Privacy Policy
Last Updated: January 30, 2026
Effective Date: January 30, 2026
1. INTRODUCTION
Muay Thai Visa Thailand (MTVT), the international enrollment division of Sor.Dechapant Muay Thai School (Ministry of Education License สช.กร. 00025/2568) and Sor.Dechapant Muay Thai Camp/Gym (Sports Authority of Thailand 5-Star Professional Camp) is committed to protecting your personal data and respecting your privacy rights.
This Privacy Policy explains:
- What personal data do we collect and why
- How we use, store, and protect your data
- Your rights under Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA“)
- How to exercise your rights or contact us with concerns
Please read this policy carefully. By using our website (https://www.muaythaivisathailand.com), submitting an application, or engaging our services, you acknowledge that you have read and understood this Privacy Policy.
2. DATA CONTROLLER INFORMATION
Data Controller:
Muay Thai Visa Thailand (MTVT)
Operating under Sor.Dechapant Muay Thai School (MOE License สช.กร. 00025/2568)
Registered Address:
168 Soi Sannibat Tessaban 1
Chan Kasem Subdistrict, Chatuchak District
Bangkok 10900, Thailand
Contact for Privacy Matters:
Email: info@muaythaivisathailand.com
WhatsApp: +66 62-978-9141
Data Protection Officer (DPO):
We have designated a Data Protection Officer responsible for overseeing compliance with this Privacy Policy and the PDPA. You can contact our DPO at: info@muaythaivisathailand.com
3. SCOPE AND APPLICABILITY
3.1 Who This Policy Applies To
This Privacy Policy applies to:
- Prospective clients visiting our website or making inquiries
- Enrolled students participating in our training programs
- Visa applicants using our documentation services
- Website visitors browsing our content
- Newsletter subscribers receive our communications
3.2 Territorial Scope
Under Thailand’s PDPA, this policy applies to:
- Personal data processed within Thailand
- Personal data of individuals located in Thailand
- Personal data processed by us, regardless of where you are located (extraterritorial application)
We operate in Thailand and process data primarily there, but this policy applies to all individuals whose data we process.
3.3 What This Policy Does NOT Cover
This policy does not cover:
- Third-party websites linked from our site (they have their own privacy policies)
- Deceased persons (PDPA excludes data of deceased individuals)
- Publicly available information (already in the public domain)
- Business contact information used solely for B2B communications
4. LEGAL BASIS FOR DATA PROCESSING
Under the PDPA, we must have a lawful basis to process your personal data. We process your data under the following legal grounds:
4.1 Consent (Section 19 PDPA)
When you voluntarily provide us with information and agree to its processing for specific purposes (e.g., subscribing to newsletters, submitting inquiry forms).
You have the right to withdraw consent at any time by contacting us at info@muaythaivisathailand.com.
4.2 Contractual Necessity (Section 24(2) PDPA)
When processing is necessary for:
- Entering into a contract with you (e.g., enrollment in training programs)
- Performing obligations under our contract with you (e.g., providing training services, preparing visa documentation)
4.3 Legitimate Interests (Section 24(4) PDPA)
When processing is necessary for our legitimate business interests or those of a third party, and your rights do not override these interests:
- Website analytics and improvement
- Fraud prevention and security
- Internal record-keeping and administration
- Business development and service improvement
4.4 Legal Obligations (Section 24(1) PDPA)
When processing is required to comply with Thai laws, including:
- Ministry of Education reporting (monthly enrollment reports for ED Visa holders)
- Immigration Bureau requirements (90-day reporting, visa verification)
- Tax and accounting obligations (Thai Revenue Department)
- Sports Authority of Thailand compliance
4.5 Vital Interests (Section 24(3) PDPA)
When processing is necessary to protect your life, health, or physical well-being (e.g., emergency medical situations during training).
