Privacy Policy

1. Introduction

Zeranova ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our AI integration services, visit our website, or interact with our business.

This policy complies with Thailand's Personal Data Protection Act (PDPA) B.E. 2562 and applies to all personal data we process in connection with our services.

For questions or concerns about this policy, please contact us at [email protected].

2. Data We Collect

Information You Provide

• Contact Information: Name, email address, phone number, business name, job title
• Inquiry Details: Information you provide when requesting consultations or information about our services
• Project Information: Technical requirements, business objectives, system specifications shared during engagement
• Payment Information: Billing address and payment details processed through secure third-party payment processors

Information Collected Automatically

• Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages
• Cookies and Tracking: Data collected through cookies and similar technologies (see our Cookie Policy for details)
• Analytics Data: Aggregated statistics about website traffic and user behavior

Information from Third Parties

• Publicly available business information from legitimate sources
• Data from cloud platform providers when working on client implementations
• Professional references provided with your consent

3. How We Use Your Data

Service Delivery

• Providing AI integration advisory, analytics deployment, and transformation office services
• Communicating about projects, deliverables, and support
• Processing payments and managing billing
• Delivering technical documentation and training materials

Business Operations

• Responding to inquiries and consultation requests
• Improving our services based on feedback and usage patterns
• Conducting internal research and development
• Maintaining records for legal and regulatory compliance

Marketing and Communication

• Sending service updates and newsletters (with your consent)
• Sharing relevant industry insights and technical content
• Inviting you to events, webinars, or workshops

Legal Basis for Processing

We process your personal data based on:

• Contract Performance: Processing necessary to fulfill our service agreements
• Consent: Where you have given explicit permission for specific processing activities
• Legitimate Interest: For business operations that don't override your privacy rights
• Legal Obligation: Compliance with Thai law and regulations

4. Data Sharing and Disclosure

Service Providers

We share data with trusted third parties who assist in business operations:

• Cloud platform providers (AWS, Azure, Google Cloud) for hosting and infrastructure
• Payment processors for billing and transaction management
• Email service providers for communications
• Analytics platforms for website performance monitoring

All service providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Enforce our terms and conditions
• Protect our rights, property, or safety
• Prevent fraud or security issues

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

5. Data Security

Security Measures

We implement comprehensive security controls to protect your data:

• Encryption: Data transmitted via SSL/TLS protocols; stored data encrypted at rest
• Access Controls: Role-based permissions limiting data access to authorized personnel only
• Monitoring: Continuous security monitoring and regular vulnerability assessments
• Incident Response: Documented procedures for addressing potential data breaches
• Physical Security: Secure facilities with restricted access for servers and infrastructure

Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by PDPA, providing details about the incident and steps being taken to address it.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Active Client Data: Duration of engagement plus 7 years for legal compliance
• Inquiry Data: 2 years from last contact unless consent is withdrawn
• Marketing Data: Until consent is withdrawn or data becomes outdated
• Website Analytics: 26 months in aggregated form

After retention periods expire, data is securely deleted or anonymized.

7. Your Rights Under PDPA

Under Thailand's Personal Data Protection Act, you have the following rights:

• Right to Access: Request information about what personal data we hold and how it's used
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Restrict Processing: Request limitation of how your data is used
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge Complaint: File a complaint with Thailand's Personal Data Protection Committee

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience and analyze site usage. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

9. International Data Transfers

While we primarily operate within Thailand, some data may be transferred to cloud providers with servers in other jurisdictions. When this occurs:

• We ensure adequate safeguards are in place through contractual clauses
• Data is encrypted during transmission and at rest
• Transfers comply with PDPA requirements for cross-border data flows
• We select providers with strong data protection frameworks

10. Children's Privacy

Our services are designed for businesses and are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes:

• We will update the "Last Updated" date at the top of this policy
• We may notify you via email or website notice
• Continued use of our services after changes constitutes acceptance

We encourage you to review this policy periodically.

12. Contact Information

For questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

Personal Data Protection Committee
Office of the Personal Data Protection Committee
Ministry of Digital Economy and Society
Thailand