Privacy Policy

Last Updated: January 30, 2026

1. INTRODUCTION

Muay Thai Visa Thailand (MTVT), the international enrollment division of Sor.Dechapant Muay Thai School (Ministry of Education License สช.กร. 00025/2568) and Sor.Dechapant Muay Thai Camp/Gym (Sports Authority of Thailand 5-Star Professional Camp) is committed to protecting your personal data and respecting your privacy rights.

This Privacy Policy explains:

What personal data do we collect and why
How we use, store, and protect your data
Your rights under Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA“)
How to exercise your rights or contact us with concerns

Please read this policy carefully. By using our website (https://www.muaythaivisathailand.com), submitting an application, or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

2. DATA CONTROLLER INFORMATION

Data Controller:
Muay Thai Visa Thailand (MTVT)
Operating under Sor.Dechapant Muay Thai School (MOE License สช.กร. 00025/2568)

Registered Address:
168 Soi Sannibat Tessaban 1
Chan Kasem Subdistrict, Chatuchak District
Bangkok 10900, Thailand

Contact for Privacy Matters:
Email: [email protected]
WhatsApp: +66 62-978-9141

Data Protection Officer (DPO):
We have designated a Data Protection Officer responsible for overseeing compliance with this Privacy Policy and the PDPA. You can contact our DPO at: [email protected]

3. SCOPE AND APPLICABILITY

3.1 Who This Policy Applies To

This Privacy Policy applies to:

Prospective clients visiting our website or making inquiries
Enrolled students participating in our training programs
Visa applicants using our documentation services
Website visitors browsing our content
Newsletter subscribers receive our communications

3.2 Territorial Scope

Under Thailand’s PDPA, this policy applies to:

Personal data processed within Thailand
Personal data of individuals located in Thailand
Personal data processed by us, regardless of where you are located (extraterritorial application)

We operate in Thailand and process data primarily there, but this policy applies to all individuals whose data we process.

3.3 What This Policy Does NOT Cover

This policy does not cover:

Third-party websites linked from our site (they have their own privacy policies)
Deceased persons (PDPA excludes data of deceased individuals)
Publicly available information (already in the public domain)
Business contact information used solely for B2B communications

4. LEGAL BASIS FOR DATA PROCESSING

Under the PDPA, we must have a lawful basis to process your personal data. We process your data under the following legal grounds:

4.1 Consent (Section 19 PDPA)

When you voluntarily provide us with information and agree to its processing for specific purposes (e.g., subscribing to newsletters, submitting inquiry forms).

You have the right to withdraw consent at any time by contacting us at [email protected].

4.2 Contractual Necessity (Section 24(2) PDPA)

When processing is necessary for:

Entering into a contract with you (e.g., enrollment in training programs)
Performing obligations under our contract with you (e.g., providing training services, preparing visa documentation)

4.3 Legitimate Interests (Section 24(4) PDPA)

When processing is necessary for our legitimate business interests or those of a third party, and your rights do not override these interests:

Website analytics and improvement
Fraud prevention and security
Internal record-keeping and administration
Business development and service improvement

4.4 Legal Obligations (Section 24(1) PDPA)

When processing is required to comply with Thai laws, including:

Ministry of Education reporting (monthly enrollment reports for ED Visa holders)
Immigration Bureau requirements (90-day reporting, visa verification)
Tax and accounting obligations (Thai Revenue Department)
Sports Authority of Thailand compliance

4.5 Vital Interests (Section 24(3) PDPA)

When processing is necessary to protect your life, health, or physical well-being (e.g., emergency medical situations during training).

5. PERSONAL DATA WE COLLECT

5.1 Categories of Personal Data

We collect the following categories of personal data:

A. Identification Information:

Full name (as it appears on passport)
Date of birth
Nationality and citizenship
Passport number, expiry date, and issuing country
Passport photographs and scans
National ID number (if applicable)
Visa photographs (passport-style photos)

B. Contact Information:

Email address(es)
Phone number(s) (mobile and/or landline)
WhatsApp, LINE, or other messaging app IDs
Current residential address
Permanent address (if different)
Emergency contact information (name, relationship, phone number)

C. Financial Information:

Bank statements (for proof of funds for visa applications)
Payment information (credit/debit card details processed through secure payment processors)
Transaction records and receipts
Proof of income or employment (if applicable for visa applications)
Sponsor financial information (if using a sponsor for a visa application)

D. Immigration and Travel Information:

Visa history (prior visas, overstays, rejections, deportations)
Entry and exit stamps from the passport
Current visa status and permitted stay duration
Travel itinerary and flight bookings
Immigration Bureau correspondence
90-day reporting records

E. Professional and Educational Information:

Employment status and employer details (DTV applicants)
Remote work arrangements and client information (DTV applicants)
Educational background and qualifications
Previous Muay Thai or martial arts training experience

F. Health and Medical Information (Sensitive Personal Data):

Pre-existing medical conditions relevant to training safety
Injuries or physical limitations
Allergies (especially if affecting training or emergency response)
Physician clearance (if required)
Emergency medical information
COVID-19 vaccination status (if required by government regulations)

Note: Health data is “sensitive personal data” under PDPA Section 26 and requires explicit consent and additional protections.

G. Training and Performance Data:

Attendance records (date, time, duration of training sessions)
Training assessments and progress notes
Sparring partners and training logs
Belt or certification levels achieved
Video or photographic records of training (if applicable)
Feedback and performance reviews from instructors

H. Website and Technical Data:

IP address and device identifiers
Browser type and version
Operating system and device type
Pages visited, time spent, and navigation patterns
Referring website or source
Cookies and similar tracking technologies (see Section 13)

I. Communication Records:

Emails, messages, and inquiries sent to us
Phone call records (date, time, summary of discussion)
Chat logs from WhatsApp, LINE, or website chat
Feedback, complaints, or reviews submitted

J. Photographic and Video Content:

Gym photos and training videos (if you appear in promotional materials)
Social media posts or testimonials you provide
Security camera footage from training facilities

5.2 Sensitive Personal Data

Under PDPA Section 26, certain categories of personal data receive additional protection:

Health data (medical conditions, injuries, fitness assessments)
Racial or ethnic origin (if disclosed)
Religious beliefs (if disclosed, e.g., for dietary accommodations)
Biometric data (if collected, e.g., fingerprints for certain services)
Criminal convictions or records (if disclosed or discovered)

We collect sensitive personal data ONLY when:

You provide explicit consent, OR
It is necessary for vital interests (e.g., emergency medical care), OR
It is required by law (e.g., certain government reporting)

You have the right to refuse to provide sensitive personal data, but this may affect our ability to provide certain services (e.g., if you cannot safely participate in training due to undisclosed medical conditions).

6. HOW WE COLLECT YOUR PERSONAL DATA

6.1 Directly From You

Most personal data comes directly from you when you:

Fill out the inquiry or application forms on our website
Email, call, or message us
Submit documents for visa processing
Enroll in training programs
Attend training sessions
Provide feedback or testimonials
Subscribe to our newsletter or communications

6.2 Automatically Through Website Use

When you visit our website, we automatically collect:

Technical data (IP address, device information, browser type)
Usage data (pages visited, time spent, navigation patterns)
Cookie data (see Section 13 for details)

6.3 From Third Parties

We may receive personal data from:

Thai government agencies (immigration stamps, visa verification, and education ministry records)
Payment processors (transaction confirmations, payment status)
Medical providers (if you provide emergency medical consent)
References or sponsors (if you use a sponsor for visa applications)
Public sources (if we verify information you provided, such as passport validity)

6.4 From Social Media

If you interact with us on social media (Facebook, Instagram, etc.), we may collect:

Your public profile information
Comments, messages, or reviews you post
Photos or videos you share featuring our gym

7. HOW WE USE YOUR PERSONAL DATA

7.1 Primary Purposes

We use your personal data for the following purposes:

A. Visa Documentation Services:

Preparing official acceptance letters and school certifications
Compiling documentation packages for visa applications
Verifying your eligibility for DTV or ED Visa programs
Communicating with Thai embassies or consulates (if you authorize us)
Submitting monthly enrollment reports to the Ministry of Education (ED Visa)
Assisting with 90-day reporting to the Immigration Bureau
Preparing visa extension documentation

B. Training Program Operations:

Enrolling you in Muay Thai training programs
Scheduling training sessions and assigning instructors
Monitoring attendance and tracking progress
Ensuring safety during training (reviewing medical information)
Issuing training certifications upon completion
Communicating schedule changes or gym closures

C. Payment Processing:

Processing enrollment and service fees
Issuing receipts and invoices
Maintaining financial records for accounting and tax purposes

D. Communication:

Responding to inquiries and providing customer support
Sending booking confirmations and service updates
Providing visa application guidance
Notifying you of policy or schedule changes
Sending reminders about important dates (visa expiry, extension deadlines)

E. Legal Compliance:

Ministry of Education reporting (monthly enrollment and attendance for ED Visa holders)
Immigration Bureau compliance (90-day reporting, visa verification requests)
Sports Authority of Thailand oversight (training program standards)
Tax reporting to the Thai Revenue Department
Responding to legal requests or court orders

F. Safety and Security:

Monitoring training facilities via security cameras
Investigating accidents, injuries, or safety incidents
Preventing fraud, unauthorized access, or illegal activities
Enforcing our Terms and Conditions and gym rules

G. Marketing and Promotion (With Your Consent):

Sending newsletters and promotional materials
Sharing success stories and testimonials (with permission)
Creating promotional photos or videos featuring students (with consent)
Promoting on social media (with permission)

H. Business Improvement:

Analyzing website usage to improve user experience
Conducting satisfaction surveys and collecting feedback
Developing new services or training programs
Internal record-keeping and administration

7.2 Purposes Requiring Explicit Consent

For certain purposes, we require your explicit, separate consent:

Using your photographs or videos in marketing materials
Sharing your testimonial or success story publicly
Sending marketing emails or promotional messages
Processing sensitive personal data (health information) beyond safety requirements

You can withdraw consent at any time without affecting other services.

8.1 When We Share Your Data

We share your personal data with the following categories of recipients:

A. Thai Government Authorities (Legal Requirement):

Ministry of Education: Monthly enrollment status, attendance records, program details (ED Visa holders)
Immigration Bureau: Visa verification, 90-day reporting, extension applications
Sports Authority of Thailand: Training program compliance, facility inspections
Thai Revenue Department: Tax reporting, financial audits
Thai Police or law enforcement: If legally required (e.g., criminal investigations, court orders)

Sharing with government authorities is based on legal obligation (PDPA Section 24(1)) and does not require your consent.

B. Affiliated Entities:

Sor.Dechapant Muay Thai School: We are their international enrollment division; they manage training operations
Sor.Dechapant Muay Thai Camp/Gym: For training coordination and facility access

These entities are part of the same organization and share the same privacy commitments.

C. Service Providers (Data Processors):

We engage third-party service providers who process data on our behalf:

Payment processors: For credit/debit card transactions (e.g., Stripe, Wise, Thai banks)
Email service providers: For sending communications (e.g., Mailchimp, SendGrid)
Website hosting providers: For website infrastructure and security
Cloud storage providers: For secure document storage
Translation or notarization services: If required for visa documents
Accounting or tax preparation services: For financial compliance

These processors are bound by contracts requiring PDPA compliance and data security.

D. Thai Embassies or Consulates (With Your Authorization):

If you authorize us, we may communicate with Thai embassies or consulates regarding your visa application status or requirements.

We only do this with your explicit permission.

E. Medical or Emergency Services:

In medical emergencies, we may share relevant health information with:

Emergency medical responders
Hospitals or clinics
Your emergency contacts

This is based on vital interests (PDPA Section 24(3)) to protect your health or life.

F. Legal or Regulatory Requests:

We may disclose data when:

Required by Thai law or court order
Necessary to enforce our Terms and Conditions
Protecting our rights, property, or safety
Investigating fraud, abuse, or violations
Responding to government investigations

8.2 What We Do NOT Do With Your Data

We DO NOT:

Sell your personal data to third parties
Rent or lease your information for marketing purposes
Share data with unaffiliated companies for their marketing
Provide data to data brokers or aggregators

9. CROSS-BORDER DATA TRANSFERS

9.1 Data Storage Location

Your personal data is primarily stored and processed in Thailand:

Our servers are located in Thailand
Physical documents are stored at our Bangkok facility
Training records are maintained locally

9.2 When Data May Leave Thailand

In limited circumstances, your data may be transferred outside Thailand:

A. Cloud Service Providers:

We use international cloud services (e.g., Google Cloud, AWS, Microsoft Azure, DigitalOcean) that may store backups outside Thailand. These providers maintain data centers in multiple countries.

B. Payment Processors:

International payment processors (e.g., Stripe, Wise) may process transactions through servers outside Thailand.

C. Email and Communication Platforms:

Email service providers may route communications through international servers.

9.3 Safeguards for International Transfers

When data leaves Thailand, we ensure adequate protection through:

A. Standard Contractual Clauses (SCCs):

We use PDPC-approved standard contractual clauses with international service providers, binding them to PDPA-equivalent protections.

B. Adequacy Decisions:

We transfer to countries or regions recognized by Thailand as having adequate data protection (e.g., EU/EEA under GDPR, countries with similar laws).

C. Explicit Consent:

For transfers outside the above safeguards, we obtain your explicit consent and inform you of:

The destination country
Potential risks (if the country lacks adequate data protection)
Your right to refuse or withdraw consent

9.4 Your Rights Regarding Transfers

You have the right to:

Know where your data is transferred
Refuse consent for transfers (though this may limit our ability to provide services)
Withdraw consent for international transfers
Request that data be stored only in Thailand (we will assess feasibility)

10. DATA RETENTION

10.1 How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by Thai law.

Retention Periods:

Data Category	Retention Period	Legal Basis
Visa Application Documents	5 years after visa expiry	Ministry of Education requirement; Immigration Bureau may request historical records
ED Visa Enrollment Records	5 years after program completion	Ministry of Education regulation (educational institutions must retain student records)
Training Attendance Records	5 years after completion	Ministry of Education and SAT compliance; verification for future inquiries
Financial Records (Invoices, Receipts)	7 years	Thai Revenue Department requirement (tax audit period)
Payment Transaction Data	3 years	Anti-money laundering regulations; dispute resolution
Email and Communication Logs	2 years	Business operations and customer support
Website Analytics and Cookies	3 years after training completion or until consent is withdrawn	PDPA consent requirement; aggregate analytics
Marketing Consent Records	Until consent withdrawn + 1 year	Proof of consent; compliance verification
Medical/Health Information	3 years after training completion or until consent withdrawn	Safety liability; emergency reference
Security Camera Footage	90 days (unless incident investigation)	Security and safety; crime prevention
Inquiry Forms (Non-Enrolled)	2 years	Business development; follow-up

10.2 Criteria for Determining Retention Periods

We determine retention periods based on:

Legal requirements: Thai laws mandate certain retention periods
Contractual obligations: Service agreements may require data retention
Legitimate business interests: Record-keeping, dispute resolution, audits
Data subject rights: Your right to erasure vs. our legal obligations

10.3 What Happens When Retention Periods Expire

When retention periods expire, we:

Securely delete electronic data (overwrite, degaussing, secure deletion)
Physically destroy paper documents (shredding, incineration)
Anonymize data if kept for statistical or research purposes (removing all identifiers)

10.4 Exceptions to Deletion

We may retain data beyond standard periods if:

Legal hold: Litigation, investigation, or legal proceeding is ongoing
Regulatory investigation: The government agency has requested data preservation
Fraud or abuse: Incident requires extended retention for evidence
Your request: You explicitly ask us to retain certain data longer

11. DATA SECURITY

11.1 Security Measures We Implement

We take data security seriously and implement comprehensive measures to protect your personal data:

A. Technical Measures:

Encryption: Data encrypted in transit (SSL/TLS) and at rest (AES-256)
Firewalls: Network security to prevent unauthorized access
Secure servers: Dedicated hosting with regular security updates
Access controls: Multi-factor authentication for system access
Intrusion detection: Monitoring for suspicious activity
Regular backups: Encrypted backups stored securely

B. Organizational Measures:

Access limitation: Only authorized personnel have access to personal data on a need-to-know basis
Staff training: Regular privacy and security training for all employees
Confidentiality agreements: All staff sign confidentiality clauses
Vendor vetting: Third-party processors undergo security assessments
Incident response plan: Procedures for handling data breaches

C. Physical Measures:

Secure facilities: Access-controlled office and training areas
Locked storage: Physical documents stored in locked cabinets
Visitor controls: Sign-in procedures for non-staff entering facilities
Security cameras: Monitoring of premises (with notice to visitors)

11.2 Data Breach Notification

Despite our best efforts, no system is 100% secure. In the event of a personal data breach, we will:

Step 1 – Internal Assessment (Immediate):

Identify the scope and severity of the breach
Contain the breach to prevent further data loss
Assess risk to affected individuals

Step 2 – Regulatory Notification (Within 72 Hours if High Risk):

Notify the Personal Data Protection Committee (PDPC) within 72 hours if the breach poses a high risk to rights and freedoms
Provide details of the breach, affected data, and mitigation measures

Step 3 – Individual Notification (Without Undue Delay if High Risk):

Notify affected individuals if the breach poses a high risk to their rights
Provide information about:
- What data was compromised
- When the breach occurred
- Potential consequences
- Steps we are taking to mitigate
- Steps you can take to protect yourself
- Contact information for questions

Step 4 – Remediation:

Implement additional security measures
Conduct post-incident review
Update security protocols as needed

You will be notified promptly and transparently if your data is involved in a breach posing a high risk.

12. YOUR RIGHTS UNDER THAILAND’S PDPA

Thailand’s Personal Data Protection Act grants you comprehensive rights over your personal data. We are committed to facilitating these rights.

12.1 Right to Access (Section 30 PDPA)

You have the right to request:

Confirmation of whether we process your personal data
Access to your personal data that we hold
Copies of your personal data
Information about how we use your data

How to exercise: Email [email protected] with “Data Access Request” in the subject line. Include your full name, contact details, and proof of identity (copy of passport or ID).

Response time: Within 30 days of verification

Cost: First request is free; subsequent requests may incur reasonable administrative costs

12.2 Right to Data Portability (Section 31 PDPA)

You have the right to:

Receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON, PDF)
Transmit this data to another controller without hindrance

Applies to: Data you provided with consent or under contract, processed by automated means

How to exercise: Email [email protected] specifying which data you want in portable format

Response time: Within 30 days

12.3 Right to Object (Section 32 PDPA)

You have the right to object to processing based on:

Legitimate interests (Section 24(4))
Public interest or official authority (Section 24(5))
Direct marketing

If you object to direct marketing, we will immediately stop marketing communications.

For other objections, we will stop processing unless we demonstrate compelling legitimate grounds that override your interests, or processing is necessary for legal claims.

How to exercise: Email [email protected] stating your objection and reasons

12.4 Right to Erasure / “Right to Be Forgotten” (Section 33 PDPA)

You have the right to request deletion of your personal data when:

Data is no longer necessary for the purposes collected
You withdraw consent, and there is no other legal basis
You object to processing, and there are no overriding legitimate grounds
The data was unlawfully processed
Deletion is required by law
Data was collected from a child without proper consent

Limitations: We may refuse erasure if retention is necessary for:

Legal obligations
Legal claims or defense
Freedom of expression or information
Public health or archiving purposes

How to exercise: Email [email protected] with “Erasure Request” in the subject line

Response time: Within 30 days; we will confirm deletion or explain why retention is necessary

12.5 Right to Restriction of Processing (Section 34 PDPA)

You have the right to request we temporarily restrict processing when:

You contest the accuracy of the data (restriction until we verify)
Processing is unlawful, but you prefer restriction over deletion
We no longer need the data, but you need it for legal claims
You have objected to processing (restriction pending verification of legitimate grounds)

During restriction: We will store the data but not otherwise process it (except with consent or for legal reasons)

How to exercise: Email [email protected] specifying the restriction requested

12.6 Right to Rectification (Section 35 PDPA)

You have the right to:

Correct inaccurate personal data
Complete incomplete personal data

Examples: Update address, correct spelling of name, add missing passport details

How to exercise: Email [email protected] with corrected information and proof (e.g., a copy of a passport showing correct details)

Response time: Within 30 days

12.7 Right to Withdraw Consent (Section 19 PDPA)

You have the right to withdraw consent for processing based on consent at any time.

