Last update on Dec 15, 2023
This Policy applies to the following persons:
- Individual customers or users of the Company’s services;
- Individual business operators, shops, trade partners, business partners, service providers, contractual counterparties of the Company;
- Individuals who are related to or have relationships with corporate customers, users of the Company’s Services, business operators, shops, trade partners, business partners, service providers, or contractual counterparties of the Company such as shareholders, directors, attorneys-in-fact, coordinators, contact persons, employees or delegates;
- Individuals who are not customers or users of the Company’s services, but
the Company may need to collect, use, or disclose Personal Data e.g., visitors of
the Company’s website or application, or service users at the Company’s offices or branches;
- Individuals who have provided Personal Data to the Company or in which the Company has received their Personal Data, either directly or indirectly, through any channels.
“Personal Data” means any information relating to a natural person that enables
the identification of that person, whether directly or indirectly, including all types of personally identifiable information of an individual such as name, national identification card number, domicile information, online information, physical, mental, social, economic, or cultural information which can identify an individual, but excluding the information of deceased persons.
“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) or as may be amended later, including royal decrees, ministerial regulations, notifications, orders, and other laws related to personal data protection.
“Sensitive Personal Data” means Personal Data regarding race, religion, ethnicity, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect the data subject in the same manner, as prescribed in the Personal Data Protection Law.
2. Collection and Purposes of Personal Data Collection
The Company will collect, use, or disclose your Personal Data only in cases where it is necessary or there is a legal basis for collecting, using, or disclosing the Personal Data, including the collection, use, or disclosure of the Personal Data for compliance with
a law, the performance of a contract in which you are a party to or may be
a representative or personnel of the contracting party, taking steps at your request prior to entering into a contract, legitimate interests of the Company or others, carrying out any actions in accordance with your consent and/or under other legal bases. In this regard, the Company’s purposes of collecting, using, or disclosing the Personal Data are as follows:
2.1 For legal compliance
With regard to the Company’s business operations, the Company is sometimes regulated and must proceed in compliance with relevant laws and regulations, therefore,
it is necessary for the Company to collect, use, or disclose your Personal Data in order to comply with laws and regulations of government agencies and/or regulators governing any business or activity that the Company conducts, including but not limited to the following purposes:
- to comply with the Personal Data Protection Law, the laws on computer-related crime, the laws on telecommunications business operations, tax laws, and other applicable Thai and international laws that the Company must comply with;
- to comply with regulations and/or orders of authorities (such as court orders, orders of government agencies, regulators or competent officials).
2.2 For contractual performance or taking steps at your request prior to entering into a contract
In the case that you have entered into a contract with the Company or have a request prior to entering into a contract, whether on your behalves, as a representative, or on others’ behalf, the Company shall collect, use, or disclose your Personal Data in order to carry out actions according to the contract or request, including but not limited to the following purposes:
- to take steps at your request prior to entering into a contract with the Company or for consideration before entering into a contract;
- to provide products and/or services, to deliver the products and/or services to you, to authenticate your identity in using the Company’s products and/or services, to provide advice and administration regarding the products and/or services, to process the collection or payment for the products and/or services, or for taking any other actions for the performance of a contract (including
the compliance with the Company’s conditions for service provision).
2.3 For legitimate interests of the Company or others
The Company shall refer to the legitimate interest basis by taking into account
the interests of the Company or others and the fundamental rights of your Personal Data that the Company collects, uses, or discloses, which includes, but not limited to, the following purposes:
- to manage the Company’s business or to comply with reasonable business principles (such as risk management, internal management, supervision and inspection, accounts auditing, internal auditing, corruption, bribery, and misconduct monitoring, preventing, and investigating);
- to manage the relationship between the Company and you (such as customer care, satisfaction assessment, complaints handling);
- to develop and improve the Company’s products, services, and various work systems for improved efficiency;
- for security purposes (such as CCTV recording, visitor registration, exchanging visitor badges, and/or recording visitor images before entering the Company’s premises, including temperature detection and facial recognition);
- to manage claims and disputes, file lawsuits, and proceed with related legal proceedings, including legal execution actions;
- to contact you for business negotiations or discussions or contact before entering into a contract with you;
- to organize projects, exhibitions, training, seminars, or any other activities, including visiting the Company’s organization;
- to retain, revise, and update the lists or names of customers (which includes your Personal Data) and store relevant contracts and documents that may refer to you therein;
- to perform the Company’s operations, respond to your requests, or provide services to you, which may be required to disclose the Personal Data to any affiliated companies or companies in the same group as United Information Highway Company Limited.