5. PERSONAL DATA WE COLLECT
5.1 Categories of Personal Data
We collect the following categories of personal data:
A. Identification Information:
- Full name (as it appears on passport)
- Date of birth
- Nationality and citizenship
- Passport number, expiry date, and issuing country
- Passport photographs and scans
- National ID number (if applicable)
- Visa photographs (passport-style photos)
B. Contact Information:
- Email address(es)
- Phone number(s) (mobile and/or landline)
- WhatsApp, LINE, or other messaging app IDs
- Current residential address
- Permanent address (if different)
- Emergency contact information (name, relationship, phone number)
C. Financial Information:
- Bank statements (for proof of funds for visa applications)
- Payment information (credit/debit card details processed through secure payment processors)
- Transaction records and receipts
- Proof of income or employment (if applicable for visa applications)
- Sponsor financial information (if using a sponsor for a visa application)
D. Immigration and Travel Information:
- Visa history (prior visas, overstays, rejections, deportations)
- Entry and exit stamps from the passport
- Current visa status and permitted stay duration
- Travel itinerary and flight bookings
- Immigration Bureau correspondence
- 90-day reporting records
E. Professional and Educational Information:
- Employment status and employer details (DTV applicants)
- Remote work arrangements and client information (DTV applicants)
- Educational background and qualifications
- Previous Muay Thai or martial arts training experience
F. Health and Medical Information (Sensitive Personal Data):
- Pre-existing medical conditions relevant to training safety
- Injuries or physical limitations
- Allergies (especially if affecting training or emergency response)
- Physician clearance (if required)
- Emergency medical information
- COVID-19 vaccination status (if required by government regulations)
Note: Health data is “sensitive personal data” under PDPA Section 26 and requires explicit consent and additional protections.
G. Training and Performance Data:
- Attendance records (date, time, duration of training sessions)
- Training assessments and progress notes
- Sparring partners and training logs
- Belt or certification levels achieved
- Video or photographic records of training (if applicable)
- Feedback and performance reviews from instructors
H. Website and Technical Data:
- IP address and device identifiers
- Browser type and version
- Operating system and device type
- Pages visited, time spent, and navigation patterns
- Referring website or source
- Cookies and similar tracking technologies (see Section 13)
I. Communication Records:
- Emails, messages, and inquiries sent to us
- Phone call records (date, time, summary of discussion)
- Chat logs from WhatsApp, LINE, or website chat
- Feedback, complaints, or reviews submitted
J. Photographic and Video Content:
- Gym photos and training videos (if you appear in promotional materials)
- Social media posts or testimonials you provide
- Security camera footage from training facilities
5.2 Sensitive Personal Data
Under PDPA Section 26, certain categories of personal data receive additional protection:
- Health data (medical conditions, injuries, fitness assessments)
- Racial or ethnic origin (if disclosed)
- Religious beliefs (if disclosed, e.g., for dietary accommodations)
- Biometric data (if collected, e.g., fingerprints for certain services)
- Criminal convictions or records (if disclosed or discovered)
We collect sensitive personal data ONLY when:
- You provide explicit consent, OR
- It is necessary for vital interests (e.g., emergency medical care), OR
- It is required by law (e.g., certain government reporting)
You have the right to refuse to provide sensitive personal data, but this may affect our ability to provide certain services (e.g., if you cannot safely participate in training due to undisclosed medical conditions).
6. HOW WE COLLECT YOUR PERSONAL DATA
6.1 Directly From You
Most personal data comes directly from you when you:
- Fill out the inquiry or application forms on our website
- Email, call, or message us
- Submit documents for visa processing
- Enroll in training programs
- Attend training sessions
- Provide feedback or testimonials
- Subscribe to our newsletter or communications
6.2 Automatically Through Website Use
When you visit our website, we automatically collect:
- Technical data (IP address, device information, browser type)
- Usage data (pages visited, time spent, navigation patterns)
- Cookie data (see Section 13 for details)
6.3 From Third Parties
We may receive personal data from:
- Thai government agencies (immigration stamps, visa verification, and education ministry records)
- Payment processors (transaction confirmations, payment status)
- Medical providers (if you provide emergency medical consent)
- References or sponsors (if you use a sponsor for visa applications)
- Public sources (if we verify information you provided, such as passport validity)
6.4 From Social Media
If you interact with us on social media (Facebook, Instagram, etc.), we may collect:
- Your public profile information
