Privacy Policy

1. Introduction

Obsidian Hive ("we," "us," or "our") is committed to protecting the privacy and personal data of individuals who interact with our services. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or communicate with us.

This policy applies to all visitors, clients, and prospective clients of Obsidian Hive, operating from 312 Rama IV Road, Khlong Toei, Bangkok 10110, Thailand. If you have questions about this policy, you may reach us at [email protected].

2. Data We Collect

We may collect the following categories of personal data:

Contact Information: Name, email address, phone number, and business address when you submit a form, send us a message, or engage our services.

Business Information: Company name, job title, and industry details provided during consultations or project scoping discussions.

Technical Data: IP address, browser type, device information, and pages visited on our website, collected through cookies and analytics tools.

Communication Records: Content of emails, messages, or other communications you send to us.

3. How We Collect Data

Personal data is collected through the following means: contact forms submitted on our website, direct communication via email or phone, cookies and tracking technologies on our website, and information provided during service consultations. We collect data only when there is a clear purpose for doing so.

4. Legal Basis for Processing

Under Thailand's Personal Data Protection Act (PDPA), we process your personal data based on one or more of the following legal grounds: your explicit consent, performance of a contract or pre-contractual steps, compliance with legal obligations, and our legitimate business interests where these do not override your fundamental rights.

5. How We Use Your Data

We use the personal data we collect for the following purposes: responding to inquiries and providing requested information, delivering our AI consulting services, communicating with you about projects and engagements, improving our website and user experience through analytics, sending relevant updates about our services (only with your consent), and meeting legal and regulatory requirements.

6. Data Sharing

We do not sell your personal data to third parties. We may share data in limited circumstances with trusted service providers who assist in delivering our services (such as hosting providers and analytics tools), professional advisors including legal counsel and accountants, and government or regulatory authorities when required by law. All third-party service providers are required to handle data in accordance with applicable data protection standards.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy. Contact form submissions are retained for up to 24 months. Client engagement data is retained for 5 years after the conclusion of the project. Website analytics data is anonymized and retained for up to 26 months. When data is no longer needed, it is securely deleted or anonymized.

8. Data Protection Measures

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit using SSL/TLS, access controls restricting data access to authorized personnel, regular security assessments and monitoring, secure storage systems with backup procedures, and staff training on data protection best practices. In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority and affected individuals as required by law.

9. Cookies

Our website uses cookies to enhance your browsing experience and to analyze website traffic. For detailed information about the types of cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy.

10. Your Rights

Under the PDPA, you have the following rights regarding your personal data:

Right of Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You may request corrections to inaccurate or incomplete data.

Right to Erasure: You may request deletion of your personal data under certain conditions.

Right to Data Portability: You may request your data in a structured, commonly used format.

Right to Object: You may object to the processing of your data based on legitimate interests.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your data has been handled improperly.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any website you visit through links on our site.

12. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data from a child has been collected without appropriate consent, we will take steps to delete that information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable regulations. When we make changes, the "Last Updated" date at the top of this page will be revised. We encourage you to review this policy periodically. Continued use of our website or services after changes constitutes acceptance of the updated policy.

14. Contact Information

Data Controller: Obsidian Hive

Address: 312 Rama IV Road, Khlong Toei, Bangkok 10110, Thailand

Email: [email protected]

Phone: +66 2 672 5819

Supervisory Authority: Personal Data Protection Committee (PDPC), Thailand