FORMICHELLA & SRITAWAT ATTORNEYS AT LAW CO., LTD. (“Firm”, “us”, “we” and “our”) understands that your privacy is important to you and that you care about how your personal data is used we respect and value the privacy of everyone who visits this website, WWW.FOSRLAW.COM (“Our Site”) and only collect and use your personal data as described in this Privacy Policy.

The Firm, as a data controller, is responsible for making sure that the systems and processes we use are compliant with data protection laws, to the extent that they apply to us.

Please read this Privacy Policy carefully and ensure that you understand and agree to all terms and conditions hereunder. Your acceptance of this Privacy Policy is required.


This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

Personal data is defined by the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

Your rights

Under the PDPA, you have the following rights, which we will always work to uphold:

  1. The right to be informed about our collection and use of your personal data.

This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 10.

  • The right to access to and request a copy of your personal data that we collect as a data controller.
    • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 10 to find out more.
    • The right to ask usto delete or otherwise dispose of any of your personal data that we hold.
    • The right to restrict (i.e. prevent) the processing of your personal data.
    • The right to object to us using your personal data for a particular purpose or purposes.
    • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
    • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

Lawful basis for the collection and the use of personal data

The Firm may collect and use personal data only on a necessary basis or with any of the following lawful basis:

  1. Performance of a contract

To perform our obligations under contractual arrangements with our clients, we may collect and use personal data provided by our clients, third parties, or the data subjects as required by the agreements to provide advice and deliverables in a wide range of professional legal services.

  • Legal obligation

We may collect, use, and share your personal data as required by applicable laws governing personal data protection, and labour protection including regulations, and by regulatory orders imposed by government agencies and regulators.

  • Legitimate interest

Our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services form us as part of running their organisation, provided that these do not interfere with your rights.

  • Consent

When no other lawful basis is available, we will ask you for specific permission to process some of your personal data, and we will only process your personal data in this way if you agree to us doing so. You may withdraw your consent at any time by contacting us at

The Collection of personal data

We may collect the following categories of personal data from Our Site’s visitors, clients, prospective clients, suppliers and other third parties:

  1. Basic data: Name, gender, title, organization, job responsibilities, phone number, mailing address, email address, contact details and information about family life (excluding special categories of data) including family, children, hobbies and interests;
  2. Special categories of data: in limited circumstances, where you have provided us with such information as it is necessary for a specific service we are providing to you: religious or other beliefs, racial or ethnic origin, sexual orientation, health data and details of trade union membership;
  3. Registration data:  Newsletter requests, event/seminar registrations, dietary preferences (excluding special categories of data), subscriptions, downloads, and username/ passwords;
  4. Client service data:  Personal Data received from clients in respect of employees, customers or other individuals known to clients, invoicing details and payment history, and client feedback;  
  5. Marketing data: Data about individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences;
  6. Transaction data: Personal data contained in documents, correspondence or other materials provided by or relating to transactions conducted by our clients;
  7. Compliance data: Government identifiers, passports or other identification documents, dates of birth, beneficial ownership data, and due diligence data;
  8. Job applicant data:  Data provided by job applicants or others on our Sites or offline means in connection with employment opportunities, which also may be subject to an additional relevant local recruitment privacy policy; and 
  9. Device data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Sites (Usage Data).

We collect personal data from a number of sources, either directly from the data subjects, or from clients, colleagues and public available sources. Where the Firm receives data from its clients about employees, customers or other individuals, the client is responsible for ensuring that any such data is transferred to us in compliance with applicable data protection laws.

The use of personal data we collected

The purposes for which we use personal, and the legal basis for such processing, are as follows:

  1. To provide legal advice and respond to inquiries we use basic data, registration data, client service data, and device data.  We need to process your information in this way in order to perform our obligations under our contracts with our clients;
  2. To manage our business operations and administer our client relationships we use basic data, special categories of data, registration data, marketing data and client service data.  This processing is necessary in order to perform our obligations under our contracts with our clients (e.g. issuing and processing invoices) and suppliers (e.g. managing the supply of goods and services);
  3. To make Our Site more intuitive and easy to use we use device data.  It is necessary for our legitimate interests to monitor how Our Site is used to help us improve the layout and information available on Our Site and provide a better service to Our Site users;
  4. To protect the security and effective functioning of Our Site and information technology systems we use basic data, registration data, transaction data, and device data.  It is necessary for our legitimate interests to monitor how Our Site is used to detect and prevent fraud, other crimes and the misuse of Our Site. This helps us to ensure that you can safely use Our Site;
  5. To provide relevant marketing such as providing you with information about events or services that may be of interest to you including legal services, legal updates, client conferences or networking events, and groups of specific interest (e.g. specific types of networking groups) we use marketing data, basic data, special categories of data, registration data, client service data, and device data. It is necessary for our legitimate interests to process this information in order to provide you with tailored and relevant marketing, updates and invitations;
  6. To address compliance and legal obligations, such as complying with the Firm’s tax reporting obligations, checking the identity of new clients and to prevent money laundering and/or fraud we use compliance data, basic data, registration data, transaction data, and device data. This processing is necessary for the purposes of complying with legal requirements to which we are subject; and
  7. To consider individuals for employment and contractor opportunities and manage on-boarding procedures we use job applicant data and compliance data. The processing is necessary for the purposes of recruitment and on-boarding and for complying with legal obligations to which we are subject and which may be subject to a relevant local recruitment privacy policy.

Data security

We have reasonable security policies and procedures in place to protect personal data from unauthorized loss, misuse, alteration, or destruction. Despite our best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal data is limited to those who have need to know. Those individuals who have access to your personal data are required to maintain the confidentiality of such information.

Sharing and transfer of personal data

We might share Personal Data with:

  1. Our professional consultants (e.g. lawyer and accountant);
  2. Government or regulatory authorities;
  3. Regulators, tax authorities and corporate registries;
  4. Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers; and
  5. Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, court, opposing party and their lawyers, document review platforms and experts such as tax advisors or valuers.

Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the services as effectively as we can.

Your personal data may be provided to the relevant recipient mentioned above which located overseas. Where your personal data is disclosed to an overseas recipient, we will only do so if the overseas recipient is bound by laws or other legally enforceable obligations which require them to provide to your personal data a standard of protection that is at least comparable to the protection under the PDPA.

Other disclosure

We may also disclose your personal data under the following circumstances:

  1. personal data may be shared with advisers as necessary in connection with the services they have been engaged to provide;
  2. when explicitly requested by you;
  3. when required to facilitate conferences or events hosted by a third party; and
  4. personal data may be shared with law enforcement, regulatory and other government agencies and professional bodies, as required by and/or in accordance with applicable law or regulation. The Firm may also review and use your personal data to determine whether disclosure is required or permitted.

Personal data retention

  We will hold your personal data on our systems for the longest of the following periods:

a) as long as is necessary for the relevant activities or services;

b) any retention period that is required by laws;

c) the end of the period in which litigation or investigations might arise in respect of the services

Cookies Policy

A Cookie is a small text file that a website stores on your PC, telephone or any other device, with information about your navigation on that website. Cookies are necessary to facilitate browsing and to make it more user-friendly, and they do not damage your computer.

While this Policy uses the general term “Cookies”, as they are the main method for storing information used by Our Site, the browser’s “Local Storage” space is also used for the same purposes as the Cookies. All the information included in this section is also applicable to this “Local Storage”.

The cookies we use are:

  1. Operational cookies, for us to operate Our Site, which are session cookies.
  2. Analytical and performance cookies, for us to recognize and count how many users there are of Our Site as well as to understand their navigation through it, in order for us to improve user experience, which are session cookies.
  3. Functional cookies, for us to improve the functional performance and user experience of Our Site, which are persistent cookies.
  4. Pop Up Cookie, for us to determine whether you have seen our pop up for cookies consent, so it does not get shown to you again after you dismiss it.

The information stored in the Cookies from Our Site is used exclusively by us, except for those identified below as “third-party cookies”, which are used and managed by external entities to provide services requested by us to improve our services and the experience of the user when browsing Our Site. The main services for which these “third-party cookies” are used are to obtain access statistics and to guarantee the payment transactions that are carried out.

The length of time cookies will stay on your device will depend on whether it is a “persistent” or “session” cookie. A persistent cookie will be stored by a web browser and will remain valid until its set expiration date, unless deleted by you before the expiration date. A session cookie, on the other hand, will expire at the end of your web session, when the web browser is closed.

If you prefer to avoid the use of Cookies on this page, taking into account the above-described limitations, first you must disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this website. You may use this option for preventing the use of Cookies at any time.

You may restrict, block, or delete the Cookies from Our Site at any time by changing the configuration of your browser following the steps indicated below. While settings are different in each browser, Cookies are normally configured in the “Preferences” or “Tools” menu. For further details on configuring Cookies in your browser, see the “Help” menu in the browser itself.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. To let you know when me make changes to this Privacy Policy, we will amend the revision date at the top of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Policy to be informed about how we are protecting your information.

Contact us

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of FORMICHELLA & SRITAWAT ATTORNEYS AT LAW CO., LTD.):

Email address:

Telephone number: +662-107-1882

Postal Address: 399 Interchange21 Building, 23rd Fl., Unit 3, Sukhumvit Road, Klongtoey-Nua, Wattana, Bangkok 10110 Thailand.