Movaci
Modern digital workspace with communication tools

Legal

Privacy Policy

Movaci Co., Ltd. ("Movaci") provides managed IT services, cybersecurity services, cloud and hosting services, and related technology solutions.

Effective Date

Effective Date: May 1, 2026 Last Revised: May 1, 2026

1. Introduction

Movaci Co., Ltd. ("Movaci") provides managed IT services, cybersecurity services, cloud and hosting services, and related technology solutions.

This Privacy Policy explains how Movaci collect, use, disclose, transfer, and protect personal data in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (PDPA) and other applicable data protection laws.

2. Scope Of This policy

This policy applies to:

  • Customers and prospective customers
  • Employees, representatives, and users of our customers
  • Website visitors
  • Business partners, vendors, and contractors

3. Definitions

  • Personal Data: Any information relating to an identifiable individual
  • Sensitive Personal Data: Includes biometric data, health data, criminal records, etc.
  • Data Controller: Entity that determines purposes and means of processing
  • Data Processor: Entity that processes data on behalf of a controller

4. Role of Movaci

Movaci may act as:

4.1 Data Controller

Movaci determines the purposes and means of processing personal data in the following activities:

In this role, Movaci is responsible for ensuring that personal data is processed in accordance with PDPA requirements, including lawful basis, transparency, and data subject rights.

  • Contract management and service agreements
  • Billing, invoicing, and financial administration
  • Marketing, communications, and business development
  • Internal operations, governance, and regulatory compliance

4.2 Data Processor

Movaci processes personal data in the course of delivering services such as:

In its role as a Data Processor, Movaci:

  • Managed IT services and system administration
  • Cloud, hosting, and infrastructure management
  • Cybersecurity monitoring, logging, and incident response
  • Processes personal data strictly in accordance with documented instructions from the customer
  • Does not determine independent purposes for processing
  • Implement appropriate technical and organizational security measures
  • Ensures confidentiality and access control over personal data
  • Assists customers in fulfilling their obligations under PDPA (e.g., data subject rights, breach notification) where applicable
  • Engages sub-processors only with appropriate safeguards and contractual controls

5. Categories of Personal Data Collected

5.1 General Personal Data

  • Name, surname
  • Email address
  • Phone number
  • Job title and company

5.2 Technical Data

  • IP address
  • Device identifiers
  • Log files and system activity

5.3 Security Data

  • Authentication logs
  • Security alerts
  • Threat detection data

5.4 Support Data

  • Helpdesk tickets
  • Communication records

5.5 Physical Security Data

  • CCTV recordings
  • Visitor logs

5.6 Sensitive Personal Data

Movaci does not intentionally collect sensitive personal data unless necessary. Where required, we will:

  • Obtain explicit consent, or
  • Rely on a lawful exemption under PDPA

6. Sources of Personal Data

Movaci collects personal data from:

  • Direct interactions (contracts, communications)
  • Use of our services and systems
  • Monitoring tools
  • Third-party integrations

7. Purpose of Processing

Movaci process personal data for:

  • Service delivery and system operations
  • Cybersecurity monitoring and threat detection
  • Incident investigation and response
  • Customer support
  • Billing and financial management
  • Legal and regulatory compliance
  • Business development and marketing (with consent required)

8. Legal Bases for Processing

Movaci relies on the following legal bases under PDPA:

Where legitimate interest is relied upon, Movaci conducts a balancing test to ensure that such interests do not override data subject rights

  • Contractual necessity
  • Legal obligation
  • Legitimate interests (e.g., system security, fraud prevention)
  • Consent (for marketing or sensitive data)

9. Security Monitoring and Logging

Movaci implements security monitoring and logging as a core component of its cybersecurity and service delivery functions.

9.1 Categories of Monitoring Data

Movaci collects and analyzes only data necessary for security and operational purposes, including:

  • Authentication and access logs
  • System and application activity logs
  • Network and infrastructure metadata
  • Security events and alerts generated by monitoring tools

9.2 Purposes of Processing

Processing is limited to the following purposes:

  • Detection, prevention, and investigation of security threats
  • Incident response, containment, and remediation
  • Ensuring the availability, integrity, and confidentiality of systems and data
  • Compliance with applicable legal, regulatory, and contractual requirements

10. Cookies and Tracking Technologies

Movaci’s website may use cookies and similar technologies to improve user experience, analyze usage, and support security functions. Where required, users will be provided with appropriate notice or consent mechanisms.

11. Data Sharing and Disclosure

Movaci may disclose personal data to:

All third parties are required to implement appropriate data protection measures.

Movaci does not sell personal data.

  • Cloud service providers (e.g., Microsoft, AWS)
  • IT and cybersecurity vendors
  • Professional advisors (legal, audit)
  • Government authorities where required by law

12. International Data Transfers

Personal data may be transferred outside Thailand due to the use of global cloud infrastructure.

Movaci ensures that appropriate safeguards are implemented, and that cross-border transfers comply with PDPA requirements.

13. Data Retention

Movaci retain personal data only as long as necessary for the purposes stated:

Data will be securely deleted, anonymized, or destroyed when no longer required.

  • Logs: retained based on security and operational policies
  • Contracts and billing: retained per legal requirements
  • Support data: retained based on service needs

14. Security Measures

Movaci implements appropriate technical and organizational measures, including:

  • Access controls and least privilege principles
  • Encryption and secure transmission
  • Continuous monitoring and logging
  • Alignment with industry security standards and best practices

15. Data Subject Rights

Under PDPA, individuals have the right to:

Requests may be subject to legal limitations and verification requirements.

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion or anonymization
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time

16. Data Breach Notification

In the event of a personal data breach, Movaci will:

  • Investigate and assess the impact
  • Notify the Personal Data Protection Committee (PDPC) within 72 hours where required
  • Notify affected individuals if there is a high risk to their rights and freedoms

17. Customer Responsibilities

Customers are responsible for lawful collection, use, and governance of personal data, as well as compliance with applicable data protection laws.

18. Changes to Policy

Movaci may update this Privacy Policy periodically. Updates will be published on our website and become effective upon posting.

19. Contact Information

Movaci Co., Ltd. Address: 420/11-13 Changklan Road, T. Changklan, A. Muang, Chiang Mai 50100 Thailand Phone: +66 (052) 079 455 Email: [email protected]

Data Protection Officer (DPO) Email: [email protected]