- Privacy Notice for Clients
DBC Group (THAILAND) COMPANY LIMITED
DBC Group (THAILAND) COMPANY LIMITED (“the Company”) realizes the importance and obligation under the Personal Data Protection Act B.E. 2562, which focuses on respecting the privacy rights of the Clients. This includes a natural person who acts on behalf of a juristic person which is the Data Subject (hereinafter referred to as “Clients”). The Company is committed to protecting your Personal Data as pursuant to Personal Data Protection Law and other relevant laws. Therefore, the Company has prepared this Privacy Notice to inform about the details relating to the collection, use and disclosure of Personal Data (collectively referred to as “Processing”) as well as the Data Subject’s right as described below.
- Who does This Privacy Notice apply to?
This Privacy Notice applies to the Personal Data of the Clients including a natural person acting on behalf of a juristic person who is the Data Subject. This includes directors, consultants, executives, employees, representatives, and other related Company personnel.
“Client” is a person who is the target of the Company to sell its products or services including participants in marketing campaigns or activities, those who are interested in the Company’s products or services through various channels and/or the users of the Company’s services through social media and electronic media, as the case may be. This includes authorized persons who acts on behalf of the Clients such as a guardian of a minor, a guardian of an incompetent, a guardian of a quasi-incompetent, etc.
- Definition of Personal Data
2.1 “Personal Data” refers to any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular. This Personal Data includes first name, last name, nickname, address, phone number, ID card number, passport number, social security card number, tax identification number, bank account number, credit card number, email address, IP Address, Cookie ID, Log File, etc.
Personal Data, however, does not include business contact information that does not identify an individual personally. These would include items such as company name and address, registration number, company telephone number, or a business email address such as [email protected]. Personal Data also does not include anonymous data or pseudonymous data, or that of deceased persons.
2.2 “Sensitive Data” is defined as Personal Data pertaining to racial or ethnic origin, genetic and biometric data, political views, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union association, or any other data which would affect the Data Subject in such manner defined by the Personal Data Protection Committee. The Company shall process such data with special care and attention. The Company will collect, use and/or disclose sensitive Personal Data only after having received your explicit consent, or in cases where it is required by law.
When there is no specific mention of “Personal Data” or “Sensitive Data”, it shall be collectively referred to as “Personal Data”.
In the cases that the Company obtained information your ID Card copies or accessed your information from the identification card through an electronic means for the purpose of authentication to establish legal obligation and/or any transactions with the Company. The collected data will also include religious data, which is Sensitive Data. The Company shall determine how to manage such Sensitive Data in accordance with applicable Company guidelines and as permitted by law.
- Personal Data collected by the Company
The Company collected your Personal Data as necessary according to the purposes of using the data that the Company will inform in the next part. In this regard, the Company has classified the types of Personal Data collected by the company as shown below
Type of Data
Types of Data that the Company Collects, Uses and/or Discloses
– Title, First name, Middle name, Last name
– Personal phone number
– E-mail address
– Contact Data, such as first name, surname, personal phone number, e-mail address, Account.
– Financial Data such as credit card number.
– Data about participation in various activities such as course attendance history of e-learning.
– Client’s company work data, such as workplace name, work address, e-mail address, telephone number, position, tax identification number, etc.
- Sources of Personal Data
The Company will collect your Personal Data and Sensitive Data through the following process
- Personal Data that you give directly to the Company
Such as information used to subscription including attached documents, requests to change personal data or other information, service requests or requests regarding products or services, product, complaint information regarding product and/or service, information used to register and create an account or profile with the Company in order to take the Company’s services both offline and online, communicate information with the Company whether in written or electronic form, your information provided through surveys, suggestions, or comments from various channels including information collected at the head office or branch office, the customer service center or booth, etc.
4.2 Personal Data automatically collected by the Company
When you access services through the Company’s system or website via mobile phone, computer, laptop, etc. Your Personal Data may automatically collect with a technology called “cookies” or other technologies with the same or similar figures.
4.3 Personal Data collected from external sources or liable public information
These sources include the Department of Provincial Administration, the Department of Business Development, as well as commercial resources, websites, applications, social media, data providers, agencies, or related entities, etc.
4.4 Personal Data collected through contact with the Company
Personal Data is collected through your contact with the Company, employees, agents, business partners, associates, authorized representatives, or other entities related to the Company. This Personal Data may also be collected through channels including websites, applications, social media, phone, e-mail, meetings, interviews, short message (SMS), fax, or letters. Data may be collected in text form as well as pictures and audio.
4.5 Personal Data collected when engaging in Company activities
Personal Data may be collected in connection with marketing activities, events or competitions organized approved, or authorized by or on behalf of the Company and/or its partners and associates.
When you agree and consent to provide the Company with personal data of third parties such as family members, etc., you have certified the accuracy of it. Additionally, any third parties must be fully informed of this Privacy Notice.
- Purposes for Collecting, Using, and Disclosing Personal Data
The Company will collect, use, or disclose your personal data according to the following basis.
5.1 Contractual Basis: for compliance with contractual obligations that you have entered into. These include service contracts, sale and purchase contracts, subscription contracts or other contracts. These also include the processing your requests or application form prior to entering into a contract.
5.2 Legal Obligation: for compliance with obligations required by law. These include Tax Laws, Electronic Transaction Laws, Civil and Commercial Laws as well as Public Health Laws, etc.
5.3 Legitimate Interest: for the legitimate interest of the Company. However, these must not violate your fundamental rights or freedoms.
5.4 Consent; the Company must request your consent as required by law or the Company cannot apply any of the abovementioned basis to process Personal Data collected from you.
Purpose of collection, use and disclosure of Personal Data of clients.
The Company will collect, use or disclose your Personal Data for the following purposes:
1. To process the client’s request before entering into a contract or for the performance of a contract.
To verify or identify the client when accessing the Company’s platform, selling products and/or services to client. To perform any contract to which the client is a party, including managing the client’s account, subscription information, delivery, accounting and financial operations. After sales service, product returns, any action to provide clients with products and/or services and any requested by clients.
2. For management of advertising and public relations.
Advertising marketing campaigns, analysis, product development and contact clients to give advice or present products. Including management of advertising media public relations which the client is a presenter or appears as part of the Company’s advertising media.
3. For management of operation and after sales service.
Review and analyze personal data and sensitive personal data.
– Legitimate Interest
To develop the Company’s online service channels and to provide client with quality services fast and convenient.
– Legitimate Interest
For accessing or transfer account data such as membership numbers, personal codes that company has provided services to clients via computer and/or other control devices. In order for the Company to be able supervise and monitor access to accounts, membership numbers or personal codes of clients efficiently. To prevent unauthorized use. Access, fraudulent use or illegal. Also, to improve the service of the company to be more appropriate and efficient.
– Legitimate Interest
4. For management of Information Technology
Set up an information system to collect data, data processing and data connection with client or representatives.
– Legal Obligation
– Legitimate Interest
Prepare and provide information technology system services to process client information from the use of websites, applications and various social media of the Company such as Facebook, LinkedIn, Twitter, YouTube, Line, etc.
– Legitimate interest
5. To be able to manage develop and implement any in order to be able to conduct business more efficiently
Management of goods and/or services (including websites and applications). Detecting and preventing fraud or other crimes and potential client relationship management. Also, maintenance and use of IT systems.
– Legal obligation
– Legitimate Interest
Measuring the effectiveness of a company’s marketing policies and to measure the effectiveness of the Company’s advertising through various channels.
– Legitimate Interest
6. For task management of complaints, disputes, litigation and risk management
Investigations of fraudulent behavior, fraud, acts that are against the law or public order.
– Legal Obligation
– Legitimate Interest
Taking any action to investigate, prosecute or take any action to exercise contractual and legal rights. Resolving disputes or conflicts that may arise between the Company and the clients in connection with the provision of the Company’s services.
– Legal obligation
– Legitimate Interest
- Disclosure Personal Data of Clients
To carry out the purposes stated in this privacy notice. Client personal data may be disclosed or delivered to various departments within the Company and individuals or external agencies as follows:
6.1 Within the Company client personal data it may only be disclosed or delivered to the departments within the Company that are relevant and have their roles to the extent necessary for the purpose. By these individuals or teams of the Company will be allowed to access the client’s personal data as necessary and appropriate.
- Sales staff or other relevant officials by assigning access rights according to roles and responsibilities.
- Executives or direct supervisors of the Company with responsibility for managing or making decisions about the company. Also, when involved in human resources procedures.
- Various departments or support teams such as Information technology group, administration department, accounting department, purchasing department, Finance Department, etc.
6.2 Outside the Company the Company may disclose client personal data. to external organizations which are business partners of the Company For the purpose of providing services or supplying products in accordance with the needs of customers, including with:
- Bangkok Insurance Public , Ltd.
- Digital Skills Development and Testing Institute (DDTI)
- ICDL Thailand
- DOTARAI Co., Ltd.
- SKYSOFT , Ltd.
- Marketing and Privilege
The Company may use the client personal data for other purposes notified to the client through this privacy notice. And under the requirements of the law the Company may use your first name, last name and contact information such as email address, telephone number including mobile phone number and postal code, for:
7.1 Send client benefits messages about the Company’s products and services, including cross-selling and/or upselling offerings of products or services.
7.2 Loyalty Program or Privilege Program
7.3 Promotional activities and marketing communications including contests, lucky draws, events and various competitions that customers are interested in participating in activities.
7.4 Donations for charitable activities and/or other aspects non-profit.
The above operation the Company may be required to disclose client personal data to personnel and/or business partners of the Company in order to achieve any of the above objectives.
In case of client does not wish to receive marketing information and special privileges, client can notify the Company at any time. However, the client can unsubscribe from receiving marketing emails by clicking on the unsubscribe link as shown at the bottom of each email. The Company will try to speed up the process according to the wishes of the clients as soon as possible.
- Giving Consent and Impact of Withdrawal of Consent
8.1 In the event that the Company collects, uses or discloses personal data under your consent, you are entitled to have the right to withdraw your consent at any time. However, the withdrawal of consent shall not affect the collection, use or disclosure of Personal Data already given.
8.2 Under the Civil and Commercial Code, before giving consent, minors must provide their guardian’s details to the Company. This is to ensure that consent is agreed upon by the guardian as well.
You may withdraw consent for the Company to collect or disclose Personal Data either entirely or partially according to this privacy notice by notifying the Company.
However, if you decide to withdraw the consent given to the Company to collect, use or disclose your Personal Data for other purposes except marketing purpose, the Company may not be able to carry out certain processes or services and/or manage products or relationship or your existing account. That may affect you to lose the benefits in using the Company’s service as same as when you gave your consent for the collection, use or disclosure of personal data to the Company.
- Transfer of Personal Data Overseas
9.1 The Company may transmit or transfer Personal Data to both domestic and international third parties when necessary to perform its contractual obligations that you are a party, or to perform contractual obligations between the company and other persons or other entities for your benefits, or to perform any requests prior to entering a contract, or in order to prevent or deter any danger to your life, body or health or other persons, or to comply with applicable laws and to carry out responsibilities regarding public interest.
9.2 The Company may collect your Personal Data from computers, servers, cloud storage, or file sharing services provided by a third party. The Company may also use third-party applications such as software or platform services for processing your Personal Data. The Company shall not allow any unauthorized, independent, or non-related parties to access this Personal Data. The Company shall require such third parties who do have permission to access this Personal Data to have appropriate measures for data security.