- Comments, messages, or reviews you post
- Photos or videos you share featuring our gym
7. HOW WE USE YOUR PERSONAL DATA
7.1 Primary Purposes
We use your personal data for the following purposes:
A. Visa Documentation Services:
- Preparing official acceptance letters and school certifications
- Compiling documentation packages for visa applications
- Verifying your eligibility for DTV or ED Visa programs
- Communicating with Thai embassies or consulates (if you authorize us)
- Submitting monthly enrollment reports to the Ministry of Education (ED Visa)
- Assisting with 90-day reporting to the Immigration Bureau
- Preparing visa extension documentation
B. Training Program Operations:
- Enrolling you in Muay Thai training programs
- Scheduling training sessions and assigning instructors
- Monitoring attendance and tracking progress
- Ensuring safety during training (reviewing medical information)
- Issuing training certifications upon completion
- Communicating schedule changes or gym closures
C. Payment Processing:
- Processing enrollment and service fees
- Issuing receipts and invoices
- Maintaining financial records for accounting and tax purposes
D. Communication:
- Responding to inquiries and providing customer support
- Sending booking confirmations and service updates
- Providing visa application guidance
- Notifying you of policy or schedule changes
- Sending reminders about important dates (visa expiry, extension deadlines)
E. Legal Compliance:
- Ministry of Education reporting (monthly enrollment and attendance for ED Visa holders)
- Immigration Bureau compliance (90-day reporting, visa verification requests)
- Sports Authority of Thailand oversight (training program standards)
- Tax reporting to the Thai Revenue Department
- Responding to legal requests or court orders
F. Safety and Security:
- Monitoring training facilities via security cameras
- Investigating accidents, injuries, or safety incidents
- Preventing fraud, unauthorized access, or illegal activities
- Enforcing our Terms and Conditions and gym rules
G. Marketing and Promotion (With Your Consent):
- Sending newsletters and promotional materials
- Sharing success stories and testimonials (with permission)
- Creating promotional photos or videos featuring students (with consent)
- Promoting on social media (with permission)
H. Business Improvement:
- Analyzing website usage to improve user experience
- Conducting satisfaction surveys and collecting feedback
- Developing new services or training programs
- Internal record-keeping and administration
7.2 Purposes Requiring Explicit Consent
For certain purposes, we require your explicit, separate consent:
- Using your photographs or videos in marketing materials
- Sharing your testimonial or success story publicly
- Sending marketing emails or promotional messages
- Processing sensitive personal data (health information) beyond safety requirements
You can withdraw consent at any time without affecting other services.
8. DATA SHARING AND DISCLOSURE
8.1 When We Share Your Data
We share your personal data with the following categories of recipients:
A. Thai Government Authorities (Legal Requirement):
- Ministry of Education: Monthly enrollment status, attendance records, program details (ED Visa holders)
- Immigration Bureau: Visa verification, 90-day reporting, extension applications
- Sports Authority of Thailand: Training program compliance, facility inspections
- Thai Revenue Department: Tax reporting, financial audits
- Thai Police or law enforcement: If legally required (e.g., criminal investigations, court orders)
Sharing with government authorities is based on legal obligation (PDPA Section 24(1)) and does not require your consent.
B. Affiliated Entities:
- Sor.Dechapant Muay Thai School: We are their international enrollment division; they manage training operations
- Sor.Dechapant Muay Thai Camp/Gym: For training coordination and facility access
These entities are part of the same organization and share the same privacy commitments.
C. Service Providers (Data Processors):
We engage third-party service providers who process data on our behalf:
- Payment processors: For credit/debit card transactions (e.g., Stripe, Wise, Thai banks)
- Email service providers: For sending communications (e.g., Mailchimp, SendGrid)
- Website hosting providers: For website infrastructure and security
- Cloud storage providers: For secure document storage
- Translation or notarization services: If required for visa documents
- Accounting or tax preparation services: For financial compliance
These processors are bound by contracts requiring PDPA compliance and data security.
D. Thai Embassies or Consulates (With Your Authorization):
If you authorize us, we may communicate with Thai embassies or consulates regarding your visa application status or requirements.
We only do this with your explicit permission.
E. Medical or Emergency Services:
In medical emergencies, we may share relevant health information with:
- Emergency medical responders
- Hospitals or clinics
- Your emergency contacts
This is based on vital interests (PDPA Section 24(3)) to protect your health or life.
F. Legal or Regulatory Requests:
We may disclose data when:
- Required by Thai law or court order
- Necessary to enforce our Terms and Conditions
- Protecting our rights, property, or safety
- Investigating fraud, abuse, or violations
- Responding to government investigations
8.2 What We Do NOT Do With Your Data
We DO NOT:
- Sell your personal data to third parties
- Rent or lease your information for marketing purposes
- Share data with unaffiliated companies for their marketing
- Provide data to data brokers or aggregators
9. CROSS-BORDER DATA TRANSFERS
9.1 Data Storage Location
Your personal data is primarily stored and processed in Thailand:
- Our servers are located in Thailand
- Physical documents are stored at our Bangkok facility
- Training records are maintained locally
9.2 When Data May Leave Thailand
In limited circumstances, your data may be transferred outside Thailand:
A. Cloud Service Providers:
We use international cloud services (e.g., Google Cloud, AWS, Microsoft Azure, DigitalOcean) that may store backups outside Thailand. These providers maintain data centers in multiple countries.
B. Payment Processors:
International payment processors (e.g., Stripe, Wise) may process transactions through servers outside Thailand.
C. Email and Communication Platforms:
Email service providers may route communications through international servers.
9.3 Safeguards for International Transfers
When data leaves Thailand, we ensure adequate protection through:
A. Standard Contractual Clauses (SCCs):
We use PDPC-approved standard contractual clauses with international service providers, binding them to PDPA-equivalent protections.
B. Adequacy Decisions:
We transfer to countries or regions recognized by Thailand as having adequate data protection (e.g., EU/EEA under GDPR, countries with similar laws).
C. Explicit Consent:
For transfers outside the above safeguards, we obtain your explicit consent and inform you of:
- The destination country
- Potential risks (if the country lacks adequate data protection)
- Your right to refuse or withdraw consent
9.4 Your Rights Regarding Transfers
You have the right to:
- Know where your data is transferred
- Refuse consent for transfers (though this may limit our ability to provide services)
- Withdraw consent for international transfers
- Request that data be stored only in Thailand (we will assess feasibility)
10. DATA RETENTION
10.1 How Long We Keep Your Data
We retain personal data only as long as necessary for the purposes outlined in this policy or as required by Thai law.
Retention Periods:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Visa Application Documents | 5 years after visa expiry | Ministry of Education requirement; Immigration Bureau may request historical records |
| ED Visa Enrollment Records | 5 years after program completion | Ministry of Education regulation (educational institutions must retain student records) |
| Training Attendance Records | 5 years after completion | Ministry of Education and SAT compliance; verification for future inquiries |
| Financial Records (Invoices, Receipts) | 7 years | Thai Revenue Department requirement (tax audit period) |
| Payment Transaction Data | 3 years | Anti-money laundering regulations; dispute resolution |
| Email and Communication Logs | 2 years | Business operations and customer support |
| Website Analytics and Cookies | 3 years after training completion or until consent is withdrawn | PDPA consent requirement; aggregate analytics |
| Marketing Consent Records | Until consent withdrawn + 1 year | Proof of consent; compliance verification |
| Medical/Health Information | 3 years after training completion or until consent withdrawn | Safety liability; emergency reference |
| Security Camera Footage | 90 days (unless incident investigation) | Security and safety; crime prevention |
| Inquiry Forms (Non-Enrolled) | 2 years | Business development; follow-up |
10.2 Criteria for Determining Retention Periods
We determine retention periods based on:
- Legal requirements: Thai laws mandate certain retention periods
- Contractual obligations: Service agreements may require data retention
- Legitimate business interests: Record-keeping, dispute resolution, audits
- Data subject rights: Your right to erasure vs. our legal obligations
10.3 What Happens When Retention Periods Expire
When retention periods expire, we:
- Securely delete electronic data (overwrite, degaussing, secure deletion)
- Physically destroy paper documents (shredding, incineration)
- Anonymize data if kept for statistical or research purposes (removing all identifiers)
10.4 Exceptions to Deletion
We may retain data beyond standard periods if:
- Legal hold: Litigation, investigation, or legal proceeding is ongoing
- Regulatory investigation: The government agency has requested data preservation
- Fraud or abuse: Incident requires extended retention for evidence
- Your request: You explicitly ask us to retain certain data longer
11. DATA SECURITY
11.1 Security Measures We Implement
We take data security seriously and implement comprehensive measures to protect your personal data:
A. Technical Measures:
- Encryption: Data encrypted in transit (SSL/TLS) and at rest (AES-256)
- Firewalls: Network security to prevent unauthorized access
- Secure servers: Dedicated hosting with regular security updates
- Access controls: Multi-factor authentication for system access
- Intrusion detection: Monitoring for suspicious activity
- Regular backups: Encrypted backups stored securely
B. Organizational Measures:
- Access limitation: Only authorized personnel have access to personal data on a need-to-know basis
- Staff training: Regular privacy and security training for all employees
- Confidentiality agreements: All staff sign confidentiality clauses
- Vendor vetting: Third-party processors undergo security assessments
- Incident response plan: Procedures for handling data breaches
C. Physical Measures:
- Secure facilities: Access-controlled office and training areas
- Locked storage: Physical documents stored in locked cabinets
- Visitor controls: Sign-in procedures for non-staff entering facilities
- Security cameras: Monitoring of premises (with notice to visitors)
11.2 Data Breach Notification
Despite our best efforts, no system is 100% secure. In the event of a personal data breach, we will:
Step 1 – Internal Assessment (Immediate):
- Identify the scope and severity of the breach
- Contain the breach to prevent further data loss
- Assess risk to affected individuals
Step 2 – Regulatory Notification (Within 72 Hours if High Risk):
- Notify the Personal Data Protection Committee (PDPC) within 72 hours if the breach poses a high risk to rights and freedoms
- Provide details of the breach, affected data, and mitigation measures
Step 3 – Individual Notification (Without Undue Delay if High Risk):
- Notify affected individuals if the breach poses a high risk to their rights
- Provide information about:
- What data was compromised
- When the breach occurred
- Potential consequences
- Steps we are taking to mitigate
- Steps you can take to protect yourself
- Contact information for questions
Step 4 – Remediation:
- Implement additional security measures
- Conduct post-incident review
- Update security protocols as needed
You will be notified promptly and transparently if your data is involved in a breach posing a high risk.
12. YOUR RIGHTS UNDER THAILAND’S PDPA
Thailand’s Personal Data Protection Act grants you comprehensive rights over your personal data. We are committed to facilitating these rights.
12.1 Right to Access (Section 30 PDPA)
You have the right to request:
- Confirmation of whether we process your personal data
- Access to your personal data that we hold
- Copies of your personal data
- Information about how we use your data
How to exercise: Email info@muaythaivisathailand.com with “Data Access Request” in the subject line. Include your full name, contact details, and proof of identity (copy of passport or ID).
Response time: Within 30 days of verification
Cost: First request is free; subsequent requests may incur reasonable administrative costs
12.2 Right to Data Portability (Section 31 PDPA)
You have the right to:
- Receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON, PDF)
- Transmit this data to another controller without hindrance
Applies to: Data you provided with consent or under contract, processed by automated means
How to exercise: Email info@muaythaivisathailand.com specifying which data you want in portable format
Response time: Within 30 days
12.3 Right to Object (Section 32 PDPA)
You have the right to object to processing based on:
- Legitimate interests (Section 24(4))
- Public interest or official authority (Section 24(5))
- Direct marketing
If you object to direct marketing, we will immediately stop marketing communications.
For other objections, we will stop processing unless we demonstrate compelling legitimate grounds that override your interests, or processing is necessary for legal claims.
How to exercise: Email info@muaythaivisathailand.com stating your objection and reasons
12.4 Right to Erasure / “Right to Be Forgotten” (Section 33 PDPA)
You have the right to request deletion of your personal data when:
- Data is no longer necessary for the purposes collected
- You withdraw consent, and there is no other legal basis
- You object to processing, and there are no overriding legitimate grounds
- The data was unlawfully processed
- Deletion is required by law
- Data was collected from a child without proper consent
Limitations: We may refuse erasure if retention is necessary for:
- Legal obligations
- Legal claims or defense
- Freedom of expression or information
- Public health or archiving purposes
How to exercise: Email info@muaythaivisathailand.com with “Erasure Request” in the subject line
Response time: Within 30 days; we will confirm deletion or explain why retention is necessary
12.5 Right to Restriction of Processing (Section 34 PDPA)
You have the right to request we temporarily restrict processing when:
- You contest the accuracy of the data (restriction until we verify)
- Processing is unlawful, but you prefer restriction over deletion
- We no longer need the data, but you need it for legal claims
- You have objected to processing (restriction pending verification of legitimate grounds)
During restriction: We will store the data but not otherwise process it (except with consent or for legal reasons)
How to exercise: Email info@muaythaivisathailand.com specifying the restriction requested
12.6 Right to Rectification (Section 35 PDPA)
You have the right to:
- Correct inaccurate personal data
- Complete incomplete personal data
Examples: Update address, correct spelling of name, add missing passport details
How to exercise: Email info@muaythaivisathailand.com with corrected information and proof (e.g., a copy of a passport showing correct details)
Response time: Within 30 days
12.7 Right to Withdraw Consent (Section 19 PDPA)
You have the right to withdraw consent for processing based on consent at any time.
