Privacy Policy

1. General Provisions

This Personal Data Processing Policy is drafted in accordance with the requirements of the Personal Data Protection Act B.E. 2562 (2019) of the Kingdom of Thailand (hereinafter referred to as the Personal Data Protection Law) and defines the procedure for processing personal data and the measures taken to ensure the security of personal data by NUMBER 9 AGENCY CO., LTD (hereinafter referred to as the Operator).

  1. 1.1. The Operator considers compliance with human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrets, as a key goal and condition for its activities.
  2. 1.2. This Policy applies to all information that the Operator may obtain about visitors to the website https://number9.agency/.

2. Key Terms Used in the Policy

  1. 2.1. Automated processing of personal data — processing of personal data using computing equipment.
  2. 2.2. Blocking of personal data — temporary suspension of personal data processing (except when processing is necessary to clarify personal data).
  3. 2.3. Website — a collection of graphic and informational materials, as well as software and databases ensuring their availability on the Internet at https://number9.agency/.
  4. 2.4. Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing.
  5. 2.5. Anonymization of personal data — actions making it impossible to determine the ownership of personal data to a specific User or other personal data subject without additional information.
  6. 2.6. Processing of personal data — any action (operation) or set of actions performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
  7. 2.7. Operator — a state body, municipal authority, legal entity, or individual that independently or jointly organizes and/or performs personal data processing, determines the purposes of processing, composition of personal data to be processed, and actions performed with personal data.
  8. 2.8. Personal data — any information relating directly or indirectly to an identified or identifiable User of the website https://number9.agency/.
  9. 2.9. Personal data allowed for distribution — personal data whose access by an unlimited circle of persons is granted by the personal data subject by giving consent to the processing of personal data allowed for distribution under the Personal Data Protection Law.
  10. 2.10. User — any visitor of the website https://number9.agency/.
  11. 2.11. Providing personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
  12. 2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or familiarization of personal data with an unlimited circle of persons, including publication in mass media, placement in information and telecommunication networks, or providing access by other means.
  13. 2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a state authority, foreign individual, or foreign legal entity.
  14. 2.14. Destruction of personal data — any actions resulting in irreversible destruction of personal data with impossibility of further recovery of content in the personal data information system and/or destruction of physical carriers of personal data.

3. Main Rights and Obligations of the Operator

  1. 3.1. The Operator has the right to:
    • receive reliable information and/or documents containing personal data from the personal data subject;
    • continue processing personal data without consent of the personal data subject if there are grounds specified by the Personal Data Protection Law, even in case of withdrawal of consent;
    • independently determine the necessary and sufficient measures to ensure compliance with the obligations provided by the Personal Data Protection Law and related regulations, unless otherwise stipulated by law.
  2. 3.2. The Operator is obliged to:
    • provide the personal data subject, upon request, information regarding the processing of their personal data;
    • organize personal data processing in accordance with current legislation;
    • respond to inquiries and requests of personal data subjects and their legal representatives according to the law;
    • provide necessary information to the authorized body for protection of personal data subjects within 10 days upon request;
    • publish or otherwise ensure unlimited access to this Policy;
    • take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as other unlawful actions;
    • cease transfer or processing and destroy personal data in cases stipulated by law;
    • fulfill other obligations under the Personal Data Protection Law.

4. Rights and Obligations of Personal Data Subjects

  1. 4.1. Personal data subjects have the right to:
    • obtain information about the processing of their personal data, except as provided by federal law;
    • demand clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, illegally obtained, or unnecessary;
    • give prior consent for marketing purposes;
    • withdraw consent and request cessation of personal data processing;
    • appeal unlawful actions or inaction of the Operator in court or to the authorized body;
    • exercise other rights under the legislation.
  2. 4.2. Personal data subjects are obliged to:
    • provide accurate personal data;
    • notify the Operator of updates or changes to their personal data.
  3. 4.3. Individuals who provide false data or data about another subject without consent are liable under Thailand law.

5. Principles of Personal Data Processing

  1. 5.1. Processing is performed lawfully and fairly.
  2. 5.2. Processing is limited to specific, legal purposes.
  3. 5.3. No combining of incompatible databases.
  4. 5.4. Only relevant data is processed.
  5. 5.5. Data content and volume correspond to processing purposes.
  6. 5.6. Accuracy, sufficiency, and relevance of data are ensured.
  7. 5.7. Data is stored in a form allowing identification only as long as required by processing purposes; after that, it is destroyed or anonymized.

6. Purposes of Personal Data Processing

PurposePersonal DataLegal BasisTypes of Processing
Informing the User via emailLast name, first name, middle name, email addressCharter documents of the OperatorCollection, recording, systematization, accumulation, storage, destruction, anonymization, sending informational emails

7. Conditions for Processing Personal Data

  1. 7.1. Processing occurs with consent of the personal data subject.
  2. 7.2. Processing is necessary to fulfill obligations under international treaties or Thailand law.
  3. 7.3. Processing is necessary for legal proceedings or execution of court/official acts.
  4. 7.4. Processing is necessary for contract execution or conclusion.
  5. 7.5. Processing protects rights and interests of the Operator or third parties or achieves socially significant purposes.
  6. 7.6. Processing includes publicly available personal data.
  7. 7.7. Processing includes data required for publication by Thailand law.

8. Procedure for Collection, Storage, Transfer, and Other Processing

  1. 8.1. The Operator ensures data security through legal, organizational, and technical measures.
  2. 8.2. Personal data will never be shared with third parties, except as required by law or with consent.
  3. 8.3. Users can update inaccurate data by notifying the Operator at contact@number9.agency.
  4. 8.4. Data is processed until purposes are achieved, unless another term is established. Users may withdraw consent at any time by emailing contact@number9.agency.
  5. 8.5. Data collected by third-party services (payment systems, communication tools) is processed according to their policies. The Operator is not responsible for third-party actions.
  6. 8.6. Restrictions set by the personal data subject do not apply in cases of public or state interest.
  7. 8.7. Confidentiality is ensured by the Operator.
  8. 8.8. Data is stored only as long as necessary.
  9. 8.9. Processing ceases when purposes are achieved, consent expires, consent is withdrawn, or illegal processing is detected.

9. Actions Performed with Personal Data

  1. 9.1. Collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction.
  2. 9.2. Automated processing may involve data transfer via information and telecommunication networks.

10. Cross-Border Transfer of Personal Data

  1. 10.1. Prior to cross-border transfer, the Operator must notify the authorized body.
  2. 10.2. The Operator must obtain relevant information from foreign authorities or entities.

11. Confidentiality of Personal Data

The Operator and other persons with access must not disclose or distribute personal data without consent, except as required by law.

12. Final Provisions

  1. 12.1. Users may request clarifications regarding data processing by emailing contact@number9.agency
  2. 12.2. Any changes to this Policy will be reflected here. This Policy is effective indefinitely until replaced.
  3. 12.3. The current version of the Policy is available online at contact@number9.agency.