Privacy Policy
Sri panwa Management Co., Ltd. (“The company”) strictly adheres to the privacy of the data as an important issue. When the company uses the personal data of the data subject to conduct business and provide services to the data subject, the data subject will be protected under the Personal Data Protection Act B.E.
The company, as a personal data protector, is legally obligated to inform the data subject of the privacy policy which describes the collection, use, or disclosure the personal data of the data subject and the rights of the data subject as the owner of the personal data. The company also confirms that it has taken steps in accordance with this law to protect the personal data of the data subject.
1. Meaning of personal data and personal data protection officers
Personal data is divided into two categories:
Personal information (General) means personal data of a living person who can identify that person either directly or indirectly, such as name, surname, address, email address, identity card number, phone number, credit card number, etc.
Sensitive Personal Data is personal data that requires special protection. This requires special care when collecting, using or disclosing this type of personal information.
Personal Data Protection Officer means an officer appointed by the Data Controller to act as a Personal Data Protection Officer according to the Personal Data Protection Act B.E. 2562, hereinafter referred to as Protection Officer or DPO (Data Protection Officer).
The data subject is an identifiable individual and the owner of the information that the company stored such as customers, employees, including other groups such as directors of the company, temporary worker, students, interns, visitors, business partners, contractors, service contractors, including data processing contractors, etc.
Examples of personal data
Personal information (General) | Sensitive Personal Data |
---|---|
Example of General Personal information 1) Name and Last Name 2) Sex 3) Nationality 4) Address 5) Phone Number 6) Date of Birth 7) Email address 8) IP Address 9) Credit Card Number 10) ID number |
Example of Sensitive Personal Data 1) Ethnicity 2) Race 3) Political Views 4) Belief in Religion 5) Sexual Behavior 6) Criminal Record 7) Health Information 8) Disability 9) Trade Union Information 10) Genetic Information 11) Biological Information 12) Other information that affects the owner of the information. |
2. Source of personal information
2.1 The company obtains personal information directly from the owner of the information through the following channels.
- The data subject registers by creating an account through the website or application.
- The owner of the information contacted the company to obtain information about the housing project that the owner of the information was interested in.
- The owner of the information made an appointment to visit the housing project.
- The owner of the information provides information to the company when visiting the housing project.
- The data subject participates in the company’s promotional activities via electronic channels or Social Network or normal channels.
- The owner of the information provides information to the company when entering the service of the company’s project.
- The data subject provides information to the company when conducting financial transactions with the Company.
- The data subject provides information to the company when making a legal contract with the company.
2.2 Personal information of the data subject that the company receives from a third party who operates in connection with the collection, use or disclosure of personal information on the order or on behalf of the company. The personal data of the data subject will not be used other than the purposes that the company has specified or ordered. The company has required third parties to maintain the confidentiality and protection of the personal information of the data subject in accordance with the standards of the Personal Data Protection Law of Thailand.
2.3 Personal data obtained from cookies when the data subject visits the company’s website. This information helps the company to provide better, faster, safer service and for the privacy of the data subject when the data subject uses the service and/or enter the platform.
3. The company collects personal information from the data subject when:
- The data subject provides information to the company through normal channels.
- The owner of the information enters the company’s website.
- The data subject provides information to the company through the website or application.
- The owner of the information provided information to the company through inquiries through the company’s online channels.
The company collects personal data of the data subject as necessary to provide services to the data subject, for the owner of the information to contact for information, and to conduct business in a way that the data subject can expect the company to use the data subject’s personal data for that purpose. The company may collect, use or disclose various types of personal information of data subjects which can be classified into groups as follows:
Contact Data
Including information such as name-last name, address, e-mail address, telephone number, housing project that the data owner is interested in, budget range for project purchase, reason for purchasing a home.
Technical Data
This includes information such as the computer’s IP address, browser type, time zone settings, location, operating system, platform and technology of the device used to access the website.
Usage Data
This includes information such as the web pages the data subject accesses before the data subject enters the platform, web pages the data subject visits, the amount of time the data subject visits the web page, products or information the data owner searches on the platform, time and the date of the visit to the website, information about the website.
Communication Data
Including information such as email, chat logs and information in communication.
Contract-related Data
Including information such as ID number, address, credit card number, date of birth, gender.
4. Purposes for collecting, using and disclosing personal data
The company uses personal data of data subjects within the scope of data protection laws and collect only the necessary information for doing so. The company will only collect information related to the provision of services between the Data Owner and the company as necessary:
- For the company’s legitimate interests or the legitimate interests of third parties or the legitimate interests of the data subject without compromising the fundamental rights to the data subject’s personal data.
- For the performance of the contract to which the data subject is a party or to be used to act on the request of the data subject before entering into a contract.
- To comply with the law or to prevent or suppress a danger to a person’s life, body or health.
- For the benefit of the public in some cases the company may need. Personal data must be processed for the public interest or performing duties as assigned by a government agency to carry out.
The company has summarized the use of the data subject’s personal data to provide services to the data subject. It also describes the Lawful Basis of Processing that the company uses to process the personal data of the data subject for each activity as shown in the table below.
Objectives
Data Type | Processing Purpose |
---|---|
Personal Information • Name • Address • Office Address • Telephone Number • Sex • Various Settings • Account security settings of the data subject |
When the owner of the information visits the website of the company, the Data Subject may be requested to register with the company and/or the Data Subject may be required to provide the Data Subject’s Personal Data to the company for the purpose of collecting information for the company’s marketing purposes such as • To contact and offer the company’s services or other proposals related to the company’s projects which the owner of the information may have shown interest in the company. • To inform the owner of information about the news, benefits, products and newsletters. |
• Account security settings of the data subject. | • To verify the identity of the owner of the data. • To secure the user’s account. • To inform the owner about the changes that will occur. • To comply with relevant laws or regulations. |
• Credit Card Number | Credit card information is stored and verified through third-party payment systems. This information is not stored permanently on the company’s servers and will be deleted immediately after being verified by a third-party payment system. |
• IP Address | To verify the identity of the owner of the data. |
Non-personal information • Browser type • Domain • Websites visited • Time to visit the website • Referral website address |
• To provide information on accessing and using the company’s website. • To manage the website; for internal operations, fix website problems, data analysis, testing, research for safety, distortion check and user account management. |
• Customer Support Information | • To solve and explore problems. |
System Information | • To provide information on accessing and using the company’s website. • To manage the website; for internal operations, fix website problems, data analysis, testing, research for safety, distortion check and user account management. • To improve user experience. |
Location Information | The website uses the information collected by cookies for statistical analysis or other activities of the company to further develop the company’s products and services. |
Cookies | The website uses the information collected by cookies for statistical analysis or other activities of the company to further develop the company’s products and services. |
5. Disclosure or sharing of personal information
1. The company can disclose or share personal information of the data subject to third parties as follows:
- Affiliates
- Online Advertising Platform
- Marketing company or consultant
- Regulatory agencies such as the Office of the Personal Data Protection Commission.
- Business consultant or professional services.
- Other agencies as required by law.
The company requires that third parties whom the company disclose or share personal information of the above-mentioned data subjects must maintain the confidentiality and protect the personal data of the data subject in accordance with the standards required by the Personal Data Protection Law of Thailand and use the personal data of the data subject only for the purposes that the company has specified or ordered the third party to do so. Third parties will not be able to use the data subject’s personal data other than those purposes.
2. When requested the company may disclose the personal information of the data subject to the relevant authorities in order to comply with the law. For example, to prevent threats to life or body, for the purposes of law enforcement, charges, the exercise of legal rights, fraud prevention.
6. Retention and retention period of personal data
The company collects personal information of the owner of the information. At present, there are original documents and documented information which have been provided security in a standardized stable room to keep the original documents and information systems for documented information. The use of personal information of the data subject is safe with the following measures:
- Restrict access to personal data that may be accessed by employees, agents, partners or third parties. Third-party access to personal data can only be done as required or ordered. Third parties are obliged to maintain confidentiality and protect personal information.
- Provide technological means to prevent unauthorized access to computer systems.
- Manage the destruction of data subjects’ personal data for security purposes when such data is no longer needed for business and legal purposes.
- There is a process to deal with personal data violations or in case of doubt and must notify the personal data breach to the Office of the Personal Data Protection Commission in accordance with the conditions prescribed by law.
Period of retention of personal information
- The company retains the personal data of the data subject for the necessary period or until the data subject requests its cancellation. To carry out the objectives of the company’s services and in accordance with the period stipulated by accounting standards legal requirements and other relevant regulations
- To determine the retention period of information. The company will consider the number usage service purpose, sensitivity of personal data, and the risks that may arise from misuse of personal information and the period stipulated by the relevant laws.
- Personal data of the data subject obtained from cookies to collect information when the data subject accesses the website, the company will keep it until the data subject deletes or rejects the cookie or as required by relevant law.
Period of retention of data
Data Type | Storage Period |
---|---|
• First name, Last name • Sex • Address • Office address • Telephone number • ID card number |
Until the owner of the data tells to delete the data. |
• Account security settings of the data subject. | Until the owner of the data tells to delete the data. |
• Credit card number | Credit card information, this information is not stored permanently on the server of the company and will be deleted immediately after being verified by a third-party payment system. |
• Browser type • Domain • Websites to visit • Time to visit the website • IP Address • Referral website address |
Until the owner of the data tells to delete the data. |
• Customer Support Information | Until the owner of the data tells to delete the data. |
System Information | Until the owner of the data tells to delete the data. |
Location Information | Until the owner of the data tells to delete the data. |
7. Rights of the personal data subject
As the owner of personal data, the data subject has the right to act to the extent permitted by law, as follows:
- The data subject has the right to withdraw consent for the processing of personal data. The data subject has given consent to the company throughout the period that the personal information of the data subject is with the company. (Right to withdraw Consent)
- The data subject has the right to access the personal data of the data subject and request the company to make a copy of the said personal data for the data subject. Including asking the company to disclose the acquisition of personal information that the owner of the information did not give consent to the company. (Right of Access)
- The owner of the information has the right to have the company correct the personal information or adding incomplete information. (Right to Rectification)
- The data subject has the right to request the company to delete the data owner’s data for certain reasons. (Right to Erasure)
- The data subject has the right to request that the company suspend the use of the data subject’s personal data for certain reasons. (Right to Restriction of Processing)
- The data subject has the right to transfer the personal data the data subject provides to the company to another data controller or the data owner for some reason. (Right to Data Portability)
- The data subject has the right to object to the data subject’s processing for certain reasons. (Right to Object)
The owner of the information can contact the company’s DPO officer to submit a request for action under the above rights.
8. Marketing activities and marketing promotions
The company can use personal information to carry out marketing and promotional activities or provide third parties with whom the company has a requirement or order to do so under the provisions of law. The use of personal data for marketing purposes includes the delivery of promotional materials by post, email, social networks and by any other means including direct marketing operations. To increase the benefits that personal data subjects will receive from being a customer of the company through referrals of related products and services.
The data subject can opt out of receiving communications for marketing purposes from the company except for relevant and necessary communications and/or services that the company has provided the owner of the information, such as receipts notification of payment of installments, etc.
9. Cookies Policy
Cookies are text files located on the data owner’s computer that are used to store log details about the data owner’s internet usage or website visit behavior. Cookies are used by the company to collect information about visiting the website of the data subject to help the company to provide better, faster, safer service and for the privacy of the data owner. When the owner of the information uses the service through the company’s website, the company uses cookies in the following cases:
- Cookies for the operation of the website. (Functionality Cookies): The company uses these types of cookies to help the company recognize the device or browser of the data owner so that the company can more quickly tailor content to the personal interests of the data subject and help make the service and platform more convenient and beneficial to the data owner. To disable these cookies, the data owner can set the data owner’s device by referring to the help of the browser or the data owner’s device.
- Analytics cookies: The company uses analytics cookies provided by Facebook and Google to analyze the visitor’s visit to the website in order to offer goods or services to the data subject through social media advertising. The data subject does not allow these third parties to process the data subject’s personal data. The data owner can choose to disable these kinds of cookies on the website of the company.
10. Privacy Policy of Other Websites
This Privacy Policy applies only for the company’s services and the use of the company’s website only if the data subject has clicked a link to another website. (Even through channels on the company’s website) The owner of the information must study and comply with the privacy policy displayed on that website separately from the company.
11. Changes to Privacy Policy
The company will regularly review the effectiveness of this Privacy Policy such changes to this policy will be posted or published on the company’s website or other platforms.
12. Contact
Details of Data Controller, if the data subject would like to contact to request the exercise of the data subject’s rights or if there are any questions or complaints, the data owner can contact the following channels.
Sri panwa Management Co., Ltd.
Address: 88 Moo 8 Sakdidej Rd., Tambon Vichit, Phuket 83000, Thailand
E-mail : pdpa@sripanwa.com
However, the data subject is not required to pay any costs for the performance of the above rights. The company will consider and notify the result of the data subject’s consideration within 30 days from the date the company receives the request.