Ruk-Com Co., Ltd. is the provider of the websites https://ruk-com.co.th/, https://hostings.ruk-com.in.th/, https://help.ruk-com.in.th/, https://ruk-com.cloud/, https://docs.ruk-com.cloud/, https://portal.ruk-com.cloud, https://app.manage.ruk-com.cloud/ (hereinafter referred to as ‘the Company’s websites’), as well as other social media channels of the Company. We would like to inform you that the Company respects the privacy of users and is fully aware of the importance of each user’s personal data. Therefore, we would like to clarify how we collect, use, and disclose your personal information.

Therefore, the Company has established this Personal Data Protection Policy to provide details and explanations on how we collect, use, and/or disclose personal information, data protection, data access, data transfer, and data processing of your personal data, as outlined below.

Personal data in this context refers to various types of information obtained through the registration process on the Company’s website, cookies, transaction data, and user experience data.

This Privacy Policy is governed by the Personal Data Protection Act B.E. 2562 (2019). The Company has the authority to decide on the collection, use, or disclosure of personal information, as referred to legally as the ‘Data Controller.’ The Company designates specific employees to carry out tasks related to the collection, use, or disclosure of personal information pursuant to the instructions or on behalf of the Company, referred to legally as the ‘Data Processor.’ You, as the individual, are considered the ‘Data Subject’ under this law.

Here are the types of personal data that the Company collects, uses, and/or discloses:

We will collect personal data that can directly or indirectly identify you, including information provided directly through registration on the Company’s website, cookies, transaction data, and user experience data, as well as from individuals appointed or other channels, such as

Personal data that can identify individuals, such as name, surname, taxpayer identification number, and a copy of the national ID card (front only), will be collected, used, and/or disclosed only when necessary. For example, this data may be used as supporting documents for domain registration of .th domains, identity verification for customers using email, external supplementary services, or as part of the documentation process for job applications.

  • Contact information such as residential address, phone number, and email address
  • Information related to work, such as company name, company address, and company tax identification number
  • Transaction-related information, such as payment methods, payment receipts, purchase orders, and transactions related to the use of the Company’s products and/or services
  • Device or tool-related information, such as
    • IP address, MAC address, and cookie IDs
    • Information related to computer traffic, user search behavior, website usage, and the use of the Company’s products and/or services, such as
      • IP Address
      • The type and language of the web browser used to access the website
      • The location (country) used to access the website
      • OS
      • Internet Provider
      • web pages visited
      • Date/time of visit
      • Websites that reference or link to the Company’s website
      • Other information, such as audio, still images, motion pictures, and any other data considered personal information under applicable data protection laws
Purposes of data collection, usage, and/or disclosure

The company will collect and may process your personal data for your benefit in using the products and/or services, as well as to comply with any applicable laws, and for other purposes as specified in this policy.

  1. To enable you to use the company’s products and/or services according to your desires, as you are in a contractual relationship with the company, or to use them in accordance with your requests before using the company’s products and/or services.
  2. For the purpose of correcting and improving the website’s performance, marketing planning, data analysis, service evaluation, as well as product and service development and improvement by the company.
  3. To comply with relevant laws and regulations, such as carrying out orders from authorities or complying with laws that the company and/or you are required to abide by.
  4. To carry out necessary operations for the legitimate interests of the company within the bounds of what you can reasonably anticipate, such as
    1. Recording of Call Center audio
    2. Maintaining a positive customer relationship is essential for providing quality service and ensuring customer satisfaction. We may collect, use, and disclose personal data to manage complaints, evaluate customer satisfaction, and communicate with customers regarding our products and services.
    3. Making personal data anonymous means turning it into data that cannot identify an individual (Anonymous Data)
    4. Preventing, managing, and reducing the risks of fraudulent activities, cyber threats, and legal violations.
    5. The collection, use, and/or disclosure of personal information of directors, authorized representatives, and agents of corporate clients.
    6. Contact, video recording, and audio recording related to meetings, training sessions, recreational activities, or booth setups.
    7. The collection, use, and/or disclosure of personal information of individuals whose assets have been placed under court-ordered receivership.
    8. Parcel receiving and delivery
  5. In order for you to benefit from the use of the product and/or service, as you have consented to, such as:
    1. To provide you with better products and/or services that better meet your needs.
    2. To receive exclusive offers, benefits, advice, and news, as well as the opportunity to participate in special events.
  6. To be used in processing and conducting marketing activities to enhance the effectiveness of presenting offers, special benefits, product and/or service information, advice, and company news to target groups with similar interests and/or behaviors.
  7. For other purposes as disclosed when collecting your personal data, or for other purposes related to any of the above.

