Net Design Host Co., Ltd. and GMO-Z.com Net Design Holding Co., Ltd. ("the Company") is committed to conducting its business with integrity and respect for your privacy rights. The Company places great importance on protecting personal data and maintaining the security of personal data to ensure that your personal data received by the Company is used for legitimate purposes and in compliance with the law. Therefore, the Company has issued this Privacy Policy ("Policy") to inform you, as a data subject, of the purposes and details of the collection, use, and/or disclosure of personal data, as well as your rights under the law.
1.1 Who does this announcement apply to?
This announcement applies to you if you are any of the following types of individuals:
| Types of individuals covered by this announcement. | Details and examples |
|---|---|
| Individual customers ("customers") |
Individual customers of the company, such as: ○ Someone who uses or has used the products and/or services. ○ Contact person inquiring about the product and/or service information. ○ People who receive information about the products and/or services through various channels. ○ Individuals who have been offered or persuaded by the company to use or receive their products and/or services. |
| Individuals who are associated with corporate customers of the company, or legal entities that conduct transactions with the company ("business partners'' personnel"). |
Individuals who are associated with corporate customers of the company or corporate entities that have transactions with the company, such as: ○ Shareholders ○ Board member ○ Authorized representative ○ Representative ○ Employees, officers, and/or appointed representatives |
| Individuals who are involved in transactions with the company or customers of the company, also known as "contacts". |
Individuals associated with the business transactions of the company or its customers, such as: ○ Contact person ○ Employees, staff, officials, personnel ○ Family members, friends, and neighbors ○ Individuals referred or mentioned by customers of the company ○ Investors, guarantors, collateral providers, actual beneficiaries ○ Individuals who have paid to or received payment from the company's customers ○ Other individuals from whom the company may obtain personal data through customer transactions ○ Individuals who have visited the company's website or application or social media accounts, or who have used services at the company's offices ○ Professional consultant ○ Other individuals of the same kind |
| the general public | "ordinary individuals in general," for example, individuals who have relationships, interactions, or other forms of contact with a company, or who provide personal information to the company, or whose personal information the company has received directly or indirectly through any channel. |
| employees, job applicants, hired workers, former employees, former workers, references, emergency contacts, and related parties. |
○ Individuals who have applied for a job at the company. ○ Individuals who have been hired as employees or workers to perform work for the company. ○ Individuals who have previously been employees or workers of the company. ○ Individuals whom the job applicant has provided as references in the job application to the company. ○ Individuals whom employees or workers have provided personal data for emergency contacts, as well as those related to the employees or workers |
1.2 Channels for collecting personal data.
The company may collect your personal data through the following channels:
(1) Personal data that you provide directly to the company, or provide through the company, or that is held by the company, whether resulting from the use of products and/or services, contacting, visiting, participating in activities, accessing service channels, and/or other contact channels of the company, such as office, website, application, company's social media accounts, telephone, facsimile, mail, short message service (SMS), survey, name cards, meeting, training, seminar, event, recreation, marketing promotion, interview, job application, employment contract, during employment, or any other channels.
(2) Personal data that the company has received or accessed from other sources such as government agencies, other service providers, business partners and service providers of business partners, companies that co-create products and/or services with the company, data providers, customers of the company, individuals or legal entities who have transactions with the company (as mentioned above), registrar, online social media, online platforms of external individuals, public data sources (such as the Royal Gazette), individuals or organizations that have legal relationships with the company.
2.1 Personal data means any information that can directly or indirectly identify you, including but not limited to:
2.1.1 Individual refers to customers who are individual persons, individuals who are involved in the company's transactions, or customers who are individual persons in general.
