to maintain confidentiality and use personal data only for specified purposes.

4.2 Legal and Regulatory Disclosures

We may disclose personal information when required by law or in response to valid legal processes, including:

• Court orders, subpoenas, or other legal proceedings
• Requests from government authorities or regulatory bodies
• Compliance with Thai legal and professional conduct obligations
• Protection of our legal rights and interests

4.3 Transaction Parties and Advisors

In the course of representing clients on M&A transactions, we may share relevant information with:

• Counterparties in transactions (subject to confidentiality agreements)
• Other professional advisors (accountants, financial advisors, consultants)
• Regulatory authorities for filing and approval purposes

Such sharing occurs only to the extent necessary for transaction purposes and subject to appropriate confidentiality protections.

5. Data Protection and Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls limiting information to authorized personnel
• Secure document storage and transmission systems
• Regular security assessments and updates
• Employee training on data protection obligations
• Incident response procedures for data breaches

In the event of a data breach that may affect your rights and freedoms, we will notify you and relevant authorities in accordance with PDPA requirements.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, subject to the following considerations:

• Client Files: Maintained for a minimum of 10 years after engagement completion in accordance with professional conduct rules
• Inquiry Information: Retained for 2 years from last contact unless consent is withdrawn
• Website Analytics: Typically retained for 24 months
• Legal Obligations: Information retained as required by Thai law or regulatory requirements

Following the retention period, personal data is securely destroyed or anonymized.

7. Your Rights Under Thai PDPA

Under Thailand's Personal Data Protection Act, you have the following rights regarding your personal information:

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by the PDPA.

Please note that certain rights may be limited by professional conduct obligations, including attorney-client privilege and legal file retention requirements.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve user experience and analyze website performance. Cookies are small text files stored on your device that help us understand how visitors interact with our website.

We use the following types of cookies:

• Essential Cookies: Necessary for website functionality
• Analytics Cookies: Help us understand website usage patterns
• Preference Cookies: Remember your settings and choices

For detailed information about our cookie practices and how to manage your preferences, please see our Cookie Policy.

9. Third-Party Websites

Our website may contain links to third-party websites for informational purposes. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

10. Children's Privacy

Our services are intended for businesses and adults aged 18 and over. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected information from a minor, we will take steps to delete such information promptly.

11. International Data Transfers

In certain circumstances, personal data may be transferred to service providers located outside Thailand. When such transfers occur, we ensure appropriate safeguards are in place through:

• Standard contractual clauses approved by Thai authorities
• Transfers to jurisdictions with adequate data protection standards
• Other legally recognized transfer mechanisms under the PDPA

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the top of this policy
• Posting a notice on our website
• Sending email notification to active clients (for significant changes)

Your continued use of our services after such notification constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

14. Supervisory Authority

You have the right to lodge a complaint with Thailand's Personal Data Protection Committee if you believe we have not handled your personal data appropriately: