Privacy Policy

        NEO NOAH TECH CO., LTD. (“the Company” or “we”) is highly committed to the protection of personal data and compliance with the Personal Data Protection Act B.E. 2562 and other applicable laws. As our operations involve the collection and processing of personal data, the Company acts as a Data Controller and is responsible for protecting your data in accordance with the law.

        This Privacy Policy (“Policy”) has been created to define the guidelines and practices for the Company’s personal data protection operations.

        This Policy applies to all individuals involved in the data management lifecycle within the Company, including directors, executives, employees, contractors, and external third parties who work for or with the Company, as well as those within the data governance structure.

        We expect all individuals to understand and strictly adhere to the principles and guidelines set forth in this Policy. The Company will take necessary disciplinary actions against any individual who violates this Policy.

1. To ensure that the Company’s data protection operations comply with legal requirements.
2. To serve as a guideline for all employees and relevant parties on how to handle personal data.
3. To assure Data Subjects that their personal data will be protected, processed appropriately, transparently, and in compliance with all applicable data protection laws.

        Data Protection Law refers to the Personal Data Protection Act B.E. 2562 and its future amendments, including any related subordinate legislation.
        Personal Data means any information relating to a person that enables the identification of such person, directly or indirectly, such as name, email, phone number, and biometric data.
        Data Controller means a person or entity with the power and duty to make decisions regarding the collection, use, or disclosure of personal data.
        Data Processor means a person or entity that collects, uses, or discloses personal data on behalf of a Data Controller.
        Data Subject means the individual to whom the personal data belongs.
        Processing means the collection, use, or disclosure of personal data as defined by data protection law.
        Employee means any person who works for or on behalf of the Company, including management, staff, and contractors.

The Company will process personal data based on the following key principles:

1. Processing must be lawful, fair, and transparent (Lawfulness, Fairness, and Transparency).
2. Personal data must be processed for specified, explicit, and legitimate purposes (Purpose Limitation).
3. Processing must be limited to what is adequate, relevant, and necessary (Data Minimization).
4. Data must be accurate and kept up-to-date where necessary (Accuracy).
5. Data must be stored only for as long as necessary for the purpose of processing (Storage Limitation).
6. Processing must have appropriate security measures to protect against unauthorized or unlawful processing (Integrity and Confidentiality).

        The Company places a high priority on data protection, implementing internal control measures, guidelines, and manuals to ensure effective compliance with the key data protection principles.

        Our approach to ensure practical implementation includes:

1. Establishing an organizational structure with clear responsibilities for data governance.
2. Setting clear guidelines and responsibilities for employees regarding data protection.
3. Providing training and awareness programs to employees.
4. Informing users about our data processing activities through a clear Privacy Notice and Cookie Notice.
5. Ensuring consent is requested in a clear and easy-to-understand manner.
6. Providing channels and a designated person to handle data subject rights requests.
7. Defining a clear process for handling and investigating data breaches.
8. Maintaining records of processing activities and reviewing them at least annually.
9. Creating a data retention schedule to ensure data is stored only for the necessary period.
10. Establishing data processing agreements with third-party processors.
11. Implementing internal measures for the transfer of personal data across borders.

        Any personal data processing performed by the Company will be lawful and based on the following principles:

1. The processing is necessary for the performance of a contract.
2. The processing is necessary to prevent danger to a person's life or health.
3. The processing is necessary for the performance of a task carried out in the public interest.
4. The processing is necessary for the legitimate interests of the Company or a third party.
5. The processing is for historical, research, or statistical purposes with appropriate safeguards.
6. The processing is necessary for compliance with a legal obligation.
7. The Data Subject has given their consent.

        We recognize your rights as a Data Subject and are fully committed to helping you exercise them. These rights include:

1. Right to be Informed We will provide you with a Privacy Notice and Cookie Policy to inform you about our data processing.
2. Right to Withdraw Consent You can withdraw your consent at any time.
3. Right of Access You can request access to your personal data and a copy of our processing activities.
4. Right to Rectification You can request to have inaccurate or outdated data corrected.
5. Right to Erasure You can request the deletion or destruction of your personal data.
6. Right to Data Portability You can request a copy of your personal data in a readable format for transfer to another Data Controller.
7. Right to Restriction of Processing You have the right to request a restriction on the use of your personal data.
8. Right to Object You have the right to object to the processing of your personal data.

        The Company may, in some cases, reject a request to exercise these rights if there is a legal justification, a court order, or if it would negatively impact the rights and freedoms of others.

To exercise any of these rights, please contact us at service@neonoahtech.com

1. Data Governance Policy
2. Data Management Procedures
3. Information Security Policy
4. Data Subject Rights Request Guidelines

        This Policy will be reviewed and updated at least once a year or as needed. Any changes will be announced on the Company's website and other appropriate channels.