2.4 For operations in compliance with your consent
In some instances, the Company may request your consent to collect, use, or disclose your Personal Data to provide maximum benefit to you and/or to enable the Company to provide services that serves your needs, including but not limited to the following purposes:
- to conduct research and data analysis, statistical analysis, marketing planning,
the Company’s marketing activities as well as offering appropriate products, services, and benefits to you;
- to be used in public relations regarding meetings, training, seminars, recreation, exhibitions, or various activities;
- to use in other operations for which the Company must obtain your consent.
2.5 For actions under other legal bases
In addition to the above purposes, the Company may need to collect, use, and disclose your Personal Data under other legal bases as follows:
- to prevent or suppress a danger to life, body, or health;
- it is necessary for the performance of duties carried out in the public interest or for the exercising of official authority.
The Company hereby informs you that in case you do not provide your Personal Data to us upon our request and such Personal Data is required for compliance with laws, for entering into or performing a contract, the usage of the services may be less convenient for you or
the Company may not be able to provide services or proceed to provide some or all of
the services or take steps at your request.
3. Personal Data Collected, Used, or Disclosed by the Company
The Personal Data that the Company collects, uses, or discloses may vary depending on the objective and scope of services that you use, your interest in services or products, or your existing relationship with the Company, including but not limited to the following information:
- first name, last name, gender, date of birth, photograph, image and number of identification card, and passport information;
- contact information, address, email, and telephone number;
- technical information and service usage behavior, network usage, and other information related to the provision of services;
- financial information such as payment information, credit card number, and bank account number;
- information used or obtained for security purposes, such as vehicle registration numbers, and body temperature;
- information used for the development of services, including the cases where you encounter a problem with the services;
- information necessary for the Company to comply with laws, including information used for inspection and relevant actions in the event of any violation of the terms of service or provisions of law.
The Company hereby informs you that the Company will not collect your Sensitive Personal Data without your explicit consent, except in cases where there is a legal basis to support such actions as prescribed in the Personal Data Protection Law. You may read the legal bases that the Company uses to collect your Personal Data in details regarding the Collection and Purposes of Personal Data Collection specified in Clause 2.
4. Sources of Personal Data
The Company may obtain your Personal Data from the following channels:
4.1 Direct Collection of Personal Data from You
The Company may obtain the Personal Data directly from you due to the contact or business operations between you and the Company, including but not limited to the following cases:
- in the event that you contact or provide information to the Company when entering into contracts for the use of various services with the Company or for any other business relationships with the Company;
- in the event that the Company receives your Personal Data from message sending and receiving via email or other communication channels between
the Company and you;
- in the event that the Company receives Personal Data from the service usage, the network usage, or the Personal Data related to your use of the services, such as log file;
- in the event that you use the Company’s website, the Company will receive your Personal Data through your cookies;
- in the event that you provide your Personal Data to the Company through employees or through online channels such as the Company website, etc.;
- in the event that you provide your Personal Data to the Company or
the Company receives your Personal Data from operations to maintain
the Company’s security.
4.2 Collection of your Personal Data from other sources
The Company may receive your Personal Data from sources other than directly from you, provided that such sources are permitted under laws to disclose your Personal Data, such as government agencies, affiliated companies, business partners, service users who conduct business as service providers to you, and contractors or sub-service providers that the Company entrusts to provide services to you.
5. Disclosure of Personal Data to Others
- service providers or subcontractors of the Company for service provision;
- professional advisors such as legal advisors, including lawyers;
- agencies that wish to conduct both external and internal audits on data management to prevent corruption;
- government agencies, law enforcement agencies, competent regulatory agencies under laws;
- other agencies under legal purposes, such as agencies acting in compliance with legal orders, audit agencies, or legal proceedings or actions;
- any Others who you have given consent to, including the general public, in the event that you give consent to the Company for public relations purposes.