| Types of data. | Examples of data that a company may collect, use, and/or disclose |
|---|---|
| Personal Data |
○ Title, First name, Middle name, Last name, Alias (if any) ○ Gender, Date of Birth, Age ○ Nationality, Country of Residence ○ Signature ○ Documents issued by government agencies (such as a copy of ID card, passport, visa, work permit, civil servant/ state enterprise employee card, household registration, birth certificate, name change certificate, marriage certificate, divorce certificate, death certificate, driver's license, or any documents used to identify and verify identity with similar characteristics). |
| Contact information |
○ Address according to important documents, current residential address, address in the country of nationality, workplace. ○ Phone number, mobile phone number, fax number, email. ○ Username or account for electronic communication or various social media platforms (e.g. LINE ID) ○ Proof of address in Thailand (for foreigners) |
| Information about business ownership. | Shareholding ratio and/or any other document(s) to confirm business ownership. |
| Financial and transactional information. |
○ Bank account number. ○ Credit/Debit card number ○ Tax ID number ○ Information on registration for channels, products, and/or services ○ Transaction history, transaction details and purpose, information in transaction records, reference number for transactions, transaction channels ○ Username and password for system users ○ Other information related to the use of products and/or services (e.g. customer code, customer ID number, prepaid balance, purchase orders) |
| Technical information, equipment or tools |
○ Application usage data ○ IP address ○ Cookies ○ Web beacons, pixel tags, SDKs, device IDs ○ Device model and type, network, connection data ○ Access information, single sign-on (SSO) data ○ Logs ○ Login data, access time, app and website usage and duration, search history, viewing data ○ Time zone and location data ○ Plug-in types and versions, operating system and platform, as well as other technologies on the device used to access the platform ○ Other technical information from platform and operating system usage |
| Other Information |
○ Records of communication or interaction between you and the company, details of complaints or feedback ○ Requests for various rights ○ Results of survey feedback ○ Audio recordings, photographs, videos, sound clips, and communication logs/chat-bot transcripts ○ Still or moving images from closed circuit television (CCTV) ○ Information from court orders / probate court orders related to customer transactions or company compliance with laws (such as asset seizure orders, executor appointments, orders appointing incompetent persons or similar orders, and subpoenas for documents or objects) ○ Any other personal information that is protected under personal data protection laws ○ Information about registration for company activities. |
2.1.2 Personnel of a juristic person refers to ordinary individuals who are related to the corporate clients of the company, or juristic persons who transact with the company.
| Type of data | Examples of data that the company collects, uses, and/or discloses |
|---|---|
| Personal information |
○ Title, First name, Middle name, Last name, Alias (if any) ○ Gender, Date of birth, Age ○ Marital status ○ Signature ○ Information on documents issued by government agencies (e.g. copy of ID card, passport, visa, work permit, house registration, or any documents used to identify and verify identity that have similar characteristics), KYC and CDD information, etc. |
| Contact information |
○ Address according to important documents, current residential address, and address in the country of nationality, workplace address ○ Phone number, Mobile phone number, Fax number, Email |
| Employment information |
○ Occupation and professional field ○ Job position ○ Job details, type of business |
| Information appearing in transaction-related documents |
○ Company certification ○ Shareholder list ○ Power of attorney ○ Commercial registration certificate |
| Other information |
○ Information collected, used, and/or disclosed in relation to the company's relationship, such as information provided by legal entities to the company in contracts. ○ Details of complaints or feedback ○ Results of opinion surveys ○ Information about registration for company events ○ Records of communication or interactions between you and the company ○ Requests for various rights ○ Audio recordings, photographs, videos, sound recordings, and records of communication through logs/chat-bots ○ Still images or videos from closed-circuit television (CCTV) cameras ○ Information from court orders / royal decrees relating to the company's customer transactions or compliance with the company's legal obligations (such as asset preservation orders, appointment of estate administrators, orders for incompetency, or orders to call witnesses or documents) ○ Any other information that is considered personal data under data protection laws. |
2.1.3 Job applicants, employees, workers, former employees, former workers, references, emergency contacts, and related persons are ordinary individuals who have applied for a job with the company, individuals who the company has employed as employees or workers to perform work for the company, as well as former employees and former workers, individuals who have provided information to the company as references in job applications, and also including individuals who employees or workers have provided as emergency contacts and related persons.
