Logo
HomeNewsAboutServiceProjectCareers

Home

News

About

Service

Project

Careers

Privacy Policy for Happy Three Creation

Last Updated: July 29, 2025

At Happy Three Creation, we are deeply committed to protecting your privacy and handling your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA), Thailand's comprehensive data protection law. This Privacy Policy explains what information we collect from our website users, how we use it, and the steps we take to ensure your personal data is handled responsibly, in full compliance with Thai legal requirements.

1. Who We Are

Happy Three Creation Co., Ltd. is a creative agency providing [mention your core services, e.g., web design, graphic design, digital marketing]. We are the Data Controller responsible for the personal data collected through this website.

2. What Information We Collect (Types of Personal Data)

Under the PDPA, "Personal Data" is broadly defined as any information relating to a person which enables the identification of such person, whether directly or indirectly. We may collect various types of information from you when you visit our website, depending on how you interact with our services:

  • Personal Identifiable Information (Directly Identifiable Data): This includes information you voluntarily provide to us when you interact with our forms or services, such as:

    • Name

    • Email address

    • Phone number

    • Company name

    • Any other details you provide when you fill out contact forms, subscribe to newsletters, request quotations, or make inquiries about our services.

  • Usage Data (Indirectly Identifiable Data): When you browse our website, we automatically collect certain technical information about your device and your visit. This data is collected through server logs and analytics tools and may include:

    • Your IP address

    • Browser type and version

    • Operating system

    • Referring/exit pages

    • Pages viewed on our site

    • Dates and times of your visits

    • Time spent on certain pages

    • Clickstream data This data helps us understand how our website is used and how we can improve it.

  • Cookies and Similar Technologies: As detailed in our separate Cookie Policy, we use cookies to enhance your experience. While cookies themselves may not directly identify you, personal information we store about you may be linked to the information stored in and obtained from cookies. We will obtain your explicit consent for the use of non-essential cookies.

We do not intentionally collect "Sensitive Personal Data" (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data) through our website. If you believe you have inadvertently provided such data, please contact us immediately so we can take appropriate steps to address it.

3. Legal Basis for Processing Your Information (PDPA Compliance)

Under the PDPA, we process your personal data based on specific legal grounds. These include:

  • Consent: Where you have given explicit, freely given, specific, informed, and unambiguous consent for one or more specific purposes (e.g., subscribing to our newsletter, accepting non-essential cookies, agreeing to direct marketing). You have the right to withdraw your consent at any time, easily and without affecting the lawfulness of processing based on consent before its withdrawal.

  • Contractual Obligation: When processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract (e.g., responding to your service inquiry, processing a project request, providing our services to you).

  • Legitimate Interest: When processing is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your fundamental rights and freedoms (e.g., for website security, analytics to improve our services, direct marketing where permissible by law and you haven't opted out). We will always conduct a legitimate interest assessment to ensure your rights are protected.

  • Legal Obligation: When processing is necessary for compliance with a legal obligation to which Happy Three Creation is subject (e.g., tax regulations, government requests, compliance with PDPA).

  • Vital Interest: When processing is necessary to prevent or suppress a danger to a person's life, body, or health.

  • Public Interest: When processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority.

4. How We Use Your Information (Purposes of Processing)

We use the information we collect for the following purposes:

  • To Provide and Improve Our Services: To respond to your inquiries, provide you with the information or services you request, manage your projects, process your orders, and continuously improve the functionality, user experience, and content of our website and offerings.

  • To Communicate With You: To send you updates, newsletters, marketing communications (if you have opted in), and important notices related to your interactions with us.

  • For Analytics and Research: To analyze usage data, track trends, and gather demographic information to optimize our website, identify popular content, and make informed decisions about our services. This helps us understand how our website is used and how we can enhance it.

  • To Ensure Security: To protect our website and your information from unauthorized access, use, or disclosure, and to detect and prevent fraudulent activities.

  • To Comply with Legal Obligations: To fulfill our obligations under Thai laws, regulations, and legal processes, including the PDPA.

5. How We Share Your Information (Disclosure of Personal Data)

We will not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances, always ensuring adherence to PDPA requirements:

  • With Service Providers (Data Processors): We may engage trusted third-party service providers to perform functions on our behalf, such as website hosting, analytics, email delivery, customer relationship management (CRM) systems, and payment processing (if applicable). These providers are "Data Processors" under the PDPA and will only have access to the information necessary to perform their services. We ensure that these processors are contractually bound to keep your information confidential and to comply with PDPA standards and other applicable data protection laws.

  • For Legal Reasons: We may disclose your information if required to do so by Thai law, in response to a court order, or when we believe it's necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

  • With Your Explicit Consent: We may share your information with other third parties when we have obtained your explicit and specific consent to do so.

  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction, provided the acquiring entity commits to protecting your data in accordance with the PDPA and this Privacy Policy.

6. Cross-Border Data Transfer

In some cases, your personal data may be transferred to, and stored at, a destination outside of Thailand (e.g., if our cloud service providers' servers are located outside Thailand). We will only transfer personal data out of Thailand to countries or organizations that have adequate data protection standards or where appropriate safeguards are in place, as required by the PDPA. These safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities.

  • Binding Corporate Rules (BCRs).

  • Your explicit consent after being informed of the potential risks of such transfers.

7. Data Security

We implement robust technical, administrative, and physical measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction, in line with PDPA requirements. These measures include, but are not limited to:

  • Encryption of data in transit and at rest where appropriate.

  • Access controls and authentication procedures for our systems.

  • Regular security assessments and vulnerability testing.

  • Employee training on data protection and privacy best practices.

  • Maintaining up-to-date security software and firewalls.

While we strive to protect your personal data, please remember that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal data transmitted to our website. Any transmission of personal data is at your own risk.

8. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period for different types of personal data varies depending on the purpose of processing and legal obligations.

When your personal data is no longer required for these purposes, or when your consent is withdrawn and there is no other legal basis for processing, we will securely delete or anonymize it in a manner that prevents its retrieval or reconstruction.

9. Your Rights as a Data Subject (Under PDPA)

As a data subject under the PDPA, you have significant rights regarding your personal information. We are committed to facilitating the exercise of these rights:

  • Right to Access: You have the right to request access to and obtain a copy of your personal data that we hold about you.

  • Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data we hold about you.

  • Right to Erasure (Right to Be Forgotten): You have the right to request the deletion or de-identification of your personal data in certain circumstances (e.g., when it's no longer necessary for the purpose collected, or you withdraw consent and there is no other legal basis for processing, or when the data was unlawfully processed).

  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data in certain situations (e.g., while we verify its accuracy, or if you object to processing based on legitimate interest, or if processing is unlawful but you do not want erasure).

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller, where technically feasible and the processing is based on consent or contract, and carried out by automated means.

  • Right to Object: You have the right to object to the collection, use, or disclosure of your personal data in certain circumstances, particularly for direct marketing purposes or processing based on legitimate interest (unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims).

  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) if you believe your PDPA rights have been violated.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within the timeframe stipulated by the PDPA (generally within 30 days, or as otherwise prescribed by law). We may need to verify your identity before processing your request.

10. Links to Other Websites

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Children's Privacy

Our website is not intended for individuals under the age of 10. We do not knowingly collect personal data from children under 10. If we become aware that we have collected personal data from a child under 10 without verifiable parental consent, we will take steps to remove that information from our servers. If you believe we might have any information from or about a child under 10, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or for other operational, legal, or regulatory reasons, including to remain compliant with the PDPA. We will post any updates on this page, and the "Last Updated" date will be indicated at the top of the policy. We encourage you to review this Privacy Policy periodically. Your continued use of the website after the revised Policy has been posted signifies your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices in relation to the PDPA, please do not hesitate to contact our team at:

Happy Three Creation Co., Ltd. 47/71 Edelweiss Villa, Soi Ramkhamhaeng 102, Sapansoong, Bangkok 10240 Thailand

Email: [email protected]

Phone: +66 81 452 9936