Privacy Policy

Effective Date: 1 August 2025

Empress Heart Co., Ltd.

5/41 Moo 5, Bang Kratuek, Sam Phran, Nakhon Pathom, 73210 Thailand

📧 [email protected]

 

1. Introduction

At Empress Heart Co., Ltd. (“we,” “us,” or “our”), we are committed to protecting your privacy and personal data. This Privacy Policy outlines how we collect, use, disclose, and store your information in compliance with the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.

Empress Heart Co., Ltd. is the Data Controller of your personal data. By accessing or using our website (www.empressheart.co), submitting your information, or purchasing our offerings, you agree to the practices described in this policy.

 

2. What Personal Data We Collect

“Personal Data” refers to any information that identifies you directly or indirectly, as defined under PDPA and GDPR. We may collect, now or in the future:

Full name

Email address

Payment and billing information (via third-party processors)

IP address, device and browser type

Information submitted via forms, quizzes, checkouts, or newsletter signups

Website usage data (via cookies or analytics tools)

Any other personal data voluntarily provided by you

We do not intentionally collect sensitive personal data (e.g., health records, religious beliefs, identity documents). If this changes, we will update this policy accordingly.

We do not knowingly collect personal data from individuals under the age of 13 globally or under the age of 16 in the EU. If you are a minor, do not submit personal information without verified guardian consent. If you believe a child has provided us with personal information without appropriate consent, please contact us and we will delete the information promptly.

 

3. How We Collect Personal Data

We may collect your data through the following means:

Visiting our website or landing pages

Submitting forms (e.g., for lead magnets, newsletter, checkouts)

Enrolling in courses, coaching offers, or signing up for events

Making a purchase via payment processors like Stripe or PayPal

Engaging with our advertisements or social media platforms

Contacting us via email or support forms

We also use automated tools such as Meta/Facebook Pixel, Google Analytics, and browser cookies to collect usage data.

 

4. Why We Collect Your Data

We process your personal data for the following purposes:

To provide and deliver our digital products, services, and user experience

To process payments and manage orders

To send you course content, updates, and marketing materials

To analyze behavior to improve our offerings

To fulfill legal or regulatory obligations (e.g., tax and accounting)

To prevent misuse, fraud, or unauthorized access to our systems

We always aim to collect the minimum amount of data necessary and will never sell your data.

 

5. Legal Grounds for Processing

Depending on your location and interaction with us, we process your data based on one or more of the following legal bases:

Consent: Given through opt-in checkboxes, buttons, or forms

Contractual necessity: To fulfill product or service delivery

Legal obligation: For taxation, audits, or regulatory compliance

Legitimate interest: To improve our services, prevent fraud, or understand audience behavior

 

Consent and Withdrawal

You provide consent through clear affirmative action (e.g., ticking checkboxes, clicking 'subscribe', or submitting forms).

You may withdraw consent at any time by:

Clicking the “unsubscribe” link in any email

Adjusting your cookie preferences (once cookie tool is implemented)

Emailing us at [email protected]

If you withdraw consent, we will delete or anonymize your data unless we are legally required to retain it (e.g., for accounting or fraud prevention purposes).

 

6. Cookies & Tracking Technologies

We use cookies, pixels, and similar technologies to enhance your experience, personalize content, and measure campaign effectiveness.

These may include:

First-party and third-party cookies

Facebook Pixel

Google Analytics

You can disable cookies in your browser settings; however, some site functionality may be affected. We are currently evaluating cookie management tools and will implement a banner that allows opt-in control over non-essential cookies, as required under the GDPR and ePrivacy Directive.

Do Not Track (DNT): At this time, our website does not respond to DNT browser signals.

 

7. Sharing Your Data

We only share your data with trusted third-party service providers who assist in operating our website and business. This includes:

Payment processors (e.g., Stripe, PayPal – USA)

Marketing and automation platforms (e.g., Meta Ads, MailerLite – EU/US)

Hosting and delivery services (e.g., Content Creator Machine, Google Cloud – global)

Analytics and CRM platforms (e.g., Google Analytics, Meta Pixel, MailerLite)

Some of these providers may store or process data outside of Thailand or your country of residence.

When cross-border transfers occur, we ensure adequate safeguards such as:

Standard Contractual Clauses (SCCs)

Data Processing Agreements (DPAs)

Verified certifications and encryption

 

8. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy:

Marketing communications: Until you unsubscribe or for up to 2 years of inactivity

Purchase records: Up to 5 years for legal or tax compliance

Other interactions: As long as reasonably required for the purpose

We review data regularly and securely delete or anonymize it when no longer needed.

 

9. Your Rights

Under PDPA and GDPR, you may have the right to:

Access a copy of your personal data

Correct or update inaccurate information

Withdraw consent at any time

Request deletion of your data (subject to lawful grounds for retention)

Object to certain types of processing

Request data portability

Lodge a complaint with Thailand’s Personal Data Protection Committee (PDPC)

(If you reside in the EU:) File a complaint with your national Data Protection Authority (DPA)

To exercise any of your rights, please email us at: [email protected]

If requesting data portability, we will provide your data in a structured, machine-readable format (e.g., CSV or JSON) within 30 days.

 

10. Data Security

We use reasonable administrative, technical, and physical safeguards to protect your data from unauthorized access, disclosure, loss, or misuse. This includes encrypted platforms, secure servers, access control, and internal review practices.

However, no system is entirely secure. You use our website and submit data at your own risk.

 

11. Third-Party Links

Our website may contain links to external websites or tools not governed by this Privacy Policy. We are not responsible for their content or privacy practices. We recommend reviewing their privacy statements before providing any data.

 

12. Policy Updates

We may revise this Privacy Policy to reflect legal, technical, or operational changes. Updates will be posted on this page with a new “Effective Date.” Where appropriate, we may also notify you via email or in-platform notice.

We encourage you to review this policy periodically.

 

13. Contact Us

If you have any questions, concerns, or data-related requests, please contact:

Data Protection Officer

Empress Heart Co., Ltd.

📧 [email protected]

📍 5/41 Moo 5, Bang Kratuek, Sam Phran, Nakhon Pathom, 73210 Thailand

© 2025 Empress Heart Co., Ltd. All rights reserved