Effect: We will stop processing data based on that consent, but may continue processing under other legal bases (e.g., legal obligation, contract performance)

Examples: Withdraw marketing consent, withdraw consent for photo use, withdraw consent for health data processing (though safety may require disclosure in emergencies)

How to exercise: Email [email protected] stating which consent you wish to withdraw, or use opt-out links in emails

No penalties: Withdrawal does not affect services based on contract or legal obligations

12.8 Right to Lodge a Complaint

If you believe we violated your PDPA rights, you can:

Step 1 – Contact Us First: Email [email protected] to raise concerns. We will investigate and respond within 30 days.

Step 2 – Lodge a Complaint with PDPC: If unsatisfied with our response, contact the Personal Data Protection Committee (PDPC):

Website: https://www.pdpc.or.th
Email: [email protected] (check the current website for updated contact)
Phone: (Check PDPC website for current contact numbers)

Step 3 – Seek Legal Advice: Consult with a privacy attorney regarding potential legal action.

12.9 How to Exercise Your Rights

To submit a request:

Email: [email protected]
Subject Line: Include the specific right (e.g., “Data Access Request,” “Erasure Request”)
Provide:
- Full name
- Contact information (email, phone)
- Proof of identity (copy of passport or national ID)
- Specific details of your request
- Preferred format for response (if applicable)

We will:

Verify your identity before processing requests
Respond within 30 days
Provide clear reasons if we cannot fully comply with your request
Keep records of all requests for compliance purposes

No fees for reasonable requests; we may charge for excessive, repetitive, or manifestly unfounded requests.

13. COOKIES AND TRACKING TECHNOLOGIES

13.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize your device, remember your preferences, and analyze website usage.

13.2 Types of Cookies We Use

A. Essential Cookies (Always Active):

These cookies are necessary for website functionality and cannot be disabled:

Session cookies: Keep you logged in during your visit
Security cookies: Protect against fraud and abuse
Load balancing cookies: Ensure website stability

Legal basis: Necessary for website operation (not subject to consent requirement)

B. Analytics Cookies (Requires Consent):

These cookies help us understand how visitors use our website:

Google Analytics: Page views, bounce rate, user flow, demographics
Heatmap tools: Click patterns, scroll depth, navigation behavior

Purpose: Improve website design, content, and user experience

Legal basis: Consent (you can opt out)

C. Marketing Cookies (Requires Consent):

These cookies track visitors across websites for advertising purposes:

Facebook Pixel: Retargeting ads on Facebook/Instagram
Google Ads: Retargeting and conversion tracking
Microsoft Advertising/Bing Ads: Retargeting and conversion tracking
LinkedIn Insight Tag: B2B advertising

Purpose: Show relevant ads and measure campaign effectiveness

Legal basis: Consent (you can opt out)

13.3 Cookie Consent Management

When you first visit our website, you will see a cookie consent banner with options:

Accept All: Consent to all cookies
Reject All: Only essential cookies will be used
Cookie Settings: Customize preferences by category

You can change your preferences at any time using the cookie settings link in the footer.

13.4 Cookie Retention Periods

Cookie Type	Retention Period
Session cookies	Until browser is closed
Analytics cookies	Up to 2 years
Marketing cookies	Up to 1 year
Preference cookies	Up to 1 year

13.5 Third-Party Cookies

Third-party services (e.g., Google Analytics, Facebook) may place their own cookies. We do not control these cookies. Refer to their privacy policies:

Google Analytics: https://policies.google.com/privacy
Facebook: https://www.facebook.com/privacy/policy
Stripe (Payment): https://stripe.com/privacy
Wise (Payment): https://wise.com/gb/legal/privacy-notices

13.6 How to Control Cookies

Browser Settings:

Chrome: Settings > Privacy and security > Cookies and other site data
Firefox: Settings > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Cookies and website data
Edge: Settings > Privacy, search, and services > Cookies

Mobile Devices:

iOS: Settings > Safari > Block Cookies
Android: Browser settings > Privacy > Cookies

Note: Disabling essential cookies may affect website functionality.

