1) Definition
“Personal Data” means any information relating to a person which enables the identification of such Person, whether directly or indirectly such as name, surname, address, date of birth, gender, educational history, telephone number, identification number, but not including the information of deceased Persons in particular.
“Sensitive Personal Data” means any information relating to a particular person which is sensitive and presents significant risks to the person’s fundamental rights and freedoms, which includes data regarding racial or ethnic origin, political opinions, criminal records, or other data which may affect the Data Subject in the same manner, as prescribed by the Personal Data Protection Committee.
“Personal Data Protection Committee” means the Committee appointed under the Personal Data Protection Act B.E. 2562 (the “Act”), in charge of the duties and authorities to govern, issue criteria or measures or provide any other guidance as prescribed by this Act.
“Its affiliates” means the list of companies showing details attached herewith this Privacy Policy.
2) Collection of Personal Data
The Company shall collect personal data within the purpose, lawful and fair methods as is necessary which is defined in the scope of the Company’s objectives. Accordingly, the Company shall inform the Data Subject to gain acknowledgment and consent through electronic or other methods as specified by the Company.
In case the Company needs to collect sensitive data, the Company shall request explicit consent from the Data Subject before such collecting, except for when this is allowed by the Personal Data Protection Act B.E. 2562, or other laws.
3) Disclosure of Personal Data
The Company shall not disclose personal data of the Data Subject without the consent of the Data Subject and shall disclose it solely for the above mentioned purposes. However, for the benefit of company operations and service provision to the Data Subject, the Company may disclose personal data to Its affiliates or other required persons, domestically and internationally, such as service providers dealing with personal data. The Company shall govern the above-mentioned persons to treat the personal data as confidential and not to use the data for purposes which are not covered in prior notifications.
The Company may disclose personal data of the Data Subject as required by laws and regulations, such as disclosing it to a government agency, state enterprise, regulator. Also, the Company may disclose it by virtue of laws, such as requests for the purposes of litigation or prosecution, or requests made by the private sector or other persons involved in the legal proceedings.
4) Purpose of Collecting and Usage of Personal Data
The Company shall collect or use personal data for the purposes or activities such as, contract execution, leasing operation, membership registration, lounge service including other privileges, company activities, collaborations or improvement of the Company’s performance; database preparation, process analysis and development, operational processes and other activities of the Company and/or any other purposes which are in compliance with the legal obligations or regulations involving the Company’s activities. The Company shall retain and use the Personal Data as long as necessary only for the above-mentioned purposes, or as prescribed by laws.
The Company shall not conduct any processes which are different from the purposes as have previously been shared with the Data Subject except for when:
(1)the Data Subject has been informed of such a new purpose, and prior consent is obtained;
(2)it is necessary for the Company to be in compliance with this Act or other laws.
5) Personal Data Protection Security Measures
เพื่อประโยชน์ในการรักษาความลับและความปลอดภัยของข้อมูลส่วนบุคคล บริษัทได้มีมาตรการ ดังนี้
-
Implementation of Security Measures
The Company implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.
-
Disclosure of Personal Information to Data Processor
The Company properly supervises third parties to which the Company has appointed to process personal information pursuant to our orders or on our behalf.
6) Rights of the Data Subject
The Data Subject is entitled to request any actions regarding their personal data as per the following:
-
Right to access; to request access to and obtain a copy of the Personal Data related, including to request the disclosure of the acquisition of the Personal Data obtained without his or her consent;
-
Right to rectification;
-
Right to erasure;
-
Right to restriction of processing;
-
Right to data transfer;
-
Right to object;
-
Right to complain when you consider that the Company has failed to comply with the laws relating to Personal Data Protection.
Data Subject may request these rights by sending a notice or submitting the Company electronics form set by the Company to the channel following the “Contact Information” of this Privacy Policy. The Company shall consider the right request received and inform the Data Subject not exceeding 30 days from the date of receiving such request. However, the Company may deny such a right subject to exception by applicable laws.
7) Review and Changes of Policy
The Company may review this policy to ensure that it remains in adherence to laws, any significant business changes, and any suggestions and opinions from other organisations. The Company shall announce and review amended policies thoroughly before implementing all the changes.
8) Contact Information
If you wish to contact the Company to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Policy, please contact the Company or our Data Protection Officer at:
Gaysorn Holding Co., Ltd. Gaysorn Group and Its affiliates
Data Protection Officer (DPO)
999, 4th Floor, Gaysorn Centre, Lumpini, Pathumwan, Bangkok, 10330, Thailand.
Phone: 02-656-1149
Email: dpo@gaysorngroup.com
