Privacy Policy for VERSOTIS

Effective Date: January 18, 2025
Last Updated: January 18, 2025

VERSOTIS ("we," "us," or "our") is committed to protecting your privacy and complying with Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our ICT consulting services, multi-cloud solutions, cybersecurity services, and visit our website.

1. Data Controller Information

Data Controller: VERSOTIS Co., Ltd.
Address: 253 Asoke Building Floor 24, Sukumvit 21 Road, Klongtoey Nua Sub District, Wattana District, Bangkok 10110, Thailand
Email: contact@versotis.com
Data Protection Officer (DPO): dpo@versotis.com

2. Personal Data We Collect

2.1 Information You Provide Directly

Contact Information: Name, email address, phone number, company name, job title
Service Inquiry Data: Project requirements, technical specifications, business needs
Communication Records: Email correspondence, meeting notes, support tickets
Account Information: Login credentials, user preferences, service configurations

2.2 Information We Collect Automatically

Website Usage Data: IP address, browser type, device information, pages visited
Technical Data: Server logs, system performance metrics, access times
Cookies and Tracking: Session cookies, analytics cookies, preference cookies

2.3 Information from Third Parties

Business Partners: Referral information, joint project data
Cloud Service Providers: Usage analytics, performance metrics (when providing cloud services)
Public Sources: Company information, professional profiles for business purposes

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the PDPA:

3.1 Contract Performance (Article 24(1))

Providing ICT consulting services
Delivering multi-cloud solutions
Implementing cybersecurity measures
Managing ongoing service relationships

3.2 Legitimate Interests (Article 24(5))

Business communication and relationship management
Service improvement and development
Marketing of relevant ICT services
Network security and fraud prevention

3.3 Consent (Article 19)

Marketing communications (where required)
Non-essential cookies
Optional data collection for service enhancement

3.4 Legal Obligation (Article 24(2))

Compliance with Thai laws and regulations
Record keeping requirements
Regulatory reporting obligations

4. How We Use Your Personal Data

4.1 Service Delivery

Providing ICT consulting and advisory services
Implementing multi-cloud architecture solutions
Delivering cybersecurity services and monitoring
Managing digital transformation projects
Providing technical support and maintenance

4.2 Business Operations

Client relationship management
Project planning and execution
Quality assurance and service improvement
Financial management and invoicing
Vendor and partner management

4.3 Communication

Responding to inquiries and requests
Providing service updates and notifications
Sending relevant industry insights and news
Conducting customer satisfaction surveys

4.4 Legal and Compliance

Meeting regulatory requirements
Maintaining accurate records
Resolving disputes and legal matters
Protecting against fraud and security threats

5. Data Sharing and Disclosure

5.1 Service Providers

We may share your personal data with:

Cloud Infrastructure Providers: AWS, Google Cloud, Azure, Alibaba Cloud, Huawei Cloud
Technology Partners: For joint service delivery
Professional Service Providers: Legal, accounting, and consulting firms
IT Support Vendors: For system maintenance and support

5.2 Legal Requirements

We may disclose your personal data when required by:

Thai law or legal process
Government authorities or regulators
Court orders or legal proceedings
Protection of our rights and interests

5.3 Business Transfers

In case of merger, acquisition, or sale of business assets, your personal data may be transferred to the acquiring entity.

6. Cross-Border Data Transfers

6.1 International Transfers

As an ICT consulting company providing multi-cloud solutions, we may transfer your personal data to:

Cloud service providers in other countries
International technology partners
Overseas subsidiaries or affiliates

6.2 Safeguards

All cross-border transfers are protected by:

Standard Contractual Clauses approved by the Personal Data Protection Committee
Adequacy decisions by Thai authorities
Appropriate technical and organizational measures

7. Data Retention

7.1 Retention Periods

Client Data: 7 years after contract termination (for legal compliance)
Project Data: 5 years after project completion
Communication Records: 3 years from last communication
Website Analytics: 24 months from collection
Marketing Data: Until consent is withdrawn

7.2 Deletion Procedures

We securely delete or anonymize personal data when:

Retention periods expire
Data is no longer necessary for original purposes
Legal obligations are fulfilled
You exercise your right to erasure

8. Your Rights Under PDPA

8.1 Right to Access (Article 30)

Request confirmation of data processing
Obtain copies of your personal data
Receive information about processing purposes

8.2 Right to Rectification (Article 31)

Correct inaccurate personal data
Complete incomplete personal data
Update outdated information

