Privacy Policy – Community TH | heytomorrowthailand.net

Privacy Policy

Effective Date: 1 January 2025  |  Last Updated: 1 January 2025

This Privacy Policy describes how Community TH (legal name: VALENTIN & ASSOCIATES INSURANCE AGENCY INC, hereinafter referred to as “we,” “us,” or “our”) collects, uses, stores, discloses, and protects personal data obtained through the website heytomorrowthailand.net (the “Website”). We are committed to safeguarding your privacy and handling your personal data with transparency, care, and full compliance with applicable law.

This Policy applies to all visitors, users, and individuals who interact with our Website or submit information through any contact form or communication channel available on heytomorrowthailand.net. Please read this Policy carefully. By accessing or using our Website, you acknowledge that you have read and understood this Privacy Policy.


1. Introduction and Legal Framework

We operate this Website in compliance with the Personal Data Protection Act B.E. 2562 (2019) of Thailand (“PDPA”), which governs the collection, use, and disclosure of personal data of individuals in Thailand. The PDPA grants data subjects significant rights over their personal information and imposes obligations on data controllers and processors. VALENTIN & ASSOCIATES INSURANCE AGENCY INC acts as the Data Controller with respect to personal data collected through this Website.

In addition to the PDPA, we may also reference internationally recognised privacy standards to ensure robust data protection practices, particularly where our services or technology infrastructure involves international data transfers or third-party providers based in other jurisdictions.

If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided in Section 14 of this Policy.


2. Data We Collect

We collect personal data only to the extent necessary to provide our services and operate our Website effectively. The categories of personal data we may collect include:

2.1 Information You Provide Directly

When you use the contact form or any inquiry form on our Website, you may be asked to provide the following personal data:

  • Full Name: So we can address you appropriately and personalise our response.
  • Email Address: To respond to your inquiry or send requested information.
  • Phone Number: To contact you by telephone if you request a call-back or further communication.
  • Message Content: The body of your inquiry, which may include details about your insurance needs, questions, or any other information you voluntarily provide.

You are not required to provide all fields, but failing to provide certain information (such as your email address) may prevent us from responding to your inquiry effectively.

2.2 Automatically Collected Data

When you visit our Website, we and our third-party service providers may automatically collect certain technical and usage data, including:

  • IP Address: Your internet protocol address, used for security monitoring and general geographic analysis.
  • Browser Type and Version: To optimise Website compatibility and user experience.
  • Device Information: Including operating system, screen resolution, and device type.
  • Pages Visited and Navigation Paths: To understand how visitors interact with our Website content.
  • Date and Time of Access: For security logging and analytics.
  • Referring URL: The webpage from which you arrived at our Website.
  • Cookie Data: As further described in Section 5 below.

2.3 Information We Do Not Collect

We do not intentionally collect sensitive personal data as defined under Section 26 of the PDPA, including but not limited to data relating to race, ethnicity, political opinions, religious beliefs, sexual behaviour, criminal records, health data, disability, trade union membership, genetic data, or biometric data, unless explicitly required and with your explicit consent.


3. Legal Basis for Processing Personal Data

Under the PDPA, we must have a lawful basis for collecting and processing your personal data. Depending on the circumstances, we rely on one or more of the following legal bases:

  • Consent (Section 19 PDPA): Where you have freely given, specific, informed, and unambiguous consent to processing your personal data — for example, by submitting our contact form or agreeing to optional analytics cookies.
  • Contractual Necessity (Section 24(3) PDPA): Where processing is necessary to take steps at your request prior to entering into a contract, or to perform a contract to which you are a party.
  • Legitimate Interests (Section 24(5) PDPA): Where processing is necessary for our legitimate interests — such as maintaining Website security, preventing fraud, and improving our services — provided that those interests are not overridden by your rights and freedoms.
  • Legal Obligation (Section 24(1) PDPA): Where processing is necessary for us to comply with a legal obligation to which we are subject under Thai law or other applicable legislation.

4. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Responding to Inquiries: To review, process, and respond to messages submitted via our contact form, including providing information about our insurance products and services.
  • Communication: To correspond with you regarding your inquiry, follow up on conversations, and provide customer support.
  • Service Provision: To deliver the insurance-related services or information you have requested.
  • Website Operation and Improvement: To maintain the technical functionality of our Website, identify and fix errors, analyse usage patterns, and improve user experience.
  • Security and Fraud Prevention: To detect and prevent unauthorised access, fraudulent activity, and other security threats.
  • Legal Compliance: To comply with applicable Thai laws, regulations, court orders, or regulatory requirements.
  • Analytics (Optional): With your consent, to conduct aggregate analytics to understand visitor behaviour and improve our content and services.

We will not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.


5. Cookie Policy

Our Website uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit a website. They help the website function properly and provide us with information about how you use it.

