Personal Data Protection Policy


The Firm is the data controller of the Personal Data we process and is therefore responsible for ensuring that the systems and processes we use are compliant with the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“Act”), to the extent applicable to us.

Firm personnel are required to comply with this Personal Data Protection Policy and associated Firm policies when dealing with the Personal Data.

Collection of Personal Data

We collect the following categories of Personal Data as to employers, prospective employees, clients, prospective clients, suppliers and other third parties:

Basic data: Name, gender, title, organization, job responsibilities, phone number, post address, email address, social media accounts, contact details and other means of contact.

Sensitive data: in limited circumstances, where you have provided us with such information as it is necessary for a specific service which we are providing to you: religious or other beliefs, racial or ethnic origin, sexual orientation, health data and details of trade union membership.

Transaction data: Personal data contained in documents, contracts, correspondence, or other materials provided by or relating to transactions conducted by our clients.

Government-issued personally identifiable data: citizen ID numbers, passports, driving licenses, or other identification documents, dates of birth, Birth Certificate, Death Certificate, beneficial ownership data.

Client service data: Personal Data received from clients in respect of employees, customers or other individuals known to clients, invoicing details and payment history, financial data, due diligence data and client feedback.

Registration data: Newsletter requests, event/seminar registrations, downloads, subscriptions, and username/passwords.

Job applicant data: Data provided by job applicants or others on our websites or offline means in connection with employment opportunities.

Device data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Websites (Usage Data).

Personally Identifiable Information from CCTV Footage and Facial Recognition Device such as CCTV cameras within the Firm.

Marketing data: Data about individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences.

We collect Personal Data from a number of sources, either directly from the data subjects, or from clients, colleagues and publicly available sources.

Where the Firm receives data from its clients about employees, customers or other individuals, the client is responsible for ensuring that any such data is transferred to us in compliance with applicable data protection laws.

Use of Personal Data

The purposes for which we use Personal Data, and the legal bases for such processing, are as follows:

1) To provide our legal advice and legal services and respond to inquiries to perform our obligations under our contracts with our clients.

2) To manage our business operations and administer our client relationships (e.g., issuing and processing invoices).

3) To provide relevant marketing such as providing you with information about legal update, events or services that may be of interest to you including client conferences or networking events.

4) To address compliance and legal obligations, such as complying with the Firm’s tax reporting obligations, checking the identity of new clients and to prevent conflict of interest and money laundering and/or fraud.

5) To consider individuals for employment and contractor opportunities and manage on-boarding procedures.

6) To make our websites easier to use, to help us improve the layout and information available on our websites and provide a better service to our website users.

7) To protect the security and effective functioning of our websites and information technology systems.

Disclosure of Personal Data

Unless the data subject indicates otherwise, we may share Personal Data with the following categories of recipients:

Affiliates: Our affiliated companies around the world in order to provide you with legal services and in order to administer our relationship with you (e.g., invoicing, marketing) or otherwise as necessary for the purposes described above.

Suppliers and service providers: We share Personal Data with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above. These include IT services providers, for example, the providers of our client and working database system, our finance and accounting systems, and our customer relationship management databases; third party consultants who provide us with support in respect of business analytics and marketing campaigns; and the providers of external venues where we host conferences and events. We require such parties by contract to provide reasonable security for Personal Data and to use and process such Personal Data on our behalf only.

Financial institutions: We share Personal Data with financial institutions in connection with invoicing and payments.

Mandatory disclosures and legal claims: We share Personal Data in order to comply with the Firm’s tax reporting obligations, comply with any subpoena, court order or other legal process, to comply with a request from our regulators, governmental request or any other legally enforceable demand. We also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.

Cross-Border Data Transfers

We may transfer Personal Data to outside Thailand as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. The transfer of Personal Data is necessary to provide you with the requested information and/or to perform any requested legal services. We will request your consent where such is required by law.

Opting out of our newsletters

You have control of our use of Personal Data for our legal updates. You can choose to not receive such legal updates at any time. If you no longer wish to receive any legal updates, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, please contact us as per below.

Retention of Personal Data

The Firm will retain your Personal Data as long as it is necessary to fulfil the purposes outlined in this Policy and during the course of our legal services which we provide to you and the period during which you are still our client and as needed for legal compliance or legal prescription for the establishment of legal claims or exercising of legal claims or defense of legal claims. The Firm will delete such Personal Data in accordance with the Act upon request.

Security Measures

The Firm has appropriate security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal data, and such measures must be reviewed when it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety.

Data Subject’s Rights

A data subject has a number of rights to:

1) Access: Request access and obtain a copy of Personal Data on request;

2) Portability: Require the Firm to submit your Personal Data to yourself or a designated person;

3) Withdrawing of Consent: Withdraw your consent at any time. This includes cases where you wish to opt out from our newsletter or marketing messages that you receive from us;

4) Rectification: Require the Firm to amend incomplete or inaccurate Personal Data that we process;

5) Restriction: Require the Firm to suspend the use of or stop processing your Personal Data in the event that:
– We are examining inaccurate Persona Data as per your request; or
– We no longer need to process such Personal Data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it;

6) Deletion: Require the Firm to delete, or destroy, or to make such Personal Data in unidentifiable form, in the event, for example, where the data is no longer necessary for the purposes or processing, or when the data subject withdraws his/her consent except that we are required to retain such Personal Data to comply with a legal obligation or to establish, exercise or defend legal claims;

7) Objection: Object to the collection, use or disclosure of your Personal Data any time. We will be bound by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise, or defense of a legal claim; and

8) Making a complaint: File a complaint in the event that the Firm or data processor, including the employees or the service providers of the Firm or the data processor violates or does not comply with the Act or notifications issued in accordance with the Act.

If you do not provide Personal Data, we may not be able to respond to your request, provide legal services to you, or provide you with marketing that we believe you would find valuable.

Amendment of the Policy

We may update this Policy from time to time as our services and privacy practices change, or as required by law.

Contact Information

If you have question or require further information regarding the protection of your Personal Data, the collection, use, and disclosure of your Personal Data, exercising of your rights or filing of the complaint, you can contact the Firm as per the following:

Contact place: 1168/42, Lumpini Tower, Level 17, Rama IV Road, Kwaeng Thung Mahamek, Khet Sathorn, Bangkok Metropolis (10120) Thailand
Telephone: +66 2 2592627 thru 29

Compliance Officer(s)

Name: Ms. Siriphaitun Sawatdisak

Contact place: No. 1168/42, Lumpini Tower, Level 17, Rama IV Road, Kwaeng Thung Mahamek, Khet Sathorn, Bangkok Metropolis (10120) Thailand

Telephone: 02-259-2627 thru 9


Given this 1st day of June 2022


(Mr. Wichien Harnpraween)
Managing Director and Senior Partner
Wissen & Co Limited (Lawyers)