Privacy Policy (PDPA)

Your privacy is our priority. Learn how we collect, use, and protect your personal data in compliance with Thailand's Personal Data Protection Act (PDPA) and international standards.

Last Updated: January 8, 2026
PDPA Compliant

Quick Navigation

1. What Information We Collect2. How We Use Your Information3. Data Sharing & Disclosure4. Data Security & Protection5. Your Rights Under PDPA6. Cookies & Tracking7. International Data Transfers8. Data Retention Policy9. Privacy Notices by Category10. CCTV Policy11. Data Subject Rights Request12. Contact Us

Introduction

ServerToday (Thailand) Co., Ltd. ("ServerToday," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our services, or interact with us.

This policy complies with Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA), the European Union's General Data Protection Regulation (GDPR), and other applicable data protection laws.

Important: By using our website or services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please discontinue use of our services immediately.

1. What Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

  • Request a quote or consultation through our contact forms
  • Subscribe to our newsletters or marketing communications
  • Register for events, webinars, or training sessions
  • Download resources, whitepapers, or case studies
  • Apply for employment opportunities
  • Communicate with our support team

This information may include:

  • Name and surname
  • Email address
  • Phone number
  • Company name and position
  • Business address
  • Number of users/employees
  • Areas of interest or service requirements

1.2 Information Automatically Collected

When you visit our website, we automatically collect certain information:

  • Technical Data: IP address, browser type and version, time zone setting, operating system and platform
  • Usage Data: Pages visited, time spent on pages, links clicked, referring website addresses
  • Device Data: Device type, unique device identifiers, mobile network information
  • Analytics Data: User behavior patterns, geographic location (country/city level)

1.3 Information from Third Parties

We may receive information about you from:

  • Analytics providers (e.g., Google Analytics)
  • Social media platforms (e.g., LinkedIn, Facebook)
  • Business partners and technology vendors
  • Publicly available sources

2. How We Use Your Information

We use your personal data for the following purposes:

Service Delivery

  • • Process service requests
  • • Provide quotes and proposals
  • • Deliver technical support
  • • Manage customer relationships

Communication

  • • Respond to inquiries
  • • Send service updates
  • • Provide technical notifications
  • • Share product information

Marketing (with consent)

  • • Send newsletters
  • • Share industry insights
  • • Invite to events/webinars
  • • Provide promotional offers

Business Operations

  • • Improve our services
  • • Conduct analytics
  • • Ensure security
  • • Comply with legal obligations
Legal Basis: We process your personal data based on your consent, contract performance, legal obligations, legitimate interests, or vital interests as required under PDPA and GDPR.

3. Data Sharing & Disclosure

We do not sell your personal data. We may share your information with:

3.1 Service Providers & Partners

We work with trusted third-party service providers who process data on our behalf:

  • Cloud hosting providers (for data storage and processing)
  • Email marketing platforms (for newsletter distribution)
  • Analytics services (for website performance monitoring)
  • CRM and customer support tools
  • Payment processors (for transaction processing)

3.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information when required by law, to respond to legal processes, protect our rights, prevent fraud, or ensure public safety.

4. Data Security & Protection

We implement industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.

Technical Measures

  • • SSL/TLS encryption for data transmission
  • • Encrypted data storage
  • • Regular security audits and penetration testing
  • • Firewall and intrusion detection systems

Organizational Measures

  • • Access controls and authentication
  • • Employee training on data protection
  • • Data processing agreements with vendors
  • • Regular backup and disaster recovery plans

Certifications & Compliance

ISO/IEC 27001:2022 (Information Security)
ISO/IEC 27701:2019 (Privacy Management)
PDPA Compliant

5. Your Rights Under PDPA

Under Thailand's PDPA, you have the following rights regarding your personal data:

Right to Access

Request a copy of your personal data we hold and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data when it is no longer necessary or when you withdraw consent.

Right to Data Portability

Request your data in a structured, commonly used format and transfer it to another organization.

Right to Object

Object to processing of your personal data for direct marketing or based on legitimate interests.

Right to Restrict Processing

Request limitation of processing in certain circumstances (e.g., while verifying data accuracy).

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent (without affecting lawfulness of prior processing).

Right to Lodge a Complaint

File a complaint with the Personal Data Protection Committee (PDPC) if you believe your rights have been violated.

To exercise your rights: Please contact our Data Protection Officer using the contact details provided in Section 8 below. We will respond to your request within 30 days as required by PDPA.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content.

Types of Cookies We Use:

Essential Cookies (Required)

Enable core website functionality, security, and navigation.

Analytics Cookies (Optional)

Help us understand how visitors interact with our website (e.g., Google Analytics).

Marketing Cookies (Optional)

Track visitor activity to deliver relevant advertisements and measure campaign effectiveness.

You can control cookies through your browser settings. Note that blocking certain cookies may impact website functionality.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside Thailand, including countries that may not provide the same level of data protection. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by regulatory authorities
  • Adequacy decisions by the Personal Data Protection Committee
  • Binding Corporate Rules for intra-group transfers
  • Your explicit consent where required

8. Data Retention Policy

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Customer Data

Retained for the duration of the business relationship plus 7 years for legal, tax, and accounting purposes as required by Thai law.

Marketing Data

Retained until you withdraw consent or unsubscribe from marketing communications.

Website Analytics

Typically retained for 26 months (Google Analytics default setting).

