Khun Nuad

Privacy Policy

Last updated: March 3, 2026

1. Data Controller

The data controller for data processing on this website and in the context of the offered digital services is:

Frye.tech Co., Ltd.

436/3 Moo 4, Tambon Si Suttho

Amphoe Ban Dung, Udon Thani 41190

Thailand

E-Mail: info@frye.tech

Website: https://frye.tech

2. General Information on Data Processing

We process personal data exclusively within the framework of applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). Personal data is any information relating to an identified or identifiable natural person, e.g. name, email address, telephone number, booking data or IP address. Processing only takes place insofar as it is necessary for the provision of our website, our services, for communication with you or for the fulfillment of legal obligations.

3. Purposes and Legal Basis of Processing

We process personal data in particular for the following purposes:

  • for the technical provision and security of the website
  • for processing contact inquiries
  • for carrying out pre-contractual measures
  • for providing our SaaS and studio services
  • for managing bookings, customer data, invoices and vouchers
  • for fulfilling legal retention and proof obligations
  • for ensuring IT security and system stability

Processing is carried out on the basis of:

  • Art. 6 para. 1 lit. b GDPR (contract / pre-contractual measures)
  • Art. 6 para. 1 lit. c GDPR (legal obligation)
  • Art. 6 para. 1 lit. f GDPR (legitimate interests)
  • Art. 6 para. 1 lit. a GDPR (consent, where separately obtained)

4. Website Access / Server Log Files

When accessing this website, information is automatically collected by the hosting provider or the technical systems used. This includes in particular:

  • IP address
  • Date and time of access
  • Page / file accessed
  • Referrer URL
  • Browser type and browser version
  • Operating system
  • Access status / HTTP status code

This data is technically required to deliver the website, ensure stability and security, and detect misuse.

Legal basis: Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure, stable and error-free provision of the website. The log data is only stored for as long as necessary for the stated purposes.

5. Contact

When you contact us by email, contact form or other means, we process the data you provide to handle your inquiry.

Dabei können insbesondere folgende Daten verarbeitet werden:

  • Name
  • Email address
  • Phone number
  • Content of the message
  • Company/studio data if applicable
Legal basis: • Art. 6 para. 1 lit. b GDPR, insofar as the inquiry is aimed at concluding or performing a contract • otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in processing inquiries

6. Use of our SaaS and Studio Services

When you create a customer account, book a paid plan or use our studio/SaaS functions, we process the data required to provide and perform the services.

Dies betrifft insbesondere:

  • Master data of the studio / company
  • Contact details
  • Access data
  • Contract and order data
  • Billing data
  • Configuration data
  • Usage and administration data
  • Support and communication data

Zwecke der Verarbeitung:

  • Setting up and managing the customer account
  • Provision of booked functions
  • Technical administration
  • Support and troubleshooting
  • Invoicing and contract management
Legal basis: Art. 6 para. 1 lit. b GDPR.

7. Appointment Bookings and Customer Data

When appointment bookings are managed or customer data is stored via our systems, we process the data necessary for this purpose. This may include the following categories in particular:

  • Name
  • Contact details
  • Appointment and booking information
  • Booked services
  • Notes, as entered by the respective studio customer
  • Voucher or invoice information
Insofar as we process this data for our studio customers as a processor, processing takes place exclusively on the instructions of the respective studio operator on the basis of a data processing agreement in accordance with Art. 28 GDPR.

7. Appointment Bookings and Customer Data

When appointment bookings are managed or customer data is stored via our systems, we process the data necessary for this purpose. This may include the following categories in particular:
  • Name
  • Contact details
  • Appointment and booking information
  • Booked services
  • Notes, as entered by the respective studio customer
  • Voucher or invoice information

8. Registration, Login and Access Protection

For the use of protected areas, we process access data and security-relevant information to authenticate user accounts, prevent misuse and ensure the security of the platform.
  • Email address / login name
  • Encrypted or hashed authentication data
  • Login times
  • Security-relevant log data
  • Roles and permissions
Legal basis: Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure provision of the system and protection against unauthorized access.

9. Payment and Billing Data

In the context of paid services, we process data required for billing, accounting and receivables management, e.g.:
  • Name / company
  • Billing address
  • VAT ID / tax data, where required
  • Booked tariffs
  • Invoices
  • Payment status
  • Transaction references
Legal basis: • Art. 6 para. 1 lit. b GDPR for contract performance • Art. 6 para. 1 lit. c GDPR for fulfilling legal retention and accounting obligations

10. Cookies, Local Storage and Similar Technologies

Our website or application may use technically necessary cookies or comparable technologies to provide basic functions, security, language settings, session management or login states. Insofar as exclusively technically necessary technologies are used, this is done on the basis of our legitimate interest in a functional and secure provision of the website and services. Insofar as non-necessary cookies or similar technologies, in particular for tracking, analysis, marketing or external comfort functions, are used, this is only done after separate consent.
Legal basis: • Art. 6 para. 1 lit. f GDPR for necessary functions • Art. 6 para. 1 lit. a GDPR for processing requiring consent • supplementary § 25 TDDDG for storing information in terminal equipment or accessing it

11. Service Providers / Recipients

To provide our services, we use service providers who may process personal data on our behalf. These include providers in the areas of:
  • Cloud hosting / infrastructure
  • Email communication
  • Support and ticket systems
  • DNS and domain management
  • Optional integrations such as calendar or notification services

We conclude data processing agreements with these service providers where necessary.

12. Hosting and Processing in the EU

The primary productive data processing components are usually operated in the EU, particularly in AWS eu-central-1 (Frankfurt am Main, Germany). Public content may be delivered via caching or content delivery technologies for performance and security reasons. Technical connection data such as IP addresses may be processed in the process.

13. Third Country Reference / Access from Thailand

Our company is based in Thailand. Personal data is primarily processed in the EU. However, it may happen in individual cases that authorized persons in Thailand access data stored in the EU as part of support, maintenance, error analysis or technical administration. Insofar as this involves a third country transfer within the meaning of the GDPR, this is carried out on the basis of appropriate safeguards, in particular the EU standard contractual clauses according to Art. 46 GDPR as well as supplementary technical and organizational measures. These include in particular access restrictions, role-based permissions, encryption, logging and case-by-case access. A copy of the relevant safeguards can be requested upon request, insofar as this is not prevented by legal or contractual confidentiality obligations.

14. Storage Period

We only store personal data for as long as necessary for the respective purposes or as long as legal retention periods exist.

Typische Kriterien für die Speicherdauer sind:

  • Duration of the contractual relationship
  • Processing of inquiries
  • Legal retention periods
  • Proof and defense interests
  • Technical backup and recovery cycles

Insofar as data is no longer required after the end of the contract, it will be deleted or blocked, provided that no legal obligations prevent this.

15. Obligation to Provide Data

The provision of personal data is sometimes legally or contractually required. Without the required data, we may not be able to provide certain services, in particular registration, booking, support or contract performance.

16. Automated Decisions / Profiling

Exclusively automated decision-making within the meaning of Art. 22 GDPR does not take place unless we expressly state otherwise.

17. Rights of Data Subjects

Within the framework of the legal requirements, you have the following rights:
  • Right to information
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to revoke consent given at any time with effect for the future

To exercise your rights, a notification to the contact details mentioned above is sufficient.

18. Right to Complain to a Supervisory Authority

You have the right to complain to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. This right arises from Art. 77 GDPR.

19. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy if this is necessary due to legal, technical or organizational changes. The version published on this website applies in each case.
Privacy Policy