Movaci HR

Privacy Policy

Movaci HR · Last updated July 2026

Movaci HR ("the Service") is the internal human-resources system operated by Movaci Technology Co., Ltd. and its affiliates ("Movaci", "we") for Movaci staff, contractors, and job applicants. This policy explains what personal data the Service processes, why, and the rights available to you. Movaci is the data controller for all data in the Service.

1. Data we process

2. Why we process it

To administer employment (contract performance and legal obligations under Thai labor and tax law and the laws of other offices), to run recruitment, to operate leave, time, payroll inputs, training, and performance processes, to protect the Service and its data (legitimate interest), and to measure workplace sentiment anonymously.

3. Where the data lives and who sees it

The Service and its database run on infrastructure Movaci controls. During the transition period, employment data is synchronized with BambooHR LLC, our current HR platform of record, whose own privacy policy governs its processing; after cutover this synchronization ends. Access inside Movaci follows least privilege through defined roles (Admin, HR, Executive, Employee, Viewer); every privileged action, sign-in, and export is written to an audit trail. We do not sell personal data, and we do not share it outside Movaci except with processors necessary to run the Service (hosting, email delivery, BambooHR during transition) or where the law requires.

4. Retention

Employment records are retained for the duration of employment plus the periods required by applicable labor, tax, and social-security law, then deleted or anonymized. Applicant data is retained up to one year after a position closes unless you ask us to delete it sooner. Audit logs are retained for the period needed for security and compliance review.

5. Your rights

Subject to Thailand's Personal Data Protection Act (PDPA) and, where applicable, the GDPR and other local law, you may request access to your data, correction of inaccurate data, deletion where the law permits, and an account of who has accessed sensitive categories. Staff can view and correct core contact details directly in the Service. Requests go to privacy@movaci.com and are answered within 30 days.

6. Security

Credentials are stored outside the web root; passwords are hashed with modern algorithms; sessions are hardened; single sign-on via Microsoft Entra ID is supported; anonymous surveys are unlinkable by database design; access to compensation is audited; and the public careers surface is rate-limited and accepts no file uploads. Report security concerns to security@movaci.com.

7. Changes and contact

We will post updates to this policy here with a revised date. Data protection contact: Movaci Technology Co., Ltd., Chiang Mai, Thailand · privacy@movaci.com.

This policy covers Movaci HR only. Movaci's client-facing services are covered by the Movaci privacy policy at movaci.com.