BMG - Bangkok Modern Granite
Request a Private Conversation

Privacy Policy

Last updated: June 2025

Bangkok Modern Granite Co., Ltd. ("BMG", "we", "us") is committed to protecting your personal data in accordance with Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit bmg.co.th.

1. Data Controller

Bangkok Modern Granite Co., Ltd.
Email: bmgthai@bmg.co.th
Phone: +66 2 888 7788

2. Personal Data We Collect

We collect the following categories of personal data:

a) Data you provide directly

  • Full name
  • Email address
  • Phone number
  • WhatsApp number (optional)
  • Country
  • Project details and inquiries

b) Data collected automatically

  • IP address (anonymised for analytics)
  • Browser type and version
  • Pages visited, referral URLs, and session duration
  • Device type and screen resolution

Automatic data is collected only when you accept analytics cookies via our cookie consent banner.

3. Lawful Basis for Processing

Under the PDPA, we process your personal data on the following legal bases:

  • Consent (Section 19): Analytics and performance cookies are activated only after you explicitly accept via our cookie consent banner.
  • Contract (Section 24(3)): Contact form data is processed to respond to your inquiry and, where applicable, to prepare a quotation or fulfill a service agreement.
  • Legitimate Interest (Section 24(5)): We use basic security logs (IP address, CSRF tokens) to protect against fraud and abuse.

4. Purpose of Data Processing

We use the collected information to:

  • Respond to your inquiries about our natural stone products and services
  • Provide quotes and project estimates
  • Communicate about ongoing projects and orders
  • Analyse website usage to improve user experience (with consent)
  • Ensure website security and prevent abuse

5. Cookies & Tracking Technologies

Our website uses the following categories of cookies:

Cookie / Technology Type Purpose Consent Required
bmg_cookie_consent Strictly necessary Stores your cookie preference (localStorage) No
bmg_csrf_token Strictly necessary CSRF protection for form submissions (sessionStorage) No
Vercel Analytics Analytics Privacy-friendly page-view analytics (no personal identifiers stored) Yes
Vercel Speed Insights Performance Web-vital metrics to monitor page load performance Yes

You can withdraw your cookie consent at any time by clearing your browser's local storage or by clicking "Decline" if the consent banner reappears.

6. Data Retention Period

We retain personal data only for as long as necessary to fulfil the purposes described above:

  • Contact form submissions: Retained for up to 2 years after your last interaction, or as required for ongoing business relationships.
  • Analytics data: Aggregated, non-personally-identifiable data is retained by Vercel for up to 12 months.
  • Security logs: Retained for up to 90 days.

After the retention period, personal data is securely deleted or anonymised.

7. Third-Party Services & Cross-Border Data Transfer

Our website uses the following third-party services, some of which process data outside of Thailand:

Service Purpose Data Location
Vercel Website hosting, serverless functions, analytics, speed insights United States / Global CDN
Sanity.io Content management system (CMS), image CDN United States / EU
Google Sheets Material data synchronisation United States
YouTube (Google) Embedded video content (privacy-enhanced mode) United States

Under PDPA Section 28, we transfer personal data to these countries only where the destination country has adequate data protection standards or where we have implemented appropriate safeguards (contractual obligations with each service provider). Each third-party service operates under its own privacy policy.

8. Data Security Measures

We implement the following security measures to protect your personal data:

  • HTTPS/TLS encryption for all data in transit
  • CSRF (Cross-Site Request Forgery) protection on all form submissions
  • Rate limiting on API endpoints to prevent abuse
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • Input validation and sanitisation on all user-submitted data
  • Access to personal data restricted to authorised personnel only

9. Your Rights Under the PDPA

As a data subject, you have the following rights under the PDPA:

  • Right of Access (Section 30): Request a copy of the personal data we hold about you.
  • Right to Rectification (Section 35): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Section 33(5)): Request deletion or anonymisation of your personal data when it is no longer necessary.
  • Right to Restrict Processing (Section 34): Request that we limit how your data is processed.
  • Right to Data Portability (Section 31): Request to receive your data in a structured, machine-readable format.
  • Right to Object (Section 32): Object to processing based on legitimate interests.
  • Right to Withdraw Consent (Section 19): Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with the Personal Data Protection Committee (PDPC) if you believe your rights have been violated.

To exercise any of these rights, please contact our Data Protection Officer using the details below. We will respond to your request within 30 days.

10. Data Protection Officer (DPO)

For any questions, concerns, or requests regarding your personal data, please contact:

Data Protection Officer
Bangkok Modern Granite Co., Ltd.
Email: bmgthai@bmg.co.th
Phone: +66 2 888 7788

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of the website after changes constitutes acceptance of the revised policy.