ASEAN Access Privacy Policy


The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.


  • Administrators refers to the members of the national administration teams (also referred to as “Members”) in ASEAN Member States and any other organisations who are given administration rights to the Website.

  • Service refers to the Website.

  • User means the individual or a company accessing the Service, or other legal entity on behalf of which such individual or company is accessing or using the Service, as applicable.

  • Website refers to ASEAN Access, accessible from

  • Materials refers to any content, information, data and documents published or uploaded on the Website (referred to as either "Materials" or "Content" in this Disclaimer).


The Administrators aim to protect Website Users’ privacy and any personally identifiable information that may be collected from and/or provided by Users while visiting and using, as registered users, the Website (either on a computer, laptop or mobile). User data will never be transferred to anyone without the User's consent. 

This Privacy Policy, together with the Terms and Conditions, explains the general rules and policies governing the use of the Website, as well as what information may be collected on the Website, how this information is used, and under what circumstances the information may be disclosed to third parties.

The Website is developed and managed by the creative digital agency Pimclick and operated with a base in Thailand. 

Website Visitors

The Administrators collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. This enables the Administrators to better understand how visitors use the Website. From time to time, the Administrators may release non-personally- identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

The Administrators also collect personally-identifying information like Internet Protocol (IP) addresses for logged in Users. The Administrators only disclose logged in Users’ IP addresses to third parties (such as anti-fraud agencies or law-enforcement agencies) under certain conditions outlined in law, if it is necessary and proportionate for lawful, specific purposes. The same circumstances apply to disclosure of personally-identifying information as described below.

Gathering of personally-identifying information

When registering on ASEAN Access, the information Users are asked to enter depends on their user category. All Users are asked to enter their full name, email address, country of residence, and optionally, their address and phone number. Users who are categorised as Service Providers (definition provided at the time of registration) are additionally asked for personal and company name, country of company, company registration number and the local business support network where users are coming from, as required fields, with organisation type, tax number and the number of employees as optional fields. The Administrators collect information from Users when Users register on the Website. Post-registration, Users categorised as Service Providers are asked to create a profile for the service they offer, and they are required to enter the following information: name, type and description of the service, country where the company is registered, organisation name, email address, phone number and organisation logo.

Data processing

The purpose of data processing is to enable the Administrators to (i) evaluate the number of Users interested in accessing restricted Content of the Website; (ii) as a publicly funded Website, the Administrators have set performance targets for the website, and Users’ registrations contribute towards the target; (iii) User data is needed to allow the visibility and contact information of the Users categorised as Service Providers on the Website (iv) generally deliver the Service of ASEN Access.

If a User registers on ASEAN Access and provides an email address or email addresses, the Administrators may use this email, from time to time, to contact some Users to ask for their feedback on ASEAN Access. The purpose of this is to improve the Service and the Content, and to prepare promotional materials for ASEAN Access. Users can always opt out of giving such feedback; participation is on a voluntary basis.  

Time limit of data storing

User data will be stored on the Website servers for as long as the Website is in operation, or until the User asks for their data to be removed from the Website.

User rights

Users of the Website have the following rights:

(i) the right to be informed about the collection and use of their personal data.

(ii) the right of access to their personal data and the right to correct inaccurate or incomplete personal data. 

(iii) the right to request their personal data to be deleted.

(iv) the right to restrict the processing of their personal data.

(v) the right to obtain data that the Administrators hold on them and to reuse it for their own purposes.

(vi) the right to object to the processing of their personal data at any time.

(vii) the right not to be subject to a decision based solely on automated processing, including profiling.

Force Majeure

Neither Party will be liable for any failure or delay in performing an obligation under this Privacy Policy that is due to any of the following causes, to the extent beyond its reasonable control: acts of God, accident, riots, war, terrorist act, epidemic, pandemic, quarantine, civil commotion, breakdown of communication facilities, breakdown of web host, breakdown of internet service provider, natural catastrophes, governmental acts or omissions, changes in laws or regulations, national strikes, fire, explosion, generalised lack of availability of raw materials or energy.


The security of Users’ Personal Information is a top priority of the Administrators. The collected Personal Information is stored on servers that abide by pertinent GDPR security rules and backups are generated regularly, to prevent the loss of Personal Information of Users. Administrators aim to prevent the misuse, interference, loss or unauthorised accessing, modification or disclosure of personal information; to detect privacy breaches promptly; and to be ready to respond to potential privacy breaches in a timely and appropriate manner.