Effect: We will stop processing data based on that consent, but may continue processing under other legal bases (e.g., legal obligation, contract performance)
Examples: Withdraw marketing consent, withdraw consent for photo use, withdraw consent for health data processing (though safety may require disclosure in emergencies)
How to exercise: Email info@muaythaivisathailand.com stating which consent you wish to withdraw, or use opt-out links in emails
No penalties: Withdrawal does not affect services based on contract or legal obligations
12.8 Right to Lodge a Complaint
If you believe we violated your PDPA rights, you can:
Step 1 – Contact Us First: Email info@muaythaivisathailand.com to raise concerns. We will investigate and respond within 30 days.
Step 2 – Lodge a Complaint with PDPC: If unsatisfied with our response, contact the Personal Data Protection Committee (PDPC):
- Website: https://www.pdpc.or.th
- Email: contact@pdpc.or.th (check the current website for updated contact)
- Phone: (Check PDPC website for current contact numbers)
Step 3 – Seek Legal Advice: Consult with a privacy attorney regarding potential legal action.
12.9 How to Exercise Your Rights
To submit a request:
- Email: info@muaythaivisathailand.com
- Subject Line: Include the specific right (e.g., “Data Access Request,” “Erasure Request”)
- Provide:
- Full name
- Contact information (email, phone)
- Proof of identity (copy of passport or national ID)
- Specific details of your request
- Preferred format for response (if applicable)
We will:
- Verify your identity before processing requests
- Respond within 30 days
- Provide clear reasons if we cannot fully comply with your request
- Keep records of all requests for compliance purposes
No fees for reasonable requests; we may charge for excessive, repetitive, or manifestly unfounded requests.
13. COOKIES AND TRACKING TECHNOLOGIES
13.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us recognize your device, remember your preferences, and analyze website usage.
13.2 Types of Cookies We Use
A. Essential Cookies (Always Active):
These cookies are necessary for website functionality and cannot be disabled:
- Session cookies: Keep you logged in during your visit
- Security cookies: Protect against fraud and abuse
- Load balancing cookies: Ensure website stability
Legal basis: Necessary for website operation (not subject to consent requirement)
B. Analytics Cookies (Requires Consent):
These cookies help us understand how visitors use our website:
- Google Analytics: Page views, bounce rate, user flow, demographics
- Heatmap tools: Click patterns, scroll depth, navigation behavior
Purpose: Improve website design, content, and user experience
Legal basis: Consent (you can opt out)
C. Marketing Cookies (Requires Consent):
These cookies track visitors across websites for advertising purposes:
- Facebook Pixel: Retargeting ads on Facebook/Instagram
- Google Ads: Retargeting and conversion tracking
- Microsoft Advertising/Bing Ads: Retargeting and conversion tracking
- LinkedIn Insight Tag: B2B advertising
Purpose: Show relevant ads and measure campaign effectiveness
Legal basis: Consent (you can opt out)
13.3 Cookie Consent Management
When you first visit our website, you will see a cookie consent banner with options:
- Accept All: Consent to all cookies
- Reject All: Only essential cookies will be used
- Cookie Settings: Customize preferences by category
You can change your preferences at any time using the cookie settings link in the footer.
13.4 Cookie Retention Periods
| Cookie Type | Retention Period |
|---|---|
| Session cookies | Until browser is closed |
| Analytics cookies | Up to 2 years |
| Marketing cookies | Up to 1 year |
| Preference cookies | Up to 1 year |
13.5 Third-Party Cookies
Third-party services (e.g., Google Analytics, Facebook) may place their own cookies. We do not control these cookies. Refer to their privacy policies:
- Google Analytics: https://policies.google.com/privacy
- Facebook: https://www.facebook.com/privacy/policy
- Stripe (Payment): https://stripe.com/privacy
- Wise (Payment): https://wise.com/gb/legal/privacy-notices
13.6 How to Control Cookies
Browser Settings:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Cookies and website data
- Edge: Settings > Privacy, search, and services > Cookies
Mobile Devices:
- iOS: Settings > Safari > Block Cookies
- Android: Browser settings > Privacy > Cookies
Note: Disabling essential cookies may affect website functionality.
