Privacy Policy

Privacy Policy

Last Updated:  09 June. 26

  1. Introduction

Neon Infotech (“Neon”, “Company”, “we”, “our”, or “us”) is committed to protecting personal data in accordance with global privacy standards and applicable laws, including:

  • Thailand Personal Data Protection Act B.E. 2562 (2019) (“PDPA”)
  • General Data Protection Regulation (GDPR), where applicable

This Privacy Policy describes how we collect, process, use, disclose, and safeguard personal data in connection with:

  • Our website: https://neoninfotech.com/
  • IT services, SaaS platforms, and engineering solutions.
  • Consulting and professional services.
  • Customer, partner, and vendor interactions.
  1. Roles & Scope of Processing

Depending on the engagement, Neon Infotech may act as:

  • Data Controller / Data Fiduciary – when we determine purposes and mean of processing.
  • Data Processor – when processing data on behalf of clients.

This policy applies to all individuals whose personal data is processed by us, including:

  • Website users
  • Customers and end-users
  • Employees, contractors, and applicants
  • Business partners and vendors
  1. Categories of Data Collected

3.1 Personal, Professional & Financial Information
We may collect the following categories of personal and business-related data:

  • Name, email address, phone number
  • Company name, designation, department
  • Billing, contractual, and invoicing details
  • Financial information, including:
    • Bank account details
    • Payment information
    • Salary and compensation data (for employees/contractors)
  • Statutory and regulatory information, including:
    • Tax identification numbers (e.g. Tax ID)
    • Government-issued identifiers (where required for compliance)
  • Vendor and supplier onboarding details, including financial and tax-related records

3.2 Technical & Usage Data

  • IP address, browser type, device identifiers
  • Log files, timestamps, session activity
  • Approximate geolocation

3.3 SaaS & Engineering Data

  • Application data and configurations
  • Uploaded files and datasets
  • System logs, diagnostics, telemetry

3.4 Communication Data

  • Support tickets, emails, chat logs
  • Feedback, survey responses

3.5 Employee, Contractor & Supplier Data
We process personal data of employees, contractors, and suppliers, including:

  • Employment and professional records
  • Payroll, banking, and compensation details
  • Taxation and statutory compliance information (e.g., VAT, social security where applicable)
  • Background verification data (where permitted by law)
  • Vendor due diligence and onboarding documentation
  1. Purpose of Processing

We process personal data for:

  • Delivery of IT, SaaS, and engineering services
  • System administration, monitoring, and security
  • Customer support and service management
  • Analytics, performance optimization, and product improvement
  • Marketing and communications (subject to consent where required)
  • Legal, regulatory, and contractual compliance
  • Payroll processing, financial transactions, and vendor payments
  • Compliance with tax, labor, and corporate laws (including VAT, WHT and financial reporting obligations)
  • Employee administration, benefits management, and contractor/vendor management
  1. Legal Basis for Processing (GDPR)

Where applicable, processing is based on:

  • Consent
  • Performance of a contract
  • Legitimate business interests (e.g., service improvement, fraud prevention)
  • Compliance with legal obligations
  1. Thailand PDPA Act, 2019 Compliance

In accordance with the Personal Data Protection Act, B.E. 2562 (2019) (“PDPA”):

Neon Infotech is committed to processing personal data lawfully, fairly, and transparently while ensuring appropriate safeguards to protect the rights of data subjects.

6.1 Data Controller Obligations

Neon Infotech acts as a Data Controller and, where applicable, a Data Processor, and ensures:

  • Personal data is collected, used, and disclosed only for lawful and specified purposes.
  • Data collection is limited to what is necessary for business and legal requirements.
  • Appropriate technical and organizational security measures are implemented
  • Personal data is retained only for as long as necessary.
  • Personal data breaches are managed and reported in accordance with applicable legal requirements.
  • Cross-border data transfers are protected through appropriate safeguards where applicable.

