Get in touch
Get in touch
Get in touch

Privacy Policy

Privacy Policy

 

This Privacy Policy explains how codebox co. ltd. (“we,” “our,” or “us”) collects, uses, discloses, and safeguards your personal data when you visit [website URL] or use any of our products, apps, or services (collectively, the “Services”). We comply with Thailand’s Personal Data Protection Act (PDPA), the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Data We Collect

Category Typical Examples Collected When
Identity & Contact name, email address, phone number, postal address, company details account creation, form submissions, purchases, customer support
Credentials encrypted password, authentication tokens sign‑in or account linking
Payment masked card digits, transaction ID, billing address (processed by PCI‑DSS–compliant provider) checkout or subscription
Usage & Device IP address, browser type, operating system, referring pages, clicks, session duration browsing our site, using the app
Cookies & Similar Tech session cookies, analytics tags, marketing pixels any time you interact with our Services
User‑Generated Content files, images, chat logs, feedback uploading content, using interactive features

Opt‑out: You can refuse cookies or withdraw marketing consent at any time from the cookie banner or in your account settings.

2. Why We Use Your Data

  • Provide & operate the Services (contractual necessity)
  • Account management & billing
  • Personalise content and features
  • Improve performance, security, and user experience (legitimate interests)
  • Send service or marketing communications (consent / legitimate interests, with opt‑out)
  • Comply with legal obligations and enforce our Terms of Service

3. Legal Bases (GDPR)

We process data under one or more of these grounds: consent, performance of a contract, legal obligation, or legitimate interests (e.g., preventing fraud, improving Services). We balance our interests against your rights before relying on legitimate interests.

4. Sharing & Disclosure

We never sell your personal data. We only share it with:

  1. Service providers (e.g., cloud hosting, payment processors, analytics, email delivery) bound by confidentiality agreements;
  2. Business partners when you authorise integrations;
  3. Authorities or regulators where required by law or to protect rights, safety, or property;
  4. Successors in case of merger, acquisition, or asset sale (users will be notified).

All third parties receive only the minimum data necessary and must meet equivalent security standards.

5. International Transfers

Your data may be processed and stored outside your home country (including the EU, US, and Thailand). We rely on:

  • Standard Contractual Clauses or approved transfer mechanisms (GDPR);
  • PDPA‑compliant safeguards for transfers into/out of Thailand.

6. Retention

We keep personal data only as long as needed for the purposes in §2 or as required by law (tax, accounting, fraud prevention). After that, we delete or anonymise it.

7. Security Measures

  • TLS 1.2+ encryption in transit, AES‑256 at rest
  • ISO‑27001–audited cloud infrastructure
  • Role‑based access controls & MFA for staff
  • Regular penetration testing and vulnerability scans
    No internet transmission is 100% secure, but we take all reasonable steps to protect your data.

8. Your Rights

Depending on where you live, you can:

Right How to exercise
Access Request a copy of your data
Rectification Correct inaccurate or incomplete data
Erasure (“right to be forgotten”) Ask us to delete your data where legally permissible
Restriction / Objection Limit or object to certain processing
Portability Obtain data in a structured, machine‑readable format
Withdraw Consent Opt out of marketing or specific consents at any time
Lodge a complaint Contact your local data‑protection authority

Submit requests via contact@codeboxx.tech or in‑app settings; we will respond within 30 days.

9. Children’s Privacy

Our Services are not directed to children under 13 (or the relevant age of consent in your jurisdiction). We do not knowingly collect data from minors. If we learn we have done so, we will delete it promptly.

10. Cookies & Tracking Technologies

We use first‑ and third‑party cookies for essential functionality, analytics, and advertising. Detailed categories, purposes, and retention periods appear in our Cookie Notice. You can manage preferences any time via the cookie banner or browser settings.

11. Third‑Party Links

Our Services may contain links to external sites. We are not responsible for their content or privacy practices. Please read their policies before providing any information.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be announced via email or in‑app notice at least 14 days before they take effect.

13. Contact Us

Codebox Co. Ltd.
 Qiss Mall 3803 Rama IV Rd, Phra Khanong, Unit A1-302, Khlongtoey, Watthana, Bangkok 10110
Email: contact@codeboxx.tech

If you have questions about this Privacy Policy or our data practices, please contact us—we’re happy to help.