Privacy Policy

Introduction

Meridian Law is committed to protecting the privacy and confidentiality of personal information we collect in the course of providing legal services. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with Thailand's Personal Data Protection Act (PDPA) and our professional obligations under the Lawyers Council of Thailand's ethical standards.

Our legal practice maintains attorney-client privilege as a fundamental principle. This Privacy Policy addresses our broader data handling practices while recognizing that certain client communications receive additional protection under applicable legal professional privilege rules.

For questions regarding this policy or our data protection practices, please contact our privacy officer at privacy@meridianed.

Data Collection

Information We Collect

We collect the following categories of personal data:

• Contact Information: Name, business address, email address, phone number
• Professional Information: Company name, position, business registration details
• Legal Matter Information: Details relevant to your legal inquiry or engagement, including documents, contracts, correspondence, and other materials you provide
• Financial Information: Billing information, payment details for services rendered
• Website Usage Data: IP address, browser type, pages visited, time spent on site (collected through cookies)

How We Collect Data

We collect personal data through:

• Contact forms on our website
• Email and telephone communications
• In-person consultations and meetings
• Documents and materials you provide for legal review
• Public records and third-party sources when necessary for legal representation

Legal Basis for Processing

We process personal data based on:

• Contract Performance: To provide legal services pursuant to our engagement agreement
• Consent: For marketing communications and website analytics
• Legitimate Interest: To maintain client relationships and improve our services
• Legal Obligations: To comply with Thai law, professional conduct rules, and court orders

Data Usage

How We Use Your Information

We use personal data for the following purposes:

• Providing legal advice and representation
• Preparing legal documents and correspondence
• Communicating with clients, counterparties, and government authorities
• Processing payments and maintaining financial records
• Complying with professional obligations and legal requirements
• Sending updates about legal developments relevant to your matters (with your consent)
• Improving our website and services through analytics

Data Sharing

We may share personal data with:

• Government Authorities: Thai Customs Department, Marine Department, courts, and other regulatory bodies as required for legal representation
• Counterparties: Opposing counsel, contracting parties, and other parties involved in your legal matters
• Service Providers: Accountants, IT support providers, document storage services who assist our operations under confidentiality obligations
• Professional Advisors: Other law firms or specialists when referrals are appropriate

We do not sell personal data to third parties. All data sharing occurs only as necessary to provide legal services or comply with legal obligations.

Data Protection Measures

Security Practices

We implement appropriate technical and organizational measures to protect personal data:

• Encrypted email communications for sensitive matters
• Secure document management system with access controls
• Password-protected file storage with regular backups
• Physical security measures at our office premises
• Staff training on confidentiality and data protection obligations
• Regular review of security protocols and procedures

Data Retention

We retain personal data for the following periods:

• Client Files: Ten years after matter conclusion, in accordance with legal professional standards
• Financial Records: Seven years, as required by Thai accounting and tax regulations
• Marketing Communications: Until you withdraw consent or three years of inactivity
• Website Analytics: Two years from collection

Cookies and Website Usage

Our website uses cookies to improve functionality and analyze usage patterns. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

You can control cookie preferences through your browser settings or our cookie management tool. Please note that disabling certain cookies may affect website functionality.

Your Rights

Under Thailand's Personal Data Protection Act, you have the following rights:

• Right to Access: Request copies of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal and professional retention requirements)
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Withdraw Consent: Withdraw consent for marketing communications at any time
• Right to Lodge Complaint: File a complaint with the Personal Data Protection Committee if you believe your rights have been violated

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@meridianed or send written correspondence to our office address. We will respond to requests within 30 days.

Please note that certain rights may be limited by our professional obligations to maintain client files and comply with legal requirements. We will explain any limitations when responding to your request.

International Data Transfers

In some circumstances, we may transfer personal data outside Thailand, such as when:

• Your legal matter involves international parties or transactions
• We consult with foreign legal counsel or experts
• Cloud-based service providers store data on international servers

When transferring data internationally, we ensure appropriate safeguards are in place through standard contractual clauses or other legally recognized transfer mechanisms.

Children's Privacy

Our legal services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor without appropriate parental consent, we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify clients of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notification to active clients
• Providing notice during ongoing legal engagements

Continued use of our services after policy updates constitutes acceptance of the revised terms.

Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data protection practices, please contact: