Privacy Policy

LAST UPDATED
27 October 2025
Terms & ConditionsPrivacy Policy

Introduction and Scope

Bangkok Startup Association ("BSA," "the Association," "we," "us," or "our") is committed to protecting the privacy and personal data of our members, event participants, website visitors, and other individuals who interact with our organization (collectively, "you" or "Data Subjects"). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) of Thailand ("PDPA") and other applicable data protection laws. This Privacy Policy applies to all personal data collected through our website, member portal, mobile applications, events, membership applications, communications, and any other interactions with the Association. By submitting your membership application, accessing our services, attending our events, or otherwise providing personal data to the Association, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Data Controller and Contact Information

The Association is the data controller responsible for your personal data. For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:
  • Bangkok Startup Association
  • Address: Room No. 401-402, 501-507, 4th-5th Floor, Canvas Ploenchit Building, 546 Ploenchit Road, Lumphini, Pathum Wan, Bangkok, Thailand
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Personal Data Protection Committee or the Office of the Personal Data Protection Committee in Thailand.

Data Controller and Contact Information

We collect various categories of personal data depending on your relationship with the Association:

For Membership Applications and Member Accounts:

  • Identification information: full name, date of birth, nationality, identification card or passport number
  • Contact information: email address, telephone number, mailing address, business address
  • Professional information: company name, position or title, industry sector, business description, startup stage, professional background
  • Financial information: payment card details processed through third-party payment processors, billing address, transaction history
  • Login credentials: username, password, multi-factor authentication data

For Event Participation:

  • Registration information and attendance records
  • Dietary requirements or accessibility needs
  • Photographs and video recordings containing your image, voice, and likeness captured at events (unless you have opted out)
  • Content you submit during events including questions, comments, or presentations

For Member Directory and Networking:

  • Profile information you choose to share: biography, areas of expertise, social media links, business information
  • Communication preferences
  • Interaction data with other members

Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds under the PDPA:
Contractual Necessity: We process data to perform our obligations under the Terms and Conditions and membership agreements, including:
  • Processing membership applications
  • Providing access to benefits and member directory
  • Managing your member account
  • Billing and payment processing
  • Delivering member services
Explicit Consent: We process data based on your consent for:
  • Event photography and recordings (with 48-hour opt-out option)
  • Sharing your information in the member directory
  • Marketing communications and newsletters (withdrawable at any time)
Legal Compliance: We process data to comply with:
  • Tax requirements and accounting obligations
  • Anti-money laundering regulations
  • Court orders and government requests
Legitimate Interests: We process data to:
  • Improve our services and conduct analytics
  • Prevent fraud and misuse of our platforms
  • Enforce our Terms and Conditions and Code of Conduct
  • Protect our legal rights and property
  • Ensure community safety and integrity

How We Use Your Personal Data

We use your personal data for the following purposes:

Membership Management:

  • Process applications and verify eligibility
  • Create and maintain member accounts
  • Determine membership tier access and benefits
  • Communicate membership status and renewals
  • Provide customer support

Service Delivery:

  • Grant access to the member portal and member directory
  • Provide event registration and ticketing
  • Deliver partner benefits and discounts
  • Process payments through third-party processors
  • Send service-related notifications

Community Building and Networking:

  • Facilitate connections between members through the directory
  • Organize events and programs
  • Share relevant opportunities and resources
  • Foster ecosystem development

Marketing and Communications:

  • Send newsletters and updates about Association activities
  • Promote upcoming events and programs
  • Share partner offers and benefits
  • Conduct surveys to improve our services

Analytics and Improvements:

  • Analyze usage patterns and engagement
  • Evaluate program effectiveness
  • Improve website and member portal functionality
  • Develop new services and benefits

Compliance and Protection:

  • Enforce our Terms and Conditions and Code of Conduct
  • Prevent fraud and unauthorized access
  • Respond to legal requests and obligations
  • Protect our rights and property
  • Ensure community safety

Disclosure and Sharing of Personal Data

We may disclose your personal data to the following categories of recipients:

Member Directory Sharing:

  • Your name, company, position, contact details, and profile information are shared with other members according to your membership tier and privacy settings
  • Members may use this information for legitimate networking within the restrictions set forth in our Terms and Conditions

Third-Party Service Providers:

  • Payment processors (including Stripe) for processing membership fees and event payments
  • Email service providers for delivering communications
  • Event management platforms for registration and ticketing
  • Website hosting and IT infrastructure providers
  • Analytics and marketing platforms
  • Customer relationship management systems
  • All service providers are contractually bound to protect your data and use it only for specified purposes

Third-Party Service Providers:

  • We may share attendee lists and basic information with event partners and sponsors where you have consented or where necessary to deliver event benefits
  • Partners are prohibited from using your data for unsolicited marketing

Legal and Regulatory Authorities:

  • When required by Thai law, court orders, or government regulations
  • To enforce our legal rights and Terms and Conditions
  • To protect against fraud or security threats
  • In connection with legal proceedings or investigations

Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside Thailand, including to our service providers and partners located in jurisdictions that may not provide the same level of data protection as Thailand. When we transfer personal data internationally, we ensure appropriate safeguards are in place through:
  • Standard contractual clauses approved by data protection authorities
  • Binding corporate rules for intra-group transfers
  • Adequacy decisions recognizing equivalent protection
  • Your explicit consent for specific transfers
For payment processing through Stripe, your payment information may be transferred internationally in accordance with Stripe's privacy practices and applicable payment card industry standards. You acknowledge and consent to such international transfers when you provide your personal data to the Association.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal obligations:
  • Active Membership Accounts: Duration of your membership plus seven (7) years after termination or cancellation to maintain historical records, resolve disputes, and comply with tax and accounting requirements under Thai law
  • Event Participation Data: Photographs and videos retained indefinitely for promotional and archival purposes unless you have opted out or request deletion
  • Payment and Financial Records: Ten (10) years as required by Thai revenue and accounting laws
  • Marketing Communications: Until you withdraw consent or request deletion, after which we will suppress your data from marketing lists while retaining a record of your opt-out preference
  • Inactive Accounts: If your membership lapses and you do not renew within two (2) years, we may anonymize or delete non-essential personal data while retaining necessary records for legal and business purposes
  • Legal Claims: We may retain data longer where necessary to establish, exercise, or defend legal claims
Upon expiration of applicable retention periods, we will securely delete or anonymize your personal data in accordance with data protection principles.

Your Rights Under the PDPA

As a Data Subject under the PDPA, you have the following rights regarding your personal data:
  • Right of Access: Request confirmation of whether we process your personal data and obtain a copy of your personal data and information about our processing activities
  • Right to Rectification: Request correction of inaccurate, incomplete, or outdated personal data
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data where it is no longer necessary for the purposes collected, where you withdraw consent and no other legal basis applies, where you object to processing and no overriding legitimate grounds exist, or where data has been unlawfully processed (subject to legal retention obligations)
  • Right to Restriction of Processing: Request limitation of how we use your personal data in certain circumstances, such as while we verify accuracy or assess your objection to processing
  • Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller where technically feasible
  • Right to Object: Object to processing based on legitimate interests for compelling reasons relating to your particular situation, and we will cease processing unless we demonstrate compelling legitimate grounds that override your interests
  • Right to Withdraw Consent: Withdraw consent at any time for processing based on consent, without affecting the lawfulness of processing prior to withdrawal, by contacting us or using unsubscribe mechanisms in communications
  • Right to Lodge a Complaint: File a complaint with the Personal Data Protection Committee if you believe your rights have been violated
To Exercise Your Rights: Please submit a written request to hello@bkkstartup.com with sufficient information to verify your identity. We will respond to your request within thirty (30) days as required by the PDPA, and may extend this period by an additional thirty (30) days for complex requests. We reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests. Please note that exercising certain rights may affect your ability to use our services, and membership termination or data deletion does not entitle you to refunds of membership fees as stated in our Terms and Conditions.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. While we take reasonable steps to protect your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any suspected unauthorized access.

Cookies and Tracking Technologies

Our website and member portal use cookies, web beacons, and similar tracking technologies to enhance user experience, analyze usage patterns, and deliver personalized content:
  • Essential Cookies: Necessary for website functionality and authentication
  • Performance Cookies: Analyze how visitors use our platforms and improve performance
  • Functional Cookies: Remember your preferences and settings
  • Targeting Cookies: For marketing and advertising purposes (where you have consented)
You can control cookie settings through your browser preferences, but disabling certain cookies may limit functionality of our platforms. For detailed information about our cookie practices, please refer to our Cookie Policy available on our website or contact us.

Third-Party Links and Services

Our website and communications may contain links to third-party websites, applications, or services including partner organizations, event venues, and external resources. This Privacy Policy does not apply to third-party platforms, and we are not responsible for the privacy practices or content of external sites. We encourage you to review the privacy policies of any third-party services before providing personal data. Our provision of links does not constitute endorsement of third-party privacy practices.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will post the revised Privacy Policy on our website with the updated effective date and notify you of material changes through email, the member portal, or other appropriate communication methods. Your continued use of our services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Consent and Acknowledgment

By submitting your membership application, creating an account, attending our events, or otherwise providing personal data to the Association, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, disclosure, and processing of your personal data as described herein. For processing activities requiring explicit consent under the PDPA, we will obtain your separate consent through appropriate mechanisms including consent forms, checkboxes, or opt-in procedures. You may withdraw your consent at any time as described in the Your Rights section, subject to legal and contractual limitations.
Subscribe to the BSA Blog
Stay connected with BSA and receive new blog posts in your inbox.
BSA will handle your data pursuant to its Privacy Policy
Join the conversation
Stay in the loop with updates, announcements & members on the official BSA public chat!
Join BSA public chat
Privacy PolicyTerms & conditions
©2026 by Bangkok Startup Association
Designed by
Superpresence