Movaci managed IT services and cybersecurity company logo
Client PortalGet AssessmentClient Portal
Privacy Policy and Data Protection visual for Movaci managed IT and cybersecurity services

Effective Date

Movaci – Privacy Policy

Effective Date: May 1, 2026 Last Revised: May 1, 2026

Effective Date

Effective Date: May 1, 2026 Last Revised: May 1, 2026

1. Introduction

Movaci Co., Ltd. ("Movaci") provides managed IT services, cybersecurity services, cloud and hosting services, and related technology solutions.

This Privacy Policy explains how Movaci collect, use, disclose, transfer, and protect personal data in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (PDPA) and other applicable data protection laws.

2. Scope Of This policy

This policy applies to:

  • Customers and prospective customers
  • Employees, representatives, and users of our customers
  • Website visitors
  • Business partners, vendors, and contractors

3. Definitions

  • Personal Data: Any information relating to an identifiable individual
  • Sensitive Personal Data: Includes biometric data, health data, criminal records, etc.
  • Data Controller: Entity that determines purposes and means of processing
  • Data Processor: Entity that processes data on behalf of a controller

4. Role of Movaci

Movaci may act as:

4.1 Data Controller

Movaci determines the purposes and means of processing personal data in the following activities:

In this role, Movaci is responsible for ensuring that personal data is processed in accordance with PDPA requirements, including lawful basis, transparency, and data subject rights.

  • Contract management and service agreements
  • Billing, invoicing, and financial administration
  • Marketing, communications, and business development
  • Internal operations, governance, and regulatory compliance

4.2 Data Processor

Movaci processes personal data in the course of delivering services such as:

In its role as a Data Processor, Movaci:

  • Managed IT services and system administration
  • Cloud, hosting, and infrastructure management
  • Cybersecurity monitoring, logging, and incident response
  • Processes personal data strictly in accordance with documented instructions from the customer
  • Does not determine independent purposes for processing
  • Implement appropriate technical and organizational security measures
  • Ensures confidentiality and access control over personal data
  • Assists customers in fulfilling their obligations under PDPA (e.g., data subject rights, breach notification) where applicable
  • Engages sub-processors only with appropriate safeguards and contractual controls

5. Categories of Personal Data Collected

5.1 General Personal Data

  • Name, surname
  • Email address
  • Phone number
  • Job title and company

5.2 Technical Data

  • IP address
  • Device identifiers
  • Log files and system activity

5.3 Security Data

  • Authentication logs
  • Security alerts
  • Threat detection data

5.4 Support Data

  • Helpdesk tickets
  • Communication records

5.5 Physical Security Data

  • CCTV recordings
  • Visitor logs

5.6 Sensitive Personal Data

Movaci does not intentionally collect sensitive personal data unless necessary. Where required, we will:

  • Obtain explicit consent, or
  • Rely on a lawful exemption under PDPA

6. Sources of Personal Data

Movaci collects personal data from:

  • Direct interactions (contracts, communications)
  • Use of our services and systems
  • Monitoring tools
  • Third-party integrations

7. Purpose of Processing

Movaci process personal data for:

  • Service delivery and system operations
  • Cybersecurity monitoring and threat detection
  • Incident investigation and response
  • Customer support
  • Billing and financial management
  • Legal and regulatory compliance
  • Business development and marketing (with consent required)

8. Legal Bases for Processing

Movaci relies on the following legal bases under PDPA:

Where legitimate interest is relied upon, Movaci conducts a balancing test to ensure that such interests do not override data subject rights

  • Contractual necessity
  • Legal obligation
  • Legitimate interests (e.g., system security, fraud prevention)
  • Consent (for marketing or sensitive data)

9. Security Monitoring and Logging

Movaci implements security monitoring and logging as a core component of its cybersecurity and service delivery functions.

9.1 Categories of Monitoring Data

Movaci collects and analyzes only data necessary for security and operational purposes, including:

  • Authentication and access logs
  • System and application activity logs
  • Network and infrastructure metadata
  • Security events and alerts generated by monitoring tools

9.2 Purposes of Processing

Processing is limited to the following purposes:

  • Detection, prevention, and investigation of security threats
  • Incident response, containment, and remediation
  • Ensuring the availability, integrity, and confidentiality of systems and data
  • Compliance with applicable legal, regulatory, and contractual requirements

10. Cookies and Tracking Technologies

Movaci’s website may use cookies and similar technologies to improve user experience, analyze usage, and support security functions. Where required, users will be provided with appropriate notice or consent mechanisms.

11. Data Sharing and Disclosure

Movaci may disclose personal data to:

All third parties are required to implement appropriate data protection measures.

Movaci does not sell personal data.

  • Cloud service providers (e.g., Microsoft, AWS)
  • IT and cybersecurity vendors
  • Professional advisors (legal, audit)
  • Government authorities where required by law

12. International Data Transfers

Personal data may be transferred outside Thailand due to the use of global cloud infrastructure.

Movaci ensures that appropriate safeguards are implemented, and that cross-border transfers comply with PDPA requirements.

13. Data Retention

Movaci retain personal data only as long as necessary for the purposes stated:

Data will be securely deleted, anonymized, or destroyed when no longer required.

  • Logs: retained based on security and operational policies
  • Contracts and billing: retained per legal requirements
  • Support data: retained based on service needs

14. Security Measures

Movaci implements appropriate technical and organizational measures, including:

  • Access controls and least privilege principles
  • Encryption and secure transmission
  • Continuous monitoring and logging
  • Alignment with industry security standards and best practices

15. Data Subject Rights

Under PDPA, individuals have the right to:

Requests may be subject to legal limitations and verification requirements.

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion or anonymization
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time

16. Data Breach Notification

In the event of a personal data breach, Movaci will:

  • Investigate and assess the impact
  • Notify the Personal Data Protection Committee (PDPC) within 72 hours where required
  • Notify affected individuals if there is a high risk to their rights and freedoms

17. Customer Responsibilities

Customers are responsible for lawful collection, use, and governance of personal data, as well as compliance with applicable data protection laws.

18. Changes to Policy

Movaci may update this Privacy Policy periodically. Updates will be published on our website and become effective upon posting.

19. Contact Information

Movaci Co., Ltd. Address: 420/11-13 Changklan Road, T. Changklan, A. Muang, Chiang Mai 50100 Thailand Phone: +66 (052) 079 455 Email: [email protected]

Data Protection Officer (DPO) Email: [email protected]

Movaci – Privacy Policy

Effective Date: May 1, 2026 Last Revised: May 1, 2026

1. Introduction

Movaci Co., Ltd. ("Movaci") provides managed IT services, cybersecurity services, cloud and hosting services, and related technology solutions.

This Privacy Policy explains how Movaci collect, use, disclose, transfer, and protect personal data in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (PDPA) and other applicable data protection laws.

2. Scope Of This policy

This policy applies to:

Customers and prospective customers

Employees, representatives, and users of our customers

Website visitors

Business partners, vendors, and contractors

3. Definitions

Personal Data: Any information relating to an identifiable individual

Sensitive Personal Data: Includes biometric data, health data, criminal records, etc.

Data Controller: Entity that determines purposes and means of processing

Data Processor: Entity that processes data on behalf of a controller

4. Role of Movaci

Movaci may act as:

4.1 Data Controller

Movaci determines the purposes and means of processing personal data in the following activities:

Contract management and service agreements

Billing, invoicing, and financial administration

Marketing, communications, and business development

Internal operations, governance, and regulatory compliance

In this role, Movaci is responsible for ensuring that personal data is processed in accordance with PDPA requirements, including lawful basis, transparency, and data subject rights.

4.2 Data Processor

Movaci processes personal data in the course of delivering services such as:

Managed IT services and system administration

Cloud, hosting, and infrastructure management

Cybersecurity monitoring, logging, and incident response

In its role as a Data Processor, Movaci:

Processes personal data strictly in accordance with documented instructions from the customer

Does not determine independent purposes for processing

Implement appropriate technical and organizational security measures

Ensures confidentiality and access control over personal data

Assists customers in fulfilling their obligations under PDPA (e.g., data subject rights, breach notification) where applicable

Engages sub-processors only with appropriate safeguards and contractual controls

5. Categories of Personal Data Collected

5.1 General Personal Data

Name, surname

Email address

Phone number

Job title and company

5.2 Technical Data

IP address

Device identifiers

Log files and system activity

5.3 Security Data

Authentication logs

Security alerts

Threat detection data

5.4 Support Data

Helpdesk tickets

Communication records

5.5 Physical Security Data

CCTV recordings

Visitor logs

5.6 Sensitive Personal Data

Movaci does not intentionally collect sensitive personal data unless necessary. Where required, we will:

Obtain explicit consent, or

Rely on a lawful exemption under PDPA

6. Sources of Personal Data

Movaci collects personal data from:

Direct interactions (contracts, communications)

Use of our services and systems

Monitoring tools

Third-party integrations

7. Purpose of Processing

Movaci process personal data for:

Service delivery and system operations

Cybersecurity monitoring and threat detection

Incident investigation and response

Customer support

Billing and financial management

Legal and regulatory compliance

Business development and marketing (with consent required)

8. Legal Bases for Processing

Movaci relies on the following legal bases under PDPA:

Contractual necessity

Legal obligation

Legitimate interests (e.g., system security, fraud prevention)

Consent (for marketing or sensitive data)

Where legitimate interest is relied upon, Movaci conducts a balancing test to ensure that such interests do not override data subject rights

9. Security Monitoring and Logging

Movaci implements security monitoring and logging as a core component of its cybersecurity and service delivery functions.

9.1 Categories of Monitoring Data

Movaci collects and analyzes only data necessary for security and operational purposes, including:

Authentication and access logs

System and application activity logs

Network and infrastructure metadata

Security events and alerts generated by monitoring tools

9.2 Purposes of Processing

Processing is limited to the following purposes:

Detection, prevention, and investigation of security threats

Incident response, containment, and remediation

Ensuring the availability, integrity, and confidentiality of systems and data

Compliance with applicable legal, regulatory, and contractual requirements

10. Cookies and Tracking Technologies

Movaci’s website may use cookies and similar technologies to improve user experience, analyze usage, and support security functions. Where required, users will be provided with appropriate notice or consent mechanisms.

11. Data Sharing and Disclosure

Movaci may disclose personal data to:

Cloud service providers (e.g., Microsoft, AWS)

IT and cybersecurity vendors

Professional advisors (legal, audit)

Government authorities where required by law

All third parties are required to implement appropriate data protection measures.

Movaci does not sell personal data.

12. International Data Transfers

Personal data may be transferred outside Thailand due to the use of global cloud infrastructure.

Movaci ensures that appropriate safeguards are implemented, and that cross-border transfers comply with PDPA requirements.

13. Data Retention

Movaci retain personal data only as long as necessary for the purposes stated:

Logs: retained based on security and operational policies

Contracts and billing: retained per legal requirements

Support data: retained based on service needs

Data will be securely deleted, anonymized, or destroyed when no longer required.

14. Security Measures

Movaci implements appropriate technical and organizational measures, including:

Access controls and least privilege principles

Encryption and secure transmission

Continuous monitoring and logging

Alignment with industry security standards and best practices

15. Data Subject Rights

Under PDPA, individuals have the right to:

Access their personal data

Request correction of inaccurate data

Request deletion or anonymization

Restrict processing

Object to processing

Request data portability

Withdraw consent at any time

Requests may be subject to legal limitations and verification requirements.

16. Data Breach Notification

In the event of a personal data breach, Movaci will:

Investigate and assess the impact

Notify the Personal Data Protection Committee (PDPC) within 72 hours where required

Notify affected individuals if there is a high risk to their rights and freedoms

17. Customer Responsibilities

Customers are responsible for lawful collection, use, and governance of personal data, as well as compliance with applicable data protection laws.

18. Changes to Policy

Movaci may update this Privacy Policy periodically. Updates will be published on our website and become effective upon posting.

19. Contact Information

Movaci Co., Ltd.

Address: 420/11-13 Changklan Road, T. Changklan, A. Muang, Chiang Mai 50100 Thailand

Phone: +66 (052) 079 455

Email: [email protected]

Data Protection Officer (DPO)

Email: [email protected]