In this Privacy and Cookies Statement, “Personal Data” is information that, either on its own or combined with other information held by Blumenthal Richter & Sumet Ltd. (“Firm”, “us”, “we” and “our”), allows for you to be identified as an individual or recognized directly or indirectly.

For the Personal Data that the Firm processes, the Firm is the data controller. The Firm is, therefore, responsible for making sure that the systems and processes we use are compliant with data protection laws, to the extent that they apply to us.

It is required for employees at the Firm to comply with this Privacy and Cookies Statement and other associated policies when they deal with Personal Data.

We are the operator of the website, www.brslawyers.com (the “Website”).

Collection of Personal Data

We collect the following Personal Data of clients and prospective clients, candidates for employment, other third parties and visitors to our Website:

• Basic data: Name(s), gender, title, company or organization, job responsibilities, job title, phone number, email address, mailing address, other contact information, photo, signature and still or moving CCTV footage of our office areas as well as family life information (excluding special categories of data) including marital status, family, children and hobbies and interests.
• Special categories of data: Religious or other beliefs, racial or ethnic origin, sexual orientation, health information as well as labor or trade union information, where necessary for us to provide a certain service to you in particular limited circumstances.
• Registration data: Requests for newsletters, registrations for events and seminars, dietary preferences (excluding special categories of data), username/passwords, downloads and subscriptions.
• Client service data: Personal Data received from clients in relation to clients, employees or other individuals known to such clients; bank account, fees and invoicing information; payment history; and feedback.
• Marketing data: Information about individual participation in seminars and conferences attended in person, associations, product interests and preferences.
• Compliance data: Government identifiers, passports or other identification documents, date of birth, beneficial ownership information and due diligence information.
• Job applicant data: Job applicants or others who provide information on our Website or offline means information in connection with opportunities for employment, which may be subject to a separate recruitment privacy policy.
• Device data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device and data about usage of our Website (Usage Data).

We collect Personal Data from various sources, which can either be directly from data subjects or from public sources, colleagues or clients. Clients are responsible for ensuring that any data they send to us about customers, employees or other individuals is transferred to us in compliance with applicable data protection laws.

Sensitive Personal Data

Personal Data we collect that is considered as sensitive may include religious beliefs, health information, labor or trade union information and criminal records.

Third Party Personal Data

You must inform any third party of this Privacy and Cookies Statement if you provide their Personal Data to us. In order to provide such Personal Data to us, any required consent must be obtained or you must have legal grounds.

Minors’ and Incompetent Persons’ Personal Data

This Privacy and Cookies Statement does not apply to minors and incompetent persons. We will only collect their information with the consent of the relevant authority or based on legal grounds. In any circumstances where we have collected such information without such consent or legal grounds, we will delete it in a timely manner.

Purposes of Use for Personal Data

The purposes of our use of Personal Data, including the legal bases for processing such Personal Data, are to:

• Provide legal advice and respond to inquiries by using basic data, registration data, client service data and device data. For us to perform our obligations under our contracts with our clients, this processing is necessary.
• Manage our business operations and client relationships by using basic data, special categories of data, registration data, client service data and marketing data. For us to perform our obligations under our contracts with our clients and suppliers, this processing is necessary.
• Ensure our office area security. This is for the safety and security of such area, our employees and visitors.
• Improve the user experience of our Website by using device data. Monitoring our Website is in our legitimate interests as it assists us to improve the design and information available on our Website and, therefore, improve our service for users of our Website.
• Protect the functioning and security of our Website by using basic data, registration data and device data. Monitoring our Website is in our legitimate interests as we use this to prevent and detect the misuse of our Website as well as fraud and other crimes.
• Provide marketing that is relevant to you, including information about upcoming events or services such as legal services, legal updates, seminars and conferences for clients or networking events, by using marketing data, basic data, special categories of data, registration data, client service data and device data. Processing this information is in our legitimate interests as it allows us to provide you with marketing, updates and event invitations that are relevant and tailored to you.
• Manage regulatory compliance and legal obligations to, for example, prevent money laundering and fraud as well as verify the identity of our new clients by using compliance data, basic data, registration data and device data. Processing this information is necessary for us to comply with our legal obligations.
• Assess candidates for employment by using job applicant data and compliance data. Processing this information is necessary for us to comply with our legal obligations.

Sharing Personal Data

We may share Personal Data with:

• Suppliers and service providers to allow them to carry out functions on our behalf in accordance with our instructions for the purposes mentioned here such as for external conference venue providers. We ensure that such suppliers and service providers have reasonable security systems and protocols in place for Personal Data and use such Personal Data only on our behalf.
• Financial institutions for invoicing and payments.
• Corporate purchasers, only to the extent allowed by law, as part of any merger or acquisition as well as in the case of insolvency, bankruptcy or receivership where Personal Data is transferred as the Firm’s asset.
• Legal claims and mandatory disclosures, where we may share Personal Data to comply with subpoenas, court orders or other legal processes or comply with requests from regulators or the government or any other demand that is legally enforceable. We may share Personal Data to establish or protect the legal rights, property or safety of us or others or to defend against legal claims.

Your Personal Data may be provided to the relevant recipient mentioned above who may be located overseas. We will only disclose your Personal Data to an overseas recipient if the overseas recipient is bound by laws or other legally enforceable obligations which require them to provide a standard of protection to your Personal Data that is at least comparable to the protection under the Personal Data Protection Act B.E. 2562 (2019) (PDPA).

Retention of Personal Data

Generally, we only keep Personal Data to the extent necessary for the performance of our services and/or obligations and for as long as is reasonably required for the purposes explained in this Privacy and Cookies Statement or as required by applicable data protection laws. Also, we will retain information if we reasonably believe there is a prospect of a dispute/litigation to the extent permitted by applicable laws. We will use our best effort to arrange security procedures for the Personal Data to prevent the loss, or the unauthorized access, usage, amendment, modification or disclosure of such Personal Data.

Choice to Receive Marketing

It is your choice whether to receive marketing from us, and if you would no longer like to receive such marketing or remain on our mailing list, please click on the unsubscribe link in any of our marketing communications or contact us by using the information below.

Cookies Policy

A cookie is a small bit of data that is stored in your web browser with information on your activities on websites, including our Website, which allows us or a third party to recognize you and improve the user experience of our Website.

Cookies may be used to:

• Enable certain functions
• Provide analytics
• Store your preferences

Also, there are various types of cookies including session cookies and persistent cookies.

A session cookie identifies a particular visit to our Website. This cookie expires after a short duration or when you close your web browser. We use these cookies to identify you during a single browsing session.

A persistent cookie will remain on your device for a certain period of time which is specified in the cookie. These cookies can be deleted using your browser settings. Where needed, we use these cookies to identify you over a longer period of time.

The cookies we use are:

• Operational cookies, for us to operate our Website, which are session cookies.
• Analytical and performance cookies, for us to recognize and determine how many users there are of our Website as well as to understand their navigation of it for us to improve the user experience of our Website, which are session cookies.
• Functional cookies, for us to improve the functional performance and user experience of our Website, which are persistent cookies.
• Pop Up Cookie, for us to determine whether you have seen our pop up for cookies consent, so it is not shown to you again after you confirm it.

You may change the settings of your web browser to delete cookies which have already been set and/or not accept new cookies, but the methods to do this vary based on the version. Please find up-to-date information about blocking and deleting cookies here:

• https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies  (Internet Explorer);
• https://support.google.com/chrome/answer/95647?hl=en  (Chrome);
• https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences  (Firefox);
• https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy  (Edge);
• http://www.opera.com/help/tutorials/security/cookies/  (Opera); and
• https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac  (Safari).

If you delete cookies or do not accept them, however, all features we offer may not be available to you, your preferences may not be stored and certain pages may not display properly.

Third party companies, such as analytics companies, generally use cookies to collect user information on an anonymous basis. This information may be used by those companies to develop a profile of your activities on our Website and other websites you have visited.

To learn more about cookies, please read “All About Cookies”.

Rights of Data Subjects

Those who are in the European Economic Area (EEA) have the following rights:

• Access: A copy of the Personal Data we process about you can be requested by you as a right (subject to certain exceptions), which we will provide to you in electronic form. At our discretion, however, we may ask you to prove your identity before we provide the requested copy of Personal Data to you, and there may be a fee if you require more than one copy of your Personal Data.
• Deletion: The deletion of Personal Data we process about you can be requested by you as a right, unless it is a requirement for us to retain such data for compliance with legal obligations or to establish or defend against legal claims.
• Rectification: Any Personal Data we process about you which is incomplete or inaccurate can be requested by you to be amended.
• Restriction: In the event you believe that the Personal Data we process about you is inaccurate, our processing is not lawful or we no longer need to process such Personal Data for a particular purpose, but we are unable to delete such Personal Data because of a legal or other obligation or you would like us not to delete it, you have a right to request that we restrict such Personal Data.
• Portability: You have a right to request for us to transfer to another data controller the Personal Data we hold about you if it is personal information you provided to us and if we are processing such Personal Data based on your consent or for us to be able to perform our obligations under a contract with you (e.g., in providing legal services).
• Objection: You have a right to object, on grounds relating to your particular situation, to our processing of your Personal Data where the legal justification is in our legitimate interest, and we will comply with your request unless your interests and rights are overridden by compelling legitimate grounds we may have for processing your Personal Data or if we need to continue processing your Personal Data for the establishment, exercise or defense of a legal claim.
• Withdrawing consent: You have a right to withdraw your consent at any time if you have previously consented to us processing your Personal Data, and this can be made without any cost to you. This includes opting out of marketing you receive from us.

In the event you believe that we are not in compliance with applicable data protection laws and you are in the EEA, you have a right to make a complaint with a local data protection authority. You can find a list of such authorities here.

Confidentiality and Security of Information

We have implemented security processes and controls designed to ensure the confidentiality of electronic communication and prevent unauthorized access. We employ group-based access control to all company data, use Microsoft’s “Least Privilege Administration” model, block USB drives on all computers in our offices and have strict staff onboarding and offboarding procedures, among others.

Amendment of this Privacy and Cookies Statement

We will review this Privacy and Cookies Statement regularly in order to comply with guidelines and regulations. We may change this Privacy and Cookies Statement from time to time, and will notify you of any changes. Where applicable and required, we will ask for your consent for any changes where your consent is needed.

 

Please contact us if you have any questions at:

Address:

Abdulrahim Place, 31st Floor

990 Rama 4 Road

Bangkok 10500, Thailand

 

Email: [email protected]

Tel. No.: 02-022-1000

Intl. Tel. No.: +662-022-1000