Legal

Privacy Policy

BIGGO Analytics Co., Ltd. is committed to protecting the personal data of our users.

Last updated: April 20, 2026

1. Introduction and data controller

BIGGO Analytics Co., Ltd. (“we”, “us”, or “the Company”) acts as the data controller for personal data collected through the website biggo-analytics.com and our other communication channels. This policy describes how we collect, use, disclose, and protect your personal data in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (“PDPA”).

Data controller details

  • BIGGO Analytics Co., Ltd.
  • Company registration no. 0105564067036
  • Registered address: 77/18 Soi Borommaratchachonnani 68, Salathammasop, Thawi Watthana, Bangkok 10170
  • Contact email: [email protected]

2. Information we collect

We only collect personal data within the following scope.

2.1 Data from the contact form

  • Full name
  • Email address
  • Organization name (if provided)
  • Inquiry subject
  • Message and project details you provide

2.2 Technical data from your website visit

  • IP address (Cloudflare Web Analytics processes it cookielessly; Google Analytics 4 applies IP Anonymization to truncate the last octet before storage)
  • Browser type and version, operating system
  • Pages viewed, timestamps, time on page
  • Referrer URL
  • A randomized GA4 Client ID (stored in the _ga cookie only after you give consent)

2.3 Data as a business client or partner

When you enter into a contractual relationship with us, we may collect additional data such as contact names and titles, phone numbers, billing addresses, tax identification numbers, and project-related information to the extent necessary.

We do not collect sensitive personal data (race, religion, political opinion, health, genetic data, etc.) through this website.

3. Purposes of processing

  • To respond to inquiries and communicate with you as requested
  • To offer, provide, and administer our services and business contracts
  • To meet accounting, tax, and other legal obligations
  • To improve the quality of our website and services through aggregate usage analytics
  • To prevent fraud and abuse, and to maintain the security of our services
  • To comply with lawful requests from competent authorities

4. Legal basis for processing

We rely on the following legal bases:

  • Consent — for analytics cookies and any marketing communications
  • Contract — for performance of contracts with clients and partners
  • Legitimate interest — for responding to contact forms, system security, and service improvement
  • Legal obligation — for accounting and tax recordkeeping required by law

5. Sharing with third parties

We do not sell or rent your personal data. We only share data with service providers (data processors) that support our website and services, under data processing agreements meeting or exceeding the standards required by law.

Current service providers

  • Cloudflare, Inc. — CDN, hosting, DDoS protection, and cookieless web analytics (Cloudflare Web Analytics)
  • Google LLC — Google Analytics 4 (GA4) for visitor measurement and behavioral analytics. Loaded only after user consent, with IP anonymization enabled (servers located in the United States — usage constitutes an international data transfer under Standard Contractual Clauses)
  • Resend (Resend, Inc.) — transactional email for contact form notifications
  • Cloudflare Turnstile — bot protection during contact form submission

In limited cases, we may disclose data to government authorities pursuant to lawful orders such as court orders, or where necessary to protect the rights of the Company and our users.

6. Data retention periods

Data category Retention period
Contact form submissions Up to 2 years from the last contact
Client / business partner data For the duration of the contract plus 10 years (accounting and tax law)
Server logs Up to 90 days
Analytics cookies (aggregate) Up to 13 months

After these periods elapse, we will delete, destroy, or anonymize the data in accordance with appropriate standards.

7. Rights of data subjects

Under the PDPA, you have the following rights:

  • Right of access — request access and a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion when no longer necessary
  • Right to restrict processing — request temporary suspension of use
  • Right to object — object to certain processing activities
  • Right to data portability — receive your data in a machine-readable format
  • Right to withdraw consent — withdraw consent at any time
  • Right to lodge a complaint — file a complaint with the Personal Data Protection Committee

You can exercise these rights by contacting us via the channels in section 9. We will respond within 30 days of receiving your request.

8. Data security

We apply technical and organizational security measures including:

  • TLS 1.2+ encryption for data in transit
  • Access control and multi-factor authentication
  • Security audit logging and monitoring
  • Employee training on PDPA and information security
  • Incident response procedures and breach notification within 72 hours as required by law

9. Contact us

For questions, complaints, or to exercise your rights, please contact:

Data Protection Officer (DPO)
BIGGO Analytics Co., Ltd.
77/18 Soi Borommaratchachonnani 68, Salathammasop, Thawi Watthana, Bangkok 10170
Email: [email protected]

This policy may be updated from time to time to reflect legal requirements and service changes. Material changes will be announced on this website.

See our cookie policy →