Global searching is not enabled.
Skip to main content

Privacy Policy


Who Manages the Data

    • ASEAN Access LEARN, operated by Members in ASEAN Member States, is responsible for managing the privacy of its Users.
    • The website is developed by CONXO-Lab Co. Ltd and hosted by Hosting Lotus Co., Ltd, both located in Thailand.

Types of Data Collected

  1. Non-Personal Data: Browser type, language preference, referring site, date and time of each visit.
  2. Personal Data: For registered users, the site collects names, email addresses, country of residence, and optional details like company name, industry, and gender. Further personal information can be optionally provided post-registration.
  3. User Activity: Activities, grades, and other information related to the Moodle-based training courses are logged.

Purpose of Data Collection

Data is used to evaluate user registration numbers, tailor services, notify Users of new services, and generally deliver the services offered.

Data Sharing

Data is only disclosed to Members' employees, contractors, and affiliated organisations. It may also be disclosed in response to legal requests.

User Rights

Users have rights to access, correct, delete, and restrict their personal data, among other rights.

Data Storage and Security

    • Data is stored as long as the website is operational or until a User requests its removal.
    • The site uses GDPR-compliant security measures to protect personal data.

Third-Party Links

Users are advised to review the privacy policies of third-party sites linked on the website, as ASEAN Access LEARN is not responsible for those sites.

Data Breach

In case of a data breach, Users will be notified within 72 hours.

Changes to Privacy Policy

Any changes will be communicated via the website or email.

Contact Information

For any questions, contact or The Office of SMEs Promotion, Bangkok, Thailand.

ASEAN Access LEARN Privacy Policy 



The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.



    • Members refers to the organisations who are members of the national administration teams (also referred to as “Us/Our/We”) in ASEAN Member States and any other organisations or individuals who might be given administration rights to the ASEAN Access LEARN.
    • Website refers to ASEAN Access LEARN, accessed via (can be referred to also as “ASEAN Access LEARN” or “LEARN” within this document). 
    • User means the individual or a company accessing the Website, or other legal entity on behalf of which such individual or company is accessing or using the Website, as applicable. The use of the Website is only for Users who are at least 18 years old. Users can also be referred to as “You” within this document.
    • Services refer to any training courses, live or self-study, offered through the Website (can be referred to as “Training” or “Trainings”). 
    • Materials refers to any information, data and documents, images, videos, and other information of similar nature, published or uploaded on the Website.
    • Content refers Services and Materials collectively. 


The Members aim to protect Website Users' privacy and any personally identifiable information that may be collected from and/or provided by Users while visiting and using, as registered Users, the Website (either on a computer, laptop or mobile). User data will never be transferred to anyone without the User's consent. 

This Privacy Policy explains what information may be collected on the Website, how this information is used, and under what circumstances the information may be disclosed to third parties.


Unless expressly stated otherwise, the findings, interpretations and conclusions expressed in the Content on this Website are those of the various Members who prepared the Content and do not necessarily represent the views of the ASEAN Member States.

The Website is developed and managed by the web development agency CONXO-Lab Co. ltd., located in Thailand. The server is owned and managed by Hosting Lotus Co., Ltd, located in Thailand, without any access to User data stored in the server. 

Website visitors
The Members collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. This enables the Members to better understand how visitors use the Website. From time to time, the Members may release non-personally- identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

The Members also collect non-personally-identifying information like Internet Protocol (IP) addresses for logged in Users. The Members only disclose logged in Users' IP addresses to third parties (such as anti-fraud agencies or law-enforcement agencies) under certain conditions outlined in law, if it is necessary and proportionate for lawful, specific purposes. The same circumstances apply to disclosure of personally-identifying information as described below.

Gathering of personally-identifying information
When registering on ASEAN Access, the information Users are asked to enter is the following: first name, surname, email address, country of residence, company name, industry, and optionally, their gender. Post-registration, Users can choose to add more information to their profile: add a profile (personal) picture, personal description, any additional names, interests, ID number, institution, department, phone and mobile phone, address. Post-registration, personally-identifying information is optional to fill in. 

User Logs
The Platform is based on Moodle. Moodle also logs User activity. We will gather the following data via logs for each and every time You log into Moodle:

    • Moodle training ID of what You accessed;
    • Timestamp of when You accessed;
    • Action type of what You did;
    • Moodle object the action was on e.g. certificate, file etc.;
    • IP address of the logged-in User whilst doing that action.

Information about grades, completion data, access rights, ownership of resources, assignments, and evidence of participation in other Moodle-based activities is held within the Moodle system
Moodle is also GDPR compliant.

Additional personal data may be held within individual courses, either within Materials uploaded to the course or within activities within the course. 

Data processing
The purpose of data processing is to enable the Members to: 

a. Evaluate the number of Users registered on the Website; 

b. Understand the countries where Users are located, industries they’re operating in, for better tailored Services; 

c. User data is also needed to notify Users of new Services that have been launched; 

d. Report on Content access and completion (such as grades, scores, Materials uploaded);

e. Produce usage statistics for management and planning purposes and to support an investigation into breaches of the code of discipline, Terms and 

   Conditions of ASEAN Access LEARN or illegal activities e.g. distribution of Materials, contributions/postings that are offensive, harassing or illegal (racist, 

   promoting terrorism etc), hacking/reverse engineering of IT systems;

f. Generally deliver the Service of ASEAN Access LEARN.

If a User registers on ASEAN Access and provides an email address, the Members may also use this email, from time to time, to contact some Users to ask for their feedback on ASEAN Access LEARN. The purpose of this is to improve the Content, and to prepare promotional materials for ASEAN Access LEARN. Users can always opt out of giving such feedback; participation is on a voluntary basis.  

Time limit of data storing
User data will be stored on the Website servers for as long as the Website is in operation, or until the User asks for their data to be removed from the Website.

User rights
Users of the Website have the following rights:

a. The right to be informed about the collection and use of their personal data.

b. The right of access to their personal data and the right to correct inaccurate or incomplete personal data. 

c. The right to request their personal data to be deleted.

d. The right to restrict the processing of their personal data.

e. The right to obtain data that the Members hold on them and to reuse it for their own purposes.

f. The right to object to the processing of their personal data at any time.

g. The right not to be subject to a decision based solely on automated processing, including profiling.

Force Majeure
Neither Members nor Users will be liable for any failure or delay in performing an obligation under this Privacy Policy that is due to any of the following causes, to the extent beyond its reasonable control: acts of God, accident, riots, war, terrorist act, epidemic, pandemic, quarantine, civil commotion, breakdown of communication facilities, breakdown of web host, breakdown of internet service provider, natural catastrophes, governmental acts or omissions, changes in laws or regulations, national strikes, fire, explosion, generalised lack of availability of raw materials or energy.

The security of Users' Personal Information is a top priority of the Members. The collected Personal Information is stored on servers that abide by pertinent GDPR security rules and backups are generated regularly, to prevent the loss of Personal Information of Users. Members aim to prevent the misuse, interference, loss or unauthorised accessing, modification or disclosure of personal information; to detect privacy breaches promptly; and to be ready to respond to potential privacy breaches in a timely and appropriate manner.

Cookies and tracking technologies
Cookies, beacons, tags and scripts are used by ASEAN Access LEARN. These technologies are used in analysing trends, administering the site, tracking Users’ movements around the Website and to gather demographic information about Our User base as a whole. We may receive reports based on the use of these technologies on an individual as well as aggregated basis.

Log files
We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information We collect about You.

Links to external websites
The Service may contain links to external sites that are not operated by the Members. If Users click on a third-party link, Users will be directed to that third party's site. It is strongly advised to review the Privacy Policy and Terms and Conditions of those websites. The Members have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites, products or services.

Protection of certain personally-identifying information
The Members disclose potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organisations that (i) need to know that information in order to process it on the Members' behalf or to provide Content available on the Website, and (ii) that have agreed not to disclose it to others. The Members will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organisations, as described above, the Members disclose potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when the Members believe in good faith that disclosure is reasonably necessary to protect the property or rights of the Members, third parties or the public at large.

