Legal
Privacy Policy
Last updated: [Effective Date]
This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it. We keep it in plain language on purpose.
01Introduction & who we are
Syncodian Technologies is a remote-first software development studio registered in India. We design, build and run ERP, booking, clinic, e-commerce, mobile and custom software systems for operators worldwide.
This Privacy Policy applies to our marketing website and to enquiries you send us through it. When we act as a data processor on behalf of a client, that client’s own privacy notice and our written services agreement govern how their data is handled — this policy covers the personal data we control ourselves.
For the purposes of the Thailand Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and, where it applies, the EU General Data Protection Regulation (“GDPR”), Syncodian Technologies is the data controller for the personal data described here. If you have any questions about this policy or how we handle your data, contact us at info@syncodian.com.
02Information we collect
We only collect what we need to respond to you and run our business. The main sources are set out below.
Information you give us through the contact form
When you submit an enquiry on our website, we collect the details you choose to provide, which may include:
- Name — so we know who we’re speaking with.
- Work email address — to reply to your enquiry.
- Phone number, including country code — if you’d prefer we call or message you.
- Company or organisation name.
- Project type — e.g. ERP, booking, clinic, e-commerce, mobile or custom software.
- Budget and timeline — to gauge fit and scope.
- Current systems — the tools or platforms you use today.
- Your message — anything else you’d like to tell us.
Correspondence
If you email, call, message or otherwise contact us, we keep a record of that correspondence and any information it contains so we can follow up and maintain a history of our discussions.
Usage and analytics data
Like most websites, our servers automatically receive limited technical information when you visit — such as your IP address, browser type, device type, the pages you view and the date and time of your visit. We use minimal, privacy-respecting analytics to understand aggregate traffic and improve the site. We do not use this data to build detailed advertising profiles of you.
03How we use your information & lawful bases
We process personal data only where we have a lawful basis to do so under the PDPA and, for visitors in the European Economic Area (“EEA”), the GDPR. The table below maps each purpose to the basis we rely on.
| Purpose | Lawful basis |
|---|---|
| Respond to your enquiry and prepare a proposal or quote | Steps taken at your request prior to entering a contract; our legitimate interest in answering prospective clients; consent where you volunteer the details |
| Provide, deliver and support the services you engage us for | Performance of a contract with you |
| Send occasional updates, offers or newsletters | Your consent, which you may withdraw at any time |
| Maintain records, security, and the integrity of our systems | Our legitimate interest in running the business securely |
| Comply with tax, accounting and other legal obligations | Compliance with a legal obligation |
Where we rely on legitimate interests, we balance those interests against your rights and freedoms and will not use your data in ways you would not reasonably expect. Where we rely on consent, you are free to decline or to withdraw it later without affecting the lawfulness of processing carried out beforehand.
04Cookies
Our website uses only minimal, essential cookies — for example, to keep the site functioning and to remember basic preferences. We do not use intrusive advertising or cross-site tracking cookies. Any non-essential analytics are configured to respect your privacy, and you can control or clear cookies through your browser settings at any time. If we ever introduce cookies that require consent, we will ask for it through a clear banner before setting them.
05Sharing your information
We treat your data as confidential. We do not sell, rent or trade your personal data. We share it only in the limited circumstances below, and only to the extent necessary:
- Service providers — trusted vendors who help us operate, such as cloud hosting, email delivery, and analytics providers. They act on our instructions under contracts that require them to protect your data.
- Professional advisers — accountants, auditors, lawyers and insurers, where reasonably required.
- Legal and regulatory bodies — where we are required to disclose information by law, court order, or a valid request from a competent authority.
- Business transfers — if our business is reorganised, merged or acquired, personal data may be transferred as part of that transaction, subject to this policy.
We never sell your personal data, and we do not share it with third parties for their own independent marketing.
06International transfers
Because we work with clients in Thailand and abroad, your personal data may be processed or stored on servers located outside your country of residence, including outside Thailand and the EEA. Where we transfer personal data across borders, we put appropriate safeguards in place — such as transfers to countries recognised as providing an adequate level of protection, or the use of Standard Contractual Clauses (SCCs) and equivalent contractual protections. You may contact us at info@syncodian.com to ask about the safeguards that apply to a particular transfer.
07Data retention
We keep personal data only for as long as we need it for the purposes described in this policy, or as required to meet legal, accounting and reporting obligations. When data is no longer needed, we securely delete or anonymise it. Typical retention periods are:
| Data type | Retention period |
|---|---|
| Website enquiries that do not lead to an engagement | [12 months] from last contact |
| Correspondence and prospect records | [24 months] from last contact |
| Client and contract records | Duration of the engagement plus [7 years] |
| Accounting, tax and invoicing records | [10 years], per statutory requirements |
| Website usage and analytics data | [14 months] |
08Your rights
Under the PDPA, you have rights over your personal data. Subject to certain conditions and exceptions, you may:
- Access — request a copy of the personal data we hold about you.
- Rectify — ask us to correct data that is inaccurate or incomplete.
- Erase — ask us to delete your personal data where there is no overriding reason to keep it.
- Restrict — ask us to suspend the processing of your data in certain circumstances.
- Object — object to processing that relies on our legitimate interests, and to direct marketing.
- Withdraw consent — withdraw any consent you have given, at any time.
- Data portability — receive certain data in a structured, commonly used, machine-readable format.
- Complain — lodge a complaint with the Personal Data Protection Committee (PDPC) in Thailand.
If you are located in the EEA or the United Kingdom, you have equivalent rights under the GDPR, including the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, email us at info@syncodian.com. We will respond within the timeframe required by applicable law. We may need to verify your identity before acting on a request.
09Security
We take the security of your personal data seriously and apply organisational and technical measures appropriate to the risk, including:
- Encryption of data in transit (HTTPS/TLS) and encryption of sensitive data at rest.
- Role-based access controls, so only authorised staff can access personal data on a need-to-know basis.
- Secure, reputable cloud infrastructure with regular patching and monitoring.
- Least-privilege practices, strong authentication and audit logging for our internal systems.
- Regular reviews of our processes, and confidentiality obligations for our team and vendors.
No method of transmission or storage is completely secure, but we work continuously to protect your data and to respond promptly to any incident that may affect it.
10Children’s privacy
Our website and services are directed at businesses and professionals, not at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us at info@syncodian.com and we will take steps to delete it.
11Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we do, we will revise the “Last updated” date shown at the top of this page. For significant changes, we will take reasonable steps to notify you. We encourage you to review this page periodically.
12Contact us
If you have any questions, requests or concerns about this Privacy Policy or how we handle your personal data, please get in touch:
- Email: info@syncodian.com
- Company: Syncodian Technologies
- Location: Remote-first (registered in India)
We’re happy to help, and we aim to respond to every genuine privacy request promptly.