CCTV Footage

Retained for 30 days unless required for security investigations or legal proceedings.

Employee Records

Retained for 10 years after employment termination as required by Thai labor law.

Vendor/Supplier Data

Retained for the duration of the business relationship plus 7 years for audit and tax purposes.

9. Privacy Notices by Category

In addition to our general Privacy Policy, we provide specific privacy notices for different categories of data subjects to ensure transparency about how we process your personal data.

Privacy Notice for Customers

Data We Collect:

  • Contact information (name, email, phone, company details)
  • Service usage data and technical support interactions
  • Billing and payment information
  • Communications and correspondence records

Purpose of Processing:

  • Deliver and manage IT services and solutions
  • Process payments and maintain billing records
  • Provide technical support and customer service
  • Send service notifications and updates
  • Improve our products and services
  • Comply with legal and regulatory requirements

Legal Basis:

Contract performance, legitimate business interests, legal obligations, and your consent (for marketing communications).

Privacy Notice for Vendors & Suppliers

Data We Collect:

  • Business contact information (company name, representative name, email, phone)
  • Banking and payment details
  • Tax identification numbers and registration documents
  • Contract and agreement records
  • Performance evaluation and compliance records

Purpose of Processing:

  • Manage vendor relationships and procurement processes
  • Process payments and maintain financial records
  • Ensure contract compliance and quality standards
  • Conduct due diligence and vendor assessments
  • Comply with tax, accounting, and legal requirements

Legal Basis:

Contract performance, legitimate business interests, and legal obligations under Thai commercial and tax law.

Privacy Notice for Employees

Data We Collect:

  • Personal identification (name, ID number, date of birth)
  • Contact information and emergency contacts
  • Employment history, qualifications, and certifications
  • Payroll and tax information
  • Performance evaluations and training records
  • Health and benefits information (when applicable)
  • Time and attendance records, including CCTV footage

Purpose of Processing:

  • Manage employment relationship and HR administration
  • Process payroll, benefits, and tax obligations
  • Ensure workplace safety and security
  • Provide training and professional development
  • Conduct performance management and evaluations
  • Comply with labor laws and social security requirements

Legal Basis:

Employment contract, legal obligations under Thai Labor Protection Act, Social Security Act, and legitimate interests in workplace management.

For detailed employee privacy information, please refer to your Employee Handbook or contact HR at hr@servertoday.com

10. CCTV and Video Surveillance Policy

ServerToday operates Closed-Circuit Television (CCTV) systems at our facilities to ensure the safety and security of our employees, visitors, and property.

Notice: By entering our premises, you acknowledge that CCTV recording is in operation. Prominent signage is displayed at all entry points.

Purpose of CCTV Surveillance:

  • Prevention and detection of crime
  • Protection of employees, visitors, and assets
  • Monitoring of health and safety compliance
  • Investigation of incidents and accidents
  • Evidence for legal proceedings when necessary

CCTV Coverage Areas:

  • Building entrances and exits
  • Reception and common areas
  • Parking facilities
  • Server rooms and data centers
  • Perimeter and outdoor areas

Note: CCTV cameras are NOT installed in private areas such as restrooms, changing rooms, or prayer rooms.

Data Protection Measures:

Retention Period

Footage retained for 30 days maximum

Access Control

Limited to authorized security personnel only

Storage Security

Encrypted storage with backup systems

Audit Trails

All access and viewing logged

Your Rights Regarding CCTV:

  • Request access to footage containing your image (subject to verification)
  • Request information about CCTV coverage at our facilities
  • Lodge complaints about CCTV usage with our Data Protection Officer

11. Data Subject Rights Request

To exercise your rights under the PDPA, please submit a Data Subject Rights Request using one of the methods below. We will respond within 30 days as required by law.

How to Submit a Request:

1

Email Request

Send your request to support@servertoday.com with the subject line "Data Subject Rights Request"

2

Written Request

Mail your request to: Data Protection Officer, ServerToday (Thailand) Co., Ltd., 111/128 Moo 2, Ratchaphruek Rd., Bangraknoi, Mueang, Nonthaburi 11000, Thailand

3

In-Person Request

Visit our office during business hours (Monday-Friday, 8:30-17:00) and submit your request to our Data Protection Officer

Required Information for Your Request:

  • Full Name: Your complete name as registered with us
  • Contact Information: Email address and phone number
  • Type of Request: Specify which right you wish to exercise (access, correction, erasure, etc.)
  • Details: Provide specific details about your request
  • Proof of Identity: Copy of your ID card or passport to verify your identity

Processing Timeline

We will acknowledge receipt of your request within 3 business days and provide a substantive response within 30 days as required by PDPA. If we need additional time, we will notify you and explain the reason for the delay.

12. Contact Us & Data Protection Officer

If you have questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer:

Data Protection Officer

ServerToday (Thailand) Co., Ltd.

111/128 Moo 2, Ratchaphruek Rd., Bangraknoi, Mueang, Nonthaburi 11000, Thailand

support@servertoday.com
02-026-3112

Quick Actions

Submit a Privacy RequestView Security PolicyThailand PDPC Website

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website with a revised "Last Updated" date
  • Sending email notifications for significant changes (where we have your contact information)
  • Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

This Privacy Policy was last updated on January 8, 2026

For any questions or concerns, please contact us at support@servertoday.com