*The company will not use or disclose your personal information except as necessary for the purposes stated above, or to persons within the company or related parties under contract, or in accordance with laws, government agencies, regulatory bodies, or with your consent.

The company may disclose your personal information to certain individuals.

The company may disclose your personal information to others with your consent or under the guidelines permitted by law. The recipient of such information will collect, use, and/or disclose your personal information to the extent of your consent or the scope specified in this policy, such as:

  1. Authorized employees of the company and/or external parties with whom the company has contracts or relationships.
  2. Individuals authorized to represent the company in offering the company’s products and/or services, including their contracted agents.
  3. Other individuals, including their agents and contractors, who carry out activities related to the company’s products and/or services, marketing activities, disseminating company information, and improving the quality of the company’s products and/or services, such as receiving payments, preparing documentation, technology systems, document delivery, and research, etc.
  4. Any government agency, regulatory body, or individual to whom the company is required to disclose information under laws, regulations, or orders relating to the company, or under agreements the company has with that government agency or other person.
Does the company send or transfer your personal data to other countries?

The company may need to send or transfer your personal data to affiliated companies/businesses located abroad or to other data recipients as part of its normal business operations, such as sending or transferring personal data to be stored on servers/clouds in various countries. If the destination country’s standards are insufficient, the company will ensure that the sending or transfer of personal data complies with the required laws and will implement necessary and appropriate data protection measures that meet confidentiality standards, such as having confidentiality agreements with the data recipient in that country.

Websites and services of third-party groups.

The company may provide links to other websites and services for your convenience and information, such as payment methods through external service providers. These services and websites may operate independently from the company and may have their own privacy policies and notices, which the company strongly recommends you review before using those services or engaging in any activities on those websites. To the extent that the company does not own or control the linked websites that you visit, the company is not responsible for the content, privacy practices, and quality of those services.

How long does the company retain your personal data?

The company will retain your personal data for the period necessary while you are a customer or have a relationship with the company, or for the period necessary to achieve the purposes related to this policy. Further retention may be required or permitted by law, such as retaining data in accordance with the provisions of the Computer Crime Act B.E. 2550 (2007). The company will delete, destroy, or anonymize your personal data when it is no longer needed or when the retention period expires.

Protecting personal data.

The company will safeguard your personal data to the best of its ability, using both technical and administrative measures to ensure the security of personal data processing and to prevent data breaches. The company has established policies, regulations, and guidelines for the protection of personal data, such as:

  1. Restricting access to personal data both offline and online.
  2. We maintain data security in accordance with current information technology security standards. Examples of measures and technologies used by the company include:
    1. A firewall is a software system that allows only authorized users from the company to access data.
    2. Virus Scanning: The company has installed virus scanning software specifically on its server.
    3. Secured Socket Layer (SSL) is an encryption technology for data access, designed to prevent data interception while it’s being transmitted over the internet. This technology makes it impossible for those attempting to intercept the data to understand its meaning.
    4. Data encryption is used for highly sensitive information, such as passwords. The company has implemented strict security measures. Before data is entered into the company’s computer database, it is encrypted using a complex algorithm, making it impossible for anyone to access this sensitive information, not even company employees.
    5. Auto Log off: The system will automatically log off after a reasonable time for service use. This is for your own security.
  3. Measures have been put in place to prevent recipients of company information from using or disclosing the information outside of its intended purpose, or without authority or in an unlawful manner.
  4. These policies, regulations, and guidelines shall be updated periodically as needed and appropriate.

Furthermore, executives, employees, contractors, agents, consultants, and recipients of information from the company are obligated to maintain the confidentiality of personal data in accordance with the confidentiality measures established by the company.

Rights of data subjects

Your rights under this matter are legal rights that you should be aware of. You can exercise these rights under the provisions of the law and policies currently in effect or subject to future amendments, as well as the guidelines established by the company. If you are under 20 years of age or have legal limitations on your ability to enter into transactions, you can exercise your rights through your parents, legal guardian, or authorized representative who notifies your intention.

  1. Right to access data: You have the right to request access to your personal data held by the company, to request a copy of such data, and to request disclosure of how the company obtained your personal data.
  2. Right to request correction of information: You have the right to request corrections to your personal information to ensure it is accurate, up-to-date, complete, and does not cause misunderstandings.
  3. Right to Withdraw Consent: If you have given consent for the company to collect, use, and/or disclose your personal data (whether your consent was given before or after the Personal Data Protection Act), you have the right to withdraw your consent at any time for the duration your personal data is held by the company, unless such right is limited by law or there is a contract that benefits you. Withdrawing your consent may affect your use of products and/or services, such as you will not receive new benefits, promotions, or offers; you may not receive better products or services that meet your needs; or you may not receive useful information. For your benefit, you should review and inquire about the consequences before withdrawing your consent.
  4. Right to Data Portability: You have the right to request the transfer of your personal data if the company has made it available in a format that can be read or used by automated tools or devices, and if it can be used or disclosed automatically. You also have the right to request the company to send or transfer your personal data in such a format to another data controller when this is possible automatically, and you have the right to receive the personal data that the company has sent or transferred in such format directly to another data controller, unless this is impossible due to technical reasons. This applies only to personal data that you have consented to the company collecting, using, and/or disclosing, or personal data that the company needs to collect, use, and/or disclose to enable you to use the company’s products and/or services as intended under your existing contract, or to fulfill your request prior to using the company’s products and/or services, or other personal data as prescribed by law.
  5. Right to Object: You have the right to object to the collection, use, and/or disclosure of your personal data at any time if the collection, use, and/or disclosure of your personal data is for necessary operations in the legitimate interests of the company or other individuals or entities, and does not exceed the scope that you can reasonably expect, or to carry out tasks for the public interest. If you object, the company will continue to collect, use, and/or disclose your personal data only where the company can legally demonstrate that such actions outweigh your fundamental rights, or are necessary to affirm legal rights, comply with the law, or defend against legal proceedings, as each case may be. Furthermore, you also have the right to object to the collection, use, and/or disclosure of your personal data for marketing purposes or for scientific, historical, or statistical research purposes.
  6. Right to request deletion or destruction of data: You have the right to request the deletion or destruction of your personal data, or to anonymize your personal data, if you believe that your personal data has been collected, used, and/or disclosed unlawfully under applicable laws, or if you believe that the company no longer needs to retain it for the purposes outlined in this policy, or when you have exercised your right to withdraw consent or your right to object as stated above.
  7. Right to request suspension of data usage: You have the right to request a temporary suspension of the use of your personal data in cases where the company is investigating your request for correction of personal data or your objection, or in any other case where the company no longer needs and must delete or destroy your personal data in accordance with applicable law, but you request the company to suspend its use instead.
  8. Right to request suspension of data use: You have the right to request a temporary suspension of the use of your personal data in cases where the company is investigating your request for correction of personal data or your objection, or in any other case where the company no longer needs and must delete or destroy your personal data in accordance with applicable law, but you request the company to suspend its use instead. Right to complain: You have the right to complain to the relevant legal authority if you believe that the collection, use, and/or disclosure of your personal data is in violation of or non-compliance with applicable law. The exercise of your rights mentioned above may be restricted under applicable law, and there may be cases where the company may refuse or be unable to comply with your request for the exercise of these rights, such as compliance with laws or court orders, public interest, or because the exercise of these rights may infringe upon the rights or freedoms of others. If the company refuses the above request, it will inform you of the reasons for the refusal.
You can request to exercise your rights through the following channels:
rights Channels for requesting to exercise one’s rights. Processing time*
Right to withdraw consent. Email 7 days
Right to request access to information. Email 30 days
Right to request data transfer. Email 30 days
Right to object Email 30 days
The right to request the deletion or destruction of data. Email 30 days
Right to request suspension of data usage. Email 30 days
Right to request correction of information. website immediately
Cookies

