Privacy notice
Bangkok Clinic Ledger is a small, non-commercial editorial project: a verification register of Bangkok aesthetic & medical clinics, scored on a public, reproducible protocol. The site itself is mostly published data; the only personal data it gathers comes through one form. This page sets out exactly what that form delivers, what becomes of it, and what you can ask about your own data, under Thailand's Personal Data Protection Act (PDPA, B.E. 2562 / 2019).
Who is responsible
The operator of bangkokclinicledger.com is the data controller for anything this page concerns, under the PDPA. To ask a question or exercise your rights, write to hello@bangkokclinicledger.com.
What the form collects
There is one way to reach us, and it is the form. It asks for the minimum —
- Your name, so a reply can address you.
- A contact detail (a messenger or email), so the reply has somewhere to go.
- A message — the practice to check, the entry to correct, or the right-of-reply you wish to file.
No account, no password, no payment details, no hidden profile. To blunt automated abuse, the time of sending is stored next to a salted SHA-256 hash of the originating IP address; the plain IP and any device traits are never kept.
What is refused on purpose
- No tracking cookies. Visits are counted with self-hosted, cookieless analytics served first-party from this domain; nothing follows you between sites.
- No advertising pixels, no remarketing tags, no marketing beacons.
- No automated profiling and no automated decision with a legal effect on you.
- Nothing sold, rented, or passed on.
Basis for processing
Handling your name, contact and message after you submit the form is done to act on your own request, with your consent given by submitting it, under the PDPA. The IP hash that protects the form serves a legitimate security purpose. The identity and TMC-registration data of the doctors shown in the register are drawn from official public-access sources (the Thailand Medical Council register, the MOPH licensed-facility register, the HA / JCI / AACI accreditation directories and the Thai DBD company register).
How long it is kept
- Form messages and the thread they begin: kept while the matter is open, then for 24 months as a record, and deleted after. A message that leads nowhere is removed after 12 months.
- IP hashes: kept 90 days, then erased.
Your PDPA rights
You keep the rights the PDPA guarantees — access, correction, anonymisation or deletion, portability, information about with whom data is shared, and withdrawal of consent — over everything you send. One email to hello@bangkokclinicledger.com sets any of them in motion, and you will hear back. You may also turn to the data-protection authority, the Office of the Personal Data Protection Committee (PDPC).
Where it is stored
The site is served over the Bangkok (Cloudflare) network. In the rare case that a further processor (email provider) operates outside Thailand, the transfer relies on contractual clauses and the safeguards that party publishes.
Changes
If the handling of data changes in any way that matters, this page is updated and the "Updated" date above moves with it.