The server

The Server used to host the Website is LLC, owned by the Cloud Equity Group located in New York, New York in the United States. headquarters are in the United States but they have employees all around the world - all of which are mandated to follow this data privacy and handling policy according to the GDPR regulations.


Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognise your browser and capture and remember certain information. The Administrators, through the Website, use cookies to understand User’s preferences based on previous or current site activity. The Administrators may also use cookies to compile aggregate data about Website traffic and Website interaction.

Links to external websites

The Service may contain links to external sites that are not operated by the Administrators. If Users click on a third-party link, Users will be directed to that third party's site. It is strongly advised to review the Privacy Policy and Terms and Conditions of those websites. The Administrators have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites, products or services.

Protection of certain personally-identifying information

The Administrators disclose potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organisations that (i) need to know that information in order to process it on the Administrators’ behalf or to provide Material available on the Website, and (ii) that have agreed not to disclose it to others. The Administrators will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organisations, as described above, the Administrators disclose potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when the Administrators believe in good faith that disclosure is reasonably necessary to protect the property or rights of the Administrators, third parties or the public at large.

The “Members” only have access to User data from the country where they are located (with exceptions* as described below). Members who will be handling User data from their own country are as follows:

  1. Brunei Darussalam: 1) Darussalam Enterprise (governmental business support agency) 2) Young Entrepreneur Association Brunei (non-governmental association).

  2. Cambodia: 1) Ministry of Industry, Science, Technology and Innovation (governmental organisation) 2) Young Entrepreneurs Association of Cambodia (non-governmental organisation) 3) Cambodia Women Entrepreneurs Association (non-governmental organisation).

  3. Indonesia: 1) Ministry of Cooperatives and SMEs (governmental organisation) 2) SMESCO Indonesia (public service agency for SME support).

  4. Lao PDR: 1) Department of SME Promotion (public SME support organisation) 2) Lao National Chamber of Commerce and Industry (non-governmental organisation).

  5. Malaysia: 1) Ministry of Entrepreneur Development and Cooperatives (governmental organisation) 2) SME Corporation Malaysia (Malaysian national SME support agency).

  6. Myanmar: 1) Ministry of Industry (governmental organisation) 2) Secure Link Co.,Ltd (private business in the ICT sector; offers technical support to the Ministry of Industry in using the back end of ASEAN Access).

  7. The Philippines: 1) Department of Trade and Industry (governmental organisation) 2) Philippine Exporters Confederation ((non-governmental organisation for exporters)

  8. Singapore: 1) Enterprise Singapore (governmental organisation).

  9. Thailand: 1) The Federation of Thai Industries (non-governmental organisation) 2) Federation of Thai SMEs (non-governmental organisation) 3) Board of Trade of Thailand (non-governmental organisation).

  10. Vietnam: Ministry of Planning and Investment (governmental organisation).

* Exceptions:

Of the Members, Office of SMEs Promotion (OSMEP) in Thailand (governmental organisation), as the lead project partner for ASEAN Access in charge of monitoring and guiding the use of the portal, has access to data from all countries.

The ASEAN Secretariat, located in Indonesia as the central agency for facilitating communication between all ASEAN countries, also has access to data from all countries.

Pimclick Co. Ltd., web agency based in Bangkok, is the Website developer, and offers all back-office technical support services. Therefore, they also have access to the data from all countries.

External consultant contracted to support OSMEP and other Members in delivery of the Service and monitoring of the performance targets outlined in the section “Data Processing”, also has access to data from all countries. 

In order to improve the Service and User experience, the Administrators generate reports with the numbers of registered Users. These reports include the name, username and country of the User, and are visible to all Administrators in all 10 ASEAN Member States.

The Administrators takes all measures necessary to protect against the unauthorised access, use, alteration, or destruction of potentially personally identifying and personally identifying information.

Data breach

In case of a data breach on the Website, the Administrators will notify the Users via email within 72 hours. 

Privacy policy changes

Updates to this document will be changed/updated as the Service evolves. Users are advised to take a copy for their own purpose. The Administrators will communicate updates on the website as and when the updates become effective.


In case of any questions about the Privacy Policy, please contact the Administrators by email: or write to:

The Office of SMEs Promotion
21 TST Tower, FL.G,17,18,23 Viphavadi-Rangsit Rd.,
Chomphon, Jatujak,
Bangkok 10900,


November 18, 2021