EN | ไทย
Get in Touch

Privacy Policy and Data Protection Statement for LevelMark Accounting.

Last Updated: January 25, 2026

Welcome to LevelMark Accounting. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, and safeguard your data in compliance with the Thai Personal Data Protection Act B.E. 2562 (PDPA) and the EU General Data Protection Regulation (GDPR).

1. Data Controller

1. Data Controller

The Data Controller responsible for your personal information is:
LevelMark Accounting Co., Ltd.
30 Soi Sukhumvit 61 (Sethabut)
Khlong Tan Nuea, Vadhana, Bangkok 10110
Email: info@lmaccfirm.com

2. Collection of Personal Data

We adhere to a "Data Minimization" principle. We only collect information that you voluntarily provide to us via our Contact Form. This includes:

  • Full Name
  • Email Address
  • Message content (and any personal details contained therein)

We do not collect browsing history, IP addresses for tracking, or behavior analytics.

3. Cookie Policy (Zero-Cookie Website)

We do not use cookies.
This website is designed as a "Stateless Static Application". We do not install analytical, tracking, or marketing cookies on your device. Therefore, browsing our site is completely anonymous and does not require a Cookie Consent Banner.

4. Purpose and Lawful Basis

We process your data based on Consent (Section 19 PDPA / Article 6(1)(a) GDPR).

Our contact form requires you to provide clear, specific consent before submission through separate checkboxes:

  • Required: I consent to LevelMark processing my contact information (name, email, message) to respond to my inquiry and provide preliminary consultation.
  • Optional: I consent to receive occasional service updates, tax alerts, and newsletters relevant to accounting and business compliance in Thailand.

Your consent is:

  • Freely given and informed (we explain each purpose clearly)
  • Granular (separate boxes for different purposes)
  • Documented (we record timestamp and consent version)
  • Revocable at any time via email to info@lmaccfirm.com

We do not use pre-ticked boxes. We do not process your data for purposes beyond those you explicitly consented to. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with the Thai Revenue Code and PDPA requirements.

Specific retention periods:

  • Contact form inquiries (no business relationship): 1 year from last contact
  • Client accounting records: Minimum 5 years after engagement ends (Revenue Code Section 12)
  • Tax documents and related correspondence: 10 years (Revenue Code Section 3)
  • Consent records and DSAR requests: 3 years after consent withdrawal or request resolution
  • Marketing communications opt-in: Until withdrawal of consent

After the retention period expires, we securely delete or anonymize your data unless legal obligations require longer storage. You may request earlier deletion subject to our legal retention obligations.

6. Data Sharing and Security

We do not sell, trade, or rent your personal identification information to others. Your data is protected through comprehensive security measures:

  • Technical Safeguards: HTTPS/SSL encryption for data in transit and encryption for data at rest.
  • Organizational Safeguards: Strict access controls based on need-to-know principle and confidentiality obligations.
  • Physical Safeguards: Secure office premises and storage.

7. Cross-Border Data Transfers

In certain circumstances, we may need to transfer your personal data outside Thailand to service providers (e.g., secure email hosting or cloud infrastructure). All international data transfers comply with Sections 28-29 of the PDPA and the PDPC Notification on Cross-Border Data Transfers (effective March 24, 2024).

We ensure adequate protection through ONE or more of the following legal mechanisms:

  1. Transfer to countries with adequate data protection standards (once the PDPC publishes the approved countries list); OR
  2. Implementation of Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the PDPC; OR
  3. Your explicit consent for the specific cross-border transfer, obtained at the time of data collection.

Where we use international service providers, we conduct due diligence to ensure they maintain security standards equivalent to those required under Thai law.

8. Your Rights

Under the PDPA (Sections 30-38) and GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data we hold.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("Right to be Forgotten").
  • Right to Restriction of Processing: Request temporary suspension of processing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Revoke consent at any time without affecting prior lawful processing.

How to Exercise Your Rights:
To exercise any of these rights, please submit a written request to:
Email: info@lmaccfirm.com
Subject line: "Data Subject Access Request - [Your Name]"

Limitations:
Certain rights may be limited by law. For example, we cannot delete data if we are legally required to retain it under the Thai Revenue Code (5-10 years retention for accounting records). We will inform you if any limitations apply to your request.

9. Data Breach Notification

In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify the Office of the Personal Data Protection Committee (PDPC) without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without delay.

We maintain a documented Data Breach Response Plan that guides our internal procedures for detection, assessment, containment, and notification of personal data breaches.

10. Children's Data

Our services are intended for adults and businesses only. We do not knowingly collect personal data from individuals under 10 years of age without parental consent. If we become aware of such collection, we will take immediate steps to delete the information.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects. All decisions regarding your inquiries are made by qualified human professionals.

12. Response Timeframes

We strive to respond to all legitimate requests within 30 days. If your request is particularly complex, it may take longer, in which case we will notify you and keep you updated.

13. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Office of the Personal Data Protection Committee (PDPC) of Thailand.

14. Changes to This Policy

We recognize that transparency is an ongoing responsibility. We will keep this privacy notice under regular review. Any changes will be posted on this page with an updated revision date.

15. Data Protection Contact

For all data protection inquiries, please contact:
Data Protection Coordinator
Email: info@lmaccfirm.com