Legal
Privacy Policy
Last updated: 15 May 2025
This policy describes how Codeloom ("we", "our", "us") handles personal data collected through this website and our course enrolment processes. We are based in Thailand and operate under Thai law, including the Personal Data Protection Act B.E. 2562 (PDPA). If you have questions about this policy, please contact us at [email protected].
1. Data We Collect
When you use our website or enquire about a course, we may collect:
- Full name and email address (submitted through our contact form)
- Phone number (if provided voluntarily)
- Message content from enquiry forms
- Technical data: IP address, browser type, pages visited, and time on site (via analytics tools)
- Cookie preferences stored in your browser's local storage
We collect this data through direct form submissions, analytics services, and standard server logs. We do not collect sensitive categories of personal data.
2. Legal Basis for Processing
We process your data on the following bases under Thailand's PDPA:
- Consent: Where you have given explicit consent — for example, by submitting a contact form or accepting cookies.
- Legitimate interest: For website analytics to understand how learners use the site and improve it.
- Contract performance: When processing data necessary to manage your course enrolment or respond to a specific enquiry.
3. How We Use Your Data
- To respond to enquiries about our courses
- To manage course enrolments and communicate course information
- To send relevant information about upcoming cohorts (only if you have opted in)
- To analyse website usage and improve content
- To comply with legal obligations where applicable
We do not use your data for automated decision-making or profiling.
4. Data Sharing
We do not sell your personal data. We may share data with the following third parties only where necessary:
- Analytics providers (e.g. Google Analytics) — to understand site usage. Data is processed under anonymisation and aggregation settings where possible.
- Email service providers — used to send course communications. They process data only as data processors under our instruction.
- Legal authorities — if required by Thai law or a valid legal order.
5. Data Retention
- Enquiry data (name, email, message): retained for up to 24 months from last contact
- Enrolment and course completion records: retained for up to 5 years for record-keeping purposes
- Analytics data: retained according to the service provider's standard settings (typically 14 months for Google Analytics)
- Cookie preferences: stored locally in your browser until cleared
6. Data Protection Measures
We take reasonable technical and organisational steps to protect personal data, including:
- HTTPS encryption across the website
- Access controls limiting who can view personal data internally
- Regular review of third-party processors' data handling practices
In the event of a data breach that is likely to affect your rights, we will notify affected individuals and, where required, the relevant authority within a reasonable timeframe.
7. Cookies
We use cookies for essential site functionality, analytics, and preference storage. You can manage cookie preferences at any time. See our Cookie Policy for full details on the types of cookies we use and how to control them.
8. Your Rights Under the PDPA
As a data subject under Thailand's Personal Data Protection Act, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Ask us to correct inaccurate or incomplete data
- Erasure: Request deletion of your data where there is no legitimate reason to continue holding it
- Portability: Receive your data in a structured, commonly used format
- Objection: Object to processing based on legitimate interest
- Withdrawal of consent: Withdraw consent at any time where processing is based on consent
- Complaint: Lodge a complaint with the Personal Data Protection Committee of Thailand
To exercise any of these rights, contact us at [email protected]. We aim to respond within 30 days.
9. Third-Party Links
Our website may include links to external resources. We are not responsible for the privacy practices of those sites and recommend reviewing their policies independently.
10. Children's Privacy
Our courses and website are directed at individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently received data from a minor, please contact us so we can remove it promptly.
11. Changes to This Policy
We may update this policy from time to time. Where changes are material, we will post a notice on our website and update the "Last updated" date above. Continued use of our site after such changes constitutes acceptance of the revised policy.
12. Contact
Data Controller: Codeloom
60 Nimmanhaemin Soi 9, Su Thep, Mueang Chiang Mai, Chiang Mai 50200, Thailand
Email: [email protected]
Phone: +66 53 216 8497