Policy

Privacy policy

How we handle personal data when you request quotes, pay for licenses, and use our site. Last updated: 18 May 2026.

Who we are

M365 Deals ("we", "us") is an authorized Microsoft Solutions Partner that sells and provisions Microsoft 365 subscriptions to customers in Thailand, Singapore, and other regions. For data protection questions, contact privacy@m365deals.com.

Personal data we collect

  • Identity and contact: name, job title, company, email, phone, billing address, tax ID (where you provide it for invoicing).
  • Order and licensing: plan, seat count, tenant domain, admin contact, payment references, bank transfer slips or PayNow/PromptPay confirmation.
  • Support and migration: mailbox counts, source platform, and technical notes you choose to share.
  • Website usage: IP address, browser type, pages viewed, and referral source (see Cookies below).

Why we use your data

We process personal data to provide quotes, fulfill and renew licenses through Microsoft's CSP program, issue tax invoices, respond to support requests, prevent fraud, and improve our website. Depending on your location, this is based on your consent, performance of a contract, compliance with law (including tax and accounting obligations), and other lawful grounds recognised under the Thailand PDPA and the Singapore PDPA (such as legitimate interests where permitted).

Thailand PDPA

If you are in Thailand, the Personal Data Protection Act B.E. 2562 (PDPA) applies. We collect and use personal data only for lawful purposes, keep it accurate, and implement appropriate security measures. Where consent is required, we will ask clearly and you may withdraw consent for marketing at any time without affecting orders already placed.

Singapore PDPA

If you are in Singapore, the Personal Data Protection Act 2012 (PDPA) applies. We adhere to the PDPC's consent, purpose limitation, notification, access and correction, accuracy, protection, retention limitation, transfer limitation, and accountability obligations. Our Data Protection contact is reachable at privacy@m365deals.com.

How we share personal data

We do not sell your personal information. We share data only as needed to run our business:

  • Microsoft Corporation and its affiliates — to provision and manage subscriptions via Partner Center. Microsoft also processes tenant and user data as a separate controller under its own privacy statement (microsoft.com/privacy).
  • Payment and banking partners — to verify bank transfers, PromptPay, PayNow, and issue refunds.
  • Infrastructure providers — hosting, email delivery, and analytics (see Cookies).
  • Professional advisers — accountants or lawyers when required for compliance or disputes.
  • Authorities — when required by law, court order, or to protect our legal rights.

International transfers

Microsoft and some service providers may process data outside Thailand or Singapore (including the United States and the European Union). Where required, we rely on appropriate safeguards such as contractual clauses or your consent to the transfer as part of placing an order.

Data retention

We keep personal data only as long as necessary for the purposes above.

  • Sales, invoicing, and tax records: at least five (5) years — aligned with Thailand's Accounting Act and Revenue Department practice, and Singapore IRAS record-keeping (typically five years from the relevant Year of Assessment), unless a longer period is required by law or audit.
  • Active customer and license records: for the subscription term plus up to twenty-four (24) months after your last order or support ticket, unless a longer period is required for disputes or law.
  • Marketing contacts: until you unsubscribe or ask us to delete your details.
  • Server logs and analytics: typically up to thirteen (13) months, then aggregated or deleted.

Your rights

To exercise these rights, email privacy@m365deals.com with enough detail for us to verify your identity. Under the Thailand PDPA and Singapore PDPA, we aim to respond to access and correction requests within thirty (30) days, or explain any permitted extension.

  • Access a copy of personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion when we no longer have a lawful reason to keep it (subject to tax and licensing records we must retain).
  • Object to or restrict certain processing, and withdraw marketing consent.
  • Lodge a complaint with the Office of the Personal Data Protection Committee (Thailand) or the Personal Data Protection Commission (Singapore).

Cookies and similar technologies

Our website uses cookies and similar tools to keep the site secure, remember your region preference, and understand traffic.

  • Strictly necessary cookies — session, security, and region routing needed to operate the site.
  • Analytics — Google Tag Manager / Google Analytics (or similar) may set cookies to measure traffic. Under Thailand's PDPA, non-essential cookies generally require consent before use; you can block or delete cookies in your browser and use Google's opt-out tools. We do not use advertising or cross-site profiling cookies.

Security

We use access controls, encrypted connections (HTTPS), and least-privilege access for staff handling orders. No method of transmission over the Internet is fully secure; please send payment proofs only through channels we provide.

Children

Our services are directed at businesses and adults purchasing on behalf of an organization. We do not knowingly collect personal data from children without appropriate parental or guardian consent. Under Thailand's PDPA, a child is a person under twenty (20) years of age.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will change when we do. Material changes will be posted on this page.

Need help?

If you have questions about privacy, contact us.

Contact Us Terms