Legal Document
Privacy Policy
Last Updated: 15 January 2026 · Effective: 15 January 2026
1. Introduction
Themisra ("we", "us", "our") is committed to protecting the personal data of every individual who interacts with our practice. This Privacy Policy describes the personal data we collect, the purposes for which we use it, how we protect it, and the rights available to you under applicable data protection law.
Themisra operates from Bangkok, Thailand and is subject to Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA"). Where clients or website visitors are located in the European Union, the General Data Protection Regulation (GDPR) may also apply. We extend PDPA-level protections to all individuals whose data we process, regardless of location.
If you have any questions regarding this policy or your personal data, please contact us at [email protected].
2. Data We Collect
Contact and Identity Data
When you contact us, submit an enquiry form, or engage our services, we may collect: your name, email address, telephone number, nationality, passport details (where required for immigration services), and business name where relevant.
Matter Data
For the purposes of delivering our services, we collect and process information relevant to your legal matter — including correspondence, documents provided by you, government-issued records (with your consent), and notes arising from meetings and assessments.
Website Usage Data
When you visit our website, we may collect technical data including your IP address, browser type, device type, pages visited, and time spent on pages. This data is collected via cookies and analytics tools.
3. Legal Basis for Processing
We process personal data on the following legal bases under the PDPA:
- Contract performance: processing necessary to deliver the legal services you have engaged us for
- Consent: for optional communications and analytics cookies, where you have provided consent
- Legitimate interest: for general business operations, security, and service improvement
- Legal obligation: where processing is required to comply with applicable Thai law
4. How We Use Your Data
- To provide, administer, and improve our legal services
- To respond to enquiries and maintain client communication
- To prepare and manage legal documentation and filings
- To coordinate with relevant government departments on your behalf
- To send service-related communications and updates
- To operate and maintain the security of our website
- To comply with Thai legal obligations and regulatory requirements
5. Data Retention
We retain personal data for as long as necessary to fulfil the purpose for which it was collected, or as required by Thai law. Client matter files are retained for a minimum of seven years following closure of the engagement, in line with standard legal practice requirements. Contact enquiries that do not lead to an engagement are retained for twelve months before deletion.
6. Data Sharing
We do not sell personal data to third parties. We may share data with:
- Thai government departments and agencies where required for your matter (e.g. Ministry of Labour, Immigration Bureau, Department of Intellectual Property)
- Translation and notarisation service providers where engaged for your matter
- Website analytics providers (where you have consented to analytics cookies)
- Professional indemnity insurers and auditors as required for practice compliance
All third parties with whom we share data are required to process it in accordance with applicable data protection law.
7. Data Security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or loss. These measures include: encrypted file storage and transmission, access controls limiting internal data access to practitioners working on a given matter, and secure disposal procedures for physical documents.
8. Cookies
Our website uses essential cookies necessary for basic functionality and optional analytics cookies to understand how visitors engage with our content. For full information on our cookie practices, please see our Cookie Policy.
9. Your Rights
Under the PDPA, and where applicable the GDPR, you have the following rights regarding your personal data:
- Right of access: to receive a copy of the personal data we hold about you
- Right to rectification: to request correction of inaccurate or incomplete data
- Right to erasure: to request deletion of your data where no legal retention requirement applies
- Right to restrict processing: to request that we limit processing in certain circumstances
- Right to data portability: to receive your data in a structured, machine-readable format
- Right to object: to object to processing carried out on legitimate interest grounds
- Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Individuals in Thailand may also contact the Personal Data Protection Committee if they believe their rights have not been respected.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and recommend that you review their privacy policies directly.
11. Children's Privacy
Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe we have inadvertently done so, please contact us immediately at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any material changes will be published on this page with a revised "Last Updated" date. Continued use of our website or services following such updates constitutes acceptance of the revised policy.
13. Contact
For privacy-related enquiries, contact us at:
Email: [email protected]
Address: 23/5 Phetchaburi Road, Thung Phaya Thai, Ratchathewi, Bangkok 10400, Thailand
Telephone: +66 2 354 9286