6. Sending or Transferring your Personal Data Abroad
As the Company’s business type is a global business, the Company may, from time to time, be required to send or transfer your Personal Data overseas (for example, in the case where you are a user of the Microsoft Solution service with the Company, or in the case of any other services where the Company must send your Personal Data to the entity that is a contracting party or has juristic relation with the Company or send your Personal Data to be stored on a cloud server abroad in order to provide services to you).
In this case, the Company will use its best efforts to send or transfer your Personal Data to the Company’s reliable business partners, service providers, or recipients of information using the most secure methods and sufficient Personal Data protection measures to maintain the security of your Personal Data.
7. Retention Period of Personal Data
The Company will collect your Personal Data for as long as necessary to achieve
the objectives of each type of service according to the period of contracts or juristic relations under applicable laws between you and the Company; and the Company shall retain your Personal Data not less than 90 days from the termination date thereof, except in the cases of compliance with laws and regulations applicable to the Company, compliance with
the Company’s internal operational requirements, or compliance with claims, or exercise of legal rights, including in the cases of verifying the accuracy of your service usage, collection of service fee payments, or quality inspection of the Company’s services, or upon a request from regulatory agencies, whereby the data will be retained for a period as appropriate and necessary for each type of Personal Data.
The Company will delete or destroy the Personal Data or render it non-identifiable to the data subject according to the Company’s data destruction standards after the expiration of the retention period or when the Company is not entitled to or cannot assert the basis for processing your Personal Data.
8. Your Rights Regarding the Personal Data You, as the owner of Personal Data in accordance with the Personal Data Protection Law, shall have the following rights under laws:
You may request to exercise the rights mentioned above by providing notice in electronic format or in writing to the Company’s Customer Care Department according to
the contact channels as detailed in Clause 12. The Company would like to inform you that
the Company may request or ask for additional information and/or documents from you
in order to verify and authenticate your identity before processing your request.
In case you are a service user, and the Company fails to proceed at your request within 15 days from the notice’s receipt date by the Company, you may notify the Office of the NBTC in writing for enforcement in accordance with your rights.
9. Use of Personal Data According to the Original Purposes
The Company is entitled to collect and use your Personal Data that the Company has previously collected before the effective date of the Personal Data Protection Act B.E. 2562 (2019) regarding the collection, use, and disclosure of Personal Data continuously according to the original purposes. If you do not wish for the Company to continue collecting and using such Personal Data, you may notify the Company to withdraw your consent at any time.
10. Data Security Measures
As the Company acknowledges the importance of the security of your Personal Data, the Company has established appropriate security measures for the Personal Data in accordance with the confidentiality of Personal Data, including data encryption and measures to restrict data access, in order to prevent ineligible or unlawful loss, access, destruction, use, conversion, modification, or disclosure of Personal Data as well as preventing the unauthorized use of Personal Data.
11. Notification of Personal Data Breach, Personal Data Rights, Privacy Rights and/or Freedom of Communication via Telecommunications
In the event that you become aware of an action that breaches or is considered a breach of Personal Data, including your Personal Data rights, privacy rights and/or freedom of communication via telecommunications, the Company hereby requests your assistance
in reporting such breaches to the Company’s Customer Care Department through the contact channels as detailed in Clause 12.
12. Contact Channels to Exercise Rights or Report Personal Data Breach
If you wish to exercise your lawful rights as prescribed in Clause 8, report a breach of Personal Data and/or rights and freedoms as prescribed in Clause 11, or have any questions, or wish to inquire for additional details about this Policy, please contact the Customer Care Department according to the following details:
Customer Care Department, United Information Highway Company Limited
Address: 499 Kamphaeng Phet 6 Road, Ladyao Subdistrict, Chatuchak District, Bangkok 10900
Tel : 02-016-5111
The Company would like to inform you that the Company may request or ask for additional information and/or documents from you in order to verify and authenticate your identity before processing your request or taking any other actions as notified by you.
13. Personal Data Protection Officer
The Company has appointed a Personal Data Protection Officer to review
the Company’s operations regarding the collection, use, and disclosure of Personal Data
in compliance with the Personal Data Protection Law according to the following details:
Personal Data Protection Officer
Mr. Tanakhon Kasemsin
Address: 499 Kamphaeng Phet 6 Road, Ladyao Subdistrict, Chatuchak District, Bangkok 10900