Privacy Policy

Ember Loom ("we," "our," or "us") values your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard information when you use our services or interact with our website. This policy applies to all AI consulting services we provide and to information collected through our website located at embeerlloes.top.

We operate in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and align with international data protection principles. If you have questions or concerns about this policy, please contact us at [email protected].

Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you contact us, request services, or engage in business with us. This may include your name, email address, phone number, job title, company name, and any other information you choose to provide in communications or inquiry forms.

Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and browsing behavior. This includes IP address, browser type, operating system, referring URLs, pages viewed, and time spent on pages. We use cookies and similar tracking technologies to gather this information. For more details, please see our Cookie Policy.

Project-Related Data

During consulting engagements, we may receive or process data you provide for assessment, model development, or integration services. This data is handled according to the specific terms of our service agreements and is subject to additional security and confidentiality measures beyond this general privacy policy.

How We Use Your Information

We use the information we collect for the following purposes:

• To provide and deliver our consulting services
• To respond to your inquiries and communicate about our services
• To send administrative information such as engagement updates or policy changes
• To improve our website and services based on usage patterns
• To protect against fraudulent or unauthorized activity
• To comply with legal obligations and enforce our terms
• To conduct business analytics and service improvement research

We process your personal data based on legitimate interests, contractual necessity, or your consent. For marketing communications, we rely on opt-in consent and you may withdraw consent at any time.

Data Protection and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption of data in transit using industry-standard protocols
• Secure storage systems with access controls and authentication
• Regular security assessments and monitoring
• Staff training on data protection and privacy practices
• Incident response procedures for potential data breaches

Despite our efforts, no method of electronic transmission or storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Information Sharing and Disclosure

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: We may share data with trusted third-party vendors who assist in operating our website, conducting business, or servicing you, provided they agree to keep information confidential.
• Legal Requirements: We may disclose information when required by law, court order, or governmental request, or when we believe disclosure is necessary to protect our rights or comply with legal processes.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share information for purposes you have explicitly authorized.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Retention periods vary based on the type of information and purpose of processing:

• Contact information from inquiries: Retained for up to 2 years after last contact
• Client engagement data: Retained for the duration of the engagement plus 5 years for legal and business purposes
• Website analytics data: Retained for up to 26 months
• Marketing consent records: Retained until consent is withdrawn plus 1 year

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activity. Cookies are small data files stored on your device that help us improve your experience and understand how our website is used. We use essential cookies for website functionality and optional cookies for analytics and marketing purposes.

You can control cookie settings through our cookie preference center or your browser settings. For detailed information about our cookie practices, please review our Cookie Policy.

Your Rights and Choices

Under Thailand's PDPA and similar data protection laws, you have the following rights regarding your personal data:

• Right to Access: You can request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to Rectification: You can request correction of inaccurate or incomplete personal data.
• Right to Erasure: You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
• Right to Restrict Processing: You can request that we limit how we use your personal data.
• Right to Data Portability: You can request to receive your personal data in a structured, commonly used format.
• Right to Object: You can object to processing of your personal data for direct marketing or based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time.

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by applicable law. You also have the right to lodge a complaint with the Personal Data Protection Committee of Thailand if you believe your data protection rights have been violated.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us so we can take appropriate action.

International Data Transfers

Our primary operations are based in Thailand. If we transfer personal data outside of Thailand, we ensure appropriate safeguards are in place, such as standard contractual clauses or other mechanisms approved by relevant data protection authorities.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this policy. We encourage you to review this policy periodically. If we make material changes, we will provide notice through our website or by email to registered users.

Contact Information

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us: