Privacy Notice for Training, Seminar & Other Activities
DBC Group Company Limited

     DBC Group Company Limited with associated companies (“Company“/ “We“) acknowledges the importance of compliance with the Personal Data Protection Act B.E. 2562 (PDPA) by respecting the privacy of data subjects. In order to achieve this, the Company has decided to create this Privacy Notice to inform you about how we collect, use, and/or disclose personal data. The details are as follows:

1. Definition

2. Who does this Privacy Notice apply to?

2.1 Individuals, such as individuals such as interested parties, prospective participants, past attendees, or participants in the training, seminars, and various activities organized by the company. These activities may take the form of meetings, discussions, training sessions, seminars, live broadcasts, interviews, networking events, questionnaires, surveys, or other formats.

2.2 Individuals, such as employees, staff, personnel, officers, representatives, shareholders, persons with authority, board members, contact coordinators, reference persons, emergency contact persons, and other ordinary individuals associated with the company’s organizational clients. These individuals may participate, have participated, or will participate in the company’s training, seminars, live broadcasts, interviews, networking events, questionnaires, surveys, or other activities.

Collectively, individuals in sections 2.1 – 2.2 are referred to as “You” or “Data Subject”.

3. Personal data that the Company processess

The Company may process various types of personal data, directly from you or indirectly from other sources, with details as follows:

3.1 Personal data: such as title, first name, last name, gender, photograph, date of birth, marital status, ID card number, signature etc.

3.2 Contact data: such as house registration, current address, email, Line id, telephone number, etc.

3.3 Personal information provided by the government: such as ID card number, Passport number, Tax ID number, Company certificate (indicating the names of the company’s directors) or other similar information.

3.4 financial data: such as bank account number Bank account type PromptPay information Payment details, etc.

3.5 Usage data: such as cookies, other technical information from the use of The Company’s platform and operating system, etc.

3.6 Third party information: such as husband, wife, father, mother, siblings, name of certifier, Name of emergency contact, etc.

3.7 Audio and video data: such as still image or moving image data collected from CCTV cameras, such as pictures taken when accessing areas inside the office building, workplaces, events, meetings, or seminars.

3.8 Special categories of personal data: such as criminal record, health data, biometric data, etc.

In cases where the Company is required to collect personal data for contractual purposes, contract performance, or legal compliance, failure to provide such data may result in the Company being unable to fulfill your requests or contractual obligations. Because the absence of such information could lead to non-compliance with applicable laws by either the Company or yourself, potentially resulting in associated penalties.

The Company may request a copy of your identification card or other documents to verify your identity before engaging in legal or other transactions. The information obtained may include special categories of personal data, such as religious beliefs or other special categories information, which the Company does not collect unless consent is obtained from you. The Company will handle this information in accordance with best practices and legal regulations, such as redacting when necessary to protect your privacy and comply with data protection laws.

The Company may also receive personal data from third parties provided by you. For example, this may include details of emergency contact persons or coordinators. The Company will use such information solely for contact purposes. We kindly request that you inform these third parties about this Privacy Notice and obtain their consent if necessary, unless exceptions under the law apply that do not require consent.

The Company will not collect personal data of minors, individuals deemed incompetent, or quasi-incompetent persons, and will not permit them to use its services without consent from their legal guardians or representatives, as applicable, or without relying on any other legal basis. If the Company becomes aware of collecting personal data from these individuals without consent and without relying on any legal basis, it will promptly delete such data.

4. Sourcesof personal data

The Company collects your personal data through the following processes:

4.1 Personal data provided directly to the Company: such as Information appearing in applications for training, seminars, and other activities, including supporting documentation, as well as complaints about organizing activities. Information used to register and build an account or profile with the company via both offline and online methods. Information concerning your engagement with the Company, whether in written communication or speech, including photographs and audio, as well as information that you supply to the company via surveys Giving suggestions or comments via various means, etc.

4.2 Personal data automatically collected by The Company’s systems: when you access its services or websites through electronic devices like mobile phones, computers, or laptops. This data may include device information, IP addresses, browsing history, and other usage details. The Company may utilize technologies such as cookies or similar tools to facilitate this data collection process.

4.3 Information from reliable external or public sources. such as the Department of Provincial Administration, Department of Business Development, commercial resources, websites, social media resources, data providers, agencies or companies or associations or federations related to you or your organization, etc.

4.4 Information about your participation in activities with The Company: such as marketing activities, contests, events or competitions organized by or on behalf of the Company. and/or business partners or partners who participate in activities with the company or are assigned or allowed by the company to do such activities, etc.

5. Legal basesand purpose of processing personal data

The Company processes your Personal Data based on the following lawful bases (Section 24):

1) Consent

2) Archive/statistic/research: this is for the achievement of purposes relating to historical documentation, archives for public interest, research, or statistics.

3) Vital interest: this is for preventing or mitigating a danger to a person’s life, body, or health.

4) Contract: this is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.

5) Public task: this is necessary for the performance of a task carried out in the public interest.

6) Legitimate interest: this is necessary for the legitimate interests of the data controller or any other person or legal entity other than the data controller.

7) Legal obligation: this is necessary for compliance with the law to which the data controller is subject.

When the Company processes your special categories of personal data, it does so based on the following lawful bases (Section 26):

1) Explicit consent

2) Vital interest: This is for preventing or mitigating danger to the life, body, or health of the person when the data subject is incapable of giving consent for any reason.

3) Not-for-profit bodies: This is carried out in the course of legitimate activities by foundations, associations, or any other not-for-profit bodies.

4) Made public by the data subject: This is disclosed to the public with the explicit consent of the data subject.

5) Legal claims: This is necessary for the establishment, compliance, exercise, or defense of legal claims.

6) Compliance with the law to achieve purposes related to:

(a) Health or social care

(b) Public health

(c) Employment, social security, and social protection law

(d) Archiving, research, statistics or other public interest

(e) Substantial public interest

To process your personal data for the following purposes:

1. To contact, communicate, register or verify your identity in training, seminars and various activities of the C
2. To inform your information to the presenter. Moderators, speakers, and related persons for conducting training, seminars, and various company activities.
3. To manage your account and to carry out financial transactions and transactions related to payments, refunds, issuing vouchers, receipts, invoices, processing and following up on the Company’s services. This includes reviewing and confirming and canceling transactions.
4. To contact and communicate, coordinate, provide services, notifications, news, and information about the Company’s services to you. and to process and update your personal information as a user of the Company’s services to keep it current.
5. Provide you with marketing information, alerts, news, and information about the Company’s services. and to process and update your personal information as a user of the Company’s services to keep it current.
6. To manage a variety of service-related issues, such as inquiries, requests, comments, feedback, complaints, demands, disputes, or compensation for damages, etc.
7. To provide assistance and solve technical problems, such as notifying you of the steps to solve the problem. Surveying your opinions and satisfaction with the company’s services or training, seminars, and various activities.
8. To record images, sounds, or moving images of training seminars and various activities organized by the C
9. For public relations Report or disseminate training, seminars, and various activities of the company through various channels to the public, such as the company website. social networks digital platforms, etc.
10. For public relations,report or disseminate training seminars and various activities of the company to you or your organization. Including informing about benefits that you or your organization may be interested in.
11. To conduct training seminars and organize various activities in both general and electronic training formats and/or to issue you with a training certificate.
12. For advertising management public relations Marketing campaigns, analysis, service development Contacting customers to provide advice or offer services Management of advertising media.
13. For compliance with regulations and auditing of the company’s business (Both internal and external inspection)
14. To prevent an imminent danger to yourself or another person’s life, body, or health.
15. To investigate, prevent, or address potential violations of the law, or in situations where there is reasonable suspicion of unlawful behavior or circumstances that could endanger the safety, health, or well-being of others.
16. To adhere to the legal requirements regarding personal data protectionlaw, including but not limited to addressing requests from individuals exercising their data rights, and undertaking additional necessary legal measures.
17. Ensuring compliance with internal policies and relevant laws is imperative. This includes adherence to a range of rules, regulations, and guidelines, such as the necessity of obtaining a business operating license as mandated by law. Responsibilities extend to facilitating communication with governmental bodies, courts, and related agencies, as well as conducting investigations, lodging complaints, preventing unlawful activities, fraud, and upholding regulatory requirements mandated by law.
18. To process personal data for research or statistical purposes, including conducting statistical surveys, research studies, training curriculum design, and enhancing the company’s services.
19. To create a network of personal data protection officers and enhance compliance with personal data protection laws. This involves activities such as disseminating news, organizing seminars, arranging meetings, and managing and publishing class lists.

