Privacy Policy

1. Introduction

Windhollow ("we", "us", "our") is committed to protecting the personal data of individuals who use our financial education and advisory services. This policy explains how we collect, use, store, and protect your information in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

This policy applies to all services offered by Windhollow, including in-person sessions, online consultations, and website interactions. If you have any questions about this policy, please contact us at [email protected].

2. Data Controller

The data controller for personal information collected through Windhollow's services is:

• Windhollow
• 34/5 Soi Ekamai 12, Khlong Tan Nuea, Watthana, Bangkok 10110, Thailand
• Email: [email protected]
• Phone: +66 2 391 5823

3. What Personal Data We Collect

Depending on how you interact with Windhollow, we may collect the following categories of personal data:

• Contact information: name, email address, phone number
• Financial information disclosed during advisory sessions (insurance policies, income ranges, financial goals)
• Communication records: messages and enquiries sent via our website or email
• Session notes and written summaries (with your knowledge and consent)
• Technical data: IP address, browser type, and pages visited on our website (via cookies — see Section 8)

We only collect financial information that you voluntarily share in the course of advisory sessions. We do not access bank accounts, credit reports, or any external financial systems without your explicit consent.

4. How We Collect Personal Data

Personal data is collected through the following channels:

• Contact forms submitted through our website
• Email correspondence and telephone enquiries
• Information provided during in-person or online advisory sessions
• Documents or policies shared for the purpose of review (Insurance Portfolio Review service)
• Website analytics tools (with consent)

5. Legal Basis for Processing

We process your personal data on the following legal bases under the PDPA:

• Consent: when you submit an enquiry or book a service via our website
• Contractual necessity: to deliver the advisory service you have engaged us for
• Legitimate interests: for internal record-keeping, quality assurance, and follow-up communications directly related to a completed service
• Legal obligation: when required to disclose information under Thai law

6. How We Use Your Personal Data

Your personal data is used for the following purposes:

• Responding to enquiries and booking sessions
• Delivering financial education and advisory services
• Preparing and sending written session summaries and plan documents
• Communicating service-related updates and follow-on correspondence
• Improving the quality of our services through internal review
• Complying with applicable Thai laws and regulations

We do not use your personal data for marketing to third parties, profiling for advertising purposes, or any purpose unrelated to the services you engage with.

7. Data Sharing and Third Parties

Windhollow does not sell, rent, or trade personal data to any third party. Data may be shared in limited circumstances:

• With service providers who support our operations (email hosting, website hosting) — under contractual data protection obligations
• With legal or regulatory authorities if required by Thai law
• With your explicit consent, in any other circumstance

We do not share session content, financial disclosures, or any personal information with insurance companies, financial institutions, or product providers — ever.

8. Cookies

Our website uses cookies to understand how visitors interact with our content and to support basic site functionality. You can manage your cookie preferences at any time via our Cookie Policy page.

9. Data Retention

We retain personal data for the following periods:

• Enquiry and contact data: 12 months from last contact, unless a service engagement follows
• Session records and written deliverables: 5 years from the date of service
• Financial information shared in sessions: 5 years, held securely and accessible only to the advising practitioner
• Website analytics data: 13 months from collection

After the applicable retention period, data is securely deleted or anonymised.

10. Data Protection Measures

We take the security of your personal data seriously. Measures in place include:

• Password-protected, encrypted storage of digital session records
• Access limited to the advising practitioner and one administrative contact
• Secure email communications for sending written deliverables
• Regular review of data handling procedures
• Physical session notes stored in locked office files when applicable

In the event of a data breach that poses risk to your rights, we will notify you and the relevant Thai supervisory authority within the timelines required by the PDPA.

11. Your Rights Under the PDPA

Under Thailand's PDPA, you have the following rights in relation to your personal data:

• Right to access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion of your data where there is no legitimate reason for retention
• Right to data portability: request transfer of your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to restrict processing: request that we limit how we use your data in certain circumstances
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with Thailand's Personal Data Protection Committee (PDPC) if you believe your data has been handled improperly.

12. Children's Privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from minors. If we become aware that personal data has been submitted by a person under 18, we will delete it promptly.

13. External Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies independently.

14. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via our website or by email to active clients. Continued use of our services following any update constitutes acceptance of the revised policy.

15. Contact

For any questions or requests related to this Privacy Policy, please contact:

• Email: [email protected]
• Phone: +66 2 391 5823
• Post: Windhollow, 34/5 Soi Ekamai 12, Khlong Tan Nuea, Watthana, Bangkok 10110, Thailand