Netizen Company Limited (“Netizen” “We,” “Our,” “Us,” or “The Company”) recognize the importance of the protection of personal data, and we are strictly abided by the respect and protection of private individual information of officers, customers and business partners along with the individuals involved in the Company (“You”). We have issued this Personal Data Protection Policy to inform you regarding data collection, store, use, and disclosure, Including various rights, which you will be protected in respect of personal information under the law regarding personal data protection. You can certainly use our website and application or any services (“Service”) to enhance the personal data security standard.
Trust is the basis of Netizen’s value proposition to prescribe the process of data collection appropriately and protect all information in case of a breach of security where your personal information is transmitted externally, stored, or otherwise handled due to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to that including data theft. Your personal information will be used to produce products and services as the Personal Data Protection Act B.E. 2562.
WHAT IS PERSONAL DATA?
Personal Data (General)
“Personal Data” means any information pertaining to a Data Subject, which enables the identification of a Data Subject, whether direct or indirect. For example, name-surname name address e-mail address Identification Number. Etc.
Sensitive Personal Data
Sensitive Data is personal data that is specially categorized by law and will be collected, used, and/or disclosed. Sensitive Data pertains to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, and biometric data.
THE PERSONAL DATA THAT WE COLLECTED
If you do business with us or work with a company that does business with us, We may collect the following information which is relevant to you, including:
- Personal contact information: Contact information which helps us to communicate and send the message to you. e.g., first name, last name, name address, e-mail address, telephone number, postcode, Etc. (Whenever we request the information that you don’t want to disclose, please inform us immediately.)
- Market research & consumer feedback: Marketing information and information about our business relationship with you and that helps us to do business with you and/or with your company, For the delivery of services, advertising information, products, and services, exceptional benefits, marketing activities that may meet your needs, such as the types of our products or services that may be of interest to you or Your company And your suggestions for helping us customize our services to suit you or your company, as well as the satisfaction and opinions of the function of our personnel.
- Technical Information: Information relating to the device or machine such as IP address, MAC address, Cookie-ID, QR code, browser type, and version, time zone and location, operating system and platform, and other technologies on Your device, including how to access the products and services we provide to you, log files, environment settings and more, Etc.
- Usage-/access data: Websites/communication usage information. As you navigate and interact with our Websites or newsletters, We use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and how long, and other similar information and statistics about your interactions, such as content response times, download errors, and length of visits to certain pages. This information is captured using automated technologies such as cookies and is also collected through third-party tracking for analytics and advertising purposes. You have the right to object to such technologies. For further details, please see the topics “RIGHTS OF THE DATA SUBJECT.”
- Communications information: Information we obtain through letters, emails, telephone calls, conversations, social media interactions, or any other correspondence between us;
- Contract Information: Contract-related data including name-surname, national identification number, address and email-address
- Financial and transaction information: Any information that We need to fulfill an order, or that you use to make a purchase, such as your bank account number for payment when you or your company purchase our products or services, tax identification number, or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations, and security standards.
- The information recorded in security systems such as closed-circuit television data (CCTV).
If you use our services via mobile devices. We may collect the unique device identifier, IP address, information of the operating system, network service provider, cellphone, location, or the Company may request your consent to collect phone numbers for sending push notification or any service in the future. However, If you do not wish us to retain your information for this purpose. You can turn off or refuse the consent, which may affect our services.
THE SOURCES OF PERSONAL DATA
We may obtain your data through 2 channel the following means:
- We access personal data directly from the users via the collection during the provision of service, including:
1.1. User’s account registration, and the submission of application for any services
1.2. User’s consensual agreement when filling out the survey via e-mail or other channels.
1.3. User’s subscription to any marketing and sales information, including advertisement and promotion.
1.4. User’s transaction when you buy and/or use our products and/or services
1.5. When we receive your data from cookies when you visit our website.
1.6. When we receive your data from User’s participation through our marketing activities to offer products and services.
1.7. User’s information to us when they visit our site.
- We collect personal data of the users indirectly from the third-parties in the following cases:
– Third-party social network information.
– When you participate in our marketing activities through an electronic platform, social media, or and office platforms such as Facebook, Google, LINE, Linkedin, Twitter, Youtube, Instagram, and Gmail which we may use so-called social plugins from various social networks, such as ‘Like’, ‘Share.’ and ‘comment’ buttons, the data of Devices, social media channel, location, chat history will keep analyzing your behavior.
– The Standards for log file’s maintenance which comply with the Ministry of Information and Communication Technology
THE PURPOSE OF COLLECTION, USE AND DISCLOSE OF PERSONAL DATA
The Company collects personal data within applicable laws, regulations, and guidelines on the protection of personal information and lawful and fair methods as is necessary, which is defined in the scope of the Company’s objectives to operate service purposes between us.
- For the legitimate interest of Netizen Co., Ltd, or third party or you, which does not decrease your fundamental right in personal data.
- To fulfill your or your Company’s requests for products and/or services and for related activities, such as products or service delivery, customer service, account/relationship management, support and training and to provide other services related to your or our business relationship with you.
- To comply with contracts to which you are a party or process your request before agreeing to purchase or sell products and/or services including Account Management, products and/or service delivery, accounting and finance, after-sales service, and any services.
- For marketing and data analysis such as offering products or services, marketing research survey and interview including analysis data usage and customer behavior, searching history from creating a profile, digital service and advertising, customer experience, and opinion to evaluate the performance of service and use data for customer relationship optimization and offering the privilege based on the data owner’s interest and/or improving the service provision, execution, or product of the Company that helps us tailor our services to you including regulation of the products and/or services of third-party service providers, is an agent or has relationships with service providers and/or other people’s.
- For legal obligations or regulation to which the Company is subject whether present or in the future, including consent to the Company to send, transfer and/or disclose personal data to Company business group, business alliance, any agency, organization, or juristic person who has a contract or a legal relationship with the Company and/or Cloud Computing Service Provider by allowing the Company to send, transfer and/or disclose such information through domestically and internationally.
- In case of your consent, we will process your data as below;
- 6.1 ) So that our affiliated companies and we send you the newsletter and privileges via E-mail, SMS, Application, Social Media, Phone Number, and Direct mail.
- 6.2 ) So that we can proceed with doing activities besides the mentioned above, we may collect the additional personal data. However, We will inform you and request your consent.
You can learn more about the details of consent in the topic “Request consent and the impact of the withdrawal of consent.”
DATA SECURITY AND QUALITY MAINTENANCE MEASURE
- The company’s realization on the significance of your personal data’s security, therefore, the company, has established a measure of the personal data security to be appropriate and consistent with the personal data confidentiality to prevent loss, access, destruction, usage, modification, revision, or disclosure of the personal data without the right or illicitness; and to prevent an unauthorized usage of the personal data in accordance with the Netizen Information Security Policy.
- Any personal data that the company received from a Data Subject such as name, residential address, contact number, identification number, financial information which is complete and up-to-date relating to an identified or identifiable of Data Subject will be used in accordance with the objectives of the Company. The company will carry out appropriate measures to prevent personal data from being used without permission.
- We collect your personal data as soft copy in our information system such as Server, Origami Database and Cloud Platform and provide standard security to keep our information systems and the use of your personal data secure with following measures:
- We limit access to your personal data to those employees, agents, business partners and other third parties. They will process your personal data in compliance with legal requirements and will put in place the Personal Data protection measures as necessary. Accordingly, the company will inform Data Subject to acknowledge and consent through electronic, Short Message Service (SMS) or other methods as specified by the Company.
- We have the Security Protection of Personal Data measures from unauthorized access to any data, loss, misapplication or disclosure of the personal data and modification to prevent unauthorized access to computer systems such as firewall, encode, etc.
- Destroy your personal data for security purposes when such information is no longer needed for legal and business purposes.
- Put in place procedures to deal with any suspected personal data breach and will notify a regulator of a breach where we are legally required to do so.
- User personal data will be saved in service provider’s devices such as computers and phones.
Our Company may collect personal data relating to Data Subject preference or subscribed service which consists of racial, religious or philosophical beliefs, health information, biological information, disabilities, heredity information or other information. Therefore, company shall request consent from Data Subject before collection except;
– In compliance with a legal obligation such as Personal Data Protection Act., Electronic Transaction Act., Telecommunication Business Act., Anti-Money Laundering Act., Civil and Commercial Code, Criminal Code, Civil and Commercial Procedure Code, and Criminal Procedure Code;
– For the purpose for investigation of the inquiry authorities or adjudication of a competent court;
– For Data Subject’s benefit, and the consent cannot be made at that time;
– For the necessity purpose of the legitimate interests pursued by the Company or personnel or other juristic person which is not related to the Company;
– It is necessary to prevent or to avoid danger to a person’s life, body or Health;
– It is necessary for the performance of a contract to which the Data Subject is a party or in order to proceed as requested by the Data Subject prior to entering into a contract
– For achieving the purposes in the making of history documents or annals for public interest or for study, research, statistical purposes under appropriate protection measures.
The company may use third party IT Service providers in order to retain personal data, which such Service providers must have security measures by prohibiting the collection, use or disclosure of personal data other than those specified by the company.
REQUEST CONSENT AND THE IMPACT OF WITHDRAWAL OF CONSENT
- In case we collect and process personal data with your consent. You have the right to withdraw consent at any time which shall not affect the collection, using and disclosing or evaluating personal data.
- The person who is under 20 years-old needs to request permission from a legal representative.
RETENTION PERIOD OF PERSONAL DATA
- We will keep your personal data for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements which determine the appropriate retention period for personal data unless a longer retention period is required or permitted by law. In cases where the retention period for personal data is not specified by relevant laws, the Company will determine the period necessary and appropriate for its operations such as Up to a maximum 10 years statute of limitations.