6.2 Data Subject Rights

Subject to applicable laws, individuals have the right to:

  • Access their personal data.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion, destruction, or anonymization of personal data where applicable.
  • Restricting the processing of personal data.
  • Object to the processing of personal data.
  • Withdraw consent at any time where processing is based on consent.
  • Request data portability where technically feasible.
  • Lodge a complaint with the relevant regulatory authority.

6.3 Consent & Privacy Notice

Where consent is required under applicable law, Neon Infotech provides clear privacy notices and obtains consent before collecting, using, or disclosing personal data. Individuals may withdraw their consent at any time, subject to legal or contractual restrictions.

6.4 Personal Data Breach Notification

In the event of a personal data breach that may result in a risk to the rights and freedoms of individuals, Neon Infotech will take appropriate remedial actions and notify affected individuals and relevant authorities as required by applicable law.

  1. Data Sharing & Disclosure

We may share personal data with:

  • Cloud providers (e.g., AWS, Microsoft Azure, GCP)
  • Analytics providers (e.g., Google Analytics)
  • CRM and communication tools
  • Payment processors
  • Regulatory or legal authorities
  • Banks, financial institutions, and payment gateways for salary processing and vendor payments
  • Tax authorities, auditors, and statutory bodies for compliance (e.g., Tax filings, financial audits)

We do not sell personal data.

  1. Sub processors

We engage trusted sub processors to support our services.

Categories of Sub processors:

  • Cloud infrastructure providers
  • Data hosting and storage providers
  • Email and communication platforms
  • Customer support and ticketing systems
  • Analytics and monitoring tools

All sub processors are:

  • Contractually bound by data protection obligations
  • Subject to security and compliance assessments
  1. Data Processing Agreement (DPA)

For enterprise and SaaS customers, Neon Infotech offers a Data Processing Agreement (DPA) that includes:

  • Defined roles (Controller / Processor)
  • Confidentiality obligations
  • Technical and organizational security measures
  • Data breach notification procedures
  • Subprocessor governance
  • Audit and compliance rights
  • Cross-border data transfer safeguards (e.g., SCCs)
  1. International Data Transfers

Personal data may be transferred across jurisdictions.

We ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions (where applicable)
  • Contractual and technical protections
  1. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill contractual and business purposes
  • Meet legal and regulatory requirements

Data is securely deleted or anonymized after retention periods expire.

  1. Security Measures

We implement enterprise-grade security controls, including:

  • Encryption (in transit and at rest where applicable)
  • Role-based access control (RBAC)
  • Network security and monitoring
  • Vulnerability management and patching
  • Incident detection and response
  • Enhanced protection measures for sensitive financial and statutory data, including restricted access and encryption controls
  1. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Website functionality
  • Analytics and performance
  • Marketing and personalization
  1. Cookie Consent Banner Integration

Our website implements a cookie consent mechanism that enables users to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize cookie preferences

Consent is recorded and can be withdrawn at any time.

  1. Your Privacy Rights

Subject to applicable laws, you may:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Withdraw consent
  • Request data portability
  1. Third-Party Links

Our website may contain links to external sites. We are not responsible for their privacy practices.

  1. Children’s Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children.

  1. Updates to This Policy

We may update this Privacy Policy periodically. Changes will be reflected with an updated “Last Updated” date.

  1. Sensitive Data

Sensitive Personal Data
Where applicable, certain categories of data such as financial information, bank account details, and government-issued identifiers are treated as sensitive and are subject to enhanced security and access controls in accordance with applicable laws.

  1. Contact & Grievance Officer

Neon Infotech
Website: https://neoninfotech.com/
Email: neoninfotech@neoninfotech.com
Address: Unit 27A, 27th Floor, Ocean Tower II, 75/60-61 Soi Sukhumvit 19 (Wattana), Klongtoey Nua, Wattana, Bangkok – 10110. Thailand.

Grievance Officer (Thailand PDPA Compliance):
Email: mgmt@neoninfotech.com