13.7 Do Not Track (DNT)

Some browsers support “Do Not Track” (DNT) signals. As there is no universal standard, we do not currently respond to DNT signals. You can control tracking through cookie settings.

14. CHILDREN’S PRIVACY

14.1 Age Requirements

Our services are generally intended for individuals 20 years or older (DTV visa age requirement).

For ED Visa programs, we accept minors (under 18) only with:

Parental or legal guardian consent for data processing
Separate consent form signed by parent/guardian
Guardian verification (copy of guardian’s ID/passport)

14.2 Special Protections for Minors

For applicants under 18, we:

Obtain explicit parental/guardian consent before collecting data
Collect only data necessary for enrollment and safety
Provide parents/guardians with access to their child’s data
Allow parents/guardians to request the deletion of their child’s data

14.3 Parental Rights

Parents or legal guardians can:

Access their child’s personal data
Request correction or deletion
Withdraw consent at any time
Object to processing

Contact: [email protected]

15. MARKETING COMMUNICATIONS

15.1 Types of Marketing Communications

With your consent, we may send:

Newsletters: Training tips, gym updates, success stories
Promotional offers: Discounts, special packages, referral programs
Event invitations: Workshops, seminars, guest instructor sessions
Social media posts: Featuring your testimonial or photos (with separate consent)

15.2 How to Opt Out

Email Marketing:

Click the “Unsubscribe” link at the bottom of any marketing email
Email [email protected] with “Unsubscribe” in the subject line

SMS Marketing:

Reply “STOP” to any marketing SMS
Contact [email protected]

We will process opt-out requests within 5 business days.

15.3 What Opting Out Does NOT Affect

Opting out of marketing does NOT affect:

Transactional emails: Booking confirmations, visa updates, payment receipts
Service communications: Schedule changes, safety notices, policy updates
Legal notices: Changes to Terms and Conditions or Privacy Policy

16. THIRD-PARTY LINKS AND SERVICES

16.1 External Websites

Our website may contain links to:

Thai government websites (Immigration Bureau, Ministry of Education)
Thai embassy/consulate websites
Partner or affiliate websites
Other authoritative websites
Social media platforms

We are not responsible for the privacy practices of these external sites. They have their own privacy policies.

Before providing personal data to third-party websites, review their privacy policies.

16.2 Social Media Plugins

Our website may include social media plugins (Facebook “Like,” Instagram “Follow,” etc.). These plugins may collect data about your visit and share it with the social media platform.

We do not control data collected by social media plugins. Refer to the social media platform’s privacy policy.

17. DATA TRANSFERS TO GOVERNMENT AGENCIES

17.1 Mandatory Reporting to Thai Authorities

Under Thai law, we are required to share certain data with government agencies:

A. Ministry of Education (MOE):

Frequency: Monthly
Data shared: Student enrollment status, attendance records, program start/end dates, completion status
Purpose: Compliance with education regulations; verification of ED Visa legitimacy
Legal basis: Legal obligation (Section 24(1) PDPA)

B. Immigration Bureau:

Frequency: As requested (typically quarterly or upon visa extension)
Data shared: Enrollment confirmation, attendance records, 90-day reporting data
Purpose: Visa verification, overstay prevention, compliance checks
Legal basis: Legal obligation (Section 24(1) PDPA)

C. Sports Authority of Thailand (SAT):

Frequency: Annually or upon inspection
Data shared: Training program curriculum, instructor qualifications, facility standards
Purpose: 5-Star Professional Camp certification compliance
Legal basis: Legal obligation (Section 24(1) PDPA)

D. Thai Revenue Department:

Frequency: Annually (tax filing)
Data shared: Payment records, financial transactions (aggregated, not individual student details unless required by audit)
Purpose: Tax compliance
Legal basis: Legal obligation (Section 24(1) PDPA)

17.2 Your Rights Regarding Government Reporting

You cannot opt out of mandatory government reporting (it is a legal requirement for our operation).

