Privacy Policy – Expat Hub TH
Privacy Policy
Effective Date: 1 January 2025 | Last Updated: 1 January 2025
This Privacy Policy describes how Expat Hub TH (operated by SOLAFIDE ENDEAVORS INC., hereinafter referred to as “we,” “us,” or “our”) collects, uses, stores, discloses, and protects personal data obtained through the website hitomorrowthailand.com (the “Website”). We are committed to safeguarding your privacy and handling your personal data in a transparent, lawful, and responsible manner.
This policy has been prepared in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) of Thailand, and reflects our obligations as a data controller operating a website accessible to individuals located in Thailand and internationally.
Please read this Privacy Policy carefully before using our Website or submitting any personal information to us. By accessing or using the Website, you acknowledge that you have read, understood, and agree to the practices described herein.
1. Who We Are
Data Controller:
- Trading Name: Expat Hub TH
- Legal Name: SOLAFIDE ENDEAVORS INC.
- Website: hitomorrowthailand.com
- Address: 8900 Warwick Shore Xing, Orlando, Florida, 32829-8029, United States
- Phone: +13148601469
- Email: [email protected]
As the data controller, we determine the purposes and means by which your personal data is processed. If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact us using the details provided above or in Section 14 of this policy.
2. Personal Data We Collect
We collect personal data that you voluntarily provide to us, as well as certain technical data that is automatically generated when you visit the Website. The categories of personal data we collect include:
2.1 Data You Provide Directly
When you complete and submit a contact form on the Website, we collect the following information:
- Full Name – to identify and address you appropriately in our response.
- Email Address – to reply to your inquiry and communicate with you electronically.
- Phone Number – to contact you by telephone if required or if you have requested a call-back.
- Message Content – the content of your inquiry, question, or request, which may include any additional personal details you choose to share.
We encourage you not to include sensitive personal data (as defined under the PDPA, such as health information, financial account details, or identification numbers) in the free-text message field unless strictly necessary for your inquiry.
2.2 Automatically Collected Technical Data
When you visit the Website, our servers and third-party tools may automatically collect certain technical information, including:
- IP Address – used for security, fraud prevention, and approximate geographic location.
- Browser Type and Version – to ensure Website compatibility.
- Operating System – for technical diagnostics.
- Referring URL – the page or link that directed you to our Website.
- Pages Visited and Time Spent – to understand user behaviour and improve Website content.
- Date and Time of Access – for security logging and analytics.
This technical data is generally collected through cookies and similar tracking technologies, described further in Section 5 below.
2.3 Data We Do Not Collect
We do not intentionally collect sensitive personal data (also referred to as “special categories” of data under the PDPA), including racial or ethnic origin, political opinions, religious or philosophical beliefs, criminal records, health data, disability information, trade union membership, genetic or biometric data, or sexual behaviour or orientation, through our Website forms or general browsing. If you voluntarily include such information in a message, we will treat it with the highest level of care and will not process it beyond what is necessary to respond to your inquiry.
3. Legal Basis for Processing
Under the Personal Data Protection Act B.E. 2562 (Thailand), we are required to have a lawful basis for processing your personal data. Depending on the context, we rely on the following legal grounds:
- Consent (Section 19 PDPA): Where you have freely, specifically, and unambiguously given consent — for example, by submitting a contact form or opting in to optional analytics cookies — we process your data on the basis of that consent. You have the right to withdraw consent at any time.
- Legitimate Interests (Section 24(5) PDPA): We may process certain technical and usage data based on our legitimate interests in maintaining the security and performance of our Website, preventing fraud, and improving our services, provided such interests are not overridden by your rights and freedoms.
- Contractual Necessity: If you engage with us to receive services, we may process your personal data to the extent necessary to fulfil any agreement or pre-contractual steps you have requested.
- Legal Obligation: We may process and retain certain personal data to comply with applicable Thai law, regulations, or orders from competent authorities.
4. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- Responding to Inquiries: To read, process, and respond to messages submitted through the contact form.
- Communication: To contact you via email or telephone in connection with your inquiry, including follow-up communications.
- Service Delivery: To provide information about expatriate resources, services, and opportunities in Thailand that are relevant to your inquiry.
- Website Improvement: To analyse how visitors interact with the Website so we can enhance usability, content, and performance.
- Security and Fraud Prevention: To monitor and protect the Website against malicious activity, unauthorised access, and technical vulnerabilities.
- Legal Compliance: To meet our obligations under Thai law and any applicable international regulations.
- Record Keeping: To maintain appropriate records of communications and transactions for administrative and compliance purposes.
We will not use your personal data for automated decision-making or profiling that produces significant legal or similarly significant effects on you, without your explicit consent or another lawful basis.
5. Cookies and Tracking Technologies
The Website uses cookies and similar technologies to improve your browsing experience and to collect anonymous statistical information about how the Website is used. A cookie is a small text file placed on your device when you visit a website.
