1. Scope of application.
“Personal Data Protection Policy” means The policy we establish to inform data subjects about our processing. and details as defined by the Personal Data Protection Act B.E. 2562.
“personal information” means Information about an individual that makes it possible to identify that individual. either directly or indirectly but does not include the information of the deceased in particular.
/However The following information is not personal information, such as information for business contacts that does not identify an individual, such as the name of the company, the address of the company. Company registration number Work phone number E-mail used for work, such as email@example.com, anonymous data or anonymous data that can no longer be identified. by technical means (Pseudonymous Data), deceased person information, etc.
“Sensitive personal information” (Sensitive Data) means personal information about race, ethnicity, political opinions doctrine religion or philosophy sexual behavior Criminal record Health information Disability union information genetic information, biological information or any other information which affects the data subject in the same way as announced/prescribed by the Personal Data Protection Committee, further in this policy If not specifically mentioned, it will be called. “personal information” and “Sensitive Personal Data” relating to the above service users shall be collectively referred to as “personal information”
“processing” means any action with personal data such as collecting, recording, organizing, structuring, keeping, updating, changing, recovering, using, disclosing, forwarding, publishing, transferring, merging, deleting, destroying
Personal Data Owner” (Data Subject) means a natural person who owns personal data.
“Controller of personal data” (Data Controller) means another person or juristic person who has the power Duty to make decisions about the collection, use or disclosure of personal data
“Personal Data Processor” (Data Processor) means a person or juristic person that operates Regarding the collection, use or disclosure of personal data in accordance with the instructions or on behalf of the data controller, the person or juristic person doing so is not the data controller.
3. Personal Information We Collect
4. Collection of personal information of minors. incompetent person incompetent quasi
We collect information about minors. incompetent quasi Incompetent person only with the consent of Only a parent who has authority to act on behalf of a minor, guardian or guardian. We do not collect information from customers who we expressly know are under twenty years of age. or from quasi-incompetent and incompetent people Ability without consent From the parent who has the authority to act on behalf of the minor, guardian or guardian in case consent is required. In case we know We collect personal information without intention from any person under twenty years old incompetent quasi or an incompetent person without Consent from the parent who has the authority to act on behalf of the minor, guardian or guardian We will delete the data. immediately or only processing the data we can do on other legal bases In addition to obtaining consent
5. Sources of Personal Data We Collect
We collect or acquire different types of personal data. from the following sources
6. Data quality.
We collect your personal information. To be used for the benefit of operating according to our objectives and mission between you and us. The information that has been collected. We have taken into account the accuracy, completeness and up-to-date information.
7. Purpose of processing personal data
The Company uses methods to collect, use, disclose personal information through lawful and fair means, by storing personal information as necessary. for use in contacting the service public relations or provide news information Including a survey of the opinions of the owners of personal data on the business or activities of the company. under the objectives of the Company's operation only or as required by law If there is a change in purpose Will notify the owner of the personal information and save it as evidence. Including complying with personal data protection laws.
8. Processing of personal data.
We will process your personal data. It will be done with objectives, scope and methods. Legitimate, transparent and fair under the processing base. as follows
In this regard, we will require the recipient of the information to take appropriate measures to protect your information and process it. Such personal data only as necessary. and take steps to prevent the use or disclosure of personal information by without unlawful authority
Clause 9. Restrictions on the use and/or disclosure of personal information.
10. Services provided by third parties or subservices.
We may assign or procure third parties. (Personal Data Processor) to process personal data on our behalf or on our behalf. Such third parties may offer services in various ways such as hosting, subcontracting. (Outsourcing) or as a cloud service provider (Cloud Services Provider) or as a job in the form of outsourcing in other forms In entrusting a third party to process personal data as a personal data processor, we will provide an agreement stipulating our rights and obligations as a data controller of personal data and that of the individuals. We designate you as a personal data processor. This includes detailing the types of personal data we hold. assigned to process including objectives Scope of processing of personal data and other agreements Related where the personal data processor is obligated to process personal data to the extent specified in the agreement and on our instructions only without being able to process it for other purposes Where a personal data processor has assigned a subprocessor (subprocessor) to process personal data on behalf or on behalf of the personal data processor as follows: Personal Data provides a documented agreement between Personal Data Processors and Subprocessors in a format and standard that is not inferior to the agreement between us and the Personal Data Processor.
