Personal Data Protection Policy

ServerToday (Thailand) Co., Ltd.

ServerToday (Thailand) Co., Ltd. ("the Company") places the highest importance on personal data protection and the security of data processing, in compliance with the Personal Data Protection Act B.E. 2562 (PDPA) and the international standard ISO/IEC 27701:2019. This policy outlines the principles, guidelines, and measures for collecting, using, disclosing, and protecting personal data of customers, users, business partners, and all related parties.

Effective Date: May 6, 2025
Document ID: ISMS-1PC-005

Quick Navigation

1. Fundamental Processing Principles2. Personal Data We Process3. Sources of Personal Data4. Legal Basis for Processing5. Purposes of Processing6. Storage & Security Measures7. Disclosure & Data Transfers8. Data Subject Rights9. Cookies10. Data Breach Notification11. Contact Information12. Governing Law13. Policy Updates

1. Fundamental Principles for Personal Data Processing

The Company adheres to internationally recognized and PDPA-mandated principles for personal data processing:

  • Lawfulness, Fairness, Transparency

  • Purpose Limitation

  • Data Minimization

  • Accuracy

  • Storage Limitation

  • Integrity and Confidentiality

  • Accountability

2. Personal Data We Process

The Company may collect personal data such as name, contact information, email, phone number, user account data, website or email system usage data, technical data such as IP addresses, and computer traffic data under the Computer Crime Act B.E. 2550. Data is processed only to the extent necessary and consistent with the stated purposes.

3. Sources of Personal Data

The Company will not collect personal data except in the following cases:

3.1 The Company receives personal data directly from the data subject. The Company collects personal data during the following service processes:

  • Service registration, subscribing to updates, job applications, and other requests submitted to the Company
  • Voluntary data provided by the data subject, such as surveys, email correspondence, or other communication channels between the Company and the data subject
  • Data collected through website browser cookies and electronic transaction services

3.2 The Company receives personal data from third parties. The Company believes in good faith that such third parties have the right to collect and disclose the data to the Company.

5. Purposes of Personal Data Processing

The Company processes personal data for the following purposes:

  • Providing email systems and related services to customers
  • Communicating, sending notifications, and providing service information
  • Improving and developing services to meet user needs
  • Monitoring, analyzing, and reporting as required by security regulations
  • Complying with applicable laws, regulations, and standards

6. Storage and Security Measures

The Company implements measures in accordance with Section 37 of the PDPA and ISO/IEC 27701 standards, establishing appropriate technical, physical, and administrative security measures to prevent loss, unauthorized access, use, modification, alteration, or disclosure. These include:

  • Access control with authentication and authorization systems
  • Data encryption for stored data and data transmitted over networks
  • Logging and monitoring of data-related activities
  • Data backup and disaster recovery (DR & BCP)
  • PDPA and ISO/IEC 27701 training for employees and relevant parties
  • Regular review, testing, and assessment of security measures
  • Requiring data recipients to maintain confidentiality and process data only as specified by the Company

7. Disclosure and Data Transfers

The Company will not disclose personal data to third parties except when:

  • Consent has been obtained
  • Required by law
  • Engaging data processors with clear data protection agreements and legally mandated security measures

In the case of cross-border data transfers, the Company will verify that the destination country has adequate data protection standards.

8. Data Subject Rights

Data subjects may exercise the following rights under the law: request access to and obtain a copy of personal data

1. Right to Withdraw Consent

2. Right to Access

3. Right to Data Portability

4. Right to Object

5. Right to Erasure

6. Right to Restrict Processing

7. Right to Rectification

8. Right to Complain

You have the right to file a complaint with the competent authority if you believe that the collection, use, and/or disclosure of your personal data has been conducted in a manner that violates or fails to comply with applicable law.

9. Cookies

The Company's website uses cookies to analyze usage behavior. Users will be informed and consent will be obtained where required by law.

10. Data Breach Notification

The Company will notify the Personal Data Protection Committee within 72 hours of becoming aware of a breach, and will notify data subjects if there is a high risk to their rights and freedoms. The Company maintains an Incident Response Plan in accordance with ISO/IEC 27701 standards.

11. Contact Information

If you have questions or wish to exercise your rights, please contact:

Data Controller

ServerToday (Thailand) Co., Ltd.

111/128 Moo 2, Ratchaphruek Rd., Bangraknoi, Mueang Nonthaburi, Nonthaburi 11000

dpo@servertoday.com
www.servertoday.com
02-0263112

Data Protection Officer

DPO Team

111/128 Moo 2, Ratchaphruek Rd., Bangraknoi, Mueang Nonthaburi, Nonthaburi 11000

dpo@servertoday.com
02-0263112

12. Governing Law

This Personal Data Protection Policy is governed by and interpreted in accordance with Thai law. Thai courts shall have jurisdiction over any dispute that may arise.

13. Policy Updates

The Company may update this policy as appropriate. Updated versions will be published on the Company's website.

This policy is effective as of May 6, 2025

Download Document ID: ISMS-1PC-005