AsiaHabit Digital

Data management information


The purpose of this Privacy Notice (hereinafter referred to as the Notice) is to provide information about the data management practices of AsiaHabit Digital, hereinafter referred to as the Service Provider. The Service Provider respects the privacy of any person who uses the Services or comes into contact with the Service Provider in any way:

Hereinafter collectively referred to as: the privacy of Users.

The Service Provider acknowledges that it is bound by the contents of this Policy. The Service Provider shall treat Personal Data confidentially and shall take all security, technical and organisational measures to ensure data security.

If you have any questions, please contact us!

General information

As data controller, the Service Provider undertakes to handle, store and process users' data in compliance with the applicable data protection legislation, in particular with regard to the following legislation:

Personal data will be stored electronically, online, and at least in accordance with ISO/IEC27001, ISO/IEC27017, ISO/IEC27018, ISO/IEC27701, SSAE18/ISAE3402 standards.

The Service Provider shall carry out Data Processing only within the group of companies and only with the external contractor with whom it has concluded a contract for this purpose at the request or with the knowledge of the User.

By concluding a contract (whether in writing, orally, or by implicit conduct), the business partner consents to the collection and processing of data, assumes responsibility for the accuracy of the data provided by him/her and is entitled to provide them to the Service Provider and to consent to their processing.

In case of providing data of contact persons, employees, the business partner is responsible for having made the data subject familiar with this Privacy Policy and for informing him/her of the terms and conditions of data processing.

In order to ensure that the storage of personal data is limited to the necessary period, the Service Provider will review and delete data that has expired in the month of January each year.

The Service Provider shall not disclose Personal Data to third parties without the consent of the User, unless required to do so by law, public authority or court.

Data and contact details of the Service Provider

Name:AsiaHabit Digital Co.,Ltd.
Location:76, Sukhumvit 101/2 Alley, Bangkok, Thailand 10260
Public Protection Officer:Dr.Gyula Kizakis
Company registration number:0105564108581
Address number:0105564108581

Definitions of terms used in this leaflet

Sensitive data: data that can be associated with the data subject, in particular the name, the identification mark and one or more characteristics of the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from it concerning the data subject;

Controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions regarding the processing (including the means used) or has them executed by a processor on its behalf;

Controlling: any operation or set of operations which is performed on data, irrespective of the process used. In particular, the collection, recording, recording, organisation, storage, alteration, use, consultation, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction of data and the prevention of their further use, the taking of photographs, audio or video recordings, and the recording of physical characteristics which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);

Duration of processing: The Service Provider will store the User's Personal Data only for as long as necessary to achieve the purposes for which it was collected or until the User withdraws his/her consent to the processing. In case of legal obligations (e.g. billing), Personal Data will be kept for 5 years.

Transmission: making data available to a specified third party;

Deletion: rendering records unrecognisable in such a way that it is no longer possible to retrieve them;

Data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

Processor: a natural or legal person or unincorporated body which, under a contract with a controller, including a contract concluded pursuant to a legal provision, carries out processing of data;

Third party:a natural or legal person or unincorporated body other than the data subject, the controller or the processor;

Cookies: Cookies are temporarily stored on the User's device and can only store data that the User provides and/or authorises.

Purpose, legal basis, time of processing

Users' Personal Data is stored in the Service Provider's central Google Workspace & Cloud database. We use Google Analytics for aggregated, anonymous online traffic analysis, for which Google creates a randomly generated cookie. This cookie is anonymised and does not contain any identifiable information such as email, phone number, name, etc.

Business offer, privacy statement, contract, contact us

personal data processedpurpose of processinglegal basis for processingduration of processing
leading name, first name, position, e-mail address, telephone number, billing address, tax number, company registration number, correspondence, communicationfor the preparation, delivery and communication of individual business proposals, confidentiality agreements, contractsInfo tv. 5.§ 1/a  ▪️  EU 2016/679 regulation. 6.§ 1/a,c  ▪️  § 169 (2)until the withdrawal of the contribution, but for a maximum of 5 years

Online contact, login, registration

processed personal datapurpose of data processinglegal basis for processingduration of processing
e-mail address, passwordfor the preparation, delivery and communication of individual business proposals, confidentiality agreements, contractsEU Regulation 2016/679/EU. 6.§ 1/b  ▪️  Elker tv. 13/A.§ (3)until revoked
session cookies (cookies)to ensure proper functioningAct CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.), Article 13/A (3)until the end of the session
Google reCapthca cookieSecurity feature functionality - detailsAct CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.), Article 13/A (3)6 months

Protection of sensitive data

The IT environment used for the processing of Personal Data in the provision of the service is ensured in such a way that:

Transmission of personal data

Transfers abroad may only be made for the purpose of data processing. The User consents to the transfer of his/her data abroad in accordance with the provisions of applicable law. Please be informed that in order to fully provide our services, we work with partners, including the following entities, which may be involved in the processing of Personal Data. There is no joint processing of data.

processorservice requiredpurpose of data processingpersonal data transferred
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4, Ireland
Google Workspaceusing cloud-based office and collaboration toolslead name, first name, title, email address, telephone number, tax number, company registration number, correspondence, communications, contract data
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4, Ireland
Google Cloud Platformonline platforms, services, systems hostingsingle customer contracted
Mailgun Technologies represented by VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road, Cork T23AT2P, Ireland
MailGunsystem-wide email message managementa single customer contracted

Users' rights regarding their Personal Data

Users may, at any time, request information on the processing of their personal data, request the rectification, specification, erasure or restriction of their personal data and exercise any of the rights provided for by Regulation EU 2016/679. Without undue delay, and in any event within 30 days of receipt of the request, we will inform the User of the action taken in response to his/her request. If necessary, this period may be extended by a further 30 days, but in this case the Service Provider will provide information within 30 days of receipt of the request, stating the reasons for the delay.


The Service Provider shall be exempted from liability if the damage was caused by a cause beyond its control. The Service Provider shall not be liable for damages caused by the intentional or grossly negligent conduct of the injured party or if the User has provided third party data.


Amendment of the Privacy Policy

The Service Provider reserves the right to amend the Privacy Notice. The amended Privacy Notice shall enter into force on the 3rd working day following the date of the amendment.