Websites, applications, email messages, and various advertisements used by companies utilize “cookies” and similar technologies, such as Google Analytics, to help users have a smooth experience on the website and to allow the company to better understand user behavior. For example, they help remember your usage settings or tell the company which parts of the website users visit. In addition, cookies facilitate and help measure the effectiveness of advertisements and on-site search engines. Cookies are small text files containing data that are stored on your device when you visit the platform. The cookie is sent back to its origin each time you visit, or to other websites that recognize those cookies. Cookies automatically collect certain information and store it in log files, as is the case with most internet services. Examples of information that may be stored include:

  • Certain settings and properties are listed on the company’s website.
  • IP address
  • The type and language of the browser used for access.
  • Operating system
  • Internet service provider
  • Visited web pages
  • Date/Time of Visit
  • The website refers to the company’s website.

The company uses this data to understand and analyze trends, manage and maintain sites, learn about website user behavior, improve its products and services, and collect demographic statistics about its overall user base. The company may also use this data in its marketing and advertising services.

Types of cookies that we may use.
Types of cookies details status
necessary These cookies are essential to providing you with services through the company’s website or platform, such as to store your Session ID when logging in or for security purposes. necessary
Improve performance These cookies are used to improve the performance and functionality of a website or platform, but are not essential for its operation, such as remembering usernames. However, without these cookies, some functions may not work. Configurable
Analyze data. These cookies collect user behavior data to help the company understand how our website or platform is being used and how effective our marketing campaigns are. This allows the company to improve and develop the website, platform, products, and/or services to better suit your needs and preferences. Configurable
Here’s an example of the details of the cookies we use.
Cookie Name Description Duration Type
WHMCSInstanceID This is the most common cookie that most PHP-based websites will use. This stores the unique session ID for each visitor and enables variables to pass between page loads. The cookie only contains a reference to a session on the web server. The user’s browser won’t store any personal information. This is a session-only cookie, so it expires as soon as you close the browser. it expires as soon as you close the browser. necessary
WHMCSAffiliateID WHMCS sets this cookie when an affiliate refers to a customer to you. It stores the ID of the affiliate that made the referral so that if the customer places an order within the next 90 days following the referral, the affiliate receives credit for it. It is a persistent cookie. 1 day necessary
WHMCSUser WHMCS uses this cookie for the remember me functionality of the client area. The system only sets it if a client chose to have the system remember their details, ensuring that they don’t need to log in multiple times. It is persistent and lasts for 365 days, or until logout. for 365 days, or until logout. necessary
RUKCOMCOOKIES null 30 days necessary
_ga This cookie is installed by Google Analytics. The cookie is used to calculate visitors, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. 2 years Analyze data.
_gid This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. 1 day Analyze data.
_gat This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. 1 minute Improve performance
__cfduid The __cfduid cookie helps Cloudflare detect malicious visitors to our Customers’ websites and minimizes blocking legitimate users. It may be placed on the devices of our customers’ End Users to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare’s security features. 30 days necessary

The cookie information we use is provided by the automated system of our cookie management provider. You can view a list of all cookies used on this website yourself through your browser.

Configure or disable cookies.

You have the right to set your cookie consent settings at any time on the company’s website or through your browser. You may configure your browser to refuse the collection of cookies; instructions on how to do this can be found on the browser developer’s website.

However, some services on the company’s website require the use of cookies. Disabling cookies may cause some or all of the functions of these services to not work smoothly. The company apologizes for any inconvenience this may cause.

Updating the Personal Data Protection Policy.

The company reserves the right to amend all or part of this Privacy Policy to ensure its content is appropriate and complies with any new Acts and/or subordinate legislation, regulations, and announcements from government agencies. If any changes are made to this policy, the company will publish them on its website as soon as possible to ensure they are up-to-date and consistent with the new guidelines.

Contact the company and its data protection officer.

If you have any suggestions or require further information regarding the collection, use, and/or disclosure of your personal data, including exercising your rights under this policy, you can contact the Data Protection Officer through the following channels: Data Protection Department, Ruk-Com Co., Ltd., 42/141 Soi Lieng Muang Nonthaburi 10, Bang Krasor Subdistrict, Muang Nonthaburi District, Nonthaburi 11000, Thailand. Email: [email protected]