basecamp logo

Privacy Policy

Announced on December 18, 2025

Montivory Co., Ltd. (the "Company") develops and provides "basecamp", a learning and skills development service offered through the Company's platforms or websites (the "Service"). In providing the Service, the Company may need to collect, use, and disclose personal data of data subjects ("you"). The Company recognizes the importance of personal data protection and is committed to managing such data in a secure and appropriate manner.

This Privacy Policy (the "Policy") explains how the Company collects, uses, discloses, and protects your personal data, as well as your rights under applicable laws. By using the Service, you are deemed to have read and acknowledged the details in this Policy.

1. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person, whether directly or indirectly, such as name, surname, email address, telephone number, system usage information, but excluding information of legal entities, business contact information that does not identify an individual, or data that has been anonymized.

"Sensitive Data" means personal data that is classified as sensitive under applicable law, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, health data, disability, trade union membership, genetic data, or biometric data.

"Data Subject" means the natural person who is the owner of the Personal Data.

"Processing" means any operation or set of operations performed on Personal Data, such as collection, recording, storage, use, disclosure, deletion, or destruction.

"Data Controller" means a person or juristic person who has the authority to make decisions regarding the collection, use, or disclosure of Personal Data.

"Cookies" means small computer files that are stored on your device to remember certain information regarding your usage.

2. Categories of Data Subjects

In the initial phase of the Basecamp project, the Company processes Personal Data of the following main groups:

  • Customers/Users: individuals who register for and use the Basecamp Service or access the Company's content/platforms, whether as learners or general users.
  • General public: visitors to the Company's website or platforms who may contact the Company or submit forms through various channels.

If, in the future, the Company offers additional services or engages with other categories of data subjects, the Company may issue separate Privacy Notices for those specific groups.

3. Collection of Personal Data and Purposes

The Company collects Personal Data only as necessary and for lawful and explicit purposes.

3.1 Types of Personal Data Collected

Data you provide directly, such as:

Data from third-party identity providers (Single Sign-On), such as LINE, Google, or Facebook, as specified by the Company.

  • Information used for registration or account creation (name, surname, email, telephone number, password).
  • Information you submit through forms or communication channels.
  • Payment information (if any), processed via trusted payment service providers.

Usage data, such as:

  • Information about your use of the platform, pages visited, access time.
  • Responses to surveys, interactions with content.
  • Computer traffic data, IP address, browser type, and device used to access the Service.

3.2 Purposes of Processing Personal Data

The Company collects and uses your Personal Data for the following purposes:

  • To register you as a user and manage your account, including identity verification and account security.
  • To provide the Basecamp Service, including access to online courses, learning content, and tracking learning progress.
  • To communicate with you, respond to inquiries, provide service-related updates and important notifications.
  • To improve and develop the Service, including analyzing overall usage behavior (in a non-identifiable, aggregated form).
  • To prevent fraud, misuse, and copyright infringement, and to maintain the security and integrity of the systems.
  • To comply with applicable laws and legal obligations, such as retention of computer traffic data under relevant laws.

3.3 Legal Bases for Processing

The Company processes your Personal Data on appropriate legal bases, including:

  • Performance of a contract between you and the Company (e.g., provision of the platform, managing your user account).
  • Legitimate interests of the Company, provided that such interests do not override your fundamental rights and freedoms (e.g., service improvement, usage analytics, fraud prevention).
  • Compliance with legal obligations or orders of competent authorities.
  • Protection of vital interests of you or other persons (in urgent or necessary situations).

For Sensitive Data, the Company will not collect such data unless it is necessary and explicit consent has been obtained from you, or unless permitted by law.

4. Cookies and Tracking Technologies

The Company may currently use essential cookies that are necessary for the operation of the website or platform, such as remembering your login session. The Company also plans to develop and implement additional cookies or data tracking technologies in the future for purposes such as:

  • Analyzing and improving user experience on the platform.
  • Developing content and services that better match users' interests.
  • Measuring usage and the effectiveness of marketing campaigns on an aggregate basis.

When additional cookies and analytics/tracking tools are implemented, the Company will publish a separate Cookie Policy on its website or platforms and provide appropriate consent management tools for cookies where required.

5. Use and Disclosure of Personal Data

The Company will use your Personal Data only for the purposes notified and will not use or disclose your Personal Data in a manner that is incompatible with those purposes, unless:

  • Your consent has been obtained.
  • It is necessary for compliance with applicable laws or orders of competent authorities.
  • The data is used in a form that cannot identify you (e.g., statistical or anonymized data).

The Company may engage third-party service providers to support infrastructure and operations (such as cloud service providers, email delivery systems, payment systems). Such providers are required to implement appropriate Personal Data protection measures and may only process Personal Data to the extent necessary to provide services to the Company.

5.1 Cross-Border Transfers of Personal Data

As the Company uses cloud services and various technology services, your Personal Data may be transferred, transmitted, or stored on servers located outside Thailand.

The Company will ensure that:

  • Recipients in other countries provide an adequate level of Personal Data protection as required by law.
  • Appropriate technical and organizational security measures are in place.
  • Any cross-border transfers of Personal Data are carried out in compliance with applicable data protection laws.

You may contact the Company for further information on cross-border transfers of Personal Data at info@montivory.com.

6. Retention Period of Personal Data

The Company will retain your Personal Data only for as long as necessary to fulfill the purposes of processing and as required by applicable laws. In general:

  • User account data: retained for the duration of your account being active, and for 2 (two) years following the calendar year in which you cancel your membership or your account is closed (as specified in the Terms and Conditions of Service).
  • Inactive accounts: if your account has no activity for more than 6 (six) consecutive years, the Company may close the account automatically and retain the data in accordance with the period above.
  • Usage data and access logs: retained for 2 (two) years from the date of collection or as necessary for service improvement and fraud prevention.
  • Computer traffic data: retained for at least 90 (ninety) days from the date such data enters the system, in accordance with the Computer Crime Act B.E. 2550 (2007) as amended.
  • Data required for legal compliance (e.g., financial records, tax invoices, where payments are involved): retained for the period required by law (for example, 5 years under tax laws).
  • Records of processing of Sensitive Data (if any): retained for at least 3 years from the date processing ceases.

When Personal Data is no longer necessary or after the retention period expires, the Company will delete, destroy, or anonymize the data in a secure manner in line with recognized standards.

7. Data Subject Rights

Under applicable data protection laws, you may have the following rights (subject to legal conditions and exceptions):

  • Right of access and to obtain a copy of your Personal Data.
  • Right to rectification of your Personal Data to ensure it is accurate, up to date, and not misleading.
  • Right to erasure, destruction, or anonymization of your Personal Data when it is no longer necessary or when you withdraw consent and there is no other legal basis for processing.
  • Right to restriction of processing in certain circumstances.
  • Right to object to certain types of processing in specific situations.
  • Right to lodge a complaint with the relevant supervisory authority if you believe the Company or its data processors have violated applicable data protection laws.

7.1 Right to Withdraw Consent

You have the right to withdraw your consent to the processing of your Personal Data at any time while the Company holds such data.

Withdrawal of consent may result in:

  • Your inability to use some or all parts of the Basecamp Service.
  • The Company being unable to communicate with you or provide services as usual.
  • Suspension or closure of your user account.

You can submit a request to withdraw consent by email to info@montivory.com, specifying your full name, the data or processing for which you wish to withdraw consent, and acknowledging any potential impact. The Company will process your request within 30 (thirty) days from receipt, unless there is a legitimate reason requiring more time, in which case you will be informed.

8. Security Measures for Personal Data

The Company implements appropriate technical and organizational measures to protect Personal Data against loss, unauthorized or unlawful access, use, alteration, modification, or disclosure, such as:

  • Restricting access to Personal Data to personnel who need such data to perform their duties.
  • Establishing internal policies and practices regarding confidentiality and data security.
  • Using reasonable security measures such as passwords, encryption, and other security controls appropriate to each system.

9. Links to Third-Party Websites or Services

The Service may contain links to third-party websites or services which have their own privacy policies and practices. The Company is not responsible for the content, operation, or data protection practices of such third-party websites or services. You should review and understand their policies before using those services.

10. Contact Details and Data Controller

If you have any questions, suggestions, complaints, or wish to exercise your rights as a data subject under this Policy, you may contact:

Montivory Co., Ltd.
Address: 87, Unit 6, 22nd Floor, All Seasons Place Building, Witthayu Road, Lumpini Sub-district, Pathumwan District, Bangkok 10330, Thailand
Email: info@montivory.com or basecamp@montivory.com
LINE Official Account: @joinbasecamp
Website: joinbasecamp.co

The Company will review and respond to your request within 30 (thirty) days from the date of receipt. If additional time is required due to the nature of the request, the Company will inform you together with the reasons.

11. Changes to this Policy

The Company may review and update this Policy from time to time to reflect changes in the Service or applicable laws. The updated Policy will be published on the Company's website or platforms and will take effect from the date of publication, unless stated otherwise.