11. Sending or transferring personal data abroad.
It may be necessary for us to send or transfer your personal information to our affiliates or other third parties overseas, or to other recipients as part of our normal business operations, such as sending or Transfer 9 personal data to be stored on Server/Cloud in different countries. where it is necessary for the performance of a contract to which you are a contracting party or for the performance of a contract between us and another person or entity for your benefit or for To take action at your request before entering into a contract or to prevent or suppress a danger to your life, body or health or to others. to comply with the law or it is necessary to perform a mission for the benefit important public
In cases where the destination country has insufficient standards regarding personal data protection We will take care of the transmission or transfer of personal data in accordance with the law. and will implement measures to protect personal data Persons deemed necessary and appropriate to comply with confidentiality standards, such as having a confidentiality agreement with Recipients in such countries or in the event that recipients are affiliated companies/businesses We may choose to use How to implement a policy Protection of personal information that has been audited and certified by the authority in accordance with relevant laws and will proceed to send or transfer personal information to affiliated companies / same business Overseas address may be subject to such personal data protection policy in lieu of processing as required by law.
12. Retention and retention period of personal data.
We will retain your personal data for as long as necessary while you are a customer or continue to use our services, or as long as may be necessary to fulfill the relevant purposes in this policy. Must continue to be preserved after that if required or permitted by law, such as stored according to the law with the prevention and suppression of money laundering Keep it for the purpose of verifying in case of a possible dispute within the statute of limitations specified by law for a period of not more than 10 years.
We will delete or destroy personal information. or make it anonymous to you when it is no longer needed or at the end of that period.
13. Security measures for personal data.
The security of your personal information is important to us and we have put in place security measures. Appropriate technical and administrative security measures are in place to protect personal data from loss. access to Unauthorized Use or Disclosure misuse alteration and destruction using Security technologies and procedures such as encryption and access restrictions to ensure that Only authorized persons have access to your personal information and these persons have been trained on the importance of protection of personal information We put in place appropriate security measures. To prevent loss, access, use, change, correction, disclosure of personal data from those who do not have rights or obligations related to that personal data. and will arrange to review such measures when necessary or As technology changes to provide optimum security performance.
We will not be liable for any damages. arising from the use or disclosure Personal data to third parties Including neglecting or ignoring logging out of the system (Log out) that the data owner can access by the action of the data subject or other persons with the permission of the data subject
14. Rights of data subjects.
You have the right (1) the right to revoke your consent for the Company to process your personal data (2) the right to access and receive a copy of the personal data that the company has collected, used and disclosed (3) the right to request for portability Your privacy (4) Right to object Processing of your personal data (5) The right to request erasure, destruction or anonymization of your personal data (6) The right to suspend the use of your personal data (7) Rights (8) the right to make a complaint in the event that you believe that The rights of the Company or its officers or representatives have been infringed under Personal Data Protection Act B.E. 2562. Any request for the exercise of your rights as mentioned above must be done in writing and the Company will use its best efforts to do so within a reasonable time. and not exceeding the period specified by law The Company will comply with legal requirements relating to your rights as a data subject. Exercising your rights under clause
“Cookie” (Cookies) is information that we send to a computer or device through a web browser of the owner of the personal data. In the event that the owner of the personal information accesses the website or our other online channels and install such information. in the system of the owner of the personal data If cookies are used, our website will be able to record or remember the data of the personal data subject until the data subject leaves the web browser or until the data subject deletes the cookie. is broken Or do not allow that cookie to function anymore.
Clause 16. Changes to the Personal Data Protection Policy.
17. Right to link to third party websites.
In using the service of our website. There may be links to other social networks, platforms and websites operated by third parties. We endeavor to only link to websites that meet privacy standards. However, we cannot be held responsible for their content or standards. Protection of personal information of other websites unless otherwise specified any personal data you Any contributions to third party websites are collected by such parties and are subject to notices/policies. regarding the protection of such third party's personal information (if any). We cannot control and cannot be held responsible for the use of your personal information by such third parties.
18. Governing Law.
19. Compliance with the Personal Data Protection Policy and contact channels.
If you have any questions or suggestions about the privacy protection policy or its practices, According to this Personal Data Protection Policy We are happy to answer any questions. and listen to your suggestions You can contact the company at firstname.lastname@example.org or at the address below
Index International Group Public Company Limited 1/814 Moo 17, Soi Amphon, Khu Khot Sub-district, Lam Luk Ka District, Pathum Thani Province 12130 Telephone number : 02-532-3623-33
Announced on November 1, 2022