Privacy Policy
This Privacy Policy explains how codebox co. ltd. (“we,” “our,” or “us”) collects, uses, discloses, and safeguards your personal data when you visit [website URL] or use any of our products, apps, or services (collectively, the “Services”). We comply with Thailand’s Personal Data Protection Act (PDPA), the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
1. Data We Collect
| Category | Typical Examples | Collected When |
|---|---|---|
| Identity & Contact | name, email address, phone number, postal address, company details | account creation, form submissions, purchases, customer support |
| Credentials | encrypted password, authentication tokens | sign‑in or account linking |
| Payment | masked card digits, transaction ID, billing address (processed by PCI‑DSS–compliant provider) | checkout or subscription |
| Usage & Device | IP address, browser type, operating system, referring pages, clicks, session duration | browsing our site, using the app |
| Cookies & Similar Tech | session cookies, analytics tags, marketing pixels | any time you interact with our Services |
| User‑Generated Content | files, images, chat logs, feedback | uploading content, using interactive features |
Opt‑out: You can refuse cookies or withdraw marketing consent at any time from the cookie banner or in your account settings.
2. Why We Use Your Data
- Provide & operate the Services (contractual necessity)
- Account management & billing
- Personalise content and features
- Improve performance, security, and user experience (legitimate interests)
- Send service or marketing communications (consent / legitimate interests, with opt‑out)
- Comply with legal obligations and enforce our Terms of Service
3. Legal Bases (GDPR)
We process data under one or more of these grounds: consent, performance of a contract, legal obligation, or legitimate interests (e.g., preventing fraud, improving Services). We balance our interests against your rights before relying on legitimate interests.
4. Sharing & Disclosure
We never sell your personal data. We only share it with:
- Service providers (e.g., cloud hosting, payment processors, analytics, email delivery) bound by confidentiality agreements;
- Business partners when you authorise integrations;
- Authorities or regulators where required by law or to protect rights, safety, or property;
- Successors in case of merger, acquisition, or asset sale (users will be notified).
All third parties receive only the minimum data necessary and must meet equivalent security standards.
5. International Transfers
Your data may be processed and stored outside your home country (including the EU, US, and Thailand). We rely on:
- Standard Contractual Clauses or approved transfer mechanisms (GDPR);
- PDPA‑compliant safeguards for transfers into/out of Thailand.
6. Retention
We keep personal data only as long as needed for the purposes in §2 or as required by law (tax, accounting, fraud prevention). After that, we delete or anonymise it.
7. Security Measures
- TLS 1.2+ encryption in transit, AES‑256 at rest
- ISO‑27001–audited cloud infrastructure
- Role‑based access controls & MFA for staff
- Regular penetration testing and vulnerability scans
No internet transmission is 100% secure, but we take all reasonable steps to protect your data.
8. Your Rights
Depending on where you live, you can:
| Right | How to exercise |
|---|---|
| Access | Request a copy of your data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure (“right to be forgotten”) | Ask us to delete your data where legally permissible |
| Restriction / Objection | Limit or object to certain processing |
| Portability | Obtain data in a structured, machine‑readable format |
| Withdraw Consent | Opt out of marketing or specific consents at any time |
| Lodge a complaint | Contact your local data‑protection authority |
Submit requests via contact@codeboxx.tech or in‑app settings; we will respond within 30 days.
9. Children’s Privacy
Our Services are not directed to children under 13 (or the relevant age of consent in your jurisdiction). We do not knowingly collect data from minors. If we learn we have done so, we will delete it promptly.
10. Cookies & Tracking Technologies
We use first‑ and third‑party cookies for essential functionality, analytics, and advertising. Detailed categories, purposes, and retention periods appear in our Cookie Notice. You can manage preferences any time via the cookie banner or browser settings.
11. Third‑Party Links
Our Services may contain links to external sites. We are not responsible for their content or privacy practices. Please read their policies before providing any information.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be announced via email or in‑app notice at least 14 days before they take effect.
13. Contact Us
[Company Name]
[Registered Address]
Email: contact@codeboxx.tecch
If you have questions about this Privacy Policy or our data practices, please contact us—we’re happy to help.