8.3 Right to Erasure (Article 32)

Delete personal data when no longer necessary
Remove data processed unlawfully
Withdraw consent for specific processing

8.4 Right to Restrict Processing (Article 33)

Limit processing while verifying accuracy
Restrict use instead of deletion
Object to processing for specific purposes

8.5 Right to Data Portability (Article 34)

Receive data in structured, machine-readable format
Transfer data to another controller
Direct transfer between controllers (where possible)

8.6 Right to Object (Article 35)

Object to processing for direct marketing
Object to processing based on legitimate interests
Object to automated decision-making

8.7 Right to Withdraw Consent

Withdraw consent at any time
Does not affect lawfulness of prior processing
May limit our ability to provide services

8.8 Right to Lodge a Complaint

Contact our Data Protection Officer
File complaint with Personal Data Protection Committee
Seek judicial remedy if necessary

9. Exercising Your Rights

9.1 How to Contact Us

Email: dpo@versotis.com
Subject Line: "PDPA Rights Request - [Your Name]"
Required Information: Full name, contact details, specific request

9.2 Response Timeline

Acknowledgment: Within 7 days of receipt
Full Response: Within 30 days of receipt
Complex Requests: May require additional 30 days with notification

9.3 Identity Verification

We may request additional information to verify your identity before processing rights requests.

10. Data Security

10.1 Technical Safeguards

Encryption: Data encryption in transit and at rest
Access Controls: Multi-factor authentication and role-based access
Network Security: Firewalls, intrusion detection systems
Backup Systems: Regular secure backups and disaster recovery

10.2 Administrative Safeguards

Staff Training: Regular privacy and security training
Access Policies: Need-to-know basis for data access
Incident Response: Comprehensive breach response procedures
Vendor Management: Due diligence on third-party processors

10.3 Physical Safeguards

Secure Facilities: Controlled access to data centers
Equipment Security: Secure disposal of storage devices
Environmental Controls: Protection against physical threats

11. Data Breach Notification

11.1 Authority Notification

Timeline: Within 72 hours of becoming aware of breach
Recipient: Personal Data Protection Committee
Information: Nature of breach, affected data, remedial measures

11.2 Individual Notification

High-Risk Breaches: Direct notification to affected individuals
Timeline: Without undue delay
Content: Nature of breach, potential consequences, remedial measures

11.3 Breach Response

Immediate Action: Contain and assess the breach
Investigation: Determine cause and extent of breach
Remediation: Implement measures to prevent future breaches
Documentation: Maintain records of all breach incidents

12. Cookies and Website Analytics

12.1 Essential Cookies

Session Cookies: Maintain website functionality
Security Cookies: Protect against fraud and attacks
Load Balancing: Ensure optimal website performance

12.2 Analytics Cookies

Google Analytics: Website usage statistics
Performance Monitoring: Page load times and user experience
Conversion Tracking: Service inquiry effectiveness

12.3 Marketing Cookies

Social Media Integration: Share buttons and feeds
Advertising: Relevant service advertisements
Remarketing: Targeted marketing campaigns

12.4 Cookie Management

Browser Settings: Modify cookie preferences
Opt-Out Tools: Use analytics opt-out extensions
Regular Clearing: Delete cookies periodically

13. Children's Privacy

We do not knowingly collect personal data from children under 18 years of age. If we become aware that we have collected personal data from a child, we will delete such information immediately.

14. Updates to This Privacy Policy

14.1 Notification of Changes

Material Changes: Email notification to registered users
Minor Updates: Website notification and updated date
Regulatory Changes: Prompt updates to maintain compliance

14.2 Review Schedule

We review this Privacy Policy annually or when:

Legal requirements change
Business practices evolve
New services are introduced
Regulatory guidance is updated

15. Contact Information

15.1 General Inquiries

Email: contact@versotis.com
Phone: +66 61-162-9953 Address: 253 Asoke Building Floor 24, Sukumvit 21 Road, Klongtoey Nua Sub District, Wattana District, Bangkok 10110, Thailand

15.2 Data Protection Officer

Email: dpo@versotis.com
Subject Line: "PDPA Inquiry - [Your Name]"

15.3 Complaints

Personal Data Protection Committee
Website: https://www.pdpc.or.th/
Email: info@pdpc.go.th

This Privacy Policy is governed by the laws of Thailand and complies with the Personal Data Protection Act B.E. 2562 (2019). By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Get In Touch