However, you have the right to:

Know what data is reported (request copies of reports from us)
Ensure accuracy (request corrections if data is inaccurate)
Complain to PDPC if you believe reporting violates PDPA

18. CHANGES TO THIS PRIVACY POLICY

18.1 Policy Updates

We may update this Privacy Policy to reflect:

Changes to Thai data protection laws (PDPA amendments or regulations)
New services or business practices
Technology updates affecting data processing
Feedback from regulatory authorities or data subjects

18.2 Notification of Material Changes

For material changes (e.g., new data uses, new third-party disclosures, reduced protections), we will:

Update the “Last Updated” date at the top of this policy
Email active clients at least 30 days before changes take effect
Post a prominent notice on our website homepage
Request renewed consent if required by PDPA (e.g., for new purposes)

18.3 Notification of Minor Changes

For minor changes (e.g., clarifications, formatting updates, contact information updates), we will:

Update the “Last Updated” date
Post the revised policy on our website

18.4 Your Options

If you disagree with material changes:

You may withdraw consent for processing based on consent
You may object to processing based on legitimate interests
You may terminate services (subject to contractual obligations)

Continued use of our services after changes take effect constitutes acceptance of the updated policy.

19. CONTACT US

19.1 Privacy-Related Inquiries

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: [email protected]
WhatsApp: +66 62-978-9141
Phone: Available via WhatsApp or email request

19.2 Data Protection Officer

Our Data Protection Officer (DPO) is responsible for:

Monitoring PDPA compliance
Advising on data protection matters
Investigating data breaches or complaints
Serving as a point of contact with PDPC

Contact DPO: [email protected] (marked “Attention: DPO”)

19.3 Mailing Address

For written correspondence:

Muay Thai Visa Thailand (MTVT)
Attention: Privacy / Data Protection Officer
168 Soi Sannibat Tessaban 1
Chan Kasem Subdistrict, Chatuchak District
Bangkok 10900, Thailand

19.4 Response Time

We will acknowledge your inquiry within 5 business days and provide a substantive response within 30 days (or explain if more time is needed due to complexity).

20. REGULATORY AUTHORITY

20.1 Personal Data Protection Committee (PDPC)

The PDPC is Thailand’s data protection authority responsible for enforcing the PDPA.

Contact PDPC:

Website: https://www.pdpc.or.th
Email: [email protected] (verify current contact on official website)
Phone: Check the official PDPC website for current contact numbers

20.2 When to Contact PDPC

Contact the PDPC if:

You are unsatisfied with our response to your complaint
You believe we violated your PDPA rights
You have concerns about our data protection practices
You want to file a formal complaint

Note: We encourage you to contact us first so we can address your concerns directly.

21. LEGAL DISCLOSURES

21.1 Legal Framework

This Privacy Policy is governed by:

Personal Data Protection Act B.E. 2562 (2019) (PDPA)
PDPC Notifications and Guidelines
Computer-Related Crime Act B.E. 2550 (2007)
Other applicable Thai laws

21.2 Language

This Privacy Policy is provided in English. If translated into other languages for convenience:

The English version controls in case of conflict or ambiguity
Translations are for reference only

21.3 Severability

If any provision of this policy is found to be unenforceable:

The remaining provisions continue in full effect
The unenforceable provision is reformed to the minimum extent necessary to make it enforceable

By using our website, submitting an application, or engaging our services, you acknowledge that:

✓ You have read and understood this Privacy Policy in its entirety

✓ You understand what personal data we collect and why

✓ You understand how we use, store, and protect your data

✓ You are aware of your rights under Thailand’s PDPA and how to exercise them

✓ You consent to the processing of your personal data as described in this policy, to the extent consent is required

✓ For sensitive personal data (health information), you provide explicit consent separately

✓ You understand you can withdraw consent at any time without penalty (though this may affect services)

✓ You have had the opportunity to ask questions or seek clarification before providing data