| Type of Data | Examples of data that the company collects, uses, and/or discloses |
|---|---|
| Name, initials, and identifying characteristics | Data that identifies you or is used to refer to you, such as title, first name/initial, middle name/initial, last name, maiden name, alias, and signature, age, date of birth, gender, height, weight, marital status, nationality, military service information, hobbies and interests, photograph, language proficiency, and number of children. |
| Data provided by government agencies for identification | Numbers or codes issued by responsible government agencies for identification purposes, such as national identification number, other government-issued identification numbers, driver's license number, work permit number, passport number, and foreign national registration number. |
| Contact information | Contact details such as home address, delivery address, home phone number, home fax number, personal email address, internet phone number, mobile phone number, or wireless network (Wireless) personal information, history or username (Handle) on social media, work address, work phone number, work email address, and internet phone number, mobile phone number, or wireless network of work. |
| Education and Employment Information | Your education and employment information, such as education qualifications, licenses, membership status with professional organizations, education results, occupation/rank, department, employer registration number, job code, details of work status/employment approval, results of drug testing, references and history, tax ID number, insurance claims, worker compensation, employment records (including salary information, attendance, and benefits), start date, termination date, employee-owned property, and various evaluations (performance evaluations and potential evaluations), including the use of various technologies - technology usage evaluations (such as internet and email). |
| Communication Device Information | Information about devices and how to use them, including technical information about the devices such as location coordinates, telecommunication tower data, access to audio/video/images/camera, calendar data, call logs, messaging contacts/address book (message/email content), Unique Device Identifier (UDID), computer device ID, click behavior/online tracking data, unstructured data (text, sound, images, video, etc.), data provided through radio-frequency identification (RFID), authentication data (security codes, access codes, passwords), account name, account password, remote telemetry and data transmission license number, metadata, user activity data such as website visits (even if the company doesn't know the user's identity), files created by the websites visited (cookies), and similar technologies. |
| Other Information | Records of communication or interaction between you and the company, details of complaints or feedback, requests for various rights, survey results, voice recordings, photographs, motion pictures, sound recordings, communication logs/chatbot conversations, still or motion pictures from closed-circuit television (CCTV) cameras, and other similar information. |
| Viewpoints and opinions | Information about your viewpoints and opinions, such as your job contract preferences/working relationships or other information you choose to provide to the company. This includes comments, suggestions, complaints, survey responses, questions, and any information you voluntarily provide during discussions regarding human resources. |
If you do not provide your personal information to the company, the company may not be able to offer you the job position you requested, and may not be able to fulfill its duties and responsibilities towards you under the job contract/working relationship, or may not be able to comply with legal obligations that the company is required to perform.
Personal information from third parties may be used for reference, certification, or any employment-related actions. If you provide personal information of third parties to the company, such as spouse information, family members, or children, or if you request the company to disclose personal information of such persons to third parties, you must inform those individuals and obtain their consent (if required) in accordance with the terms stated in this notice. In addition, you must ensure that the company properly collects, uses, and/or discloses such personal information in compliance with applicable laws as set forth in this notice.
Sensitive personal data refers to personal data that is specified by law as sensitive. The company has no intention of collecting sensitive personal data from you, unless you are an applicant, employee, staff, former employee, or former staff of the company. The company will collect, use, and/or disclose this sensitive personal data only with your clear and appropriate consent, in order to fulfill the employment contract, establish legal claims, pursue legal action, fulfill or exercise legal rights, perform duties in the public interest as specified by law, or other matters specified by law.
| Sensitive Personal Data Type | Purpose |
|---|---|
| Criminal History | To collect and use your criminal history for the purpose of considering during the hiring process, screening, and/or investigation |
| Health Information | The company may collect and use your health information for the purpose of employment consideration, performance of a contract, managing leave history, salary and benefits, and may include blood group, medical record number, health plan beneficiary identification number, identification of communication devices and sequence numbers used in healthcare, diagnosis, medical treatment history, payment information, claims for compensation for medical treatment, medical photography, and metadata explaining the main data. Rx number/prescription number, health insurance identification number or account number, medications, rehabilitation or medical equipment/products, genetic and physical health information, family health history or medical symptoms, and annual physical examination results |
| Information about race | The company may collect information about your race for contractual purposes. |
| Information about religion | The company may collect and gather information about your religion to use in contracts, manage documentation and record leave information related to your ethnicity for contractual purposes. |
| Biometric Information | The company may collect and use bodily information (such as fingerprints and/or facial recognition) to confirm identity and access rights to the office. |
(Hereinafter in this policy, unless specifically stated, the above-mentioned personal information and sensitive personal information shall be collectively referred to as “Personal Information”)
The company has no intention of collecting, using, and/or disclosing personal information of minors, persons with disabilities, or persons deemed incapable unless the company has obtained consent from the legal guardian, custodian, protector, or in any cases where minors can consent independently under the law (as the case may be), and/or is conducted under other legal grounds. If the company becomes aware that it has collected, used and/or disclosed personal information of minors, persons with disabilities, or persons deemed incapable without consent from the legal guardian, custodian, protector, or minors who can consent independently under the law (as the case may be), and cannot rely on other legal grounds, the company shall delete or destroy such personal information.
If you provide personal data of any other individuals, who are personnel of a corporation and/or associated with you to the company, such as shareholders, board members, authorized representatives, family members, references, partners, beneficiaries, estate managers, emergency contacts, and/or any other individuals as specified in your transaction documents, please inform those individuals of the details as specified in this notice and obtain their consent if necessary or as required by law, to ensure that the company is able to collect, use, and/or disclose personal data of those individuals.
The company will collect, use, and/or disclose your personal information as necessary for the purposes that are legally approved by the company, which includes collecting, using, and/or disclosing personal information to fulfill contractual obligations with you, to comply with legal obligations, for legitimate business purposes, to carry out your consent, and/or to operate under other legal bases. The purposes for collecting, using, and/or disclosing personal information as described in this policy may be mandatory for some individuals and optional for others. Please consider the nature of the purposes in relation to your relationship with the company on a case-by-case basis.
The company will collect, use, and/or disclose your personal information based on your consent for the following purposes. Regarding employee information, the company will collect, use, and/or disclose personal information that is sensitive and cannot be relied on any other legal basis except for clear consent from the employee. The purposes are as follows:
3.1.1 Religious and ethnic information (such information may come from copies of identification cards or passports from some countries that the company needs to use as evidence to verify and identify individuals only)
3.1.2 Biometric information for signature, verification and identification of individuals, tracking employee work hours, and for access control to company premises only
3.1.3 Health history, disability information, and criminal records, which the company will collect, use, and/or disclose personal information for the convenience of employees and only for the purpose of considering absenteeism. Criminal records will be checked only for employees if necessary to fulfill their duties.
The company may collect, use, and/or disclose your personal data based on other legal bases as necessary for the purposes legally approved by the company, such as to perform a contract with you or at your request, to comply with legal obligations, for legitimate interests, and/or to operate under other legal bases for the following purposes:
3.2.1 Operations prior to entering into a contract with the company, such as providing consultation, advice, and/or any other information related to the products and/or services, analyzing and evaluating customer needs, verifying customer qualifications, checking the accuracy of data or documents, identifying and authenticating individuals, checking against the list of designated individuals (Sanction List) of law enforcement agencies and/or public agencies as generally disclosed under applicable law, verifying property rights or the dissolution of individuals, pre-filling personal data/contact information of customers for the convenience of applying for the company's products and/or services.
3.2.2 Any operation related to the consideration of providing products and/or services, such as communication, document or parcel delivery, processing requests and carrying out approval processes, entering into contracts, agreements and/or other legal documents related to registration for using products, services, and/or participating in company activities.
3.2.3 Delivery of products and/or services according to the agreement made with the company, such as
3.2.3.1 Any operation related to using products and/or services (such as opening accounts, changing information, setting, using, changing credit limits or updating accounts, paying dividends and interest, returning principal, receiving payment, freezing accounts, freezing cards, checking account balances, preparing customer data and document reports for customer transactions, such as certifying documents).
3.2.3.2 Granting benefits and operating in accordance with customer benefits.
3.2.3.3 Customer relationship management, post-sale transactions, customer convenience, and/or management of product propositions for customers.
3.2.3.4 Providing advice or risk management guidelines.
3.2.3.5 Handling complaints, problem resolution, and carrying out customer requests.
3.2.3.6 Payment or asset receipt.
3.2.3.7 Monitoring compliance with product and/or service usage conditions, and/or cancellation of services.
3.2.4 Marketing activities that do not require your consent under the law, such as
3.2.4.1 Identifying customer groups for invitation to participate in events or sales promotions as appropriate
3.2.4.2 Offering products and/or services, exclusive rights to participate in company events, conferences, or meetings, as well as facilitating participation in events (such as registering for a conference)
3.2.4.3 Presenting products, services, and/or exclusive rights that you have requested, or notifying you of your benefits
3.2.4.4 Offering products and/or services of the same or similar type as those you have with the company or other financial business groups of the company
3.2.4.5 Contacting you in case of unsuccessful product and/or service registration (drop-off) to facilitate your re-application for the same type of product and/or service with the company or presenting other products and/or services that may interest you
3.2.4.6 Organizing sales promotion activities (such as offering benefits and prizes)
3.2.5 Conducting analysis, research, and/or statistical data compilation that does not require your consent under the law for the development and improvement of products and/or services within the company, such as marketing analysis, market research, statistical data compilation, and report preparation for internal use.
3.2.6 Other company operations such as
3.2.6.1 Management, risk management, internal audit oversight
3.2.6.2 Maintaining legally compliant benefits
3.2.6.3 Customer database management or recording data in systems or databases
3.2.6.4 Evaluating and reviewing customer credit quality
3.2.6.5 Notifying of debt payment or product/service renewal and/or other notifications
3.2.6.6 Debt collection
3.2.6.7 Post-usage product and/or service satisfaction surveys and evaluations
3.2.6.8 Conducting legal cases or proceedings related to the company
3.2.6.9 Collaboration, coordination, and/or delegation of tasks to others on behalf of the company (e.g. designing products or services, designing customer service experiences, designing processes, or supporting product and/or service delivery)
3.2.6.10 Transferring rights and/or responsibilities for managing the company and other financial businesses within the company's business group
3.2.6.11 Using Closed Circuit Television (CCTV) to control entry and exit to company premises
3.2.6.12 Managing complaints or incidents of suspected law-breaking (such as fraud, money laundering, terrorism, violent extremism, criminal activity, intellectual property infringement, which includes planning, monitoring, surveillance, evidence collection, reporting, and/or detection actions)
3.2.6.13 Creating databases related to customer satisfaction, preferences, complaints, and inquiries.
3.2.6.14 Information technology operations, communication system management, and prevention, mitigation, and reduction of risks related to information technology and cyber threats.
3.2.7 Compliance with the orders of persons with legal authority and/or compliance with the law, such as complying with court orders, orders from government agencies, agencies that have supervisory authority over companies, government employees with authority under the Personal Data Protection Act, Financial Institution Business Act, Securities and Exchange Act, Life Insurance Act, Insurance Act, Committee on the Supervision and Promotion of Insurance Business Act, Payment System Act, Exchange Control Act, Deposit Protection Act, Revenue Code, Prevention and Suppression of Money Laundering Act, Prevention and Suppression of the Financing of Terrorism Act, Computer-Related Offenses Act, Bankruptcy Act, and other laws that the Company is required to comply with both in Thailand and abroad, including announcements and regulations issued pursuant to such laws, both currently in force, to be amended or enacted in the future.
3.2.8 Protection against or prevention of danger to the life, body, or health of a person.
3.2.9 Creating historical or memorial documents or records for public benefit or related to research or statistics.
3.2.10 Carrying out tasks for the public benefit of the company or performing duties in exercising the state authority delegated to the company.
In this regard, if the company needs to collect, use, and/or disclose personal information from you for the purpose of performing or fulfilling the agreement that you have made with the company and/or for performing the company's legal obligations, and you do not provide such necessary personal information to the company upon request or choose to delete your user account from the company's service application, the company may not be able to consider, approve or provide some or all of the products and/or services to you, which may also affect the company's legal obligations and/or the relationship between you and the company.
The company may disclose your personal information to others with your consent or as permitted by law. The individuals or organizations receiving such personal information may collect, use, and/or disclose your personal information within the scope of your consent or as relevant in this policy, or in some cases, you may be subject to the data protection policies of those receiving your personal information. The recipients of your personal information may be located in Thailand or other countries. The company may disclose your personal information to individuals or organizations as related to your relationships and transactions as follows:
| Type of Personal Data Recipient | Details |
|---|---|
| Service providers of the company |
The company may use other companies, partners, contractors, or external service providers to conduct business on behalf of the company, or to assist in the production and/or provision of the company's products and/or services to you. Therefore, the company may disclose your personal information to these service providers. ○ Service provider that has verified its identity on the National Digital ID system ○ Service provider of the national interbank transaction management and exchange system (NITMX) ○ Service provider of digital infrastructure systems and database systems for exchanging data between financial institutions ○ Service provider of telephone signal and short message service (SMS) network ○ Service provider of information technology, technology support, and technology security ○ Cloud computing service provider ○ Service provider for marketing purposes ○ Document storage service provider ○ Online social media service provider ○ Service provider for payment channels ○ Service provider for debt collection ○ Printing press or printing service provider ○ Service provider for document or parcel delivery ○ Service provider for convenience services (Concierge Services) |
| Business Partnerships of the Company |
The company may disclose your personal information to its business partners who collaborate in the procurement of products and/or services. In the event that the company discloses your personal information to its business partners for marketing purposes of the business partners, such as to promote sales, public relations, or offer products and/or services from the business partners to you, the company will inform you of the names of the business partners for your decision-making and consent. In this regard, the business partners may rely on the consent obtained by the company. |
| Individuals as prescribed by law |
In some cases, the company may be required to disclose your personal information to comply with the orders of authorities or persons empowered by law and/or to comply with the law, including the recipients of your personal information. ○ Law enforcement agencies ○ Regulatory agencies overseeing the company, such as the Bank of Thailand, the Anti-Money Laundering Office, the Revenue Department, the Ministry of Interior, the Court, the Police, the Department of Public Prosecution, the Department of Lands, the Department of Land Transport, the Office of the Personal Data Protection Committee, the Office of the Consumer Protection Committee, and others. ○ Government agencies ○ Associations, organizations, or any other individuals as necessary to comply with legal obligations or regulatory requirements, or to protect the rights of the company or the rights of external individuals, which may include any legal proceedings involved. |
| Consultants / Experts |
For the benefit of the company's business operations, the company may disclose your personal information to ○ Accountants ○ External auditors ○ Legal advisors ○ Tax advisors ○ Credit rating agencies ○ Consultants or other experts, as the case may be. |
| Interested parties who wish to receive transfer of rights and/or recipients of transfer of rights in various transactions or business consolidations of the company. |
In the event that the company has restructured its organizational structure, restructured its debts, consolidated its business, acquired businesses, transferred rights, ceased operations, or any similar events, the company may need to disclose your personal information topartners, interested parties asset management companies and/or the aforementioned transferees. |
| Other third parties |
The company may disclose your personal information to other third parties in order to achieve the objectives stated in this announcement. Other third parties who receive your personal information may include, but are not limited to, ○ persons with whom you have a contractual or business relationship (such as referees, beneficiaries, or embassies for document certification) ○ developers of the company's infrastructure technology and/or systems ○ intermediary organizations for transferring money to foreign companies (SWIFT) ○ members of digital identity verification service providers (National Digital ID) ○ card network service providers (such as VISA, Mastercard, JCB, UPI) ○ universities or educational institutions ○ online social media service providers ○ the general public or individuals. |
The company may need to send or transfer your personal data to other companies within the business group located in different countries or to other recipients as part of the normal course of business operations, such as sending or transferring personal data to be stored on cloud platforms or servers located abroad, business partners collaborating in product and/or service development, co-branding partners, online social media service providers, government agencies in other countries, and/or individuals involved in your transactions abroad.
In case the destination country has insufficient personal data protection standards, the company will ensure that the sending or transferring of personal data complies with the law and will take measures to protect personal data as necessary and appropriate, in accordance with the standards for maintaining confidentiality, such as by having an agreement with the data recipient in the aforementioned country to confirm that your personal data will be protected under personal data protection standards equivalent to those in Thailand.
The company may collect and use cookies and/or similar technologies when you use the company’s website and/or applications, as well as when you engage in transactions, use products, and/or services provided by the company through digital channels and the internet. The collection of cookies and/or the use of similar technologies will help the company remember your usage patterns and preferences, as well as analyze your interests to improve and enhance the performance of the company’s website and/or applications. This is done to better meet your needs and usage requirements, ensuring that you have a positive user experience with the company’s website and/or applications
In addition, the company may disclose non-identifying information to data analysis service providers such as Google, both domestically and internationally. Google may use technology and tools such as cookies and/or Software Development Kits (SDK) to track and generate reports on your usage activity on the company's website and/or application. You may review details on Google's data analysis in the topic “How Google uses data when you use our partner's sites or apps” at www.google.com/policies/privacy/partners or other URLs specified by Google.
The company will keep and store your personal data while you are a customer or have a relationship with the company, or for the period necessary to achieve the purposes related to this notice. When you end your relationship with the company, the company will continue to keep and store your personal data for a period necessary according to the retention period or the period prescribed or authorized by law, such as:
7.1 The data is retained in accordance with the laws and regulations for the prevention and suppression of money laundering, typically for a period of 5-10 years from the termination of the business relationship, depending on the specific case.
7.2 The data is retained in accordance with the laws and regulations of the financial institution, securities and capital markets laws, accounting laws, and tax laws, typically for a period of 10 years from the termination of the business relationship.
The company will take appropriate steps to delete or destroy personal data, or make it non-identifiable when it is no longer necessary or the above retention period has ended.
The company will store your personal data securely according to technical safeguards, administrative safeguards, and physical safeguards to maintain confidentiality, accuracy, completeness, and readiness of personal data. This is to prevent unauthorized access, collection, modification, usage, and/or disclosure of personal data. All of this complies with applicable laws.
The company has appropriate measures to prevent data breaches, such as specifying announcements, regulations, and criteria for protecting personal data, controlling access to personal data and secure data processing devices, limiting access to personal data, setting user access rights, authorizing employees to access data, and assigning responsibilities to users. The company has measures to prevent unauthorized access, disclosure, and theft of personal data or devices used for storing or processing personal data. The company has a mechanism to check retrospectively for access, modification, deletion, or transfer of personal data that is appropriate for the method and tools used for collecting, using, or disclosing personal data. The company conducts evaluations to assess the effectiveness of complying with its policies and procedures regarding the protection of personal data.
In addition, executives, employees, staff, contractors, consultants, and individuals who receive information from the company have a duty to maintain the confidentiality of personal information in accordance with the company's privacy policy.
Your rights regarding personal data include various rights that you should be aware of under the law. You can exercise these rights under the provisions of the law and the announcements currently or subsequently prescribed by the Company, as well as the criteria established by the Company. In the case where you are under 20 years of age or legally limited in legal capacity, you may exercise your rights by having your father and/or mother, legal guardian, or authorized representative make a request on your behalf.
9.1 Right to Withdraw Consent If you have given consent to a company for the collection, use, and/or disclosure of your personal data (whether before or after the effective date of data protection laws), you have the right to withdraw that consent at any time while your personal data is in the possession of the company, unless there are legal restrictions or contractual obligations that prevent such withdrawal. The withdrawal of your consent will not affect the lawfulness of the collection, use, and/or disclosure of your personal data that occurred prior to the withdrawal
However, withdrawing your consent for the relevant and necessary parts of the service may result in the Company being unable to fulfill the agreement or provide services to you. It may also result in the suspension or temporary cessation of any related transactions or activities, or may have an impact on your awareness of products and/or services, such as not receiving offers, benefits, promotions, or new offers that better suit your needs and preferences, or not receiving useful information or recommendations. For your benefit, you should therefore carefully consider and inquire about the consequences before withdrawing your consent.
9.2 Right to Access Information You have the right to request access to your personal data that is under the responsibility of the company. You may request the company to provide you with a copy of your personal data, and also ask the company to disclose how the company obtained your personal data.
