Privacy Policy

Golden Triangle Asian Elephant Foundation (GTAEF) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our place or website, tell you about privacy rights, and how the law protects you. For this privacy policy, personal data, or personal information, means any information about an individual from which that person can be identified.

It is important that you read this privacy policy together with any other privacy policy (if any) that we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies (if any) and is not intended to override them.
This privacy policy is provided in a layered format, so you can click through to the specific areas set out below.

  1. Data controller
  2. How we collect personal data
  3. Purposes for which your personal data is collected
  4. What personal data we collect
  5. To whom we may disclose your personal data
  6. International transfers
  7. Data retention
  8. Your rights
  9. Our Contact Details
  10. Security of your personal data
  11. Cookies
  12. Liability
  13. Changes to this privacy policy

 

1. Data Controller

This privacy policy is issued on behalf of Golden Triangle Asian Elephant Foundation in Thailand. Golden Triangle Asian Elephant Foundation is a company registered and existing under the laws of Thailand, having its registered company at 88 The Parq Building, 12th Floor, Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok, 101110 Thailand (hereinafter the “Company,” “we,” “us,” or “our”).

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Please note that our website is not intended for children and minors, and we do not knowingly solicit or collect personal data from anyone under the age of 18, other than from a parent or legal guardian with consent. As a parent or legal guardian, please do not allow your children to submit personal data without your permission.

2. How we collect personal data

This privacy policy aims to give you information on how we collect and process your personal data through your use of our website from which you are accessing this privacy policy, including any data you may provide when you use our:

  1. Online services, such as websites owned or controlled by us, web, social media pages, HTML-formatted email messages; or
  2. Offline interactions, when you visit our foundation or through other offline interactions.

We use different methods to collect data:

  1. Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email, or otherwise, including when you call our call center, contact us to inquire about our foundation, or submit requests or claims. This includes personal data you provide online when you sign up for a newsletter or participate in a survey, contest or promotional offer. We collect personal data offline, when you visit our foundation.
  2. Automated technologies or interactions. As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.
  3. Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources including business partners, social media.
  4. Security Systems. When you visit our partner properties, information may be collected about you through such properties’ closed-circuit television systems, and/or other security systems.

3. Purposes for which your personal data is collected

We only process your personal data as described in this privacy policy and always in compliance with the applicable Thai data protection laws, as follows:

  1. Where we obtained your consent (as required by law);
  2. To take steps at your request before entering into a contract and to perform contractual obligations between you and the Foundation;
  3. Where it is necessary for legitimate interests of the Foundation or any other persons or juristic persons, except where your fundamental rights override such interests;
  4. To comply with laws to which the Foundation is subject;
  5. Where it is necessary to prevent or suppress a danger to a person’s life, body, or health (if any).

We collect, use, or disclose your personal data to the extent permitted or required under applicable law, for the following purposes:

  1. Perform our contract with you, process and manage your donations or use of the Foundation’s Services, your use of the Sites and the Services via both online and offline channels.
  2. Respond to your service inquiries, handle the complaint management process which you have raised, or take other actions in response to your inquiries or other Site activities or other customer service platforms.
  3. Communicate with you by post, telephone, email, and social media about your donations, your services, accounts and program participation, and your requests for information.
  4. Public relations, i.e. taking your photos and/or video (with/without voice) at the Foundation’s events.
  5. Give information and communicate with you by email, via our Sites and other online channels about our services, news, and events, and offer our services, and promotions, including co-branded offers and Group of Companies and business partner offers.
  6. Conduct personalized marketing and promotions, including analyze your transactions and donation history.
  7. Request feedback or participation in surveys (including satisfaction survey), conduct market research and/or analysis for us to review, develop and improve the quality of our Services, and test and improve our systems, and prevent the misuse or improper use of our Services.
  8. Improve our Services, and relevant processes.
  9. Conduct operations planning, reporting and forecasting.
  10. Manage risks and undertake internal audit and administration, for example, to prevent fraud or undertake detection, to investigate requests for use of our internal information systems.
  11. Comply with laws, regulations, orders, legal requirements and obligations of the Foundation, or report or disclose information to government authorities as required by laws, for example, the Revenue Department, or upon receiving an order or a writ of attachment from police officers, government authorities, courts, or other competent authorities, undertake detection and investigation under legal procedures and other regulations including establishment, compliance or exercise of the rights to legal claims or defense against the rights to legal claims.
  12. Assign rights, obligations and any benefits under a contract between you and the Foundation which have been done legally, for example, merger or transfer of the contract.

In the case where it is necessary for the Foundation to process your sensitive personal data, the Foundation shall obtain your explicit consent, unless the explicit consent is not required by law.

If the personal data is required for the purpose of performance of a contract or to comply with applicable laws, and if you do not provide us with such necessary personal data, the Foundation will not be able to provide you with the Services.

4. What personal data we collect

We may collect, use, store and transfer different kinds of personal data about you which we have arranged according to the different purposes as follows:

  1. Contact information such as email address, mailing address, and phone number, home address, if you interact with us through social media sites, we may collect your username and other relevant details;
  2. Personal Identification Information: full name, height, date of birth, national identification number, nationality;
  3. Payment information such as payment details, billing address, bank account information, debit card number, credit card number;
  4. Copies of your correspondence if you contact us;
  5. Your interests and preferences, feedback and survey responses;
  6. Information collected through the use of closed-circuit television systems, and other security systems;
  7. Information related to your use and interaction with our website and social media channels; and
  8. Information as requested by government authorities to fulfill our legal obligations.
  9. Your photo from the Foundation’s events.
  10. Normally, we do not collect the following special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. However, in some specific cases, we may need to collect your religious belief and/or blood type as appeared on a copy of your identification card (if any).

Minor, incompetent individual, and quasi-competent individual

Our website is intended only for persons who are at least sixteen (16) years old. If you are an individual under 20 years of age (“Minor”) or individuals who are not legally competent to give consent, you confirm that you have obtained consent from (on case-by-case basis):

a) The legal representative of the Minor when the Minor is not entitled to act alone or when the Minor is not more than 10 years of age;
b) The guardian who has the power to act on behalf of the data subject who is an incompetent individual.
c) The curator who has the power to act on behalf of the data subject who is a quasi-competent individual.

5. To whom we may disclose your personal data

Our goal is to improve your experience, and to do so, we may share personal data with the following parties:

Group companies

We may share your personal data among our Group of Companies (https://www.minor.com/en/lifestyle/affiliated-companies) to send marketing communications.

Our service providers

We may share your personal data with third-party service providers who provide data processing services to us, such as credit card and payment processing to facilitate donations and online services and advertising tailored to your interests. Our third-party service providers will only process personal data as needed to perform their functions. They are not permitted to share or use personal data for any other purpose.

Our business partners

We may share your personal data with business partners with whom we may jointly offer products or services. You can tell when a third-party business partner is involved in a service you have requested because their name will appear, either alone or with ours. If you choose to access these optional services, we will share your personal data with those partners. Besides, we may transfer your personal data to our partners such as banks, telecommunications providers, retail, e-commerce, with whom we jointly offer products or services, or whose products or services may be offered to you. Personal data shared in this way will be governed by the third party’s privacy policy and not this privacy policy.

Social networking sites

We allow you to login on our sites and platforms without the need to fill out a form. If you log in using the social network login system, you explicitly authorize us to access and store public data on your social network accounts (e.g. Facebook, Google, Instagram), as well as other data mentioned during use of such social network login system. In addition, we may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.

Third parties required by law

In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation. This includes any law enforcement agency, court, regulator, government authority.

Professional advisors

This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.

Business Reorganization

We may share your personal data in case of any sale, assignment, or other transfer of our business or transition of service to another provider. We will ask for your consent if required by applicable law.

We provide appropriate protections for such sharing of personal data as required by the applicable law to prohibit third parties from using your personal data for their own purposes and to address the security and confidentiality of your personal data. Except as specified above, we will not disclose your personal data to third parties without your consent.

6. International transfers

We may disclose or transfer your personal data to third parties or servers located overseas, which the destination countries may or may not have the same equivalent level of protection for personal data protection standards.

Whenever we transfer your personal data, we will comply with the applicable Thai data protection law and ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Where we use certain service providers, we may use specific contracts to provide suitable protection measures which enable the enforcement of the data subject’s rights, including effective legal remedial measures according to the rules and methods as prescribed and announced by the Personal Data Protection Committee.

We rely on your consent as well as any other regulation that the applicable law provides.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

7. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the applicable country.

We would like to inform you about the following retention period:

  1. Your personal data involved in the processing under lawful grounds of contractual relationship will be stored for the entire duration of the contractual relationship and once it has ended until the responsibilities for both parties expire.
  2. Your personal data involved in the processing under lawful grounds of legal obligations, will be stored until the completion of this obligation.
  3. Your personal data involved in the processing under lawful grounds of legitimate interest, will be stored until the end of this interest.
  4. Your personal data involved in the processing under lawful grounds of consent, will be stored until the consent is withdrawn. In case of marketing communications, you may exercise your opt-out rights through the means provided in each of these communications.

Afterward, we will remove your Personal Information from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.

Details of retention periods for different aspects of your personal data are available in our retention statement which you can request from us by contacting us.

8. Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

Request access to your personal data

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of your personal data

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing your personal data

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

If you want us to establish the data’s accuracy.

Where our use of the data is unlawful, but you do not want us to erase it.

Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal data

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Right to withdraw consent

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you no longer want to receive marketing-related emails, you may opt-out by contacting us or by following the instructions in any email you receive from us.

Right to file a complaint

You have the right to file a complaint with the supervisory authority under the Personal Data Protection Act (“PDPA”) anytime the Company violates or does not comply with the PDPA.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances and we will indicate the reason for refusal.

Time limit to respond

We try to respond to all legitimate requests within one month or within the timeframe as specified by the applicable data protection legislation. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

9. Our Contact Details

If you wish to exercise the rights relating to your personal data, please contact us

By post: Golden Triangle Asian Elephant Foundation, 88 The Parq Building, 12th Floor, Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok, 101110 Thailand

By email: For any queries about your personal data under this privacy policy, please contact our Data Protection Officer at

10. Security of your personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Cookies

We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our website). These collect information that tells us how you use our website and web-related services. We use these to compile statistical reports on website activity.

This helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details, so we can recognize you if you visit our website again.

You can choose to refuse cookies or set your browser to let you know each time a website tries to set a cookie. For further information on cookies, visit www.aboutcookies.org or www.allaboutcookies.org where you can also find information on how to turn them off.

The type of cookies we use on this site include:

Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Analytics Cookies: We use these cookies to analyses and identify the behavior of our web visitors. We will track the IP address on the device you are using to identify you when visiting our website. When possible, we combine your online web behavior data with the personal data that you have previously supplied to us. This data will be used to analyses behavior on our website and to personalize your experience.

Advertising Cookies: These cookies may be set through our site by our advertising partners. They can be used and shared by those companies to build a profile of your interests and show you relevant adverts on other sites. This is based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Engagement Cookies: These cookies are used to provide additional functionality to the site and may affect your experience if they are turned off. They are used to allow enhancement widgets for live chat to provide customer support or alert widgets drawing your attention to updates and exclusive offers. These cookies may track your customer journey to personalize the support and messaging given.

If you wish to block the cookies, please visit:

Google AdWordshttp://www.google.com/settings/ads.

Facebook Pixel – You may disable any of these cookies or similar technologies via your browser settings.

Twitter Advertising – You may disable tailored advertisements via your Twitter settings by visiting the “Promoted content” and “Personalization” sections.

Google Analytics – You may disable any of these cookies via your browser settings or by downloading a browser add-in: https://tools.google.com/dlpage/gaoptout.

You may disable any of these cookies via your browser settings or change your cookies settings.

12. Liability

If you are providing the personal data of third parties to the Foundation, you guarantee that their authorization has been obtained to provide their data to the Foundation for the purposes in this privacy policy.

You will be liable for any false or inaccurate information provided and for direct or indirect damage caused to the Foundation or to third parties.

13. Changes to this privacy policy

We keep our privacy policy under regular review. At the top of this page you will see the date on which the privacy policy was last revised, and it is also the date from which any changes will become effective. Your use of the Services following these changes means that you accept the revised privacy policy. If you would like to review the version of the privacy policy that was effective immediately prior to this revision, please contact us at Golden Triangle Asian Elephant Foundation, 88 The Parq Building, 12th Floor, Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok, 101110 Thailand