Privacy Policy

Introduction

Cobalt Fern ("we," "our," or "us") is committed to protecting the privacy and security of personal information collected through our website and consulting services. This Privacy Policy explains how we collect, use, disclose, and protect information about individuals who visit our website or engage our services in Thailand and Southeast Asia.

This policy applies to all personal data processed by Cobalt Fern in connection with our business consulting services, including market entry assessments, operational streamlining engagements, and board-level strategy facilitation.

For questions regarding this Privacy Policy or our data practices, please contact us at [email protected].

Information We Collect

Personal Information

We collect personal information that you provide directly to us, including name, email address, phone number, company name, and job title when you submit contact forms, request consultations, or engage our services. During consulting engagements, we may also collect business information relevant to the project scope, such as financial data, operational metrics, or strategic planning materials.

Automatically Collected Information

When you visit our website, we automatically collect certain technical information, including IP address, browser type and version, operating system, referring URLs, pages viewed, and time spent on pages. This information is collected through cookies and similar technologies as described in our Cookie Policy.

Third-Party Sources

In some cases, we may receive information about you from third parties, such as business partners, research vendors, or publicly available sources, when conducting market research or due diligence as part of consulting engagements.

How We Use Your Information

We use collected information for the following purposes:

• Providing consulting services, including conducting research, analysis, and delivering recommendations
• Responding to inquiries and communicating about services, projects, and administrative matters
• Improving our website, services, and user experience through analytics
• Sending marketing communications about our services, with your consent where required
• Complying with legal obligations and protecting our rights and interests

The legal basis for processing your personal data includes performance of a contract (when you engage our services), legitimate business interests (for marketing and website improvement), consent (where applicable), and legal compliance.

Information Sharing and Disclosure

We do not sell personal information to third parties. We may share information in the following circumstances:

• With service providers who assist in operating our website, conducting business operations, or delivering services (such as web hosting, email services, or research vendors), under confidentiality agreements
• With professional advisors, including lawyers and accountants, when necessary for business operations
• When required by law, regulation, legal process, or governmental request
• To protect our rights, property, or safety, or that of our clients or others
• In connection with a business transaction, such as a merger or acquisition

Client project information is treated as confidential and is not disclosed to third parties without explicit permission, except as required to deliver contracted services or as required by law.

Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, secure server infrastructure, access controls limiting data access to authorized personnel only, and regular security assessments.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations (typically seven years for business records in Thailand), resolve disputes, and enforce agreements. Contact information is retained until you request deletion or unsubscribe from communications.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to collect information about your browsing activities. We use the following types of cookies:

• Essential cookies: Required for basic website functionality and cannot be disabled
• Analytics cookies: Help us understand how visitors interact with our website through services like Google Analytics
• Preference cookies: Remember your settings and choices for a better user experience

For more detailed information about our cookie usage and how to manage cookie preferences, please review our Cookie Policy.

Your Rights and Choices

Under applicable data protection laws, including Thailand's Personal Data Protection Act (PDPA), you have the following rights regarding your personal information:

• Right to access: Request confirmation of what personal data we hold about you and receive a copy
• Right to rectification: Request correction of inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data under certain circumstances
• Right to restrict processing: Request limitation of how we process your data
• Right to data portability: Receive your personal data in a structured, commonly used format
• Right to object: Object to processing of your personal data for certain purposes
• Right to withdraw consent: Withdraw consent for processing where consent is the legal basis
• Right to lodge a complaint: File a complaint with the Personal Data Protection Committee or relevant supervisory authority

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty days.

You may opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly. Please note that even if you opt out of marketing communications, we may still send you administrative messages related to our services.

Children's Privacy

Our services are directed to businesses and individuals age 18 and older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from someone under 18, we will take steps to delete such information promptly.

International Data Transfers

While we primarily operate in Thailand and Southeast Asia, some service providers we use may process data in other countries. When we transfer personal data outside Thailand, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your information in accordance with applicable data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: