somdet.net (the “Site”, “we”) presents information about AICE's digital services. This policy explains how we collect, use, and protect visitors' personal data under Thailand's Personal Data Protection Act B.E. 2562 (“PDPA”).
Our principle: collect only what is truly needed · no advertising tracking · no Google Analytics or ad pixels · we never sell or trade your data for marketing.
2. What data we collect
We collect only three categories:
Information you send us — clicking a contact button opens a Gmail compose window with a draft; you type and send it yourself. We receive only what you choose to send, e.g. name, email, phone/LINE (if provided), and your project details.
Technical / log data — our infrastructure provider (Cloudflare) automatically logs data such as IP address, browser type, timestamps, and security signals to keep the Site running and protected from attacks.
Data stored in your browser — we use localStorage only for functional preferences, e.g. your chosen language (aice_lang) and whether you have seen an intro animation. These are not tracking cookies. See the Cookie & Storage Policy.
What we do NOT collect: no accounts, no server-side forms, no payment-card data, no behavioural advertising profiles.
3. Purposes & lawful bases
We process data on the lawful bases in section 24 of the PDPA:
Purpose
Lawful basis
Respond to and act on your enquiry / engagement
Contract / pre-contract steps (s.24(3))
Keep the Site working, secure, and protected from attacks
Legitimate interest (s.24(5))
Comply with applicable law (e.g. tax/accounting once engaged)
Legal obligation
4. Disclosure & data processors
We do not sell your data. We disclose only what is necessary to service providers that help us operate:
Cloudflare, Inc. — hosting/CDN and security (processes access-log data).
Google (Gmail) — when you choose to email us via the compose window, your message travels through your own email service, subject to Google's policy.
We may also disclose data where required by law or to protect legal rights.
5. International data transfers
Some providers (e.g. Cloudflare, Google) operate servers outside Thailand, so transfers may occur across borders under sections 28–29 of the PDPA. These providers maintain internationally recognised data-protection standards.
6. Data retention
We keep contact emails and engagement records only as long as needed to do the work and as required by law (e.g. accounting/tax), then delete or anonymise them. Cloudflare access logs are retained short-term per the provider's defaults. Browser-stored values remain until you clear them.
7. Your rights under the PDPA
You have the right to access, obtain a copy, rectify, erase, object, restrict, port your data, and withdraw consent. See Your Data Rights (PDPA) for the mechanism and the exact sections — exercise them free of charge by emailing us.
8. Data security
The Site is served entirely over HTTPS. We follow data-minimisation to reduce risk and limit access to contact data to the site owner only. No system is 100% secure, so we recommend sending only what is necessary.
9. Minors
The Site and services are intended for businesses and adults. We do not intentionally collect minors' data. If a minor's data has been submitted without proper consent, please contact us to have it deleted.
10. Changes to this policy
We may update this policy from time to time; the “last updated” date is shown at the top. Changes take effect when posted here.
11. Contact & complaints
For personal-data matters, contact somdet@somdet.net. If you believe processing is unlawful, you may lodge a complaint with the Office of the Personal Data Protection Committee (PDPC), Thailand.