Ruk-Com Co., Ltd., the provider of the websites https://ruk-com.co.th/, https://hostings.ruk-com.in.th/, https://help.ruk-com.in.th/, https://ruk-com.cloud/, https://docs.ruk-com.cloud/, https://portal.ruk-com.cloud, and https://app.manage.ruk-com.cloud/ (hereinafter referred to as “the Company’s Websites”), as well as other social media channels, would like to inform you that the Company respects the privacy of its users and recognizes the importance of each user’s personal information. Therefore, the Company wishes to clarify its collection, use, and disclosure of your personal information.

Therefore, the company has established this Personal Data Protection Policy to clarify the details and methods of collecting, using, and/or disclosing, protecting, accessing, transferring, and analyzing your personal data as follows:

Personal data herein refers to information gathered during registration on the company’s website, cookies, transaction data, and user experience.

This Privacy Policy is governed by the Personal Data Protection Act B.E. 2562 (2019). The company has the authority to decide on the collection, use, or disclosure of personal data, and is legally referred to as the ‘Data Controller’. Employees specifically assigned by the company are responsible for collecting, using, or disclosing personal data on behalf of or as directed by the company, and are legally referred to as ‘Data Processors’. You are considered the ‘Data Subject’ under this Act.

Here are the types of personal data that the Company collects, uses, and/or discloses:

We will collect personal data that can directly or indirectly identify you, including information provided directly through registration on the Company’s website, cookies, transaction data, and user experience data, as well as from individuals appointed or other channels, such as

Personal data that can identify individuals, such as name, surname, taxpayer identification number, and a copy of the national ID card (front only), will be collected, used, and/or disclosed only when necessary. For example, this data may be used as supporting documents for domain registration of .th domains, identity verification for customers using email, external supplementary services, or as part of the documentation process for job applications.

  • Contact information such as residential address, phone number, and email address
  • Information related to work, such as company name, company address, and company tax identification number
  • Transaction-related information, such as payment methods, payment receipts, purchase orders, and transactions related to the use of the Company’s products and/or services
  • Device or tool-related information, such as
    • IP address, MAC address, and cookie IDs
    • Information related to computer traffic, user search behavior, website usage, and the use of the Company’s products and/or services, such as
      • IP Address
      • The type and language of the web browser used to access the website
      • The location (country) used to access the website
      • OS
      • Internet Provider
      • web pages visited
      • Date/time of visit
      • Websites that reference or link to the Company’s website
      • Other information, such as audio, still images, motion pictures, and any other data considered personal information under applicable data protection laws
Purposes of data collection, usage, and/or disclosure

The company will collect and may process your personal data for your benefit in using the products and/or services, as well as to comply with any applicable laws, and for other purposes as specified in this policy.

  1. To enable you to use the company’s products and/or services according to your desires, as you are in a contractual relationship with the company, or to use them in accordance with your requests before using the company’s products and/or services.
  2. For the purpose of correcting and improving the website’s performance, marketing planning, data analysis, service evaluation, as well as product and service development and improvement by the company.
  3. To comply with relevant laws and regulations, such as carrying out orders from authorities or complying with laws that the company and/or you are required to abide by.
  4. To carry out necessary operations for the legitimate interests of the company within the bounds of what you can reasonably anticipate, such as
    1. Recording of Call Center audio
    2. Maintaining a positive customer relationship is essential for providing quality service and ensuring customer satisfaction. We may collect, use, and disclose personal data to manage complaints, evaluate customer satisfaction, and communicate with customers regarding our products and services.
    3. Making personal data anonymous means turning it into data that cannot identify an individual (Anonymous Data)
    4. Preventing, managing, and reducing the risks of fraudulent activities, cyber threats, and legal violations.
    5. The collection, use, and/or disclosure of personal information of directors, authorized representatives, and agents of corporate clients.
    6. Contact, video recording, and audio recording related to meetings, training sessions, recreational activities, or booth setups.
    7. The collection, use, and/or disclosure of personal information of individuals whose assets have been placed under court-ordered receivership.
    8. Parcel receiving and delivery
  5. In order for you to benefit from the use of the product and/or service, as you have consented to, such as:
    1. To provide you with better products and/or services that better meet your needs.
    2. To receive exclusive offers, benefits, advice, and news, as well as the opportunity to participate in special events.
  6. To be used in processing and conducting marketing activities to enhance the effectiveness of presenting offers, special benefits, product and/or service information, advice, and company news to target groups with similar interests and/or behaviors.
  7. For other purposes as disclosed when collecting your personal data, or for other purposes related to any of the above.

*The company will not use or disclose your personal information except as necessary for the purposes stated above, or to persons within the company or related parties under contract, or in accordance with laws, government agencies, regulatory bodies, or with your consent.

The company may disclose your personal information to certain individuals.

The company may disclose your personal information to others with your consent or under the guidelines permitted by law. The recipient of such information will collect, use, and/or disclose your personal information to the extent of your consent or the scope specified in this policy, such as:

  1. Authorized employees of the company and/or external parties with whom the company has contracts or relationships.
  2. Individuals authorized to represent the company in offering the company’s products and/or services, including their contracted agents.
  3. Other individuals, including their agents and contractors, who carry out activities related to the company’s products and/or services, marketing activities, disseminating company information, and improving the quality of the company’s products and/or services, such as receiving payments, preparing documentation, technology systems, document delivery, and research, etc.
  4. Any government agency, regulatory body, or individual to whom the company is required to disclose information under laws, regulations, or orders relating to the company, or under agreements the company has with that government agency or other person.
Does the company send or transfer your personal data to other countries?

The company may need to send or transfer your personal data to affiliated companies/businesses located abroad, or to other data recipients as part of its normal business operations, such as sending or transferring personal data to be stored on servers/clouds in different countries.

In cases where the destination country has insufficient standards, the company will ensure that the transmission or transfer of personal data complies with the required laws and will implement necessary and appropriate data protection measures that meet confidentiality standards, such as having confidentiality agreements with the data recipient in that country.

Websites and services of third-party groups.

The company may provide links to other websites and services for your convenience and information, such as payment methods through external service providers. These services and websites may operate independently from the company and may have their own privacy policies and notices, which the company strongly recommends you review before using those services or engaging in any activities on those websites. To the extent that the company does not own or control the linked websites that you visit, the company is not responsible for the content, privacy practices, and quality of those services.

How long does the company retain your personal data?

The company will retain your personal data for the period necessary while you are a customer or have a relationship with the company, or for the period necessary to achieve the purposes related to this policy. Further retention may be required if permitted by law, such as retaining data in accordance with the provisions of the Computer Crime Act B.E. 2550 (2007).

The company will delete or destroy your personal data, or anonymize it, when it is no longer needed or after the specified period has expired.

Protecting personal data.

The company will safeguard your personal data to the best of its ability, using both technical and administrative measures to ensure the security of personal data processing and to prevent data breaches. The company has established policies, regulations, and guidelines for the protection of personal data, such as:

  1. Restricting access to personal data both offline and online.
  2. We maintain data security in accordance with current information technology security standards. Examples of measures and technologies used by the company include:
    1. A firewall is a software system that allows only authorized users from the company to access data.
    2. Virus Scanning: The company has installed virus scanning software specifically on its server.
    3. Secured Socket Layer (SSL) is an encryption technology for data access, designed to prevent data interception while it’s being transmitted over the internet. This technology makes it impossible for those attempting to intercept the data to understand its meaning.
    4. Data encryption is used for highly sensitive information, such as passwords. The company has implemented strict security measures. Before data is entered into the company’s computer database, it is encrypted using a complex algorithm, making it impossible for anyone to access this sensitive information, not even company employees.
    5. Auto Log off: The system will automatically log off after a reasonable time for service use. This is for your own security.
  3. Measures have been put in place to prevent recipients of company information from using or disclosing the information outside of its intended purpose, or without authority or in an unlawful manner.
  4. These policies, regulations, and guidelines shall be updated periodically as needed and appropriate.

Furthermore, executives, employees, contractors, agents, consultants, and recipients of information from the company are obligated to maintain the confidentiality of personal data in accordance with the confidentiality measures established by the company.

Rights of data subjects

Your rights under this matter are legal rights that you should be aware of. You can exercise these rights under the provisions of the law and policies currently in effect or subject to future amendments, as well as the guidelines established by the company. If you are under 20 years of age or have legal limitations on your ability to enter into transactions, you can exercise your rights through your parents, legal guardian, or authorized representative who notifies your intention.

  1. Right to access data: You have the right to request access to your personal data held by the company, to request a copy of such data, and to request disclosure of how the company obtained your personal data.
  2. Right to request correction of information: You have the right to request corrections to your personal information to ensure it is accurate, up-to-date, complete, and does not cause misunderstandings.
  3. Right to withdraw consent: If you have given consent for the company to collect, use, and/or disclose your personal data (whether that consent was given before or after the Personal Data Protection Act came into effect), you have the right to withdraw your consent at any time for the duration your personal data is held by the company, unless such right is limited by law or there is a contract that benefits you.
    Withdrawing your consent may affect your use of products and/or services. For example, you may miss out on new benefits, promotions, or offers; you may not receive better products or services that meet your needs; or you may not receive useful information. For your benefit, you should review and inquire about the potential consequences before withdrawing your consent.
  4. Right to Data Portability: You have the right to request the transfer of your personal data if the company has made it available in a format that can be read or used by automated tools or devices, and if the personal data can be used or disclosed automatically. You also have the right to request the company to send or transfer your personal data in such a format to another data controller when this is possible automatically, and you have the right to receive the personal data that the company has sent or transferred in such a format directly to another data controller, unless this is impossible due to technical reasons.
    However, the aforementioned personal information must be information that you have consented to the company collecting, using, and/or disclosing, or information that the company needs to collect, use, and/or disclose in order for you to use the company’s products and/or services as intended, under a contract with the company, or to process your request prior to using the company’s products and/or services, or other personal information as required by the legal authority.
  5. Right to Object: You have the right to object to the collection, use, and/or disclosure of your personal data at any time if the collection, use, and/or disclosure of your personal data is done for necessary operations in the legitimate interests of the company or other individuals or entities, and does not exceed the scope that you can reasonably expect, or to carry out tasks for the public interest. If you object, the company will continue to collect, use, and/or disclose your personal data only where the company can legally demonstrate that such actions outweigh your fundamental rights, or are necessary to affirm legal rights, comply with the law, or defend against legal proceedings, as each case may be.
    In addition, you have the right to object to the collection, use, and/or disclosure of your personal data for marketing purposes or for scientific, historical, or statistical research purposes.
  6. Right to request deletion or destruction of data: You have the right to request the deletion or destruction of your personal data, or to anonymize your personal data, if you believe that your personal data has been collected, used, and/or disclosed unlawfully under applicable laws, or if you believe that the company no longer needs to retain it for the purposes outlined in this policy, or when you have exercised your right to withdraw consent or your right to object as stated above.
  7. Right to request suspension of data usage: You have the right to request a temporary suspension of the use of your personal data in cases where the company is investigating your request for correction of personal data or your objection, or in any other case where the company no longer needs and must delete or destroy your personal data in accordance with applicable law, but you request the company to suspend its use instead.
  8. Right to request suspension of data usage: You have the right to request a temporary suspension of the use of your personal data in cases where the company is investigating your request for correction of personal data or your objection, or in any other case where the company no longer needs and must delete or destroy your personal data in accordance with applicable law, but you request the company to suspend its use instead.
    Right to Complaint: You have the right to file a complaint with the relevant legal authority if you believe that the collection, use, and/or disclosure of your personal data is in violation of or non-compliance with applicable laws. The exercise of your above-mentioned rights may be restricted under applicable laws, and there may be cases where the company may refuse or be unable to process your request to exercise these rights, such as compliance with laws or court orders, public interest, or because the exercise of these rights may infringe upon the rights or freedoms of others. If the company refuses your request, it will inform you of the reasons for the refusal.
You can request to exercise your rights through the following channels:
rights Channels for requesting to exercise one’s rights. Processing time*
Right to withdraw consent. Email 7 days
Right to request access to information. Email 30 days
Right to request data transfer. Email 30 days
Right to object Email 30 days
The right to request the deletion or destruction of data. Email 30 days
Right to request suspension of data usage. Email 30 days
Right to request correction of information. website immediately
Cookies

The company’s websites, applications, email messages, and advertisements use “cookies” and similar technologies, such as Google Analytics, to help users have a smooth experience on the website and to give the company a better understanding of user behavior. For example, they help remember user settings or tell the company which parts of the website users visit. In addition, cookies facilitate and help measure the effectiveness of advertisements and on-site search engines.
Cookies are small text files containing information that are stored on your device when you visit the platform. Each time you visit, the cookie is sent back to its origin or to other websites that recognize those cookies.
Cookies automatically collect certain information and store it in log files, as is the case with most internet services. Examples of information that may be stored include:

  • Certain settings and properties are listed on the company’s website.
  • IP Address
  • The type and language of the web browser used to access the website
  • OS
  • Internet Provider
  • web pages visited
  • Date/time of visit
  • Websites that reference or link to the Company’s website

The company uses this data to understand and analyze trends, manage and maintain sites, learn about website user behavior, improve its products and services, and collect demographic statistics about its overall user base. The company may also use this data in its marketing and advertising services.

Types of cookies that we may use.
Types of cookies details status
necessary These cookies are essential to providing you with services through the company’s website or platform, such as to store your Session ID when logging in or for security purposes. necessary
Improve performance These cookies are used to improve the performance and functionality of a website or platform, but are not essential for its operation, such as remembering usernames. However, without these cookies, some functions may not work. Configurable
Analyze data. These cookies collect user behavior data to help the company understand how our website or platform is being used and how effective our marketing campaigns are. This allows the company to improve and develop the website, platform, products, and/or services to better suit your needs and preferences. Configurable
Here’s an example of the details of the cookies we use.
Cookie Name Description Duration Type
WHMCSInstanceID This is the most common cookie that most PHP-based websites will use. This stores the unique session ID for each visitor and enables variables to pass between page loads. The cookie only contains a reference to a session on the web server. The user’s browser won’t store any personal information. This is a session-only cookie, so it expires as soon as you close the browser. it expires as soon as you close the browser. necessary
WHMCSAffiliateID WHMCS sets this cookie when an affiliate refers to a customer to you. It stores the ID of the affiliate that made the referral so that if the customer places an order within the next 90 days following the referral, the affiliate receives credit for it. It is a persistent cookie. 1 day necessary
WHMCSUser WHMCS uses this cookie for the remember me functionality of the client area. The system only sets it if a client chose to have the system remember their details, ensuring that they don’t need to log in multiple times. It is persistent and lasts for 365 days, or until logout. for 365 days, or until logout. necessary
RUKCOMCOOKIES null 30 days necessary
_ga This cookie is installed by Google Analytics. The cookie is used to calculate visitors, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. 2 years Analyze data.
_gid This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. 1 day Analyze data.
_gat This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. 1 minute Improve performance
__cfduid The __cfduid cookie helps Cloudflare detect malicious visitors to our Customers’ websites and minimizes blocking legitimate users. It may be placed on the devices of our customers’ End Users to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare’s security features. 30 days necessary

The cookie information we use is provided by the automated system of our cookie management provider. You can view a list of all cookies used on this website yourself through your browser.

The role of companies as data processors.

In addition to its role as “Data Controller” for customer data used in account registration and management, the company acts as a “Data Processor” for personal data of third parties that customers store or process on the company’s system. This data is processed only at the customer’s request and for the purpose of providing the service, and will not be used for any other purpose, particularly advertising or marketing, unless consent is obtained from the customer or in compliance with the law. Detailed terms and conditions are in accordance with the Personal Data Processing Agreement (DPA).

Data Location and Data Center Location

The data is organized by company type and role as follows:
(1) Member account information and service usage information that the Company keeps as the “data controller” (e.g. name, address, email, telephone number, payment information) are stored at a data center in Thailand.
(2) The data that the Service Recipient brings to be stored or processed on their own service, in which the Company acts as the “processor”, will be stored at a data center in the region (Region) that the Service Recipient chooses to use, namely Thailand or Singapore. The Service Recipient determines and is aware of the location of such data in the chosen region.
If it becomes necessary to transfer or store data to data centers abroad, the company will provide adequate data protection measures as required by law and will notify the destination country upon request.

Customer Data Ownership

All data and content that customers upload to or store on the company’s systems remain the property of the customers. The company does not claim ownership of such data and will only access it as necessary for providing services, maintaining the system, or complying with legal requirements. Upon termination of service, customers have the right to request the return of their data within a specified period, and the company will securely delete the data from the systems.

Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of the data subject, the Company will notify the Personal Data Protection Commission without delay within 72 hours of becoming aware of the incident, to the best of its ability, and will notify the data subject if the incident poses a high risk, in accordance with Section 37(4) of the Personal Data Protection Act B.E. 2562 (2019). In this regard, as a data processor, the Company will notify the customer (data controller) without delay upon discovering the incident, so that the customer can fulfill their legal obligations in a timely manner.

Configure or disable cookies.

You have the right to set your cookie consent settings at any time on the company’s website or through your browser. You may configure your browser to refuse the collection of cookies; instructions on how to do this can be found on the browser developer’s website.

However, some services on the company’s website require the use of cookies. Disabling cookies may cause some or all of the functions of these services to not work smoothly. The company apologizes for any inconvenience this may cause.

Updating the Personal Data Protection Policy.

The company reserves the right to amend all or part of this Privacy Policy to ensure its content is appropriate and complies with any new Acts and/or subordinate legislation, regulations, and announcements from government agencies. If any changes are made to this policy, the company will publish them on its website as soon as possible to ensure they are up-to-date and consistent with the new guidelines.

Contact the company and its data protection officer.

If you have any suggestions or require further information regarding the collection, use, and/or disclosure of your personal data, including exercising your rights under this policy, you can contact the Data Protection Officer through the following channels.

Personal Data Protection Section, Rakcom Co., Ltd.
Vanich Place Ari (Building A), Unit 2703, 27th Floor.
304 Phahonyothin Road, Samsen Nai Subdistrict, Phaya Thai District, Bangkok 10400
Email: [email protected]