5.1 Types of Cookies We Use
- Strictly Necessary / Functional Cookies: These cookies are essential for the Website to operate correctly. They enable core features such as page navigation, form submission, and security. These cookies cannot be disabled without impairing Website functionality. No consent is required for strictly necessary cookies under Thai law, as they are technically essential.
- Analytics Cookies (Optional): With your consent, we may use optional analytics cookies to collect anonymised data about how visitors use the Website — such as which pages are most visited, how long users spend on each page, and where traffic originates. This data helps us improve the Website's content and structure. You may opt out of analytics cookies at any time through our cookie consent tool or your browser settings.
5.2 Managing Cookies
You can control and manage cookies through your web browser settings. Most browsers allow you to:
- View which cookies are stored on your device and delete them individually or in bulk.
- Block third-party cookies.
- Block cookies from specific websites.
- Block all cookies from being set.
- Delete all cookies when you close your browser.
Please note that restricting cookies may affect the functionality of the Website. For more information on managing cookies, visit www.allaboutcookies.org.
5.3 Cookie Consent
In accordance with the PDPA, we obtain your consent before placing non-essential cookies on your device. When you first visit the Website, a cookie consent banner will be displayed, giving you the option to accept or decline optional analytics cookies. Your preference will be stored for a reasonable period so you are not asked repeatedly.
6. Third-Party Services and Data Sharing
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. However, we do engage certain trusted third-party service providers that may process personal data on our behalf or independently as part of delivering their services to the Website. These include:
6.1 Google Fonts
The Website uses Google Fonts, a service provided by Google LLC (USA). When you visit a page using Google Fonts loaded from Google's servers, your browser automatically sends your IP address and browser information to Google. Google Fonts is used solely for typographic rendering purposes. We do not control how Google processes this data. We encourage you to review Google's Privacy Policy for more information.
6.2 Tailwind CSS CDN
The Website may load Tailwind CSS stylesheet resources via a Content Delivery Network (CDN). CDN requests may log your IP address and technical metadata for performance and security purposes. Such data is generally processed by the CDN provider in accordance with their privacy practices.
6.3 Web Hosting Provider
Our Website is hosted on servers managed by a third-party web hosting provider. Your data, including form submissions and server logs, may be stored on their infrastructure. Our hosting provider is contractually bound to maintain appropriate security and confidentiality standards.
6.4 Email Service Provider
Contact form submissions may be transmitted to us via an email service provider. Personal data included in form submissions (name, email, phone, message) may pass through such provider's infrastructure. We take steps to ensure these providers offer adequate data protection safeguards.
6.5 Disclosure to Authorities
We may disclose your personal data to governmental authorities, regulators, law enforcement bodies, or courts when required to do so by applicable Thai law, court order, or legal process, or where such disclosure is necessary to protect our legal rights or the safety of individuals.
In all cases where we share your data with third parties acting as our data processors, we require them to implement appropriate technical and organisational safeguards and to process data only in accordance with our documented instructions.
7. International Data Transfers
As a business operating a website accessible globally and using third-party service providers based outside Thailand (including providers in the United States), your personal data may be transferred to, stored in, or processed in countries other than Thailand.
Under the PDPA (Section 28–29), personal data may only be transferred to a foreign country if that country has adequate data protection standards, or if appropriate safeguards are in place, or if one of the permitted exceptions applies (including your explicit consent).
When we transfer your personal data internationally, we take steps to ensure that:
- The receiving country provides an adequate level of data protection as recognised by the relevant Thai authority, or
- Appropriate contractual safeguards (such as data transfer agreements) are in place between us and the recipient, or
- The transfer is covered by your explicit consent after you have been informed of the possible risks.
For transfers to Google (in connection with Google Fonts or other Google services), these are governed by Google's standard contractual clauses and their compliance with applicable international data protection frameworks.
8. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our specific retention periods are as follows:
- Contact Form Submissions (name, email, phone, message): Retained for a period of 24 months (2 years) from the date of submission, or until the matter is fully resolved — whichever comes later. After this period, data will be securely deleted or anonymised.
- Server and Access Logs: Retained for up to 90 days for security monitoring and technical diagnostic purposes, after which they are automatically purged.
- Cookie Consent Records: Retained for up to 12 months or until you withdraw your consent, to maintain evidence of consent as required by law.
- Legal and Compliance Records: Where we are required by Thai law or regulation to retain records for a specific period (for example, under accounting, tax, or consumer protection laws), we will comply with those statutory retention requirements.
When personal data is no longer required, it is securely deleted, anonymised, or destroyed in a manner that prevents reconstruction or identification.
9. Your Rights Under Thai Law (PDPA)
The Personal Data Protection Act B.E. 2562 (2019) grants you a range of rights in relation to your personal data. We are committed to respecting and facilitating the exercise of these rights. Your rights include:
- Right to be Informed (Section 23 PDPA): You have the right to be informed about how your personal data is collected and used, which is the purpose of this Privacy Policy.
- Right of Access (Section 30 PDPA): You have the right to request confirmation of whether we hold personal data about you, and to obtain a copy of that data, along with information about how it is processed.
- Right to Data Portability (Section 31 PDPA): Where technically feasible, you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another data controller.
- Right to Rectification (Section 35 PDPA): You have the right to request correction of inaccurate, incomplete, or outdated personal data that we hold about you.
- Right to Erasure / Right to be Forgotten (Section 33 PDPA): You have the right to request the deletion or destruction of your personal data when it is no longer necessary for the purposes for which it was collected, when consent is withdrawn and there is no other legal basis, or when the data has been unlawfully processed.
- Right to Restrict Processing (Section 34 PDPA): You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of data you have disputed.
- Right to Object (Section 32 PDPA): You have the right to object to the processing of your personal data where processing is based on legitimate interests, or for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your rights under the PDPA have been violated. Contact information for the PDPC is available at the Office of the Personal Data Protection Committee, Ministry of Digital Economy and Society, Thailand.
To exercise any of the above rights, please contact us using the details in Section 14. We will respond to your request within 30 days of receipt, in accordance with the PDPA. In complex or high-volume cases, we may extend this period by a further 60 days, in which case we will notify you within the initial 30-day period and explain the reason for the extension.
We may request that you verify your identity before processing certain requests, in order to protect your personal data from unauthorised access or modification.
10. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, alteration, disclosure, or misuse. Our security measures include:
- SSL/TLS Encryption: All data transmitted between your browser and our Website is encrypted using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocols. You can verify this by the padlock icon and “https://” prefix in your browser's address bar.
- Access Controls: Access to personal data is restricted to authorised personnel who require it to fulfil their professional responsibilities. We apply the principle of least privilege.
- Secure Storage: Personal data is stored on secure servers with appropriate physical and logical access controls.
- Regular Security Reviews: We periodically review our information security practices and update them in response to emerging threats and vulnerabilities.
- Staff Awareness: Personnel with access to personal data are made aware of their data protection obligations and trained accordingly.
- Vendor Assessment: We assess the security practices of third-party service providers before engaging them to process personal data on our behalf.
Despite our best efforts, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the PDPC within 72 hours of becoming aware of the breach, and we will inform affected individuals without undue delay, in accordance with Section 37 of the PDPA.
11. Children's Privacy
The Website is not directed at, nor intended for use by, children under the age of 20 years (the age of majority in Thailand). We do not knowingly collect personal data from minors. Under the PDPA, the processing of personal data from minors (persons under 20 who are not emancipated) requires the consent of a parent or legal guardian.
If you are under 20 years of age, please do not submit any personal data through our contact form or any other feature of the Website without the consent and supervision of a parent or legal guardian.
If we become aware that we have inadvertently collected personal data from a person under 20 without appropriate parental consent, we will take immediate steps to delete such data from our records. If you believe that a minor has submitted personal data to us, please contact us at [email protected] so we can take appropriate action.
12. Links to Third-Party Websites
The Website may contain links to external websites, resources, or services operated by third parties. These links are provided for your convenience and information only. We have no control over the content, privacy practices, or data handling procedures of third-party websites, and this Privacy Policy does not apply to them.
We encourage you to review the privacy policies of any third-party websites you visit before providing any personal data. We accept no responsibility or liability for the privacy practices of third-party websites linked from our Website.
13. Changes to This Privacy Policy
We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our data practices, applicable law, or business operations. When we make material changes to this policy, we will:
- Update the “Last Updated” date at the top of this page.
- Post the revised Privacy Policy on this page with the new effective date.
- Where required by the PDPA or where the changes are significant, provide a prominent notice on the Website's homepage or send a notification to affected individuals via email (if we hold your email address in connection with an ongoing relationship).
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of the Website after any changes to this policy are posted constitutes your acceptance of those changes, to the extent permitted by applicable law.
If changes materially affect the way we process your personal data and we rely on your consent, we will seek fresh consent from you before applying the updated processing activities.
14. Contact Us – Privacy Inquiries
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our designated privacy contact using the details below. We aim to respond to all privacy-related inquiries promptly and no later than 30 days from receipt.
- Company: Expat Hub TH
- Legal Name: SOLAFIDE ENDEAVORS INC.
- Address: 8900 Warwick Shore Xing, Orlando, Florida, 32829-8029, United States
- Phone: +13148601469
- Email: [email protected]
- Website: hitomorrowthailand.com
If you are not satisfied with our response or believe that your personal data rights under the PDPA have been violated, you have the right to escalate your complaint to the Office of the Personal Data Protection Committee (PDPC):
- Authority: Personal Data Protection Committee (PDPC), Thailand
- Ministry: Ministry of Digital Economy and Society
- Website: www.pdpc.or.th
15. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of the Kingdom of Thailand, including the Personal Data Protection Act B.E. 2562 (2019) and any subordinate regulations, notifications, and guidelines issued thereunder by the Personal Data Protection Committee.
Any disputes arising from or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts of Thailand, unless otherwise required by applicable law.
This Privacy Policy was prepared for Expat Hub TH (SOLAFIDE ENDEAVORS INC.) operating at hitomorrowthailand.com. © 2025 SOLAFIDE ENDEAVORS INC.. All rights reserved.