Privacy Policy

Opterra Legal
Last updated: 1st March 2026

  1. Introduction

Opterra Legal (“we”, “us”, “our”) is committed to protecting personal data in accordance with:

  • Thailand’s Personal Data Protection Act (PDPA)
  • The General Data Protection Regulation (GDPR), where applicable
  • Applicable professional and ethical confidentiality obligations

This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our website and legal services.

  1. Data Controller

Under the PDPA, Opterra Legal acts as both a data controller and processor. We determine the purposes for which and the manner in which personal data is processed and also process personal data on behalf of a controller.

  1. Scope of This Policy

This Policy applies to personal data collected from:

  • Website visitors
  • Prospective clients
  • Clients
  • Corporate representatives
  • Opposing parties and witnesses
  • Service providers
  • Job applicants

  1. Categories of Personal Data We Collect

Depending on the nature of the engagement, we may collect:

4.1 Identification Data

  • Name
  • Nationality
  • Passport or ID details (where legally required)
  • Date of birth

4.2 Contact Information

  • Email address
  • Telephone number
  • Postal address

4.3 Professional / Corporate Information

  • Company name
  • Registration documents
  • Directorship details
  • Shareholding information

4.4 Financial Information

  • Billing information
  • Bank details
  • Transaction records

4.5 Case-Related Information

  • Documents and evidence
  • Contracts
  • Dispute details
  • Sensitive personal data where necessary for legal representation

4.6 Technical Data (Website)

  • IP address
  • Browser type
  • Device information
  • Cookies and usage data

  1. Lawful Bases for Processing

Under PDPA (Thailand)

We process personal data on the basis of:

  • Consent
  • Contractual necessity
  • Legal obligation
  • Legitimate interests

Special Categories of Data

Where sensitive personal data is processed (e.g., health data, criminal records), this is done strictly:

  • For the establishment, exercise, or defense of legal claims
  • In compliance with professional secrecy obligations
  • In accordance with PDPA and GDPR safeguards

  1. Purpose of Processing

We process personal data for the following purposes:

  • Providing legal advice and representation
  • Client onboarding and conflict checks
  • Regulatory compliance (e.g., anti-money laundering)
  • Billing and accounting
  • Court proceedings and dispute resolution
  • Internal administration and risk management
  • Website operation and improvement

We do not sell personal data.

We do not use client data for marketing without explicit consent.

  1. Professional Confidentiality

All information received in the course of legal representation is subject to strict professional confidentiality under Thai law and applicable ethical rules.

Access to personal data is limited to authorized personnel and professional advisers who are bound by confidentiality obligations.

  1. Disclosure of Personal Data

We may disclose personal data where necessary to:

  • Courts and tribunals
  • Regulatory authorities
  • Opposing counsel
  • External experts or consultants
  • IT and cloud service providers
  • Auditors and insurers

All third parties are subject to confidentiality and data protection obligations.

  1. International Data Transfers

Given the Firm’s international client base, personal data may be transferred outside Thailand or the European Economic Area.

Where required, we implement appropriate safeguards, including:

  • Standard contractual clauses
  • Adequacy decisions
  • Contractual confidentiality protections
  • Secure IT systems

  1. Data Retention

We retain personal data:

  • For the duration of the client relationship
  • For the period required by legal, regulatory, and professional obligations
  • As necessary for the establishment or defense of legal claims

Retention periods may vary depending on the nature of the matter.

  1. Data Security

We implement appropriate technical and organizational measures, including:

  • Secure document management systems
  • Access controls
  • Encrypted communications where appropriate
  • Secure storage of physical files
  • Restricted staff access

While we take reasonable steps to protect data, no system can guarantee absolute security.

  1. Your Rights

Under Thailand PDPA

You have the right to:

  • Access your personal data
  • Request correction
  • Request deletion (subject to legal limits)
  • Restrict processing
  • Object to processing
  • Withdraw consent

  1. Cookies and Website Tracking

Our website may use cookies and analytics tools to:

  • Ensure proper website functionality
  • Improve user experience
  • Analyze traffic

You may adjust browser settings to refuse cookies. A separate Cookie Policy may apply.

  1. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

  1. Updates to This Policy

We may update this Privacy Policy periodically. The most recent version will always be available on our website.

 

This Privacy Policy is governed by and constructed in accordance with the laws of Thailand, ensuring compliance with the PDPA and providing a framework for the secure and respectful handling of your personal data.