Your Personal Data is collected, used, disclosed, and/or transferred outside of Thailand by us because we have an existing or potential business relationship with you or the Business Partner you work for, act for or represent. For example, our Business Partner provides products or services to us, or work together with us to provide our customers products or services, or otherwise communicates with us in relation to any business.
1. What Personal Data we collect
“Personal Data” means any identified or identifiable information about you as listed below. In order to offer you with our products and services, we may collect Personal Data directly or indirectly from you or other sources (e.g. publicly available information) or through our parent company, affiliates, subsidiaries, business partners, official authorities, or third parties. The specific type of data collected will depend on the context of your interactions with us, and the services or products you need or want from us and within Kasemsubsiri Group including One Bangkok Group and Frasers Property Management Services (Thailand) Co., Ltd.
The following are example of Personal Data that may be collected:
- Personal details, such as title, full name, gender, age, nationality, date of birth, job title, position, workplace, work history, information on government-issued cards, issuing and expiry date (e.g., national identification number, passport number), information on house registration, work permit, license plate number, photograph, signature, company certificate, employee ID, approval details, username and password;
- Contact details, such as postal address, telephone number, location data, email address, LINE ID, WhatsApp ID, WeChat ID, Facebook account, Twitter account, Messenger account, QR code;
- Financial details, such as income, salary, bank account details (e.g., bank account number, bank name, branch, account type), credit/debit card number, financial statement, payment term and other financial related information;
- Technical details, such as Internet Protocol (IP) address, Mac address;
- Other information collected, used and/or disclosed in connection with the relationship between us and the Business Partner, such as, information you give us in contracts, forms or surveys
- Others person information, such as name of parents
“Sensitive Data” means Personal Data classified by law as sensitive data. We will only collect, use, and disclose Sensitive Data, and transfer it across borders, if we have received your explicit consent or as permitted by law.
We will also collect, use, disclose and/or cross-border transfer the following Sensitive Data about you:
- Sensitive data, such as sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin), cult, philosophical beliefs, genetic data (e.g. an individual’s gene sequence), biometric data (e.g. fingerprints, facial recognition, retinal scans), health data, criminal records
2. Why we collect, use, disclose and/or transfer your Personal Data
2.1. The purpose of which you have given your consent:
We rely on your consent to collect, use, disclose and/or cross-border transfer your Sensitive Data for the following purposes:
- Sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin): for verification and authentication purpose;
- Religion: for preparation of religion activities;
- Genetic data (e.g. an individual’s gene sequence): for verification and authentication purpose
- Biometric data (e.g. fingerprints, facial recognition, retinal scans): for verification and authentication purpose, and for security purpose;
- Health data: for preparation of food and beverage;
- Criminal records: for security purpose.
Where legal basis is consent, you have the right to withdraw consent at any time. This can be done so, by contacting Kasemsubsiri Co., Ltd. The withdrawal of consent will not affect the lawfulness of the collection, use and disclosure of your Personal Data and Sensitive Data based on your consent before it was withdrawn.
2.2. The purposes we may rely on and other legal grounds for processing your Personal Data
Depending on the nature of our relationship with you, we collect, use and/or disclose your Personal Data for the following purposes, on the legal basis of legitimate interests, entering into or performance of contract, legal compliance, consent, or any other basis as permitted by applicable laws, as the case may be:
- Business purposes: such as, to proceed with the transaction made by Business Partner, and perform any obligations and/or request made by Business Partners; to communicate with the Business Partner about products, services and projects of us or Business Partner (e.g., by responding to inquiries or requests);
- Business Partner selection: such as, to verify your identity and Business Partner status, to conduct background checks and screening on you and the Business Partner; to evaluate suitability and qualifications of you and the Business Partner, to issue request for quotation and bidding; to execute contract, purchase order or purchase requisition with you or the Business Partner;
- Relationship management: such as, to update your personal data and maintain data accuracy; to maintain contracts, associated documents, agreement references and evidences of work of Business Partner in which you may be referred to, to plan, perform, and manage the (contractual) relationship with the Business Partner (e.g., by performing transactions and orders of products or services, processing payments, issuing invoice, arranging shipments and deliveries); to handling with your request or complain, to provide update, support services and keep tracks and records;
- Business analysis and improvement: such as, to conduct research, data analytics, assessments, surveys and evaluation, reports on our products, services and your or the Business Partner’s performance;
- Registration and Authentication: such as, to register, verify, identify, and authenticate you or your identity;
- IT systems and support: such as, to maintain our IT operations, management of communication system, operation of IT security and IT security audit; and to maintain internal business management for internal compliance requirements, policies, and procedures as well as risk management and fraud prevention;
- Dispute handling, such as, to solve disputes, enforce our contracts, establish, and exercise or defense of legal claims;
- Any investigation, complaints and/or crime or fraud prevention;
- Compliance with internal policies and applicable laws, regulations, directives and regulatory guidelines;
- Liaising and interacting with and responding to government authorities or courts or tribunals;
- Life: to prevent or suppress danger to a person’s life, body, or health.
Where we need to collect your Personal Data as required by law, or for entering into or performing the contract we have with you or Business Partner and you fail to provide that data when requested, we may not be able to fulfill the relevant purposes as listed above.
We will only collect, use, and/or disclose sensitive data on the basis of your explicit consent or where permitted by law.
3. To whom we may disclose or transfer your Personal Data
3.1. Kasemsubsiri Group‘s data ecosystem
3.2. Our service providers
We may use other companies, agents or contractors to perform services on behalf of or to assist with the business relationship with you. We may share Personal Data including, but not limited to (1) computer program developer, software developer, IT service providers and IT support company; (2) marketing, advertising media, designer, creative, and communications agencies; (3) campaign, event, and market organizers, and CRM agency; (4) data storage and cloud service providers; (5) property management service provider; (6) sale agencies; (7) logistic and courier service providers; (8) payment and payment system service providers; (9) research agencies; (10) analytics service providers; (11) survey agencies; (12) call center; (13) telecommunications and communication service providers; (14) outsourced administrative service providers; (15) printing service providers.
In the course of managing our business relationship, the service providers may have access to your Personal Data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure.
3.3. Our business partners
3.4. Third parties required by law
In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
3.5. Professional advisors
The professional advisors include but not limit to (i) legal consultants who assist in running our business and provide litigation services for the defending or bringing of any legal claims, (ii) auditor who provide accounting and audit service to us.
3.6. Assignee of rights and/or obligations
4. International Transfers
We may disclose or transfer your Personal Data to third parties, our parent, foreign affiliates/subsidiary or data servers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties have in place suitable data protection standards or other derogations as allowed by laws. We will request your consent where consent to cross-border transfer is required by law.
5. Accuracy of Personal Data
We may validate data provided using generally accepted practices and guidelines. This includes the requirement of your original documentation before we may use the Personal Data such as with personal identifiers and/or proof of address. You shall assist us in ensuring the accuracy of your Personal Data in the possession of us and please inform us of any updates of any parts of your Personal Data where applicable.
6. How long do we keep your Personal Data
We keep your Personal Data only for so long as we need the Personal Data to fulfil the purposes we collected it for, and to satisfy our business and/or our legal and regulatory obligations. How long we keep your Personal Data depends on the nature of the data. Some information may be retained for longer, where we are required to do so by law.
7. Your rights as a data subject
Subject to applicable laws and exceptions thereof, you may have the following rights to:
- Access: You may have the right to access or request a copy of the Personal Data we are collecting, using and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
- Rectification: You may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data that we collect, use, disclose and/or transfer (domestic and/or cross border) about you rectified.
- Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are processing such data on the basis of your consent or to perform a contract with you.
- Objection: You may have the right to object to certain collection, use and disclosure of your Personal Data such as objecting to direct marketing.
- Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.
- Withdraw Consent: For the purposes you have consented to our collecting, using and disclosing of your Personal Data, you have the right to withdraw your consent at any time.
- Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use, disclose and/or transfer (domestic and/or cross border) about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
- Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use and disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.
9. Contact Us
- 57, Park Venture Ecoplex, 19th Floor, Ploenchit Road, Lumphini Sub-District, Pathum Wan District, Bangkok, Thailand.
- Telephone: +66 (0) 2 081 3500
- Email: firstname.lastname@example.org