Privacy Notice for Customers/Parties
Last updated: June 2, 2026
Rakcom Co., Ltd. and its external service providers under data processing contracts (collectively referred to as “we”) acknowledge our privacy rights and responsibilities regarding the collection, use, and disclosure (“processing”) of your personal data as a customer or contract partner of the company. Therefore, the company has prepared this Privacy Notice to inform you of the details of the processing of your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019).
Definition
- “Personal data” means information about an individual that makes it possible to identify that individual, directly or indirectly, but does not include information about deceased persons.
- “Sensitive personal data” means data as defined in Section 26 of the Personal Data Protection Act, such as race, ethnicity, political opinions, religion or philosophy, sexual behavior, criminal history, health information, disability, trade union information, genetic information, biometric information, or any other information that similarly affects the data subject.
- “Personal Data Protection Act” refers to the Personal Data Protection Act B.E. 2562 (2019), including related subordinate legislation and amendments thereto.
- “The Committee” refers to the Personal Data Protection Committee.
Personal information that we collect.
The personal information we may collect includes:
- Name, address, phone number, email, copy of ID card.
- Company registration certificate and power of attorney.
- Bank account number and payment information.
- Technical service information such as IP addresses, login details (user accounts), computer traffic data (logs), domain names, and service settings are necessary for providing cloud/hosting services and maintaining security.
- Any other information that the company requests from you or your legal entity for the purpose of entering into a contract, providing services, or conducting other related operations.
In the event that you provide us with the personal information of another person, you certify that you have notified this notice and obtained the consent of that person to disclose the information to us.
How do we collect your data?
Generally, we collect personal information from you directly, except in certain cases where it may be collected from individuals who recommend you, from public sources, from business sources, or from commercial sources.
Purpose and legal basis for processing.
| Sequence | Objectives | Legal Basis |
|---|---|---|
| 1 | To enter into a contract with you and to fulfill the rights and obligations under that contract. | Contract basis |
| 2 | To verify and confirm your identity. | Contract basis |
| 3 | This information is used to support the contract process and may be reviewed for details during the contract period. | Contract basis |
| 4 | For accounting purposes and disbursement procedures. | Contractual basis / Legal obligation basis |
| 5 | To comply with the laws, announcements, regulations, and orders of relevant government agencies, such as the Personal Data Protection Commission. | Contractual basis / Legal obligation basis |
| 6 | To establish, use, dispute, or take action against the company’s claims. | Contractual basis / Basis of legitimate interest |
| 7 | To maintain contact and conduct business throughout the duration of our relationship. | Contract basis |
| 8 | For use in applying for and changing service ownership identification. | Contract basis |
| 9 | To apply for other services from companies that partner with Rakcom Co., Ltd. | Contract basis |
| 10 | To promote and develop internal processes for service users. | Consent basis / Contract basis |
| 11 | To provide cloud, hosting, domain, and related services, including installation, maintenance, and troubleshooting. | Contract basis |
| 12 | To maintain the security of systems and data, such as monitoring and preventing cyber threats and storing computer traffic logs as required by law. | Based on legal duty / Based on legitimate interest. |
| 13 | To analyze and improve service quality, artificial intelligence (AI) technology may be used to analyze usage or support services, such as automated question answering systems. However, the company will not rely solely on automated decision-making that significantly impacts you without human oversight. | Basis of consent / Basis of legitimate interest |
Individuals who may receive your personal information.
We may disclose and/or transfer your personal information to the following individuals, who may be located in or outside of Thailand.
- The data processor under the company’s data processing agreement.
- Internal or external consultants or experts, such as legal advisors and auditors.
- Service providers or their agents (including sub-service providers), such as payment services, technology services, cloud services and data center providers, both domestic and international, data analytics services, marketing services, and other services related to the company’s business operations.
- Law enforcement agencies, government agencies, regulatory agencies, or dispute resolution bodies, acting in accordance with duties prescribed by law or related agreements.
- Persons who enter into or intend to enter into transactions with the company, such as in the case of a sale or offer to buy or sell the company (if any).
- Another person to whom you have given your express consent.
Note: For personal data of third parties (such as your own customers or users) that you store or process on the company’s services, the company acts as a “data processor,” with rights and obligations detailed in the PDPA Notice and the company’s Data Processing Agreement (DPA).
Transferring personal data to foreign countries.
Your personal data may be stored or processed at data centers both in Thailand and abroad (e.g., Singapore), depending on the region of the service you have selected, or may be sent to individuals/organizations as detailed above. Any international data transfer will be subject to the data protection conditions stipulated in the Personal Data Protection Act.
Personal data retention.
We will retain your personal data for as long as necessary to achieve the purposes stated above, but not exceeding 15 years from the date you terminate your relationship or last contact with us, unless permitted by law to retain it longer. Upon expiration, we will delete, destroy, or anonymize the data.
Your rights regarding personal data.
You have the right to have the following actions taken regarding your personal data:
- Withdraw or request a change to the scope of consent you have given us.
- I would like to check if we hold your personal data, request access to or obtain a copy of your data, and ask how we process your data.
- Please correct your personal information.
- In some cases, we may request the deletion or destruction of your personal data.
- Please limit the processing of your personal data in certain cases.
- In some cases, we may request the transfer of your personal data.
- We kindly request that you temporarily suspend the processing of your personal data in certain cases.
We will process your request within 30 days of receiving the complete request and supporting documents. However, we reserve the right to withhold the request to the extent permitted by law and may charge reasonable fees. Furthermore, you have the right to appeal to the expert committee according to the procedures under the Personal Data Protection Act.
This amendment to the policy.
The company reserves the right to amend, supplement, change, or revise this policy to the extent permitted by law. If a significant change occurs, the company will notify you and/or obtain your consent (if required by law).
Contact channels
If you have any questions about this policy or wish to exercise your rights regarding your personal data, please contact us at:
Personal Data Protection Section, Rakcom Co., Ltd.
Vanich Place Ari Building (Building A), Unit 2703, 27th Floor.
304 Phahonyothin Road, Samsen Nai Subdistrict, Phaya Thai District, Bangkok 10400
Email: [email protected]