13.7 Do Not Track (DNT)
Some browsers support “Do Not Track” (DNT) signals. As there is no universal standard, we do not currently respond to DNT signals. You can control tracking through cookie settings.
14. CHILDREN’S PRIVACY
14.1 Age Requirements
Our services are generally intended for individuals 20 years or older (DTV visa age requirement).
For ED Visa programs, we accept minors (under 18) only with:
- Parental or legal guardian consent for data processing
- Separate consent form signed by parent/guardian
- Guardian verification (copy of guardian’s ID/passport)
14.2 Special Protections for Minors
For applicants under 18, we:
- Obtain explicit parental/guardian consent before collecting data
- Collect only data necessary for enrollment and safety
- Provide parents/guardians with access to their child’s data
- Allow parents/guardians to request the deletion of their child’s data
14.3 Parental Rights
Parents or legal guardians can:
- Access their child’s personal data
- Request correction or deletion
- Withdraw consent at any time
- Object to processing
Contact: info@muaythaivisathailand.com
15. MARKETING COMMUNICATIONS
15.1 Types of Marketing Communications
With your consent, we may send:
- Newsletters: Training tips, gym updates, success stories
- Promotional offers: Discounts, special packages, referral programs
- Event invitations: Workshops, seminars, guest instructor sessions
- Social media posts: Featuring your testimonial or photos (with separate consent)
15.2 How to Opt Out
Email Marketing:
- Click the “Unsubscribe” link at the bottom of any marketing email
- Email info@muaythaivisathailand.com with “Unsubscribe” in the subject line
SMS Marketing:
- Reply “STOP” to any marketing SMS
- Contact info@muaythaivisathailand.com
We will process opt-out requests within 5 business days.
15.3 What Opting Out Does NOT Affect
Opting out of marketing does NOT affect:
- Transactional emails: Booking confirmations, visa updates, payment receipts
- Service communications: Schedule changes, safety notices, policy updates
- Legal notices: Changes to Terms and Conditions or Privacy Policy
16. THIRD-PARTY LINKS AND SERVICES
16.1 External Websites
Our website may contain links to:
- Thai government websites (Immigration Bureau, Ministry of Education)
- Thai embassy/consulate websites
- Partner or affiliate websites
- Other authoritative websites
- Social media platforms
We are not responsible for the privacy practices of these external sites. They have their own privacy policies.
Before providing personal data to third-party websites, review their privacy policies.
16.2 Social Media Plugins
Our website may include social media plugins (Facebook “Like,” Instagram “Follow,” etc.). These plugins may collect data about your visit and share it with the social media platform.
We do not control data collected by social media plugins. Refer to the social media platform’s privacy policy.
17. DATA TRANSFERS TO GOVERNMENT AGENCIES
17.1 Mandatory Reporting to Thai Authorities
Under Thai law, we are required to share certain data with government agencies:
A. Ministry of Education (MOE):
- Frequency: Monthly
- Data shared: Student enrollment status, attendance records, program start/end dates, completion status
- Purpose: Compliance with education regulations; verification of ED Visa legitimacy
- Legal basis: Legal obligation (Section 24(1) PDPA)
B. Immigration Bureau:
- Frequency: As requested (typically quarterly or upon visa extension)
- Data shared: Enrollment confirmation, attendance records, 90-day reporting data
- Purpose: Visa verification, overstay prevention, compliance checks
- Legal basis: Legal obligation (Section 24(1) PDPA)
C. Sports Authority of Thailand (SAT):
- Frequency: Annually or upon inspection
- Data shared: Training program curriculum, instructor qualifications, facility standards
- Purpose: 5-Star Professional Camp certification compliance
- Legal basis: Legal obligation (Section 24(1) PDPA)
D. Thai Revenue Department:
- Frequency: Annually (tax filing)
- Data shared: Payment records, financial transactions (aggregated, not individual student details unless required by audit)
- Purpose: Tax compliance
- Legal basis: Legal obligation (Section 24(1) PDPA)
17.2 Your Rights Regarding Government Reporting
You cannot opt out of mandatory government reporting (it is a legal requirement for our operation).
