1) Scope

This Policy applies to our websites, mobile experiences, event pages, ticketing checkout, customer support channels, and related services (collectively, the "Services"). By using the Services, you consent to the practices described here, to the extent consent is required by applicable law.

2) Data Controller and Contact

Mind Father acts as the Data Controller for the personal data we process. You may contact us at privacy@mindfather.com. If applicable, our Data Protection Officer (DPO) can be reached at dpo@mindfather.com.

3) Personal Data We Collect

• Account & Identity Data: name, email, phone, postal address, login identifiers.
• Transaction Data: order details, payment method type, billing information (processed by our payment providers).
• Usage Data: pages viewed, clicks, session metadata, referring URLs.
• Device & Technical Data: IP address, device IDs, browser type, OS, network info.
• Cookies & Similar: identifiers that help us remember your preferences and improve performance.
• Communications: messages you send us, support tickets, survey responses.
• User Content: images, text, or other media you upload in connection with events.
• Sensitive Data: we do not intentionally collect sensitive personal data unless you provide it and we have a lawful basis.

4) Legal Bases (GDPR and Thailand PDPA)

We process personal data under one or more of the following legal bases:

• Consent: where you grant explicit permission (e.g., marketing emails, optional cookies).
• Contract: to provide and operate the Services you request, including ticket purchases.
• Legitimate Interests: to secure, improve, and personalize our Services, balanced against your rights.
• Legal Obligations: to comply with applicable laws (e.g., tax, accounting, law enforcement requests).
• Vital Interests/Public Interest: where necessary to protect vital interests or for public tasks authorized by law.

5) How We Use Personal Data

• Provide, maintain, and improve our websites and ticketing checkout.
• Process orders, payments, refunds, and customer service requests.
• Send transactional notices (e.g., purchase confirmations, event updates).
• Recommend content and personalize experiences.
• Monitor usage, prevent fraud, enforce policies, and maintain security.
• Conduct analytics, research, and performance measurement.
• Comply with law and respond to legitimate requests by authorities.
• With consent, send marketing communications you can opt out of at any time.

6) Cookies and Similar Technologies

We use cookies, SDKs, pixels, and local storage to operate our Services, remember preferences, keep you signed in, measure performance, and tailor content. You can control cookies via your browser settings. Some features may not function without certain cookies.

7) Sharing and Disclosures

• Service Providers: hosting, analytics, customer support, payment processing.
• Legal/Compliance: to competent authorities where required by law or to protect rights.
• Business Transfers: in connection with mergers, acquisitions, or asset sales.
• With Your Direction: when you connect to third parties or publish content.

8) International Data Transfers

Where personal data is transferred across borders, we implement appropriate safeguards, such as standard contractual clauses and technical/organizational measures, consistent with GDPR and PDPA.

9) Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, and as required by law (e.g., tax/accounting). Where feasible, we anonymize or aggregate data when retention is no longer necessary.

10) Security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration. No system is perfectly secure; we cannot guarantee absolute security.

11) Your Rights

Subject to applicable law (including GDPR and PDPA), you may have the right to:

• Access and obtain a copy of your personal data.
• Request correction of inaccurate or incomplete data.
• Request deletion where data is no longer needed or consent is withdrawn.
• Object to or restrict processing in certain circumstances.
• Receive data in a portable format where technically feasible.
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority.

12) Thailand PDPA Notice

For residents of Thailand, we process personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA). You may exercise PDPA rights by contacting us. Where consent is the legal basis, you may withdraw consent at any time. If we rely on legitimate interest, we assess and balance your rights and expectations. Our representative/DPO for PDPA inquiries can be reached at dpo@mindfather.com.

13) Children’s Privacy

Our Services are not directed to children under the age where parental consent is required by law in your jurisdiction. We do not knowingly collect personal data from such children without appropriate consent.

14) Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date reflects the latest changes. Material changes will be notified through the Services or via email where appropriate.

15) Contact Us

If you have questions about this Policy or our privacy practices, contact us at privacy@mindfather.com.