9.3 In the event that it is necessary to transmit or transfer your Personal Data overseas, the Company shall comply with applicable personal data protection laws and implement appropriate measures to ensure that your Personal Data is duly protected and shall be able to exercise your rights related to your Personal Data as permitted by law. In addition, the Company shall require these overseas parties to take appropriate measures for data security. The Company shall also take necessary steps to prevent unauthorized use or disclosure of Personal Data.
- The Collection and Retention Period of Personal Data
9.1 The Company will retain your Personal Data for the required period in compliance with applicable laws, taking into account the necessity, purpose, use and processing for which it was collected.
9.2 The Company will collect, use, and disclose your Personal Data that was collected, even if the relationship with the Company has been terminated. This is allowed by law for the purpose of legitimate interest. The Company will do this in such a way as to make the data non-identifiable, either directly or indirectly. For example, “Anonymous Data” or “Pseudonymous Data” may be used.
9.3 The Company will erase or destroy Personal Data or convert it permanently into anonymous data or other means when the retention period has expired, or when the Personal Data is irrelevant or beyond the purpose necessary for which it has been collected. The Company will also erase or destroy Personal Data in order to comply with your request for such action.
- How the Company Protects Personal Data
The Company will keep the personal data of clients very well in accordance with technical measures and organizational measures. To secure the appropriate processing of personal data and to prevent personal data breaches. The Company has established policies, regulations and criteria for personal data protection. Including measures to prevent recipients of personal data who using, disclose personal data outside the objectives, without authority or wrongful therefore the company has improved the policy such rules and regulations periodically as necessary and appropriate. In addition, executives, employees, contractors, agents, consultants and recipients of personal data from the Company are obligated to maintain the confidentiality of personal data in accordance with the confidentiality measures set by the Company.
- Rights of the Data Subject
12.1 You have the right to perform as follows:
1) Right to withdraw consent You are entitled to withdraw the consent previously given to the Company to collect, use and disclose your Personal Data (whether such consent has been given prior to or after the Personal Data Protection Law was enacted). You may withdraw consent at any time when it is being held by the Company unless there is a rights restriction by law or valid contract.
However, be informed that withdrawing consent may affect in using of products and/or services such as you will be unable to receive benefits, new promotions or offers, unable to receive better products or services that suit to your preferences or unable to receive useful information, etc. It is therefore advised to inquire about the impact before taking this step.
2) Right to access of Personal Data You are entitled to have access to your Personal Data and to request the Company to provide copies of these documents and also have the right to request to reveal how your Personal Data was obtained. However, the Company is entitled to reject such a request based on applicable laws or court orders, or if such a request will adversely affect the rights and freedoms of other individuals.
3) Right to Data portability You are entitled to have the right to obtain your Personal Data which has been processed by the Company in a format that is readable or useable with an automated device and can be used or disclosed via automated means. You also have the right to request the Company to transfer your personal data in such format to another Data Controller if it can be processed via the automated means and to request Personal Data of said format which is directly sent or transferred by the Company to other data controllers unless it cannot be processed due to technical difficulties.
However, the above Personal Data must be Personal Data that you have given consent to the company for collecting, using and/or disclosing or Personal Data that the Company is required to collect, use and/ or disclose in order to use products or services according your wishes that you are a party to the contract with the company or to comply with your request prior the usage of the Company’s products or services or Personal Data as determined by competent authorities.
4) Right to object You are entitled to lodge an objection to the collection, use or disclosure of your Personal Data at any time. However, if this collection, use, or disclosure is undertaken for the legitimate interests of the Company or other persons or entities under your reasonable expectation, or for public interest. If you have lodged an objection, the Company shall continue to collect, use and/or disclose this Personal Data. In this case, the Company must provide compelling and legitimate grounds for such collection, use and/or disclosure that are more important than your fundamental rights or to verify the right according to the law, to comply in accordance with applicable laws or for the litigations as the case may be.
In addition, you are entitled to lodge an objection to the collection, use and/or disclosure of your Personal Data if it was collected/used/disclosed for direct marketing purposes or for the purpose of scientific, historical or statistical studies and research.
5) Right to erasure You are entitled to request the Company to delete or destroy your Personal Data or make it anonymous if you believe that it has been collected, used and/or disclosed illegitimately and is not in compliance with applicable laws or contend that it is no longer necessary for the Company to keep such data according to the objectives of this Privacy Notice or when you have withdrawn consent or lodged an objection. This would apply unless the Company is obliged to collect this Personal Data for the purpose of compliance with the law or establish a legal claim related to the retention of such data.
6) Right to restriction You are entitled to request the Company to restrict or suspend the use of your Personal Data if the Company is conducting an investigation per your request. This also applies in cases where it is no longer necessary for the Company to keep this Personal Data and must delete or destroy your Personal Data in accordance with applicable laws but you request for the restriction instead.
7) Right to rectification You are entitled to correct your Personal Data to keep it accurate, up-to-date, complete and not misleading.
8) Right to file a complaint You are entitled to file a complaint to relevant authorities if you believe that the collection, use and disclosure of your Personal Data violates applicable laws.
If you have concerns or inquiries about the Company’s policies related to your personal data, please contact the Company by using the contact details in Clause 14 of this Privacy Notice. If there is a reason to believe that the Company has violated data protection laws, you have the right to file a complaint with the proper legal authorities or authorities appointed by the Personal Data Protection Committee.
If the Data Subject submits a request to exercise the rights under the Personal Data Protection Law, the Company will proceed with such request within the period specified by law. In addition, the Company reserves the right to refuse or not act upon such request if it is not required by law.
12. The Company has all rights and sole discretion to accept and process your request or to reject it.
Exercising the rights under Clause 12.1 may be restricted by applicable laws, and, in certain cases, there may be compelling reasons for the Company to deny your request or that prevent the Company from complying with your request. These may include compliance with laws, court orders, for the purpose of public benefit or, potentially violate another person’s rights or freedoms. If a request is denied, the Company shall provide the reason(s) for such denial.
- Personal Data Security Measures
The Company prioritizes the security of client personal data as the first priority such as encryption, restriction of access to personal data. To ensure that the Company’s personnel and third parties acting on behalf of the Company are adhering to appropriate personal data protection standards. This includes the obligation to prevent the leakage of information and the Company to take appropriate security measures in relation to the processing of data.
The company has reviewed regularly update the procedures and security measures of the Company’s personal data. To obtain a level of security of personal data suitable for the risk and ensure the confidentiality of personal data, completeness, availability and flexibility of processing personal data on an ongoing basis. Including protection loss and unauthorized collection, access, use, modification, alteration or disclosure of personal data whether the processing of personal data is electronic or document format.
- Links to Third-Party Websites
The Company’s website may have links to social networks, platforms and other websites operated by third parties. The Company attempts to only link to websites that have high standards for personal data protection. However, the Company cannot be held responsible for the content or standards of personal data protection of third-party websites unless stated otherwise. Any personal data provided by you to third-party websites is therefore subject to that website’s data protection policies (if any). Therefore, the Company recommends you carefully read third-party privacy notices and personal data protection policies appearing on these websites.
- Changes to Privacy Notice for Clients
The Company will review this Privacy Notice for Clients regularly to be in line with related procedures, laws, and regulations. The Company shall keep you informed of important changes, or revisions of this Privacy Notice. You are encouraged to periodically check for updates to this Privacy Notice.
In case of client sees that the processing of their personal data is not in accordance with the Personal Data Protection Act B.E. 2562, the client has the right to complain to the Company’s personal data protection officer as follows:
DBC Group Co., Ltd. No. 125/55 Soi Vibhavadi Rangsit 60 Intersection 12, Talad Bang Khen Subdistrict, Lak Si District, Bangkok 10210
- Governing Law
You hereby acknowledge and agree that this Privacy Notice is governed and applied in accordance with Thai laws and that Thai courts have jurisdiction over any disputes that may arise.
Announced on 10 April B.E. 2566(2023)