Privacy Policy
Effective Date: 1 June 2026 | Last Updated: 1 June 2026
1. Who We Are
Chakaruna is a global conscious community platform headquartered in Bangkok, Thailand. We organise cultural events, community dialogues, embodied practices, and global gatherings that celebrate diversity, belonging, and conscious connection. Our registered address is Bangkok, Thailand. For all privacy-related enquiries, you may contact us at [email protected].
For users in the European Economic Area (EEA) and the United Kingdom, Chakaruna acts as the data controller. For users in Thailand, Chakaruna acts as the data controller under the Thai PDPA. We have appointed a Data Protection Officer (DPO) who can be reached at [email protected].
2. Information We Collect
2.1 Information You Provide Directly
When you register for membership, sign up for our newsletter, register interest in events, or contact us, we collect: your full name, email address, country of residence, preferred language, membership tier, payment information (processed securely by our payment processor and not stored by us), and any other information you voluntarily provide in forms or correspondence.
2.2 Information Collected Automatically
When you visit our website, we automatically collect: IP address, browser type and version, operating system, referring URL, pages visited and time spent, device identifiers, and analytics data. This information is collected through cookies, web beacons, and similar tracking technologies. Please see Section 8 (Cookies) for more detail.
2.3 Sensitive Personal Data
Some of our community activities may involve information that constitutes sensitive personal data under applicable law, including information about sexual orientation, gender identity, religious or philosophical beliefs, or health. We only collect such information where you have given explicit, freely given, specific, informed, and unambiguous consent, and we apply heightened security measures to protect it. You may withdraw consent at any time without detriment.
2.4 Information from Third Parties
We may receive information about you from social media platforms if you choose to connect your account, from event co-organisers, or from publicly available sources, where permitted by applicable law.
3. How We Use Your Information
We use your personal information for the following purposes, each supported by a lawful basis:
| Purpose | Lawful Basis (GDPR / Thai PDPA) |
|---|---|
| Providing membership and community services | Performance of contract / Consent |
| Processing event registrations and payments | Performance of contract |
| Sending newsletters and community updates (with opt-in) | Consent |
| Responding to enquiries and support requests | Legitimate interests / Consent |
| Improving our website and services through analytics | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Preventing fraud and ensuring security | Legitimate interests / Legal obligation |
| Marketing our events and services (with opt-in) | Consent |
4. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:
4.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our website and delivering our services, including payment processors, email delivery services, analytics providers, cloud hosting providers, and event management platforms. These providers are contractually bound to process your data only on our instructions and to maintain appropriate security standards.
4.2 Event Co-organisers
Where you register for events co-organised with partner organisations, we may share relevant registration information with those partners solely for the purpose of managing your attendance. We will inform you of any such sharing at the time of registration.
4.3 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and your rights in relation to it.
5. International Data Transfers
Chakaruna operates globally, and your information may be transferred to and processed in countries other than your country of residence, including Thailand, the United States, and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.
Where we transfer personal data from the EEA, UK, or Switzerland to third countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognised transfer mechanisms. For transfers from Thailand, we comply with the cross-border transfer requirements under the Thai PDPA. For transfers from Brazil, we comply with the LGPD's international transfer provisions.
6. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
Active member data is retained for the duration of your membership plus three years. Event registration data is retained for three years after the event. Financial transaction records are retained for seven years as required by Thai accounting law and applicable tax regulations. Analytics data is retained in aggregated, anonymised form indefinitely. Where you withdraw consent or request deletion, we will delete or anonymise your data within 30 days, unless retention is required by law.
7. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data. We honour all of these rights regardless of where you are located:
| Right | Description | Applicable Laws |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | GDPR, Thai PDPA, CCPA, LGPD, PIPEDA, APPI, PIPA, SG PDPA |
| Rectification / Correction | Request correction of inaccurate or incomplete data | GDPR, Thai PDPA, LGPD, PIPEDA, APPI, PIPA, SG PDPA |
| Erasure / Deletion | Request deletion of your personal data ('right to be forgotten') | GDPR, Thai PDPA, CCPA, LGPD |
| Restriction of Processing | Request that we limit how we use your data | GDPR, Thai PDPA, LGPD |
| Data Portability | Receive your data in a structured, machine-readable format | GDPR, Thai PDPA, LGPD |
| Object to Processing | Object to processing based on legitimate interests or for direct marketing | GDPR, Thai PDPA, LGPD |
| Withdraw Consent | Withdraw consent at any time without affecting prior processing | GDPR, Thai PDPA, LGPD, CCPA, PIPEDA |
| Non-Discrimination (CCPA) | Not be discriminated against for exercising your privacy rights | CCPA/CPRA |
| Opt-Out of Sale/Sharing | Opt out of the sale or sharing of personal information | CCPA/CPRA |
| Lodge a Complaint | File a complaint with your local data protection authority | GDPR, Thai PDPA, LGPD, PIPEDA |
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our website, understand how it is used, and personalise your experience. The categories of cookies we use are:
8.1 Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be switched off. They are set in response to actions you take, such as logging in or filling in forms. No consent is required for these cookies.
8.2 Analytics Cookies
We use Umami Analytics, a privacy-friendly, GDPR-compliant analytics tool that does not use cookies and does not collect personally identifiable information. Aggregate usage data helps us understand how visitors interact with our website.
8.3 Marketing and Preference Cookies
If you opt in to marketing communications, we may use cookies to personalise content and measure the effectiveness of our campaigns. You can withdraw consent at any time by adjusting your browser settings or contacting us.
You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website. For users in the EEA, UK, and Thailand, we obtain your consent before placing non-essential cookies.
9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] and we will delete such information promptly. For events in Thailand, we comply with the Thai PDPA's provisions regarding minors.
10. Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of data in transit (TLS/SSL), access controls, regular security assessments, and staff training on data protection. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.
11. Jurisdiction-Specific Provisions
11.1 European Economic Area and United Kingdom (GDPR / UK GDPR)
If you are located in the EEA or UK, you have the right to lodge a complaint with your local supervisory authority. Our lead supervisory authority for GDPR purposes is the Thai Personal Data Protection Committee (PDPC) for Thailand-based processing. You may also contact the supervisory authority in your country of habitual residence. Our processing is based on the lawful bases described in Section 3 above.
11.2 California, United States (CCPA/CPRA)
California residents have specific rights under the CCPA as amended by the CPRA. We do not sell personal information. We do not share personal information for cross-context behavioural advertising. California residents may submit requests to know, delete, or correct their personal information, and to opt out of sharing, by contacting us at [email protected]. We will not discriminate against you for exercising your CCPA rights. For sensitive personal information, we only use or disclose it for the purposes set out in this Policy.
11.3 Brazil (LGPD)
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to confirmation of processing, access, correction, anonymisation, portability, deletion, information about sharing, and the right to revoke consent. Our legal bases for processing are as described in Section 3. You may exercise your rights by contacting our DPO at [email protected].
11.4 Canada (PIPEDA)
If you are located in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access your personal information and challenge its accuracy. We obtain meaningful consent before collecting, using, or disclosing your personal information. You may withdraw consent subject to legal or contractual restrictions by contacting us.
11.5 Thailand (PDPA)
As a Thai-headquartered organisation, we comply fully with the Personal Data Protection Act B.E. 2562 (2019) and its subordinate regulations. We collect personal data only for specified, explicit, and legitimate purposes. We obtain consent where required and provide data subjects with the rights described in Section 7. Our Data Protection Officer can be contacted at [email protected]. Complaints may be submitted to the Office of the Personal Data Protection Committee (PDPC).
11.6 Singapore (PDPA)
For users in Singapore, we comply with the Personal Data Protection Act 2012 (PDPA) as amended. We have appointed a Data Protection Officer and implemented data protection policies and practices. You may contact our DPO at [email protected] to access, correct, or withdraw consent for the use of your personal data.
11.7 Japan (APPI) and South Korea (PIPA)
For users in Japan, we comply with the Act on the Protection of Personal Information (APPI). For users in South Korea, we comply with the Personal Information Protection Act (PIPA). In both cases, you have rights to access, correct, and delete your personal information, and to withdraw consent. Please contact us at [email protected] to exercise these rights.
12. Third-Party Links
Our website may contain links to third-party websites, social media platforms, or partner organisations. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (if you have provided one) or by posting a prominent notice on our website prior to the change becoming effective. The "Last Updated" date at the top of this page indicates when the Policy was most recently revised. Your continued use of our services after any changes constitutes your acceptance of the updated Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Bangkok, Thailand
General Enquiries: [email protected]
Data Protection Officer: [email protected]
© 2026 Chakaruna Co., Ltd.. All rights reserved. Privacy Policy | Terms of Use | Contact