- To establish a system of checks of the deletion or destruction of personal data at the end of such period.
- In case we use your personal data with consent. We will evaluate your data until you decide to withdraw the consent then we fulfill your request. However, We will keep your withdrawal consent history to reciprocate your request in the future.
We will not share or disclose the customer’s personal data to a third party, except for receiving the Customer’s consent and disclosure as required by laws. In case we receive your personal data from a third party, The data subject will be informed of such a new purpose, and prior consent is obtained. We may disclose personal data of the customer to the following recipients;
- With the Our Affiliated Companies. For the convenience of users to immediately use the website or related applications.
- With the Online Advertising Platforms, We may share your Personal Data with our service providers or third-party suppliers that operate on our behalf, such as Analytics, Advertising, Users Behavior Analysis, etc.
- With other service providers for business goals and website development.
- If the company is necessary to send or transfer personal information of customers to foreign countries with personal data management standards. The company will take measures as it deems necessary under the confidentiality standards prescribed by that country’s law, such as Confidentiality agreement with contractual parties in that country.
RIGHTS OF THE DATA SUBJECT
Data subjects have the following rights:
- Right to withdraw consent: You have the right to withdraw your consent about personal data that you have given consent with the company throughout your personal data being kept by the company.
- Right to access the personal data: You have the right to access your personal data and asking for the company to copy the said personal data for you. Including asking for the company to disclose the acquisition of personal data that you did not give consent to the company. If you are an existing employee of the company, you can access your personal data by yourself through the company system.
However, the company may reject your request if accessing and requesting a copy of that personal data will affect the rights and freedom of another person, or the company must comply with laws or court orders prohibiting disclosure of that personal data.
- Right to rectification of personal data: You have the right to request us to edit incorrect information or fulfill information completely. If you are an existing employee of the company, you can edit your personal data through the company system or fill out documents according to its procedures.
- Right to erasure the personal data or suspending the use of personal data: You have the right to request the company to delete your data or suspend the use of your personal data for some reason. Except in the case that the company must comply with relevant laws or exercising legal rights for maintaining such data.
- Right to Restriction of Processing: Users can request the service provider to limit the way their personal data is used.
- Right to transfer the personal data: You have the right to transfer your personal data that you have provided to the company to another data controller or yourself for some reason. Exceptional in case of against the law or affects the rights and freedom of other people.
- Right to object the data processing: You have the right to object to the processing of your personal data for some reason. Except in the case that the company has legally necessary to collect data or must comply with relevant laws of maintaining such data.
- Right to be informed: You have the right to be notified when your personal information is collected. Including relevant details.
You can submit your request to perform the rights above, according to the address below. It has no cost for applying and implementation, which the company will inform the result of consideration within 30 days from the date the company received the request.
MARKETING ACTIVITIES AND CAMPAIGNS
We may conduct marketing activities and promotion or use third parties as instructed by us to do so:
- In case that we use your personal data for a purpose of providing direct marketing to you, we will be able to do so only when you give us explicit consent and we have already informed you the purpose of your personal data’s use on direct marketing. However, you can withdraw your consent on direct marketing with us at any time through our opt-out system.
- In the case of your participation in our sale promotional activities such as gaming activities, Exhibition, Events, or other activities through various social network channels for promoting our products and services to the public such as Facebook, Google, LINE, Linkedin, Twitter, Youtube, and Instagram, we will not process your data for direct marketing unless you give us an explicit consent to use your personal data for direct marketing. We have already informed you of the purpose of your personal data’s use on direct marketing. However, you can withdraw your consent on direct marketing with us at any time through our opt-out system.
- We will send you the newsletter about our marketing activities, products, services, privilege, and content based on the subscriber’s preference to effectively offer goods and services. However, you can withdraw your consent on a newsletter with us through our contact information.
PERSONAL INFORMATION REQUEST FORM
If you would like to manage your personal data, including Data access request, Data correction request, General Consent Withdrawal request, and Complaint submission, In that case, you may withdraw your consent at any time. You can do this by notifying us in writing (which includes email) are as follows:
- Adequate contact details so we can identify you.
- Obvious information in brief for making any complaint of Customer’s Data Subject’s Right.
- Summarize the effects you receive, including how you want us to resolve your complaint.
We will acknowledge receipt of your complaint as soon as practicable. Then we will investigate it. We may need to obtain further information from you, speak to relevant staff members, review relevant documents, and/or obtain legal or technical advice to do our investigation. Once we have completed our investigation, we will write to you to let you know the investigation’s outcome.
Version July, 29 2020
Effective date: July, 29 2020
Address : 8 T-One Building, 28th Floor, Suite 28 2-4 Sukhumvit Rd,
Phra Khanong, Khlong Toei, Bangkok 10110, Thailand
Phone number : 02-090-6868
Data Protection Officer Email: email@example.com