5.1 Types of Cookies We Use

  • Strictly Necessary / Functional Cookies: These cookies are essential for the basic operation of our Website. They enable core features such as page navigation, form functionality, and security. These cookies do not require your consent under the PDPA because they are necessary for the Website to function. They do not collect personal data for marketing purposes.
  • Analytics Cookies (Optional): With your prior consent, we may use analytics cookies to gather aggregated data about how visitors use our Website — such as which pages are most visited and how long users stay on each page. This helps us improve our Website's content and structure. You may opt out of analytics cookies at any time through our cookie consent banner or by adjusting your browser settings.
  • Preference Cookies: These cookies remember choices you make on our Website (such as language or display preferences) to enhance your experience on return visits.

5.2 Managing Cookies

You may control and manage cookies through your web browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or alert you before a cookie is set. Please note that disabling certain cookies may affect the functionality of our Website. For detailed instructions on how to manage cookies, please refer to your browser's help documentation.

You may also opt out of specific analytics tracking by adjusting your preferences through our cookie consent mechanism, where available.


6. Form Submission Processing

When you submit a contact form on heytomorrowthailand.net, your data is transmitted securely via an encrypted connection (HTTPS/TLS). The submitted information — including your name, email address, phone number, and message — is:

  • Received and stored in our secure email or CRM system for the purpose of responding to your inquiry.
  • Reviewed by authorised staff members of Community TH who are responsible for handling inquiries and customer communications.
  • Processed promptly and used solely to address your request, unless you have consented to further communications.
  • Not sold, rented, or shared with unrelated third parties for their own marketing purposes.

By submitting a contact form, you consent to us using the information provided to respond to your inquiry and, where applicable, to maintain a record of our communications for quality assurance and legal compliance purposes.


7. Third-Party Services

To operate and maintain our Website effectively, we use certain third-party tools and services. These third parties may process limited technical data in connection with their services:

7.1 Google Fonts

Our Website may use Google Fonts, a service provided by Google LLC (United States). When your browser loads our Website, it may make requests to Google's servers to retrieve font files. This may result in Google receiving your IP address and browser information. Google's use of this data is governed by Google's Privacy Policy. We have implemented Google Fonts in a manner that minimises unnecessary data transmission where possible.

7.2 Tailwind CSS CDN

Our Website may load Tailwind CSS or other front-end libraries via a Content Delivery Network (CDN). CDN providers may log technical data such as your IP address and browser type when serving static assets. This data is used solely for the technical delivery of Website resources and is governed by the respective CDN provider's privacy policy.

7.3 Web Hosting Provider

Our Website is hosted on a third-party server infrastructure. Our hosting provider may collect technical logs including IP addresses, access times, and file requests as part of standard server operations. These logs are used for security, maintenance, and troubleshooting purposes.

7.4 Analytics Providers (If Applicable)

Where you have consented, we may use analytics platforms such as Google Analytics to measure and analyse Website traffic. These services use cookies and similar technologies to collect aggregated data. You may opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

We ensure that all third-party service providers we engage are required to handle your personal data in accordance with applicable privacy law and maintain appropriate security standards.


8. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable Thai law, regulatory obligations, or legitimate business needs. Specific retention periods include:

  • Contact Form Submissions: Retained for up to three (3) years from the date of submission, or longer if required for ongoing business relationships, legal proceedings, or regulatory compliance.
  • Email Correspondence: Retained for up to three (3) years from the date of the last communication, unless a longer retention period is required by law or business necessity.
  • Server and Access Logs: Retained for up to ninety (90) days for security and troubleshooting purposes, unless a longer period is required for security investigations.
  • Analytics Data: Aggregated and anonymised analytics data may be retained indefinitely as it does not constitute personal data once anonymised.
  • Cookie Data: Duration varies by cookie type — session cookies are deleted when you close your browser; persistent cookies are retained for the period specified in our cookie settings.

When personal data is no longer required, we will securely delete or anonymise it in accordance with our internal data retention procedures and the requirements of the PDPA.


9. Your Rights Under the Thailand PDPA

As a data subject under the Personal Data Protection Act B.E. 2562 (2019), you have the following rights with respect to your personal data:

  • Right to be Informed (Section 23 PDPA): You have the right to be informed about the collection and use of your personal data at or before the time of collection.
  • Right of Access (Section 30 PDPA): You have the right to request access to and obtain a copy of your personal data that we hold, and to receive information about how it is processed.
  • Right to Rectification (Section 35 PDPA): You have the right to request that we correct, update, or complete any inaccurate, outdated, or incomplete personal data we hold about you.
  • Right to Erasure / Right to be Forgotten (Section 33 PDPA): You have the right to request that we delete or destroy your personal data in certain circumstances — for example, when the data is no longer necessary for the purpose it was collected, or where you have withdrawn consent and we have no other lawful basis for processing.
  • Right to Data Portability (Section 31 PDPA): Where technically feasible, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit this data to another data controller.
  • Right to Restrict Processing (Section 34 PDPA): You have the right to request that we suspend or restrict the processing of your personal data in certain circumstances, such as while contesting the accuracy of data or where processing is unlawful.
  • Right to Object (Section 32 PDPA): You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis, or where we use your data for direct marketing purposes.
  • Right to Withdraw Consent (Section 19 PDPA): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe that we have processed your personal data in violation of the PDPA.

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within a reasonable timeframe and, in any case, no later than thirty (30) days from receipt of your request unless a longer period is permitted by law. We may need to verify your identity before processing your request.


10. Data Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, disclosure, or destruction. Our security measures include:

  • SSL/TLS Encryption: All data transmitted between your browser and our Website is encrypted using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology.
  • Access Controls: Access to personal data is restricted to authorised personnel who require access to perform their job functions, and is protected by role-based access controls.
  • Secure Infrastructure: Our Website is hosted on infrastructure that employs firewalls, intrusion detection systems, and regular security patching.
  • Data Minimisation: We collect only the minimum personal data necessary for specified purposes, reducing the risk of unnecessary exposure.
  • Regular Security Reviews: We periodically review and assess our security practices and update them as necessary to address new or evolving threats.
  • Staff Training: Personnel who handle personal data receive appropriate training on data protection obligations and security practices.

While we implement industry-standard safeguards, no method of transmission over the internet or electronic storage is entirely secure. We cannot guarantee absolute security but are committed to protecting your personal data to the best of our ability and in accordance with the requirements of the PDPA.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant regulatory authority and, where required, affected individuals, within the timeframes prescribed by the PDPA.


11. Children's Privacy

Our Website and services are not directed to children under the age of 20 years (the age of majority in Thailand). We do not knowingly collect personal data from minors without the consent of their parent or legal guardian.

Under Section 20 of the PDPA, the collection, use, or disclosure of personal data of a minor requires the consent of their parent or legal guardian. If you are a parent or guardian and you believe that your child has submitted personal data to us without your knowledge or consent, please contact us immediately at the details provided in Section 14. We will take prompt steps to delete such information from our records.

If you are under 20 years of age, please do not submit any personal data through our Website without the consent and supervision of a parent or legal guardian.


12. International Data Transfers

As a Website that utilises certain third-party services (such as Google Fonts, CDN providers, and potentially cloud-based email or CRM platforms), some of your personal data may be transferred to, stored in, or processed in countries outside of Thailand, including countries in the European Economic Area, the United States, or other jurisdictions.

Under Section 28 of the PDPA, we are required to ensure that any cross-border transfer of personal data is made only to countries or international organisations that have adequate personal data protection standards, or where appropriate safeguards are in place, or where an exception applies (such as your consent, necessity for the performance of a contract, or necessity for legal claims).

Where we transfer your personal data internationally, we implement appropriate safeguards such as:

  • Ensuring recipient countries maintain an adequate level of data protection as assessed by Thai authorities or recognised international standards.
  • Entering into data processing agreements with third-party providers that incorporate appropriate contractual clauses and security obligations.
  • Relying on your explicit consent for specific international transfers where other safeguards are not available.

By using our Website, you acknowledge that your personal data may be transferred internationally as described in this section. For more information about international data transfers or the safeguards we apply, please contact us at the details in Section 14.


13. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our data practices, applicable law, regulatory requirements, or our business operations. When we make material changes to this Policy, we will:

  • Update the “Last Updated” date at the top of this page.
  • Post a prominent notice on our Website homepage or contact-form page notifying you of the change.
  • Where we have your email address and the changes are significant, we may send you an email notification of the updated Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our Website after the effective date of any revised Policy constitutes your acceptance of the updated terms, to the extent permitted by applicable law.

If we make changes that require your renewed consent under the PDPA, we will seek that consent before applying the new terms to your personal data.


14. Contact Us – Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us through any of the following channels. We will make every effort to respond promptly and to resolve your inquiry in accordance with our obligations under the PDPA.

Company Name: Community TH

Legal Name: VALENTIN & ASSOCIATES INSURANCE AGENCY INC

Address: 2704 44TH St SW, Lehigh Acres, FL, 33976-4737, United States

Phone: +18314801614

Email: [email protected]

Website: heytomorrowthailand.net

For privacy-related requests, including requests to exercise your rights under the PDPA, please include the following information in your communication:

  • Your full name and contact details.
  • A clear description of your request or concern.
  • Any relevant reference numbers or details to help us locate your personal data.

We may need to verify your identity before processing certain requests to ensure that personal data is not disclosed to unauthorised parties.

If you are not satisfied with our response to your privacy inquiry, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC), the supervisory authority responsible for enforcing the PDPA in Thailand. Information about the PDPC is available through the Thai government's official channels.


15. Governing Law and Jurisdiction

This Privacy Policy and any disputes arising from or relating to it shall be governed by and construed in accordance with the laws of the Kingdom of Thailand, including without limitation the Personal Data Protection Act B.E. 2562 (2019), and any subordinate regulations, notifications, or guidelines issued thereunder by the Personal Data Protection Committee.

Any disputes that cannot be resolved through direct communication shall be subject to the jurisdiction of the competent courts of Thailand.


This Privacy Policy was prepared for Community TH (legal name: VALENTIN & ASSOCIATES INSURANCE AGENCY INC) operating at heytomorrowthailand.net. It is effective as of 1 January 2025 and supersedes all previous privacy notices or policies issued by us in relation to this Website.