Nimbora Get in Touch

Legal

Privacy Policy

Last Updated: 7 February 2025  |  Effective Date: 7 February 2025

1. Introduction

Nimbora Co., Ltd. ("Nimbora", "we", "us", or "our") is committed to protecting the personal data of individuals who interact with us. This Privacy Policy describes how we collect, use, store, and protect personal information, and outlines the rights available to you under applicable law.

This policy applies to all personal data processed by Nimbora in connection with our business consulting services, our website, and any related communications. It is governed by Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA) and, where relevant, other applicable regional data protection frameworks.

If you have questions about this policy, please contact: privacy@nimborena

2. Data We Collect

We may collect the following categories of personal data:

  • Contact information: Name, email address, telephone number, job title, and organization name — provided when you contact us via our website form, email, or phone.
  • Engagement data: Business information, organizational details, and other content shared with us during a consulting engagement, subject to separate confidentiality arrangements.
  • Website usage data: IP address, browser type, pages visited, and session duration, collected via cookies and analytics tools where consent has been given.
  • Communications data: Content of emails, messages, and other correspondence with Nimbora staff.

3. How We Use Your Data

We use personal data for the following purposes:

  • Responding to enquiries and providing information about our services
  • Delivering consulting services to clients under contract
  • Managing and maintaining our client and contact relationships
  • Sending relevant updates or follow-up communications where consent has been given
  • Improving our website and understanding how visitors engage with it (analytics, consent-dependent)
  • Complying with our legal obligations under Thai law

Legal basis for processing

We process personal data on the basis of: your consent (for website cookies and optional communications); our legitimate interest in operating our business and communicating with prospective clients; and the performance of a contract where a consulting engagement is in place.

4. Data Retention

We retain personal data only as long as necessary for the purpose for which it was collected:

  • Contact enquiries: up to 12 months from last contact, unless a client relationship develops
  • Client engagement data: up to 3 years post-engagement, or as required for legal and accounting purposes
  • Website analytics data: anonymized after 14 months
  • Marketing communications data: retained until you withdraw consent or unsubscribe

5. Data Protection Measures

We take the security of personal data seriously. Our measures include encrypted file transfer for all client documents, access controls limiting data to those with a direct need, regular review of data handling practices, prompt deletion of data at the end of its retention period, and a clear internal procedure for reporting and responding to any data incidents.

In the event of a personal data breach likely to affect your rights, we will notify you and, where required, the relevant supervisory authority, within the timeframes required by applicable law.

6. Cookies

Our website uses cookies to function and to understand how visitors use the site. For details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

7. Third-Party Services

We may use third-party tools to support our operations, including website analytics (e.g., Google Analytics, where consent is obtained) and email communication platforms. These providers process data on our behalf and are bound by appropriate data processing agreements. We do not sell personal data to third parties.

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites.

8. Your Rights Under PDPA

Under Thailand's Personal Data Protection Act, you have the following rights regarding your personal data:

  • Right of access: To request a copy of the personal data we hold about you
  • Right to rectification: To request correction of inaccurate or incomplete data
  • Right to erasure: To request deletion of your data, subject to our legal obligations
  • Right to data portability: To receive your data in a structured, machine-readable format
  • Right to object: To object to processing based on legitimate interest
  • Right to withdraw consent: Where processing is based on consent, to withdraw it at any time

To exercise any of these rights, please contact: privacy@nimborena. We will respond within 30 days.

9. Children's Privacy

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this page periodically. Continued use of our services after any changes constitutes your acknowledgement of the updated policy.

11. Contact

Nimbora Co., Ltd.
56 Sukhumvit Soi 24, Khlong Toei, Bangkok 10110, Thailand
Email: privacy@nimborena
Phone: +66 2 391 6748