MCMM
Language: EN | ไทย
Charter your club →
Draft — pending final review before launch.
Legal

Privacy Notice

Updated: April 20, 2026

This Privacy Notice explains how MCMM collects, uses, and protects personal data, in line with the Personal Data Protection Act B.E. 2562 (2019) of Thailand (“PDPA”).

1. Who we are

MCMM is a software service operated from Thailand. For data your club uploads about its members, your club is the data controller and MCMM is the data processor. For your account information as an admin, we act as the data controller.

2. What we collect

We collect the minimum data needed to operate the Service:

  • Account data: name, email, phone number, club affiliation, language preference.
  • Club roster data: member names, contact details, dues status, payment history, ride participation, votes cast — all entered by your club.
  • Payment data: uploaded transfer slips and the metadata extracted from them. We do not store full bank-card numbers; card payments are tokenised by a regulated payment partner.
  • Technical data: IP address, device type, browser, and access logs, kept for security and abuse-detection purposes.

3. How we use it

We use personal data to provide the Service, process payments, send transactional notifications (receipts, reminders, announcements), monitor security, and meet legal obligations. We do not use your data for advertising and we do not sell it.

Processing is based on the contract between us and your club, our legitimate interest in operating and securing the Service, and — where required — your consent. You can withdraw consent for non-essential processing at any time.

5. Sharing

We share data only with service providers strictly necessary to run the Service (hosting, payment processing, transactional email, messaging delivery). These providers are bound by confidentiality and data-processing agreements. We do not transfer personal data outside Thailand without appropriate safeguards.

6. Retention

We retain personal data for as long as your club’s account is active, plus thirty days for data export, after which it is permanently deleted. Financial records may be kept longer where required by Thai tax or accounting law.

7. Your rights under PDPA

You have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You also have the right to lodge a complaint with the Personal Data Protection Committee. To exercise any of these rights, contact us via the Contact page.

8. Security

We use encryption in transit, hashed passwords, role-based access control, and audit logging on every sensitive action. No system is perfectly secure, but we work hard to keep yours as close to it as we can.

9. Updates

We may revise this Notice; the effective date above is updated each time. Material changes are announced in advance through the admin panel.