The company will provide you with a copy of your personal data without any charge for the first set of copies. However, the company may charge a reasonable fee for subsequent copies, and will inform you of the fee and charges before providing you with the copies.
9.3 Data Transfer Rights: You have the right to receive your personal information in a format that can be read or used automatically, and to use or disclose your personal information automatically. You also have the right to request that the company send or transfer your personal information to other data controllers when it can be done automatically. Furthermore, you have the right to receive personal information that the company sends or transfers in the aforementioned format directly to other data controllers, unless it is not technically feasible.
Your personal information must be personal information that you have given consent to the company to collect, use and/or disclose, or personal information that the company needs to collect, use and/or disclose in order for you to use the company's products and/or services according to your wishes as a contractual party with the company, or to use for your request prior to using the company's products and/or services, or personal information as specified by the law.
9.4 Right to object: You have the right to object to the collection, use, and/or disclosure of your personal data at any time if the collection, use, and/or disclosure of your personal data is made for the necessary operation under the legal interests of the company, or of any other individual or legal entity, or for the fulfillment of public interest missions. If you object, the company will continue to collect, use, and/or disclose your personal data only if the company can demonstrate compelling legitimate grounds for the collection, use, and/or disclosure that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims, depending on each case.
Furthermore, you also have the right to object to the collection, use, and/or disclosure of your personal data made for direct marketing purposes, or for scientific, historical, or statistical research purposes.
9.5 Right to request deletion or destruction of data: You have the right to request the deletion or destruction of your personal data, or to render the personal data unidentifiable. If you believe that your personal data has been collected, used and/or disclosed in violation of relevant laws or if you believe that the Company no longer needs to retain your personal data for the purposes stated in this notice, or if you have exercised your right to withdraw consent or to object as stated above.
9.6 Right to request suspension of data use: You have the right to request the temporary suspension of the use of your personal data in cases where the Company is reviewing a request to correct or object to your personal data, or in other cases where the Company no longer needs to retain or destroy your personal data in accordance with relevant laws. However, you request that the Company suspend the use of your personal data.
9.7 Right to request correction of data: You have the right to request the correction of your personal data to be accurate, complete and not misleading.
9.8 Right to complain: You have the right to complain to the authorities with jurisdiction if you believe that the collection, use, and/or disclosure of your personal data is in violation of the relevant laws.
Your right to exercise the above-mentioned rights may be limited by applicable laws, and in some cases, it may be necessary for the Company to refuse or be unable to comply with your request to exercise such rights. For example, the Company may be required to comply with the law or a court order for public benefit, and exercising your rights may infringe on the rights or freedoms of others. If the Company refuses your request, we will notify you of the reasons for the refusal.
You can exercise your rights through the following channels:
| Right | Processing time (counting from the date of request and complete supporting documents) |
|---|---|
| Right to withdraw consent | Within 7 working days |
| Right to access information | Within 30 days |
| Right to data portability | |
| Right to object | |
| Right to request erasure or destruction of data | |
| Right to request suspension of data use | |
| Right to request correction of data | Within 7 working days |
The company will continue to collect, use, and retain your personal data that the company possesses prior to the date when the Personal Data Protection Act becomes effective for the same purposes as before, without the need to obtain your consent again. You also have the right to access such personal data and to exercise your rights under the law, just like with personal data collected after the Personal Data Protection Act becomes effective. However, if the company engages in disclosure or other processing activities that are not related to the original purposes for which the personal data was collected, the company will handle your personal data in accordance with the provisions of the Personal Data Protection Act.
The company may review and make additional corrections, updates or changes to this policy as appropriate and to the extent permitted by law. In the event of any such modifications, the company will publish the updated policy on its website to inform you.
If you have any suggestions or inquiries about the details of how your personal data is collected, used and/or disclosed, including your rights under this policy, you can contact the company and/or the personal data protection officer through the following channels:
Email: dpo@netdesigngroup.com
Address: Floor 22, Fortune Town Building, Ratchadaphisek Road, Din Daeng Subdistrict, Din Daeng District, Bangkok 10400
Telephone number: 02-6421105
This announcement is effective from January 17, 2023 onwards.
