Privacy Policy

This Privacy Policy describes how Garuda Advisory ("the practice", "we", "our") collects, uses, and protects personal information in connection with our corporate governance consulting engagements and the operation of this website. We take the handling of personal information seriously, and this document is intended to be straightforward about our practices.

By engaging with the practice or using this website, you acknowledge that personal information may be handled in the manner described below. If you have questions about any aspect of this policy, you are welcome to contact us directly.

§ I — Information We May Collect

What personal information we hold

In the course of our work, we may collect and hold the following categories of personal information:

• Contact details — name, email address, telephone number, job title, and company affiliation — provided directly by you through our contact form, correspondence, or initial conversations.
• Professional information relevant to the engagement, including board roles, committee membership, and governance arrangements, shared during interviews or document review.
• Meeting notes, written observations, and correspondence produced in the course of an engagement.
• Website usage data collected through our analytics provider, including pages visited, time on site, and device type. This data is aggregated and not linked to individuals unless you have separately provided contact information.

We do not collect sensitive personal data (such as health information, political opinions, or financial account details) as part of our standard practice. If such information arises incidentally in a governance context, it is handled with corresponding care.

§ II — How We Use Your Information

Purpose and lawful basis for processing

Personal information held by the practice is used only for the following purposes:

• To communicate with you about an enquiry, a proposed engagement, or an active engagement.
• To carry out the advisory work described in an engagement letter — including interviews, document review, and preparation of written outputs.
• To maintain records of our work for professional and administrative purposes.
• To understand how our website is used, in order to improve it over time.

We do not use personal information for marketing purposes, nor do we share it with third parties for any commercial purpose. Personal information from one engagement is not referenced in or shared with any other engagement.

§ III — Disclosure and Third Parties

When information may be shared

We do not sell, rent, or disclose personal information to third parties except in the following limited circumstances:

• Where required by Thai law, a court order, or a regulatory authority with jurisdiction over the practice.
• To service providers who assist us in operating this website or managing our communications — for example, a hosting provider or email platform — where those providers are bound by appropriate confidentiality obligations.
• With your explicit agreement, where sharing specific information with another party forms part of the agreed scope of an engagement.

§ IV — Retention

How long we keep information

Contact information and correspondence relating to an enquiry that does not proceed to an engagement is retained for up to twelve months, after which it is deleted.

Information relating to completed engagements — including written outputs and working notes — is retained for seven years following the conclusion of the engagement, in accordance with standard professional practice, and then securely destroyed.

Website analytics data is retained in aggregated form for up to twenty-four months.

§ V — Your Rights

Access, correction, and deletion

Subject to applicable Thai data protection law, you may have the right to:

• Request access to personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your information, where retention is no longer necessary and no legal obligation requires us to keep it.
• Object to certain uses of your information.

To exercise any of these rights, please contact us at info@garudaadad or by telephone at +66 2 725 8136. We will respond within a reasonable period.

§ VI — Cookies

Use of cookies on this website

This website may use cookies — small text files placed on your device — to support basic site functionality and to collect anonymised analytics data. For full details of the cookies we use and how to manage them, please refer to our Cookie Policy.

§ VII — Security

How we protect your information

We take reasonable technical and organisational steps to protect personal information from unauthorised access, loss, or disclosure. Engagement documents are stored securely and accessible only to members of the practice directly involved in the relevant engagement. Written outputs shared with clients are transmitted through channels agreed with the client at the outset of the engagement.

No method of electronic storage or transmission is entirely without risk. If you have a concern about the security of information you have shared with us, please contact us directly.

§ VIII — Changes to this Policy

Updates and revisions

We may update this Privacy Policy from time to time to reflect changes in our practice or applicable law. Material changes will be noted with a revised date at the top of this page. Continued use of this website or engagement with the practice following an update constitutes acknowledgement of the revised policy.

§ IX — Contact

Questions and correspondence

All privacy-related enquiries may be directed to: