Thai labor law compliance guide for Time & Attendance
This is a summary guide based on the Thai Labour Protection Act B.E. 2541. For specific legal advice, consult a qualified Thai labor attorney.
This policy complies with the Thailand Personal Data Protection Act (PDPA) B.E. 2562 (2019), effective June 1, 2022.
Our service receives ONLY attendance timestamps (clock-in/clock-out times) and employee identifiers from your terminals. We do NOT receive, store, or process any biometric data (fingerprints, facial images, iris scans). All biometric processing occurs exclusively on YOUR equipment — terminals only send us time registration events.
Attendance time data is processed under Contractual Obligation (Section 24(3) PDPA) — it is necessary for the performance of the SaaS service agreement with your company. No separate consent is required for this operational data.
All data transmitted between terminals and our service is encrypted via HTTPS/TLS. Data at rest is encrypted in our cloud database. Access is strictly limited to authorized company administrators only.
Attendance records are retained for the duration of the service agreement plus the legally required retention period (minimum 2 years per Thai Labor Protection Act). Upon contract termination, data can be exported and then deleted upon request.
In the event of a data breach affecting attendance records, WLTT will notify the affected client within 72 hours and the PDPC if required. Breach response procedures follow PDPC guidelines.
© 2024-2026 WLTT Co.,Ltd. All rights reserved.