Personal Data Protection Policy

Thaire Services Co., Ltd. encourages you to become understanding of this Personal Data Protection Policy (privacy policy) as this policy describes how the Company treat your personal data such as collection, storage, use, disclosure, including your related rights, etc., so that you shall aware of the Company’s Personal Data Protection Policy. The Company hereby announces the policy as follows:
 

1.Scope of the Policy

    This Personal Data Protection Policy (“Policy”) is intended to describe how the Company collect, use and disclose your Personal Data, including the rights you have in connection with Personal Data. The Company has a duty to secure and protect data which the Company provides services thereon and/or which the Company received from you.

2.Definitions

    2.1 “Personal Data” means any data that enables an individual to be identified either direct or indirect, including data of the data controller or data subject that has been provided to the Company in order for the Company to perform its duty in accordance to the conditions specified in the service agreement. The Personal Data can be categorized into 2 categories as follows:

      2.1.1 General Personal Data means first name and last name, gender, date of birth, age, residential address, telephone number, fax number, username, email address or any data with the person’s name or having a number, code, or other information that make such person be identified, such as fingerprints, a voice record of a person or photograph, and includes information about the deceased person as well.

      2.1.2 Sensitive Personal Data means data about race, ethnicity, political opinions, ethical, religion or philosophy believe, sexual behavior, criminal record, health information, labor union data, genetic information, biometrics, or any other information which similarly affects the Data Subject.

    2.2 “Data Controller” means a juristic person who is a service recipient of the Company, and company that collect Personal Data directly from the data subject which has the authority to make decisions about the collection, use or disclosure of Personal Data.

    2.3 “Data Processor” means a company which engage in collection, use or disclosure of personal data by order or on behalf of the Data Controller in order to allow Company to perform its duties according to the conditions specified in the service agreement, while the Company is not being a Data Controller.

    2.4 “Company” means Thaire Services Company Limited and including its authorized person.

3.Respect for individual rights

    The Company respects and value to the rights, Personal Data and protection of your Personal Data. The Company is well aware that you wish to have a security in the storage of Personal Data.

4.Limited Collection of Personal Data

    4.1 The Company shall use lawful and fair method to collect and store your Personal Data; where the collection will be made only as necessary for the performance under Company’s purposes and as provided by law.

    4.2 The Company, as the Data Controller will ask for your consent before collecting Personal Data, except

      1) To achieve objectives related to the preparation of historical documents or archives for the public interest or in connection with studies, research or statistics purpose where appropriated security measure for protection of your rights and freedom has been prepared.

      2) It is necessary in order to prevent or suppress harm to life, body or health of a person.

      3) It is necessary in order to perform contractual obligations of which you are a party or perform according to your request prior to the contract execution.

      4) It is necessary for the lawful benefit of the Company or of other person or entity, unless such benefit is less important than your fundamental rights in Personal Data.

      5) It is for your benefit while consent cannot be requested at the moment.

      6) It is for the benefit of the investigation of the inquiry official or the court procedure.

      7) It is to comply with laws such as the Personal Data Protection Act, Electronic Transactions Act, Telecommunications Business Act, Anti-Money Laundering Act, Civil and Criminal Code, Code of Civil and Criminal Procedure, etc.

    4.3 We may combine your Personal Data with your Personal Data obtained from other sources, if it is necessary and only with your consent, for the purpose of updating your Personal Data and improvement of the quality and efficiency of services.

    4.4 The Company may inquire and collect additional data from you in order to keep your data accurate, up to date and complete at all time.

5.Purposes for collecting Personal Data

    Your Personal Data collected by the Company as a Data Processor will be used for the purposes of providing the services according to the order or on behalf of the Data Controller. For the Personal Data collected directly from you, the Company will notify you of the purposes of collecting, use or disclosing your information to relevant persons or entities, duration of storage, your legal rights to Personal Data and the agency which you may enquire about your Personal Data; and the Company apply strict security measures as well as prevention against unauthorized use of your Personal Data without your prior consent.
    The Company shall collect and use your Personal Data for the benefit of providing services to you, including the services you are interested in or other services, providing digital services or market research and for conduct any promotional activities, or for analysis, building database and to use the data to offer services, benefits or any product according to your interest.
    The Company will keep such data for only for as long as it is necessary for the aforementioned purposes, and will not act in contrary to those stated in the purposes of data collection, except

      1) It has informed you of new purposes and received your consent.

      2) It is required by laws.

6.Limited use of Personal Data

    6.1 The Company, as the Data Controller, may use or disclose your Personal Data only with your consent, and it must be used only for the purposes of the Company. The Company shall ensure that the Company’s personnel shall not disclose, display or make your Data appear to third party in any other manner other than the Company’s purposes, except;

      1) To achieve objectives related to the preparation of historical documents or archives for the public interest. Or in connection with studies, research or statistics, which provides appropriate safeguards to protect your rights and freedoms.

