Privacy Policy

This Privacy Policy applies to all personal data collected by Tivolin ("we," "us," or "our"), a financial education provider operating at 9/4 Rat-U-Thit 200 Pee Road, Patong, Kathu, Phuket 83150, Thailand. Tivolin is the data controller responsible for your personal data.

This policy covers:

• Visitors to our website at thhappynode
• Individuals who submit enquiry or contact forms
• Participants who enrol in our educational programs
• Any person who contacts us by phone or email

We do not knowingly collect data from individuals under the age of 18. Our educational programs are intended for adults aged 18 and above.

2.1 Information You Provide Directly

When you complete our contact form, enquire about a program, or communicate with us directly, we may collect:

• Full name — to address you correctly and personalise our communication
• Email address — to respond to your enquiry and, if you consent, send program updates
• Phone number (optional) — to allow us to contact you by telephone if preferred
• Message content — the details of your enquiry or question
• Program preferences — which of our programs you are interested in

If you enrol in a program, we may additionally collect information relevant to the educational content, such as your general financial situation, employment type, and household composition — only where you choose to share these voluntarily as part of the program sessions.

2.2 Information Collected Automatically

When you visit our website, certain technical data is collected automatically via cookies and analytics tools:

• IP address (anonymised by analytics providers)
• Browser type and version
• Device type (desktop, tablet, mobile)
• Pages visited and time spent on each page
• Referral source — how you arrived at our website
• Geographic region (country/city level, not precise location)

This data is used in aggregate form and is not linked to your identity unless you have also submitted a contact form.

2.3 Information from Third Parties

We may receive limited data from advertising platforms such as Meta and Microsoft Bing if you click on one of our advertisements. This typically includes a click identifier used to measure whether our advertising resulted in a website visit or enquiry. We do not purchase contact lists or acquire personal data from data brokers.

We do not use your personal data for automated decision-making or profiling that produces legal or significant effects.

Under Thailand's PDPA, we rely on the following legal bases to process personal data:

• Consent — for marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Performance of a contract — to deliver educational programs you have enrolled in or to take steps prior to enrolment at your request.
• Legitimate interests — for responding to enquiries, improving our website, preventing fraud, and maintaining site security, where those interests are not overridden by your rights.
• Legal obligation — where processing is necessary for compliance with Thai law.

Where we rely on legitimate interests, we have balanced these against your interests and rights and are satisfied that our legitimate interests do not override your fundamental rights and freedoms.

We do not sell your personal data. We may share data with the following categories of third parties, strictly for the purposes described:

5.1 Service Providers (Data Processors)

We work with trusted providers who process data on our behalf and under our instruction:

• Google LLC — website analytics (Google Analytics 4); servers may be located in the United States
• Meta Platforms Inc. — advertising measurement (Meta Pixel); servers may be located in the United States
• Microsoft Corporation — advertising analytics (Bing UET); servers may be located in the United States
• Email/hosting provider — for delivery of enquiry responses and program communications

All data processors are subject to data processing agreements and are required to handle data securely and only for the specified purposes.

5.2 International Data Transfers

When data is transferred to providers outside Thailand (e.g. Google or Meta in the United States), we ensure appropriate safeguards are in place. These may include standard contractual clauses approved by relevant authorities, the provider's binding corporate rules, or other recognised transfer mechanisms.

5.3 Legal Disclosure

We may disclose personal data to government authorities or law enforcement bodies where required to do so by Thai law or a court order, or where disclosure is necessary to protect the safety of individuals.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of Tivolin's business, personal data may be transferred to the new entity. You will be notified of any such change via email or a prominent notice on our website before your data is transferred or becomes subject to a different privacy policy.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our standard retention periods are:

When data reaches the end of its retention period, it is securely deleted or anonymised so it can no longer be linked to an individual.

We take the security of personal data seriously and implement appropriate technical and organisational measures to protect against unauthorised access, alteration, disclosure, or destruction. These include:

• HTTPS encryption for all data in transit between your browser and our server
• Access controls limiting who within our team can access personal data
• Regular review of our data handling practices and third-party providers
• Secure storage of contact form submissions
• Staff awareness of data protection obligations

While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. In the unlikely event of a personal data breach that poses a risk to your rights, we will notify relevant authorities within 72 hours and inform affected individuals without undue delay, in line with PDPA requirements.

We use cookies and similar technologies on our website. When you first visit, a consent banner allows you to choose which categories of cookies to accept. Strictly necessary cookies are always active; all others require your consent.

Our Cookie Policy provides full details of the cookies we use, their purposes, durations, and third-party providers. You can manage your preferences at any time by clearing your browser cookies (which resets the consent banner) or adjusting your browser settings.

Read our full Cookie Policy →

Our website may contain links to external websites — for example, references to financial institutions, government resources, or educational bodies. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policy of any third-party website you visit.

Our programs and website are directed at adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us at privacy@thhappynode and we will delete that data promptly.

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. When we make changes, we update the "Last updated" date at the top of this page. For significant changes, we will provide more prominent notice — such as a banner on our website or an email to participants — before the changes take effect.

We encourage you to review this page periodically. Continued use of our website or services after a policy update constitutes acknowledgement of the updated terms.