Privacy Policy

1. Introduction

Brindolo ("we", "us", "our") is a brand strategy advisory practice registered in Bangkok, Thailand. This Privacy Policy describes how we collect, use, and protect personal data provided through our website at https://brindolo.biz and through engagement with our advisory services.

We take privacy seriously. We collect only the data we need, retain it only for as long as is necessary, and do not sell or share it for advertising purposes. This policy is written in plain language to make it as useful as possible to the people it concerns.

2. Personal Data We Collect

We collect personal data in the following ways:

2.1 Data you provide directly

When you complete the contact form on our website or write to us by email, we may collect:

• Full name
• Email address
• Phone number (if provided)
• The content of your message or enquiry
• Organisation name (if provided)

2.2 Data collected automatically

When you visit our website, certain technical data is recorded automatically:

• IP address and approximate geographic location
• Browser type and version
• Pages visited and time spent on each page
• Referring URL (the page that linked you to our site)
• Device type and operating system

This data is collected via analytics cookies and server logs. It does not identify you individually and is used only to understand how the website is being used.

2.3 Legal basis for processing

We process personal data under the following legal bases, consistent with Thailand's Personal Data Protection Act B.E. 2562 (PDPA):

• Consent — for analytics cookies and marketing communications, where you have actively opted in.
• Legitimate interest — for responding to your enquiry and improving our website.
• Contractual necessity — for data required to deliver an advisory engagement you have engaged us for.
• Legal obligation — where required by applicable Thai law or regulation.

2.4 Data retention

• Enquiry data (contact form submissions): retained for up to 24 months from the date of submission.
• Client engagement records: retained for 5 years following the close of an engagement, in line with standard Thai commercial record-keeping requirements.
• Analytics data: aggregated and retained for up to 26 months; individual-level data is not stored beyond 14 months.
• Cookie consent records: retained for 12 months from the date of consent.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

• To respond to your enquiry or contact form submission.
• To discuss, propose, and deliver brand advisory engagements.
• To maintain records of our advisory work in connection with an engagement you have contracted.
• To understand how our website is being used and to make improvements.
• To send you information about our work or upcoming events, if you have consented to this.
• To comply with legal and regulatory obligations under Thai law.

We do not use your data for automated decision-making or profiling. We do not sell your data to third parties. We do not use your data for advertising targeting on external platforms.

3.1 Third parties we work with

We share data with a small number of service providers who help us operate the website and our practice:

• Web hosting provider — for storing and serving website files. Data processed under a data processing agreement.
• Email service provider — for receiving and managing enquiry emails.
• Analytics provider (Google Analytics) — for anonymised website usage data. Data is processed in accordance with Google's privacy terms. IP anonymisation is enabled.

These providers act as data processors under our instruction and are not permitted to use your data for their own purposes.

4. Data Protection Measures

• All data transmitted through our website is encrypted using TLS (HTTPS).
• Access to client and enquiry records is restricted to members of the Brindolo advisory team on a need-to-know basis.
• We review our data handling procedures periodically and update them in line with changes to the PDPA or our operations.
• In the event of a data breach that poses a risk to your rights, we will notify the Office of the Personal Data Protection Committee (PDPC) within 72 hours and affected individuals without undue delay, in accordance with the PDPA.

5. Cookies

Our website uses cookies to function and to understand how it is used. We use four categories:

• Essential cookies — required for the website to operate. These cannot be disabled.
• Analytics cookies — used to understand visitor behaviour in aggregate. Can be declined.
• Marketing cookies — used to measure the effectiveness of any marketing activity. Can be declined.
• Preference cookies — used to remember your settings between visits. Can be declined.

For full details and to manage your cookie preferences, see our Cookie Policy.

6. Your Rights

Under the Personal Data Protection Act B.E. 2562, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your data, subject to legal retention requirements.
• Right to data portability — to receive your data in a structured, commonly used format.
• Right to object — to object to processing based on legitimate interest.
• Right to withdraw consent — to withdraw consent at any time for processing that relies on it, without affecting the lawfulness of prior processing.
• Right to lodge a complaint — to raise a complaint with the Office of the Personal Data Protection Committee (PDPC), the supervisory authority in Thailand.

To exercise any of these rights, write to [email protected]. We will respond within 30 days.

7. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data.

8. Children's Privacy

Our advisory services are intended for business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.

9. Policy Updates

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will make reasonable efforts to notify affected parties by email.

Continued use of our website following any update constitutes acceptance of the revised policy.

10. Contact

For any questions about this policy or about how we handle your data: