PDPA compliance
BXLivechat complies with Thailand's Personal Data Protection Act B.E. 2562 (2019).
Last updated: May 12, 2026
1. Scope
This document explains how BXLivechat complies with PDPA when processing personal data of individuals in Thailand or for businesses operating in Thailand.
2. Lawful basis
We process personal data on one of: consent, contract performance, legal obligation, vital interests, public interest, or legitimate interest. Each processing activity is mapped to a basis in our internal register.
3. Data subject rights
PDPA grants individuals the right to access, rectify, erase, restrict, port, and object to processing. To exercise any of these rights, email [email protected]. We respond within 30 days.
4. Data Protection Officer
Our Data Protection Officer can be reached at [email protected]. The DPO handles all PDPA inquiries and reports.
5. Data Processing Agreement
Businesses using BXLivechat to process Thai personal data can request a signed Data Processing Agreement (DPA). We provide it free of charge.
6. Cross-border transfers
Personal data may be transferred to Singapore and EU regions, both of which provide adequate protection under PDPA. We rely on Standard Contractual Clauses for additional safeguards.
7. Breach notification
We notify affected data subjects and the PDPC within 72 hours of becoming aware of a personal data breach that poses a risk to data subjects' rights and freedoms.