Privacy Policy

DashTech Co., Ltd.

Effective Date: November 1, 2025

DashTech Co., Ltd. (“DashTech”, “the Company”, “we”, “us”, or “our”) is committed to protecting the personal data of all individuals who interact with us, including users of the DashCRM application (“the App”), our websites, digital platforms, and all other current and future products, services, and solutions (collectively referred to as the “Products and Services”). This Global Privacy Policy (“Policy”) outlines how DashTech, as a data controller, collects, uses, discloses, and safeguards personal data in accordance with applicable data protection laws, including Thailand’s Personal Data Protection Act B.E. 2562 (PDPA), the European Union’s General Data Protection Regulation (GDPR), and other relevant regulations.

Scope of Application

This Policy also applies, where permitted by law, when DashTech processes personal data as a data processor or service provider on behalf of its customers. In such cases, DashTech and the customer must enter into a formal Data Processing Agreement (DPA) that explicitly defines the scope and instructions for processing. While DashTech may retain limited rights to use certain personal data for its own legitimate business purposes (such as maintaining and improving the performance and security of our Products and Services, conducting aggregated or anonymized analytics, fulfilling legal or contractual obligations, and supporting essential business operations), such use will be strictly limited to data that is not processed under the customer’s specific instructions, and will not be based on “Legitimate Interest” for Sensitive Personal Data.

When personal data is processed under a customer’s control (for example, your employer, if applicable), that customer remains the data controller responsible for managing user accounts and determining how data is used within their environment. DashTech will process such data in accordance with the customer’s instructions, except where we act under our own legitimate interests as described above. For questions regarding how a DashTech customer uses your personal data, or to exercise your rights regarding such data, please contact the relevant customer directly.

By using our Products and Services or otherwise engaging with DashTech, you acknowledge that you have read, understood, and agreed to the terms of this Policy. If you do not agree, please refrain from using our Products and Services.

1. Information We Collect

We collect personal data from and about individuals through various means, including information you provide directly, data collected automatically when you use our Products and Services, and data obtained from third-party or public sources. The specific categories and purposes of data collection are described below.

Information You Provide Directly

We collect personal data that you voluntarily submit when using our Products and Services, registering for an account, contacting us, or interacting through our digital platforms. This may include:

• Identification and Contact Data — such as your name, email address, phone number, postal address, and government-issued identification details;
• Account and Profile Data — such as login credentials, preferences, profile photos, job titles, and communication settings;
• Payment and Billing Data — including billing address, tax ID, and payment information collected through secure payment processors;
• Employment and Business Data — such as employee ID, department, company name, and role information, when using DashTech Services on behalf of your organization;
• Customer Relationship Data — including information entered into the App or platform relating to your customers, such as contact details, transaction records, and communication history;
• Biometric Data — including facial images or derived biometric templates used solely for identity verification and access control within the App, subject to your explicit consent.

You may also provide information when linking or integrating third-party accounts (e.g., Google or Microsoft) with our Services. The data we receive depends on your settings and the privacy policy of the third-party service.

Information Collected Automatically

When you access or use our Products and Services, DashTech automatically collects certain technical and usage information, including:

• Device and Connection Data — such as IP address, browser type, device identifiers, operating system, and crash logs;
• Usage Data — including access times, login activities, pages visited, interactions with features, uploaded files, and in-app behavior;
• Cookies and Tracking Technologies — used by DashTech and authorized partners to enhance functionality, analyze performance, and deliver personalized experiences. For details on managing cookies, please refer to our Cookies Policy.

Information from Other Sources

We may also receive information about you from:

• Other Users or Administrators who invite you to our Services or assign you as a contact or administrator;
• Affiliated Companies and Business Partners that assist with implementation, marketing, analytics, and support;
• Third-Party Providers and Public Databases, including professional or social media platforms, that supply business contact details, company information, or demographic data for legitimate business purposes.

Where permitted by law, DashTech may combine personal data collected from different sources and derive insights to maintain service security, improve functionality, personalize user experience, and support legitimate business operations in compliance with applicable data protection laws.

2. How We Use Information

We process personal data for legitimate business purposes, in compliance with applicable data protection laws and the consent or contractual basis under which such data was obtained. How we use the information we collect depends on the Products and Services you use, how you use them, and the preferences you have communicated to us. We may use personal data for the following purposes:

• To Provide and Personalize Services: deliver, operate, and maintain our Products and Services; authenticate users; facilitate transactions; provide customer support; and personalize user experience and interface content.
• To Develop and Improve Our Offerings: analyze aggregated usage data, feedback, and system performance metrics to enhance our Services, develop new features and technologies, ensure reliability, and maintain compatibility and security.
• To Communicate and Provide Support: send service-related and administrative messages such as purchase confirmations, renewal reminders, technical notifications, or responses to inquiries.
• For Marketing and Promotional Activities: subject to consent or applicable legal allowances, use information for marketing, promotional communications, and business development purposes.
• To Ensure Security and Compliance: verify accounts, detect and prevent fraud, monitor system integrity, respond to security incidents, and enforce compliance with applicable laws, regulations, and contractual terms.
• To Fulfill Legal and Regulatory Obligations: process or disclose information as necessary to comply with legal requirements, respond to lawful requests, cooperate with authorities, enforce agreements, or defend legal claims.
• To Aggregate or De-Identify Data: aggregate or anonymize personal data for statistical, analytical, research, or commercial purposes.
• With Your Consent: use personal data for additional purposes where specific consent is obtained.

3. How We Share or Disclose Information

We may share or disclose personal data only as necessary for the purposes described in this Policy, in accordance with applicable data protection laws, contractual obligations, and security safeguards. We do not sell personal data.

• To Affiliates and Subsidiaries: for internal administrative purposes, centralized service delivery, or consistent business operations.
• To Service Providers and Business Partners: trusted third parties providing hosting, analytics, payment processing, IT support, customer service, marketing, and related business functions.
• To Customers and Authorized Users: data and activity within a customer environment may be accessible to that customer’s administrators or authorized personnel.
• For Legal, Regulatory, and Compliance Purposes: disclose when required by law or to protect our legal rights, enforce agreements, prevent fraud, or respond to lawful requests.
• In Business Transfers: in a merger, acquisition, restructuring, or sale of assets, subject to confidentiality and continued data protection obligations.
• To Protect Rights, Property, and Safety: when necessary to protect DashTech, our users, or the public.
• With Your Consent: for additional purposes you expressly authorize.
• Aggregated or De-Identified Data: share data that cannot reasonably identify an individual for statistical analysis, research, or business intelligence.

4. Data Retention and Storage

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with applicable legal, regulatory, or contractual obligations, to resolve disputes, and to enforce our agreements. The specific retention period depends on the data type, purpose, and legal requirements.

• Account and Transaction Data: retained for the duration of the user’s account and for a reasonable period thereafter to comply with financial, audit, and legal obligations.
• Customer Support and Communication Records: retained as long as necessary to manage inquiries, maintain customer relationships, and preserve operational integrity.
• Marketing and Communication Data: retained until you withdraw your consent or opt out.
• Technical, Security, and Log Data: retained for a limited period to ensure integrity, availability, and security of our systems, and to comply with cybersecurity regulations.
• Biometric Data: retained only as necessary for identity verification and access control, or until consent is withdrawn or your account terminates, and in any case for a maximum of one (1) year unless a longer period is required by law.
• General, Corporate, or Customer Data: may be deleted upon a valid request; DashTech will process requests within thirty (30) days and delete data within one (1) year after termination of service unless law requires longer retention.

Where specific retention periods are not defined by law, DashTech applies reasonable criteria based on legitimate business needs, industry standards, and the principles of data minimization and proportionality.

When personal data is no longer required for its original purpose or after the applicable retention period expires, DashTech will securely delete, anonymize, or de-identify such data. De-identified data may be used for statistical, analytical, or research purposes without identifying any individual.

Personal data may be stored on secure servers operated by DashTech or authorized third-party service providers, which may be located in jurisdictions outside your country of residence. Where data transfers occur across borders, DashTech ensures appropriate safeguards—such as standard contractual clauses or equivalent legal mechanisms—are implemented to protect the data in compliance with applicable privacy laws.

5. Security Measures

DashTech implements administrative, technical, and physical safeguards to protect personal data against unauthorized access, disclosure, alteration, or destruction. These include encryption, role-based access controls, periodic security audits, and compliance with recognized information security standards and certifications.

6. Access, Control, and Data Subject Rights

In accordance with applicable data protection laws, including the PDPA, GDPR, and equivalent global regulations, you have the following rights and choices regarding your personal data:

• Right of Access: confirm processing and obtain a copy of your data, including how it was obtained if not by consent.
• Right to Rectification: request correction or completion of inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): request deletion under certain circumstances.
• Right to Restrict Processing: request temporary suspension or limitation of processing in specific cases.
• Right to Object: object to processing, particularly where based on legitimate interests or for direct marketing.
• Right to Data Portability: request to receive data in a machine-readable format and transmit it to another controller where feasible.
• Right to Withdraw Consent: withdraw consent at any time where processing is based on consent; prior processing remains lawful.
• Right to Lodge a Complaint: file a complaint with the relevant data protection authority.

To exercise any of these rights, please contact us using the details provided in Section 11 (“Contact Us”). Requests will be handled in accordance with applicable laws. Certain requests may be limited where legal, regulatory, or contractual obligations require data retention.

You may also access, review, and update your personal data directly through your account settings, request deletion, withdraw from communications, manage advertising preferences, and request data portability where technically feasible. Requests will be verified to ensure authenticity and protect your privacy.

7. Data Security

DashTech employs comprehensive technical and organizational measures to safeguard personal data against unauthorized access, loss, misuse, alteration, or destruction. These include encryption, role-based access control, secure cloud infrastructure, biometric data protection through pseudonymization, and routine security assessments.

8. Children’s Data

Our Products and Services are not directed at individuals under the age of twenty (20). We do not knowingly collect personal data from individuals under this age without verifiable parental or guardian consent. If you believe such data has been unintentionally collected, please contact us immediately so we can remove it. Parents or guardians may contact the Data Protection Officer to exercise any rights on behalf of their children.

9. Changes to This Policy

We may update and revise this Policy from time to time to reflect changes in our data processing practices, legal requirements, or technological advancements. The most current version will always be available on our official website and/or within the App, with the “Effective Date” noted at the top. We will endeavor to notify affected users of significant changes as required by law. Your continued use of our Products and Services after any modification constitutes acknowledgment and acceptance of the updated terms.

10. Related Policies and Terms

The latest version of this Privacy Policy is always available at https://dashtech.co.th/privacy-policy. Please review it alongside our Terms of Use/End User Licence Agreement at https://dashtech.co.th/terms-of-service. If you rely on Apple’s standard terms for iOS distribution, the applicable End User Licence Agreement is available at https://www.apple.com/legal/internet-services/itunes/dev/stdeula/.

11. Contact Us

If you have any questions, concerns, or requests regarding this Policy or our handling of your personal data, please contact the Data Protection Officer or the relevant department at:

DashTech Co., Ltd.
Email: info@dashtech.co.th
Address: 110/116 Moo 1, Bang Khu Wat Sub-district, Mueang Pathum Thani District, Pathum Thani Province 12000, Thailand