      2) It is necessary to prevent or suppress harm to life, body or health of a person.

      3) It is necessary to perform the contract with which you are a party. Or to be used in the processing of your request before entering into a contract

      4) It is necessary for the legitimate interests of the Company or of other persons or entities. Unless such benefits are less important than your fundamental rights in Personal Data.

      5) It is for your benefit and obtaining consent cannot be done at that time

      6) It is for the benefit of the investigation of the inquiry official. Or the judgment of the court

      7) It is to comply with laws such as the Personal Data Protection Act, Electronic Transactions Act, Telecommunications Business Act, Anti-Money Laundering Act, Civil and Criminal Code, Code of Civil and Criminal Procedure, etc.

    6.2 The Company may use the information services of third party service providers to maintain Personal Data. Which the service provider must have security measures by prohibiting to collect Use or disclose Personal Data other than those specified by the Company.

    6.3 In some cases, the Company may allow other individuals or entities to access or use your Personal Data as necessary. And for the purposes of the Company, the Company, as the controller of Personal Data, requires your prior consent.

7.Measures and methods on the security of Personal Data

    The company will take appropriate measures to maintain the security of Personal Data. And develop the information security management system in accordance with the legal standards including creating a sense of responsibility for the security of Personal Data for employees Company staff and contractors or external service providers of the Company strictly abide by
    If you suspect that your Personal Data may have been disclosed to third parties or lost or stolen and an unauthorized transaction has been made. Please notify the Company immediately.

8.Involvement of Personal Data Subjects

    8.1 If you wish to know Personal Data about yourself can submit the request and the purpose of the use at the office of the Company. When the Company received the request The Company will complete the process within 30 days or within a reasonable time.

    8.2 You have the right under the conditions stipulated by the law as follows.

      8.2.1 Right of access or request a copy of Personal Data about yourself or request to disclose the acquisition of Personal Data about you in the event that you have not given your consent to collection or storage.

      8.2.2 The right to request the company to correct or change its Personal Data to be correct, complete and up to date.

      8.2.3 The right to obtain Personal Data about ourselves from the Company in a format that can be read or used with automated tools or devices. Including requesting the company to send or transfer Personal Data to another data controller

      8.2.4 Right to object to collection, use or disclosure or not to allow the company to process your personal data Unless the company can prove that the company is legally collecting, using or disclosing the Personal Data of the users. Or to comply with or exercise legal claims or to raise up to fight legal claims or to perform duties under a contract between you and the Data Controller. Or by virtue of other lawful rights

      8.2.5 Right to request deletion or make Personal Data a non-personally identifiable information that owns the Personal Data Unless the company has to comply with the applicable laws in keeping such information.

      8.2.6 Right to request for suspension of use or disclose Personal Data about them

      8.2.7 Right to withdraw consent to the collection of Personal Data, such withdrawal will not have any effect. With data processing that has been done

      8.2.8 Right to complain In the event that the Company, including its employees or contractors, violates or fails to comply with the Personal Data Protection Act B.E.

    However, the service users can submit a request for the above right at the Company’s office or email DataProtectionOfficer@thaireservices.com When the company receives the request, the company will consider and notify the result of the consideration within 30 days or within a reasonable time, however, such rights may be subject to restrictions according to the law. And the company will record the said request as evidence as well

9.Time for retention of Personal Data and withdrawal of consent

    9.1 The company will keep your Personal Data for as long as necessary for the purposes of the company. Or is it necessary to establish legal claims? Compliance with or exercising legal claims Or lifting up to fight legal claims or for law practice Or according to instructions given by the data controller only Unless the order is contrary to the law or the provisions on the protection of personal data under this Act

    9.2 The company will have an inspection system to delete or destroy Personal Data after the expiration of the retention period specified by the company. Or according to the terms of the service contract Or orders received from the Data Controller Including information that is irrelevant or excessively necessary for the purpose of collecting Personal Data with the consent Or proceed as you request Or where you have withdrawn your consent Unless retained for the purpose required by law

10.Amendments, Changes and Disclosure of Personal Data Protection Policy

    The company will review and update the Personal Data protection policy to be in line with the change of service. Operations under the Company’s objectives and to be up to date and to be a consistently acceptable standard The Company will disclose the privacy policy to you through the company’s website. Or other channels as appropriate

11.Personal Data Protection Officer

    The Company has implemented the Personal Data Protection Act 2019 by appointing a Data Protection Officer (DPO) to investigate the Company’s actions regarding data collection, use and disclosure. Personal data in accordance with the Personal Data Protection Act 2019, including laws related to the protection of Personal Data. An instruction for relevant persons to perform the specified action In order to complete the implementation of the Personal Data Protection Policy

12.Contacting the Company

    If you have additional questions about the privacy policy You can contact the Personal Data Protection Officer at email DataProtectionOfficer@thaireservices.com