Privacy Policy
Last updated: 20 April 2025 · Lotus Studio, Bangkok, Thailand
1. Introduction
Lotus Studio ("we", "us", "our") is an online AI development school based at 67 Sathorn Road, Si Lom, Bang Rak, Bangkok 10500, Thailand. We are committed to handling the personal data of our learners and website visitors with care and transparency.
This policy describes what data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. If you have questions about anything described here, please contact us at [email protected].
This policy applies to data collected through our website at lotussty.world, through our course enrolment process, and through communications with our team.
2. Data We Collect
We collect the following categories of personal data:
- Contact information: Name, email address, and telephone number, provided when you submit an enquiry through our contact form or enrol in a programme.
- Enrolment data: Programme selections, payment records (processed through a secure third-party payment provider — we do not store card details), and correspondence related to your enrolment.
- Website usage data: IP address, browser type, pages visited, and referring URLs, collected via analytics tools when you browse our website. This data is collected only if you have consented to analytics cookies.
- Communications: The content of messages you send to us by email or through our contact form.
We do not collect sensitive personal data (such as health information or government ID numbers) and do not request such data at any point in our enrolment process.
3. How We Collect Data
- Contact forms: When you submit an enquiry on our website.
- Enrolment: When you sign up for a programme and complete payment.
- Email communications: When you contact us directly.
- Cookies and analytics: When you browse our website, subject to your cookie consent preferences. See our Cookie Policy for details.
4. Legal Basis for Processing
We process personal data under the following legal bases, consistent with Thailand's Personal Data Protection Act B.E. 2562 (PDPA):
- Consent: For analytics cookies and optional marketing communications. You can withdraw consent at any time.
- Contractual necessity: To deliver the programme you have enrolled in and to process payment.
- Legitimate interest: To respond to enquiries you have initiated, to improve our programmes based on feedback, and to maintain records necessary for our operations.
- Legal obligation: To comply with applicable Thai law and financial record-keeping requirements.
5. How We Use Your Data
- To respond to your enquiries about our programmes.
- To process your enrolment and provide access to programme materials.
- To communicate with you about your programme — including instructor support and any updates to content.
- To send information about Lotus Studio programmes, where you have opted in to receive this.
- To improve the quality and design of our website and programmes, using aggregated and anonymised analytics data.
- To maintain financial and enrolment records as required by Thai law.
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Data Sharing
We do not sell personal data to third parties. We share data only in the following limited circumstances:
- Payment processing: Payment information is processed by a third-party payment provider. That provider operates under its own data protection obligations.
- Analytics: Aggregated, anonymised website usage data may be processed by an analytics service, subject to your cookie consent choices.
- Legal requirements: We may disclose data where required by applicable Thai law or a valid legal process.
7. Data Retention
- Enquiry data: Retained for 12 months from the date of your last communication with us, unless you enrol in a programme.
- Enrolment and payment records: Retained for 7 years to meet Thai financial record-keeping requirements.
- Programme correspondence: Retained for the duration of the programme and for 24 months thereafter.
- Analytics data: Retained in aggregated, anonymised form. Raw session data is not stored beyond 14 months.
8. Data Security
We take reasonable technical and organisational measures to protect the personal data we hold. These include:
- HTTPS encryption for all data transmitted through our website.
- Access controls limiting which team members can view personal data.
- Secure storage with access logging.
- Regular review of our data handling practices.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the timeframe required by applicable law.
9. Cookies
We use cookies on our website for essential functionality and, where you have consented, for analytics purposes. Essential cookies cannot be disabled as they are necessary for the site to function. You can manage optional cookie preferences at any time through our Cookie Policy page.
10. Your Rights
Under Thailand's Personal Data Protection Act (PDPA), you have the following rights in relation to your personal data:
- Right of access: To request a copy of the personal data we hold about you.
- Right to rectification: To request that we correct inaccurate or incomplete data.
- Right to erasure: To request deletion of your data, subject to any legal retention obligations.
- Right to data portability: To receive your data in a structured, commonly used format where technically feasible.
- Right to object: To object to processing based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
- Right to lodge a complaint: With the Personal Data Protection Committee (PDPC) of Thailand or another competent supervisory authority.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
11. Third-Party Links
Our website may contain links to external resources, including research papers and framework documentation. We are not responsible for the privacy practices of those third-party sites and encourage you to review their policies if you have concerns.
12. Children's Privacy
Our programmes are designed for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, please contact us at [email protected] and we will delete it promptly.
13. International Data Transfers
Our primary operations and data storage are based in Thailand. Where any third-party services we use process data outside Thailand, we take reasonable steps to ensure those transfers are handled in accordance with applicable data protection requirements.
14. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. If you are an enrolled learner, we will notify you by email of significant changes. Your continued use of our services after a change takes effect constitutes acceptance of the updated policy.
15. Contact
If you have questions, concerns, or requests relating to your personal data, please contact: