Data Privacy and Information
Security Governance
Cyber and Information Security
Information technology is demonstrating a trend of rapid development and growth, playing an increasingly crucial role in the business operations of organizations. Consequently, the issue of cybersecurity threats has emerged as a significant risk and a considerable challenge for organizations in preparing to address them. The company acknowledges the risks associated with the security of its data and information systems, including obstacles arising from external IT system attacks and the leakage of personal and corporate data from within. These risks can adversely affect the company's operations and the personal data security of its employees, customers, and partners. The company's information technology department is responsible for overseeing and managing the organization's IT security, establishing policies and guidelines for maintaining information security, and developing systems to fortify the information system's defenses. Furthermore, the company conducts training sessions for employees and executives on information and cybersecurity to enhance their knowledge and awareness of cyber threats.
Data Privacy
Ditto acknowledges and respects the privacy of personal data, in any form, belonging to individuals or legal entities. We implement careful data handling processes, with policies and measures aligned with the Personal Data Protection Act (PDPA), alongside information security. Our Data Protection Officer (DPO) and expert consultants oversee data use, disclosure, and storage, and we provide continuous privacy risk assessments and training.
-
Information Security Policies and Procedures
Effective from February 26, 2024 onwards. -
Data Privacy Policy and Practices
Effective from December 10, 2024 onwards. -
Privacy Policy for Business Partners/External Parties, Employees, Clients, and Candidates
Effective from December 10, 2024 onwards. -
Personal Data Retention and Disposal Policy
-
Customer Personal Data Security Policies and Procedures
Effective from December 10, 2024 onwards. -
Personal Data Protection Procedures
