Privacy Policy

Introduction

varunaosi recognizes the importance of protecting personal information provided by individuals who engage with our consulting services. This Privacy Policy outlines how we collect, use, store, and protect personal data in accordance with applicable data protection regulations, including Thailand's Personal Data Protection Act (PDPA) and relevant international standards.

By submitting personal information through our website, email communications, or during consulting engagements, you acknowledge having read and understood this policy. Questions regarding data handling practices may be directed to [email protected].

Information We Collect

Personal Information Provided Directly

We collect information you voluntarily provide when inquiring about services, engaging our consulting team, or subscribing to communications. This includes name, email address, phone number, job title, company name, and any details included in messages or inquiry forms.

Engagement-Related Information

During consulting engagements, we may collect organizational information relevant to service delivery, including operational data, strategic documents, and stakeholder interview notes. Collection occurs only with explicit authorization and remains subject to confidentiality agreements governing the engagement.

Automatically Collected Information

Our website uses standard server logs that record IP addresses, browser types, referring pages, and access times. This technical information helps us understand site usage patterns and improve user experience. We employ analytics services that may use cookies to collect aggregated, non-personally identifiable data about visitor behavior.

How We Use Your Information

Personal information serves the following purposes:

• Responding to service inquiries and providing requested information about consulting offerings
• Scheduling consultations and managing engagement logistics
• Delivering contracted consulting services and related support
• Sending relevant communications about services, subject to opt-out preferences
• Improving website functionality and user experience through analysis
• Complying with legal obligations and responding to legitimate requests from authorities

We do not use personal information for purposes materially different from those disclosed at collection time without obtaining additional consent.

Legal Basis for Processing

Under applicable data protection law, we process personal information based on:

• Consent: When you voluntarily provide information through contact forms or subscribe to communications
• Contract Performance: When processing is necessary to deliver requested consulting services
• Legitimate Interests: For business operations, service improvement, and fraud prevention, provided these interests do not override your rights
• Legal Compliance: When required by applicable law or regulation

Data Retention

Personal information is retained only as long as necessary for the purposes outlined in this policy or as required by applicable law. Inquiry information not leading to engagement is typically deleted within 24 months. Engagement-related data is retained for the duration of the consulting relationship plus six years to fulfill legal obligations and defend potential claims. Upon request or when retention is no longer justified, we securely delete or anonymize personal information.

Information Sharing and Disclosure

We do not sell, rent, or trade personal information. Limited sharing occurs in these circumstances:

• Service Providers: Third parties providing technical infrastructure, data storage, or administrative support under contractual confidentiality obligations
• Professional Advisors: Legal counsel, accountants, or auditors when necessary for business operations, subject to professional confidentiality requirements
• Legal Requirements: Government agencies or legal authorities when required by law, court order, or legitimate regulatory request
• Business Transfers: Prospective acquirers in the event of merger, acquisition, or asset sale, with appropriate safeguards

Data Security Measures

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. Security practices include:

• Encryption of data in transit using industry-standard protocols
• Access controls limiting data availability to authorized personnel
• Regular security assessments and vulnerability testing
• Staff training on data protection responsibilities
• Incident response procedures for addressing potential breaches

While we employ reasonable security measures, no internet transmission or storage system is completely secure. We cannot guarantee absolute protection but continuously work to maintain appropriate safeguards.

Your Data Protection Rights

Subject to applicable law, you have the following rights regarding your personal information:

• Access: Request confirmation of what personal information we hold and obtain a copy
• Rectification: Correct inaccurate or incomplete personal information
• Erasure: Request deletion of personal information under certain circumstances
• Restriction: Limit processing of personal information in specific situations
• Portability: Receive personal information in a structured, commonly used format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke previously granted consent for processing

To exercise these rights, contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable law. You also have the right to lodge a complaint with the relevant data protection authority if you believe your rights have been violated.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality and understand usage patterns. Categories include:

• Essential Cookies: Necessary for basic site functionality and cannot be disabled
• Analytics Cookies: Help us understand how visitors interact with the site
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings or our cookie consent tool. Detailed information about our cookie practices is available in our Cookie Policy.

International Data Transfers

Personal information may be transferred to and processed in jurisdictions outside Thailand where our service providers operate. When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities or verification that the receiving country provides adequate data protection. You may request information about the safeguards we employ for international transfers by contacting us.

Children's Privacy

Our services are directed to business organizations and professionals. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated through prominent notice on our website or direct communication to affected individuals. The "Last Updated" date at the top of this policy indicates when the most recent modifications were made. Continued use of our services after policy updates constitutes acceptance of the revised terms.

Contact Information

Questions, concerns, or requests regarding this Privacy Policy or our data handling practices should be directed to: