1. Purpose and Scope

MSC International Law Office Company Limited (“MSC Law”) is committed to meet all obligations under the Personal Data Protection Act, B.E. 2562 (2019) (the “PDPA”). This Privacy Policy (“Privacy Policy”) will help you understand our guidelines on protecting your personal data (as defined below). This Privacy Policy applies to all processing of personal data, irrespective of whether the personal data is processed by us or any third parties. This should be read and comprehended and periodically revisited by all related parties to ensure a complete understanding of the procedures that personal data will be processed.

For the purpose of this Privacy Policy, “personal data” means any information relating to an identifiable living individual who can be identified from that data or from that data and other data. This Privacy Policy shall apply to data subjects who (i) visit our website at www.msclaw.co.th, our social media, or other online presences; (ii) contact us through channels, such as email, telephone, post, website, social media or other presences; (iii) engage our legal and related services; and (iv) provide goods or services to us, which from now on shall be collectively referred to as “you” or “your”.

If you have any question or suggestion regarding our guidelines on protecting your personal data or if you wish to exercise your rights in accordance with the PDPA, please contact us through the following channel:
MSC International Law Office Co., Ltd.
90, CW Tower, Tower B, 29th Floor, Unit 2901,
Ratchadapisek Road, Huai Khwang Sub-District,
Huai Khwang Disctrict, Bangkok 10310
Email: info@msclaw.co.th

2. The Processing of Personal Data

We shall determine the purposes and means of processing your personal data in accordance with the PDPA; therefore, we are the data controller of your personal data. You personal data will be processed by our employees.

3. The Personal Data We Collect

We will collect the following categories and types of personal data about you, which including but not limited to:
      a. basic data, such as full name, signature, title, position, photograph, date of birth, place of birth, age, marital status, gender and nationality, including all personal data in a copy of ID card, passport, or similar identifiers, postal address, telephone number, email, or ID used for various messenger services, billing address, bank account, credit card or other payment information;
      b. social media data, such as posts, likes, shares, or other interactions with our social media presences;
      c. data from public sources, such as LinkedIn and similar professional networks, directories or internet publications;
      d. marketing and communication data, such as communication preferences, or marketing opt-ins;
      e. event data, such as attendance at and provision of feedback forms in relation to our events;
      f. usage data, such as your usage data on website navigation or most visited parts of our website, or your use of our networking facilities, Wi-Fi, or similar electronic services;
      g. supplier data, such as contact details and other data about your company’s or organization’s personnel where you provide services to MSC Law;
      h. audio and video recording data, such as closed-circuit television (CCTV) recordings, audio recordings, online meeting, webinar, or other information obtained through electronic means; and
      i. other data, such as any other data as necessary, or relevant to the provision of our legal and related services

4. The Method of Personal Data Collection

In general, we will collect your personal data directly through the following processes, including but not limited to:
      a. where you or your representative or authorized person directly provide it to us, such as by corresponding with us via email, telephone, website, post, in person, CCTV footage when you visit our office, or other direct interactions with us;
      b. where we monitor use of, or interactions with, our website, our articles on other websites, any marketing messages we may send to you, or other email communications sent from or received by us; and
      c. publicly available sources, such as public social-media posts, Department of Business Development, or any other government agencies or courts which we use (i) for providing legal services (ii) to help us keep the contact details we already hold for an accurate and up to date or (iii) for professional networking purposes. However, we may also indirectly collect your personal data through the following third parties, including but not limited to our clients, reference persons, outsourcing persons, service providers, advisors, business partners, agencies, and domestic and international government agencies.

5. The Processing Purpose of Your Personal Data

We use your personal data to undertake tasks according to our scope and purpose of providing groups of activities, including but not limited to:
      a. providing you with our legal services, including other relevant services and conducting conflict background and conflict check;
      b. interacting with governmental or regulatory agencies or other authorities on your behalf;
      c. notifying you about our new campaigns, promotions, newsletters, updates and invitations to seminars, webinars, training and other relevant services;
      d. developing our marketing strategy, including encouraging and developing business and service development; and
      e. managing and collecting payments, fees and charges. We rely on the following legal bases to process your personal data. Not all of your personal data will apply to every legal basis stated below, and may be based upon one single or a combination of several legal bases.
      (1) Contractual Basis
          We are obligated to process your personal data to carry out the responsibilities committed according to the engagement letter, proposal or any other documents of the same nature. In the case where you withhold any of your personal data for us to process it in respect to the purposes prescribed in this Privacy Policy, we may not be able to fulfill some or our obligations under the mandate letter, engagement letter, or proposal with you.
      (2) Legitimate Interests
          In specific situations, we require your personal data to achieve our legitimate interest of running our business, provided your interests and fundamental rights and freedoms are not overridden.
      (3) Legal Obligation
          We are obligated to process your personal data according to any legal requirements, including but not limited to providing your personal data to the Department of Business Development, or the Revenue Department (if required).

