We, Osotspa Public Company Limited, and our affiliates (collectively the “Company”, “we”, “us” or “our”) understand the importance of the privacy and protection of the Personal Data of our Business Partners, Contractors, Consultants and Investors (“you” or “your”). Additionally, we also put our mind to the full compliance to the Personal Data Protection Act 2019 regarding the collection, use, and disclosure of your personal data to underline the lawful right of the data subject in accordance to the applicable personal data protection laws.
The purpose of this Privacy Notice is to inform the details regarding the Processing of your Personal Data both online and in other channels to comply with the applicable personal data protection law. The Company may, from time to time, amend this Privacy Notice in whole or in part to comply with applicable laws, rules, or guidance for personal data protection.
Personal Data Processing
1. Personal Data that we may collect, use or disclose (the “Process”).
Your personal data, including the data of related persons of the juristic person, which is subject to the Process are:
(i) Personal Information, e.g., name, address, mobile number, email, photo, copy of ID card, ID card number, copy of passport, passport number, age, career, Facebook account, Line account;
(ii) Information related to your purchase of products or services, e.g., purchase history, claim history, complaints, including the information you gave consented for research, suggestion, or interview;
(iii) Financial information, e.g., bank account number or other related financial information, taxpayer identification number;
(iv) Information relating to your transaction, e.g., signature, information on the ID card, copy of ID card or passport, copy of census registration, copy of driver’s license, copy of vehicle registration, copy of the power of attorney, invoice, receipt, payment voucher;
(v) Technical information, e.g., Log file, IP address, geography information, real-time location data, browser, website history, website usage, log-in Log, transaction log, access time, search history, access history, social media usage, information received from Cookie or other relevance technologies.
(vi) Record of image, photo, video, and audio recorded by CCTV or any other information that may identify the data subject.
Remark
In the event that we obtain Sensitive Personal Data such as race, religion, health information, disability information and such Sensitive Personal Data is not necessary for the operation of the Company, you may conceal such Sensitive Personal Data before submitting the information to the Company or we reserve our right to conceal such Sensitive Personal Data on the received documents. which will be deemed the Company has not collected such Sensitive Personal Data from you. Please be notified that the company has no policy to store your Sensitive Personal Data without your explicit consent or legal basis.
2. Personal Data Derivation.
We may collect your Personal Data from:
(i) Any Operating System (OS), Information System, the Company’s website, email, telephone, fax, business card, letter, online, offline, electronics, or other channels which we directly received from you; and
(ii) Public website, our partner, our contract party, or our affiliates.
Remark
In the event that you visit or access our websites, we may use Cookie to collect your Personal Data in accordance with our
Cookie Policy.
3. Personal Data Processing Purpose.
We may Process your Personal Data for the following purposes:
(i) For procurement process e.g., the registration of supplier, contractual party and consultant, the identification of business partner, contractual party and consultant including the identification of authorized person, the consideration of qualification of business partner, contractual party and consultant, the selection of business partner, contractual party and consultant, to facilitate the transaction, agreement and contract management, the process related to the payment, the communication with business partner, contractual party, consultant etc;
(ii) For reviewing the qualification and consideration of the suitability before enter into transaction, risk assessment of related transaction, identification and authentication and/or for consideration of authority for delegation and the authenticity of the attorney-in-fact for the execution of agreement or contract with us, due diligence or background review and for any internal process;
(iii) For reviewing application request for our project or project under joint-management between us and third-party or governmental entity, including any related activities to such project;
(iv) For internal and external communication necessary for our operation;
(v) For the business communication e.g., contact, meeting appointment, business visit, conference, business discussion regarding the goods or service, conduct of business or investment of the Company, including the recording of the detail of such communication and for the Company news publication via various form of media;
(vi) For the handling of information technologies, related to the performance under the agreement or contract;
(vii) For the consideration, preparation and execution of contract or related agreement, including the management of such contract;
(viii) For the establishment of lawful right, the exercise of lawful right, to raise an argument against any claim or to conduct any necessary action to comply with the law;
(ix) For the purpose of utilizing any process with the bank, financial institution, Department of Business Development, Department of Revenue, Excise Department, Stock Exchange of Thailand, the office of Securities and Exchange Commission and any relevant governmental entities;
(x) For the purpose of internal audit, complaints reviewing process, prevention of corruption and inappropriate conduct and prevention of misconduct or violation of law;
(xi) For the purpose of maintaining security of the facilities and vicinity, including recording of image or video by CCTV system; and
(xii) For the purpose of health check-up and review of readiness for work to protect the operator for any harm inside the office and premise of the Company, including for the quarantine purpose and risk assessment for the contagious capability of the disease before the entry into the office and premise of the Company.
4. Legal Basis for collecting, using, and disclosing Personal Data.
We may Process your Personal Data under the following legal basis:
(i) Contractual Necessity, or to conduct any process or activity in response to your pre-contractual request;
(ii) Legitimate Interest pursued by us or by a third party, and such interest shall not exceed your fundamental rights in your Personal Data;
(iii) Legal Obligation in any applicable laws which the Company has to comply with;
(iv) Consent which the Company received from you for collection, use, and disclosure of your Personal Data; and
(v) Any other basis which the Company has under any applicable laws.
In case we collect, use, or disclose any of your Sensitive Personal Data under the following legal basis. We shall ensure that:
(i) We have received your explicit consent in writing from you to collect, use or disclose such Sensitive Personal Data;
(ii) It is necessary to prevent or protect your vital interests;
(iii) It is necessary to establish, comply, or exercise our right or legal claim or to perform any necessary procedures to comply with the applicable laws; and
(iv) It is necessary to comply with the applicable laws, including Personal Data Protection Act.
5. Personal Data Disclosure.
The disclosure within the Company and the affiliates.
We may share or disclose your Personal Data to pursue our Propose of Processing your Personal Data under the relevant legal basis. Therefore, we may share or disclose your Personal Data within our Company or our affiliates either inside or outside of the territory, which may have different personal data protection measures from Thailand. The Company shall ensure that the disclosure of your Personal Data shall comply with Thailand Personal Data Protection Act.
The disclosure to the third party.
Upon receiving your consent, the contractual necessity, the legal obligation, or the legitimate interest, the Company may deliver, transfer, or disclose your Personal Data to the third party either inside or outside of the territory. We ensure to comply with the applicable laws and provide the necessary Personal Data protection measures to the following;
a) Person or juristic person which the Company obliged or ordered by the jurisdiction court, state agency, tax authority, regulator, or the law enforcer to disclose such Personal Data;
b) Consultant, company’s professional advisor including lawyer, banker, auditor, accountant, insurer, a professional service provider on legal, banking, compliance, accounting, or insurance;
c) Financial institution or financial service provider, e.g., a company that provides you an electronic payment service on each transaction;
d) External service provider, business partner, social media e.g., IT service provider, marketing company, researching service provider, cloud storage service provider, Facebook or Line etc.; and
e) External auditor, shall independently perform any assessments and review your data as a part of the Company’s compliance standard.
We may disclose your Personal Data to an external person or juristic person which we may sell or transfer, in whole or in part, our business or asset or vice versa, we may acquire or merge other business. Nevertheless, in the circumstance of the Company’s alteration whether about selling, acquiring, or merging (whatsoever) such alteration may require the use or disclosure of your Personal Data similarly to which stated in this privacy notice.
6. Personal Data Security Measures.
The security of your Personal Data privacy is the first priority for the Company. We assure you that we implement and use the appropriate security measures on both technical and administration standards to protect your Personal Data and to prevent any possible damages to your Personal Data (e.g., loss, unpermitted access, disclosure, abuse, misuse, modifying, or destruction.) by using an appropriate technology and security measures. We shall ensure that only the permitted person shall have the right to access your Personal Data and that such person has enough knowledge and experience in the Personal Data protection protocol. Such security measures, from time to time, shall be reconsidered, if it deems necessary or the technology transformation occurs, to ensure that decent and appropriate security measures are applied.
7. Retention Period
We will retain your Personal Data for a necessary period for the purpose we informed you or as described in this privacy notice. In the event that (i) you desire to end your legal relationship or contract with us, (ii) you have no services or transactions with us, or (iii) your Personal Data is no longer necessary for the purpose of Data Processing. Your Personal Data will be retained for the period allowed by the applicable law, prescription, and legal claims. After the retention period ends, we will delete, destroy, or unidentified your Personal Data.
8. Your Rights as a Data Subject
Under the Personal Data Protection Act, your rights as a data subject are the followings:
(i) Right to withdraw your consent given to us, unless such withdrawal is limited by the applicable law or the contract;
(ii) Right to access and obtain a copy of your Personal Data under the responsibility of the Company including the right to request the disclosure of the Personal Data acquisition;
(iii) Right to send or transfer your Personal Data to other Data Controllers;
(iv) Right to object to the collection, use, or disclosure of your Personal Data;
(v) Right to delete, destroy, or unidentified your Personal Data;
(vi) Right to request to restrict the use of your Personal Data;
(vii) Right to request to edit or modify your Personal Data to be accurate, up-to-date, complete, and not misleading, in the event that your Personal Data retained by us or your Personal Data has been changed; and
(viii) Right to report or appeal to the authorities if the Company violates or breaches the Personal Data Protection Act.
9. Contact us
For your further questions, queries, or requests, please contact our Data Protection Officer below;
Data Protection Officer
Osotspa Public Company Limited.
348 Ramkhamhaeng Rd., Huamak, Bangkapi, Bangkok 10240 Thailand.
Email:
[email protected]