Service Levels, Data Protection & What Customers Can Expect
This page provides a plain‑language summary of our Service Level Agreements (SLAs) and Data Processing Agreement (DPA).
It is intended to help customers, procurement teams, and legal reviewers understand how services are delivered, how incidents are handled, and how personal data is protected.
This page is a summary only and does not replace the legally binding terms set out in the Master Services Agreement (MSA) and associated schedules.
Service Level Agreements (SLA)
Our SLAs define response expectations, escalation paths, and accountability, not unrealistic guarantees.
Service levels are structured by service tier and prioritised based on business impact.
SLA Coverage by Tier
| Area | Bronze | Gold | Platinum |
|---|---|---|---|
|
Support hours |
Business hours |
Extended hours |
24×7 |
|
Monitoring |
Business hours |
SOC-lite |
Full SOC |
|
Incident response focus |
Best-effort |
Priority response |
Critical response |
|
Critical incident SLA |
– |
◐ |
< 1 hour |
|
Major incident handling |
– |
◐ |
✔ |
|
Service reviews |
– |
◐ |
✔ |
Legend: ✔ Included | ◐ Limited | — Not included
Incident Prioritisation
Incidents are categorised by business impact, not just technical severity:
Critical – Production, customer delivery, regulatory, or supply-chain impact
High – Significant service degradation or security risk
Medium – Non-critical operational issue
Low – Requests, changes, or advisory items
Response targets vary by tier and are defined in the applicable service schedule.
What SLAs Do (and Do Not) Guarantee
SLAs Do
Define response, escalation, and communication expectations
Ensure structured incident handling and accountability
Support audit, governance, and procurement requirements
SLAs Do Not
Guarantee uninterrupted service
Guarantee zero data loss
Replace business continuity or disaster recovery planning
SLAs form one part of a broader risk-management approach.
Data Processing Agreement (DPA) Overview
Our DPA governs how personal data is processed when we deliver services.
It aligns with:
Thailand Personal Data Protection Act (PDPA)
ISO/IEC 27001:2022 information security principles
International best practice for data processors
Roles & Responsibilities
Under the DPA:
The Customer acts as the Data Controller
We act as the Data Processor when handling personal data on the customer’s behalf
Personal data is processed only as required to deliver services and meet legal obligations.
Security & Safeguards
We apply appropriate technical and organisational measures to protect personal data, including:
Access controls
Logging and monitoring
Encryption where applicable
Incident and breach response procedures
Controls are applied proportionally based on service tier and service scope.
Breach Detection & Notification
If a personal data breach is suspected or confirmed:
Immediate steps are taken to contain and investigate
Affected customers are notified without undue delay
We support customers in meeting PDPA notification obligations, where applicable
Breach handling follows defined response processes aligned to service tiers.
Sub-Processors & Third Parties
We may use carefully selected sub-processors (e.g. infrastructure or security platforms) to deliver services.
All sub-processors are subject to contractual security and confidentiality obligations consistent with PDPA requirements.
Data Retention & Deletion
Personal data is retained only as long as necessary to:
Deliver services
Meet legal, regulatory, or audit requirements
Support incident investigation
Upon service termination, data is securely deleted or returned, where applicable and technically feasible.
Shared Responsibility Model
Service delivery and data protection operate under a shared responsibility model:
We are responsible for controls within the scope of the subscribed services
Customers remain responsible for governance, lawful processing, and business-level controls
Access to Full Legal Documents
The following documents are available upon request or provided during contracting:
Master Services Agreement (MSA)
SLA schedules
Data Processing Agreement (DPA)
Sub-processor list
Why This Matters to Customers
Clear SLAs and data protection terms:
Reduce operational and legal risk
Simplify procurement and legal review
Support audits and due-diligence activities
Set realistic expectations from day one
Talk to Us About SLAs & Data Protection
If you require detailed SLA metrics, full DPA documentation, or procurement-ready legal terms, our team can provide the appropriate schedules and agreements.
Contact us to request full SLA and DPA documentation.
