Cookie Policy

PUBLISHED Version v2026-05-27-r1 Effective 27 May 2026

Pontivus Co., Ltd., 182/8 Ramkhamhaeng 110 Saphansung Saphansung Bangkok 10240

Questions regarding this Cookie Policy or your PDPA rights may be directed to the Data Protection Officer at the address above or by email.

dpo@pontivus.com

The SaaS application at app.pontivus.com is governed by the separate Privacy Notice and in-app session-cookie disclosure.

Thailand Personal Data Protection Act B.E. 2562 (2019) (PDPA)

PDPA s.23 — data controller identification obligation

What This Policy Covers

This Cookie Policy describes the cookies and similar storage technologies (local storage, session storage, pixel tags) that may be set or read when you visit legal.pontivus.com ('the Site'), including technologies set by third-party services the Site uses. This policy does not cover the SaaS application at app.pontivus.com.

Cookies Set Directly by Pontivus

Pontivus does not set its own cookies on the Site. The Site is a static landing page. It does not maintain a session, does not store any preference in a cookie, and does not write to local storage or session storage from any Pontivus-controlled script.

If Pontivus introduces its own cookies (for example, a language-preference cookie), this policy will be updated with a new version number and, where PDPA s.19 requires consent, a consent prompt will be presented before any cookie is set.

Cookies Set by Third Parties

The Site uses the following third-party services. Each may set cookies or similar storage technologies under their own privacy policies.

Cloudflare

Edge network / CDN / bot management

Serves and protects the Site. Sets cookies to distinguish legitimate visitors from automated bots and to mitigate denial-of-service attacks.

__cf_bm, cf_clearance, __cflb

Strictly necessary

processing necessary for performance of a contract or to take steps at the request of the data subject; and s.24(6) — legitimate interest in securing the Site against attacks

Blocking these cookies may impair security features. The Site remains readable without them.

https://www.cloudflare.com/privacypolicy/

Cloudflare Turnstile

Bot challenge widget on the demo-request form

Verifies that demo-form submissions originate from a human. JavaScript loads from challenges.cloudflare.com only on pages containing the demo form.

Challenge-evaluation cookies on the challenges.cloudflare.com domain

Up to 1 day

Strictly necessary for form functionality

necessary to take steps at the request of the data subject (i.e., submitting the demo form); the personal data collected via the form itself is subject to the separate consent checkbox on the form pursuant to PDPA s.19

Blocking Turnstile will prevent the demo form from submitting.

https://www.cloudflare.com/privacypolicy/

Google Fonts

Webfont delivery (fonts.googleapis.com)

Serves Inter and Source Serif 4 webfonts for visual presentation of the Site.

IP address, User-Agent header, Referer header

No cookies are set. Metadata is transferred to Google servers at request time only.

Legitimate interest

legitimate interest in consistent visual presentation of the Site; Pontivus has assessed that this interest is not overridden by data subjects' interests given the limited data transferred (IP address and headers only)

Google LLC, United States

cross-border personal data transfer

Google Fonts API is subject to Google's Standard Contractual Clauses and applicable data protection agreements. See https://policies.google.com/privacy.

Pontivus is evaluating self-hosted fonts to eliminate this cross-border transfer.

https://policies.google.com/privacy

If any of the above are introduced, this policy will be updated and, where PDPA s.19 requires consent, a consent prompt will be displayed before cookies are set.

Your Rights Under PDPA

As a data subject under the PDPA, you have the following rights in respect of personal data processed in connection with this Site:

Personal Data Protection Committee, Ministry of Digital Economy and Society, Thailand

Submit a written request to dpo@pontivus.com. Pontivus will respond within 30 days as required by PDPA s.39.

How to Control Cookies

Every major browser allows you to block, delete, or manage cookies.

Blocking strictly necessary cookies (Cloudflare bot-management and Turnstile) may impair security features and prevent the demo form from working. The Site remains readable without these cookies.

Blocking requests to fonts.googleapis.com (e.g., via a content blocker or browser extension) prevents the IP-address transfer to Google. The Site will fall back to system fonts; no other functionality is affected.

Changes to This Policy

Pontivus will update this policy when the cookies or storage technologies used by the Site change materially. Updated versions are published at the canonical URL in the page metadata. The revised effective date will be shown at the top of the page.

For material changes, Pontivus will endeavour to provide at least 30 days' advance notice where practicable, consistent with PDPC transparency guidance.

Prior versions are archived and available on request from dpo@pontivus.com.

Contact

Questions about this Cookie Policy or your PDPA rights may be directed to the Data Protection Officer at dpo@pontivus.com.

Pontivus will respond to rights requests within 30 days as required by PDPA s.39.