The Members who have access to Your Personal Information, as granted for specific Content and specific time periods, are the following organisations:

1. Brunei Darussalam: 

a. Darussalam Enterprise (governmental business support agency)

b. Young Entrepreneur Association Brunei (non-governmental association)

2. Cambodia:

a. Ministry of Industry, Science, Technology and Innovation (governmental organisation)

b. Young Entrepreneurs Association of Cambodia (non-governmental organisation)

c. Cambodia Women Entrepreneurs Association (non-governmental organisation)

d. EuroCham Camodia (non-governmental organisation)

e. Impact Hub Phnom Penh (non-governmental organisation)

f. SHE Investments (non-governmental organisation)

3. Indonesia:

a. Ministry of Cooperatives and SMEs (governmental organisation)

b. SMESCO Indonesia (public service agency for SME support)

c. BerSama Indonesia (non-governmental organisation)

d. (non-governmental organisation)

e. Indonesia International Chamber of Commerce (non-governmental organisation)

f. Sustainable District Association (LTKL) (non-governmental organisation)

g. Partnership for Indonesia’s Sustainable Agriculture (PISAgro) (non-governmental organisation)

4. Lao PDR:

a. Department of SME Promotion (public SME support organisation)

b. Lao National Chamber of Commerce and Industry (non-governmental organisation)

5. Malaysia:

a. Ministry of Entrepreneur Development and Cooperatives (governmental organisation)

b. SME Corporation Malaysia (Malaysian national SME support agency)

c. Women Network Entrepreneurs Association (non-governmental organisation)

d. SME International Trade Association Malaysia (non-governmental organisation)

6. Myanmar:

a. Ministry of Industry (governmental organisation)

b. Secure Link Co.,Ltd (private business in the ICT sector; offers technical support to the Ministry of Industry in using the back end of ASEAN Access)

c. Myanmar Women Entrepreneurs Association (non-governmental organisation)

d. Myanmar Computer Federation (non-governmental organisation)

e. Myanmar Industries Association (non-governmental organisation)

f. Myanmar Food Processors and Exporters Association (non-governmental organisation)

7. The Philippines:

a. Department of Trade and Industry (governmental organisation)

b. Philippine Exporters Confederation (PHILEXPORT) (non-governmental organisation)

c. Women’s Business Council Philippines (non-governmental organisation)

d. Philippine Women’s Economic Network (non-governmental organisation)

e. Philippine Franchise Association (non-governmental organisation)

f. Philippine Chamber of Commerce and Industry (non-governmental organisation)

8. Singapore:

a.Enterprise Singapore (governmental organisation)

b. Association of Small and Medium Enterprises (non-governmental organisation)

c. Grow Asia (non-governmental organisation)

9. Thailand:

a. Office of SMEs Promotion of Thailand (governmental organisation)

b. The Federation of Thai Industries (non-governmental organisation)

c. Federation of Thai SMEs (non-governmental organisation)

d. Board of Trade of Thailand (non-governmental organisation)

e. Institute of SME Development (governmental organisation)

10. Vietnam

a. Ministry of Planning and Investment (governmental organisation)

b. Vietnam Chamber of Commerce and Industry (non-governmental organisation)

c. Vietnam Association of Small and Medium Enterprises (non-governmental organisation)

11. ASEAN Food and Beverage Alliance (non-governmental organisation)

12. Canada – ASEAN Business Council (non-governmental organisation)

13. EU – China Project Innovation Centre (non-governmental organisation)

14. ASEAN – Japan Centre (governmental organisation)

15. ASEAN – Korea Centre (governmental organisation)

16. Cassa Deposoti e Prestiti (CDP) (Italian non-governmental organisation).

*Exceptions – people or entities who have access to all User data at all times:

1) CONXO-Lab co., ltd., web development agency based in Bangkok, is the Website developer, and offers all back-office technical support services. Therefore, they also have access to User data. 

2) External consultant contracted to support OSMEP and other Members in delivery of the Service and monitoring of the performance targets outlined in the section "Data Processing", also has access to data from all countries. 

3) GIZ staff member in Thailand, assigned the back-end management tasks. 

The Members take all measures necessary to protect against the unauthorised access, use, alteration, or destruction of potentially personally identifying and personally identifying information.

Data breach
In case of a data breach on the Website, the Members will notify the Users via email within 72 hours. 

Privacy policy changes
Updates to this document will be changed/updated as the Content and Website evolves. Users are advised to take a copy for their own purpose. The Members will communicate updates on the website or by email as and when the updates become effective.

In case of any questions about the Privacy Policy, please contact the Members by email: or write to:
The Office of SMEs Promotion
21 TST Tower, FL.G,17,18,23 Viphavadi-Rangsit Rd.,
Chomphon, Jatujak,
Bangkok 10900,

9 October, 2023