6. Consent Request

We shall request consent from the clients, reference persons, outsourcing, service providers, advisors, business partners, agencies, or domestic and international government agencies in order for us to make contact and learn more about you.

7. Who We Will Share Your Personal Data with

In order to perform our contractual and other legal responsibilities or purposes, we may be required to pass on your personal data to external third-party organizations. These organizations may include:
      a. counterparties, or their lawyers or persons
      b. our business partners;
      c. outsourcing service providers, such as marketing, advertising media and communication agencies, or cloud service providers;
      d. social media platforms;
      e. online publishing and ranking companies;
      f. external auditors;
      g. governmental agencies, such as courts of Thailand, Department of Business Development, or the Revenue Department; and
      h. financial institutions, such as banks for any services relating to our services.

8. Transferring Personal Data to Foreign Countries

For the purposes mentioned above in this Privacy Policy, we may disclose or transfer your personal data to third parties or servers located overseas which the destination countries may or may not have the same data protection standards as Thailand. The transfer shall be in compliance with the PDPA.

9. Security Measures for Personal Data Protection

We have implemented technical and organizational measures to provide protection against loss, misuse, unauthorized access, disclosure and modification of your personal data. External third-party organizations are also required to carry out the processing of your personal data in accordance with our security policy.

10. The Duration We Shall Keep Your Personal Data

We will retain your personal data for as long as it is necessary to fulfill the purposes for which we have obtained your personal data, and to establish exercise or defense the legal claims. However, we may have to retain your personal data for a longer duration, if required by any applicable law.

11. Data Subject Rights

Subject to applicable laws and exceptions thereof, your personal data rights include:
      a) Right of access – you may have the right to request a copy of all your personal data we are processing;
      b) Right to data portability – subject to the conditions set out in the PDPA, for the case where we have an automated platform allowing you to access your personal data automatically:
          (i.) you may have the right to ask for your personal data to be transferred automatically to other organizations; and
          (ii.) you may have the right to ask for your personal data to be directly transferred to other organizations, with the exceptions of cases where there is a technological limitation;
      c) Right to object – you may have the right to object to any data processing activity of your personal data in some circumstances, which is subject to the conditions set out in the PDPA;
      d) Right to erasure – you may have the right to request for the deletion or anonymization of the personal data that we process about you, in accordance with the following cases:
          (i.) the personal data is no longer necessary for the processing purposes;
          (ii.) you object the processing of your personal data by us based on our legitimate interests and we do not have an overriding legitimate ground for the processing; and
          (iii.) the processing activity is not in accordance with the applicable law; e) Right to restrict processing – you may have the rights to restrict any data processing activities, in accordance with the following cases:
          (i.) during the verification process in accordance with the rights request to rectify the personal data;
          (ii.) for cases related to personal data which has initially asked for erasure but was followed by an additional request of processing restriction instead;
          (iii.) for cases when the data processing terms have passed, but you have requested for processing restriction due to legal reasons; and
          (iv.) during the process of personal data processing objection verification;
      f) Right to rectification – you may have the right to edit your personal data to be correct and concurrent to the present; and
      g) Right to lodge a complaint – you may have the right to lodge a complaint to competent authorities in the case that we unlawfully or not in compliance with applicable laws with the processing of your personal data.

Please be informed that your above-mentioned rights are subject to the relevant factors and we may not be able to process your request if we can rely on the lawful grounds to collect your personal data. In the case where you have the intention to exercise your personal data protection rights, please contact us through channel specified above. We will process this request in a secure and timely manner.

12. Revision of Our Privacy Policy

In order to improve efficiency in operating your personal data, we may amend this Privacy Policy as we deem appropriate by publishing its latest version on our applications and/or websites. We will notify you if such changes materially affect the operation of your personal data, or if we are required to do so by law.