1. Scope
This policy applies to personal data processed by Versotis in connection with our public website, contact channels, customer onboarding, project delivery, and related support interactions. It is designed to align with Thailand PDPA and EU GDPR principles.
2. Data Controller
Versotis Co., Ltd. is the data controller for the processing activities described in this policy, except where we act strictly as a processor for a customer under a separate contract.
3. Data Categories
We may process the following categories of personal data:
- Identity and contact data, such as name, role, company, email, phone, and country.
- Communication data, including messages sent through forms, email, and chat channels.
- Technical data, including device metadata, IP address, browser details, and usage logs.
- Contract and service data required for project planning, execution, and billing.
4. Purposes and Lawful Basis
We process personal data for the following purposes and legal grounds:
- Responding to inquiries and pre-contract steps, based on legitimate interests or contract necessity.
- Service delivery and account management, based on contract necessity.
- Security monitoring and fraud prevention, based on legitimate interests and legal obligations.
- Compliance with tax, accounting, and regulatory obligations, based on legal obligations.
- Optional marketing communications, based on consent where required by law.
5. Data Sharing and Processors
We share personal data only where required for service operation, legal compliance, or customer-requested integrations. Categories of recipients include infrastructure providers, communication providers, professional advisors, and competent authorities where legally required.
Where third parties process data on our behalf, we require contractual safeguards, confidentiality commitments, and security controls proportionate to processing risk.
6. International Transfers
When personal data is transferred across borders, we apply appropriate safeguards such as contractual clauses, transfer impact reviews, and technical controls aligned with PDPA and GDPR requirements.
7. Retention
We retain personal data only as long as necessary for the purposes described above, legal obligations, and dispute defense needs. Retention periods vary by data type and legal requirement. We securely delete or anonymize data once retention ends.
8. Data Subject Rights
Subject to applicable law, data subjects may request to:
- Access and receive a copy of personal data.
- Correct inaccurate or incomplete data.
- Delete or restrict certain processing activities.
- Object to processing based on legitimate interests.
- Receive portable data where applicable.
- Withdraw consent for consent-based processing.
We verify identity before fulfilling rights requests and may decline or limit requests where permitted by law.
9. Security Controls
We maintain administrative, technical, and organizational controls including least-privilege access, encryption in transit, logging, monitoring, and incident response procedures. Controls are reviewed periodically according to risk and business context.
10. Children
Our website and services are intended for business users and are not directed at children. If we become aware that personal data of a child has been collected unlawfully, we will take steps to delete the data as required.
11. Policy Changes
We may update this policy to reflect legal, operational, or technical changes. Material changes will be communicated through appropriate channels.
12. Contact and Complaints
For privacy requests, concerns, or complaints, contact us at contact@versotis.com. We will review and respond in line with applicable legal timelines.
13. Changelog
- 2026-05-28 (v1.0): Initial public release of Privacy Policy.
This policy is provided for operational transparency and does not constitute legal advice. Final legal interpretation and enforcement should be reviewed by qualified counsel.