In this regard, your decision not to provide personal data to the Company may have consequences for you. The Company may be unable to carry out requested actions or fulfill contractual obligations as a result. This could lead to a limitation in the services offered to you, potentially resulting in inconvenience or non-compliance with the terms of the contract, leading to possible damages or missed opportunities. Moreover, in certain instances, the omission of such information may impact compliance with relevant laws, potentially resulting in associated penalties for either the company or yourself.

6. Disclosure of your personal data

The Company may disclose your personal data to the following external parties for the purposes specified in this Privacy Notice: You may also be subject to the privacy notices of third parties. It is recommended that you review the privacy notices of these third parties to learn more about how they process your personal data.

6.1 Third Parties: the Company may engage other companies, agents, or contractors to render services to the Company. Your personal data may be shared by the Company with these third-party service providers, such as:

– Internet infrastructure developers, website and digital service providers,

– Logistics and freight forwarding service providers,

– Audit service providers,

– Training and seminar service providers,

– Data storage, softwares and cloud service providers,

– Consultants

– Affiliated companies,

– Trading partners, and business alliances,

– Prospective buyers of a business,

– Organizers of training seminars,

– Moderators, lecturers and other individuals associated with the company’s training seminars and activities. 

6.2 Government agencies: The Company is obligated to adhere to legal requirements and regulatory obligations, necessitating interaction with various government agencies. These may include Courts, the Revenue Department, and the Royal Thai Police.

7. Cookies and how to use

When you visit the Company’s website, certain data may be automatically collected from you through the use of cookies.

Cookies are data specifically associated with your computer when you visit a website, and cookies will collect or track information about your website usage and use it for analyzing trends, managing the website, tracking user movement on the website, or remembering user settings. Some types of cookies are necessary cookies because without these necessary cookies, the website may not function properly, and other types of cookies enable the company to improve your website browsing experience, customize content according to your preferences, and make website navigation more convenient since cookies remember usernames (in a secure manner) as well as language settings.

Normally, most web browsers will prompt you to configure whether you accept cookies or not. If you choose not to allow tracking by cookies or delete cookies, it may affect your website usage. Without cookies, certain website functions or parts of the website may be limited.

In addition, Furthermore, external parties may use cookies through the company’s website to present advertisements relevant to your interests based on your browsing history. These external parties may collect and compile information to understand how you access the website, and which web pages you visit after leaving the company’s website. The data collected through these automated systems may be related to the personal information you provided previously on the company’s website. In addition, you may also be subject to the privacy policies or cookie policies of these external parties. Therefore, the company recommends that you read the privacy policies or cookie policies of these external parties to learn more about how they process your personal data.

8. Sending or transferring personal datato a foreign country

In cases where it is necessary to send or transfer your personal data to foreign countries, The Company will comply with the Personal Data Protection Act (PDPA) and implement appropriate measures to ensure that your personal data is protected. Additionally, The Company will ensure that you can exercise your rights regarding your personal data as required by law.

9. Retention period of your personal data

9.1 The Company will store your personal data for as long as necessary, considering various needs and objectives, including compliance with applicable laws and/or ISO (International Organization for Standardization) requirements. For example, The Company may retain your personal data for up to 10 years as prescribed by law.

9.2 The Company will continue to process your personal data even if you terminate your relationship with the company, as necessary under the law for legitimate interests or process it in a form that does not identify individuals directly or indirectly, such as ‘Anonymous Data.

9.3 The Company will regularly conduct audits to proceed with the deletion or destruction of personal data, making it permanently impossible to identify the data subject, or by other means to eliminate all personal data when the retention period has expired or when it is irrelevant or exceeds the necessity for the purposes of processing such personal data, or when the company is required to comply with your request for the company to delete your personal data.

10. Rights of the data subject

10.1 Right to withdraw consent: you may withdraw consent at any time while the Company holds your data unless the Company is legally entitled to refuse your request.

10.2 Right to access personal data: you have the right to access your personal data and request The Company to provide a copy of such data. Additionally, you can ask the Company to disclose details about how it obtained your information. unless the Company is legally entitled to refuse your request.

10.3 Right to have personal data portability: you have the right to obtain your personal data in a structured, commonly used, and machine-readable format for your own purposes, unless it is technically infeasible to do so.

10.4 Right to object to data processing: you have the right to object to the processing of your personal data at any time. Unless the Company is legally entitled to refuse your request. 10.5 Right to request deletion of personal data: you have the right to request the erasure or destruction of your personal data or to make it no longer identifiable. unless the Company is legally entitled to refuse your request.

10.6 Right to request restriction of use of personal data: you have the right to restrict the processing of your personal data while the Company verifies your request for rectification or objection, or if the data is no longer needed but you request to keep it.

10.7 Right to retification of personal data: you have the right to request the Company to rectify, update, complete, or correct your personal data to ensure it is accurate, up-to-date, complete, and not misleading.

10.8 Right to Complain: You have the right to make a complaint to the expert committee of PDPA if you reasonably believe that the processing of your personal data is unlawful.

If you have any questions about The Company’s procedures, please contact us by using the contact details as in items 15 of this Privacy Notice.

If you submit a request to exercise your rights under the Personal Data Protection Act (PDPA), once the Company receives such a request, it will process it within the timeframe specified by law. The Company may accept or reject your request and proceed accordingly, adhering to legal requirements, such as compliance with legal obligations or court orders, or acting in the public interest. Additionally, the Company may reject your request if exercising the right would infringe upon the rights or freedoms of others. If the Company rejects your request, it will provide you with the reasons for such rejection. 

11. Security measures to maintain personal data

The Company will maintain the security of your personal data in compliance with technical, physical, and organizational measures to prevent any violations of personal data as stipulated by the Personal Data Protection Act (PDPA). Additionally, the Company will regularly review and update these measures to ensure their effectiveness and compliance with regulatory requirements. 

12. Links to third party websites

When using the Company’s application or website services, you may encounter links to social networks, platforms, and other websites operated by third parties. While the Company strives to link only to websites that uphold privacy standards, we cannot guarantee the content or privacy standards of these third-party sites unless specifically stated. You will be subject to the privacy notice or policy of the third-party website (if applicable). We encourage you to review and adhere to the personal data protection announcements or policies displayed on these websites, as they are distinct from those of the Company.

13. The personal data collected before PDPAbecomes enforced.

As the Company has collected, used, and/or disclosed your personal data provided to the company by any means due to the relationship between you and the Company, whether as an employee, contractor, customer, business partner, business associate, shareholder, or member of the company’s board of directors, or any other capacity before the effective date of the Personal Data Protection Act, the Company hereby informs you that it will continue to collect and use such personal data for the original purposes for which the company collected and used them before.

The Company will not disclose such personal data to any other individuals unless consent is obtained from you or unless permitted by law to do so.

If the Company intends to process your aforementioned personal data for purposes beyond the original objectives for which they were collected and used before the effective date of the Personal Data Protection Act, the Company will notify you and will process your personal data according to the principles and methods stipulated by law. You may refer to the privacy policy for further details regarding the collection, use, and/or disclosure of your personal data.

In this regard, if you do not wish for the Company to continue collecting and using the aforementioned personal data, you have the right to withdraw your consent provided to the company before the effective date of the Personal Data Protection Act. You can do so by contacting the Company using the details provided in this Privacy Notice.

14. Changes to the Privacy Notice

The Company will regularly review and update this Privacy Notice to reflect any changes in relevant rules, laws, and regulations. Should any modifications occur, we will promptly notify you and provide the most recent version of the notice through our website and the appropriate channels. We recommend that you stay informed by checking for updates regularly.

15. Contact channels

If you have any questions or wish to inquire about the processing of personal data or exercise their rights related to personal data as outlined in this Privacy Notice, you can contact us using the details provided below:

16. Applicable law

You acknowledge that this Privacy Notice is governed by and subject to enforcement and interpretation under Thai law. Any disputes that may arise shall be within the jurisdiction of the Thai courts.

Published on 1 February 2024