However, you have the right to:
- Know what data is reported (request copies of reports from us)
- Ensure accuracy (request corrections if data is inaccurate)
- Complain to PDPC if you believe reporting violates PDPA
18. CHANGES TO THIS PRIVACY POLICY
18.1 Policy Updates
We may update this Privacy Policy to reflect:
- Changes to Thai data protection laws (PDPA amendments or regulations)
- New services or business practices
- Technology updates affecting data processing
- Feedback from regulatory authorities or data subjects
18.2 Notification of Material Changes
For material changes (e.g., new data uses, new third-party disclosures, reduced protections), we will:
- Update the “Last Updated” date at the top of this policy
- Email active clients at least 30 days before changes take effect
- Post a prominent notice on our website homepage
- Request renewed consent if required by PDPA (e.g., for new purposes)
18.3 Notification of Minor Changes
For minor changes (e.g., clarifications, formatting updates, contact information updates), we will:
- Update the “Last Updated” date
- Post the revised policy on our website
18.4 Your Options
If you disagree with material changes:
- You may withdraw consent for processing based on consent
- You may object to processing based on legitimate interests
- You may terminate services (subject to contractual obligations)
Continued use of our services after changes take effect constitutes acceptance of the updated policy.
19. CONTACT US
19.1 Privacy-Related Inquiries
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: info@muaythaivisathailand.com
WhatsApp: +66 62-978-9141
Phone: Available via WhatsApp or email request
19.2 Data Protection Officer
Our Data Protection Officer (DPO) is responsible for:
- Monitoring PDPA compliance
- Advising on data protection matters
- Investigating data breaches or complaints
- Serving as a point of contact with PDPC
Contact DPO: info@muaythaivisathailand.com (marked “Attention: DPO”)
19.3 Mailing Address
For written correspondence:
Muay Thai Visa Thailand (MTVT)
Attention: Privacy / Data Protection Officer
168 Soi Sannibat Tessaban 1
Chan Kasem Subdistrict, Chatuchak District
Bangkok 10900, Thailand
19.4 Response Time
We will acknowledge your inquiry within 5 business days and provide a substantive response within 30 days (or explain if more time is needed due to complexity).
20. REGULATORY AUTHORITY
20.1 Personal Data Protection Committee (PDPC)
The PDPC is Thailand’s data protection authority responsible for enforcing the PDPA.
Contact PDPC:
- Website: https://www.pdpc.or.th
- Email: contact@pdpc.or.th (verify current contact on official website)
- Phone: Check the official PDPC website for current contact numbers
20.2 When to Contact PDPC
Contact the PDPC if:
- You are unsatisfied with our response to your complaint
- You believe we violated your PDPA rights
- You have concerns about our data protection practices
- You want to file a formal complaint
Note: We encourage you to contact us first so we can address your concerns directly.
21. LEGAL DISCLOSURES
21.1 Legal Framework
This Privacy Policy is governed by:
- Personal Data Protection Act B.E. 2562 (2019) (PDPA)
- PDPC Notifications and Guidelines
- Computer-Related Crime Act B.E. 2550 (2007)
- Other applicable Thai laws
21.2 Language
This Privacy Policy is provided in English. If translated into other languages for convenience:
- The English version controls in case of conflict or ambiguity
- Translations are for reference only
21.3 Severability
If any provision of this policy is found to be unenforceable:
- The remaining provisions continue in full effect
- The unenforceable provision is reformed to the minimum extent necessary to make it enforceable
22. ACKNOWLEDGMENT AND CONSENT
By using our website, submitting an application, or engaging our services, you acknowledge that:
✓ You have read and understood this Privacy Policy in its entirety
✓ You understand what personal data we collect and why
✓ You understand how we use, store, and protect your data
✓ You are aware of your rights under Thailand’s PDPA and how to exercise them
✓ You consent to the processing of your personal data as described in this policy, to the extent consent is required
✓ For sensitive personal data (health information), you provide explicit consent separately
✓ You understand you can withdraw consent at any time without penalty (though this may affect services)
✓ You have had the opportunity to ask questions or seek clarification before providing data