Internet Thailand Public Company Limited (the “Company”) realizes the importance of Personal Data of related persons, both internal and external, and commits to strictly comply with the Personal Data Protection Act B.E. 2562 (the “PDPA”) and relevant regulations. The Company, therefore, establish the following Data Protection Policy for handling and protection of Personal Data.
“Company” means Internet Thailand Public Company Limited
“Person” means An alive individual person (not included “Juristic Person” incorporated by law)
“Personal Data” means Any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, such as name, surname, address, contact details, identification card number, passport number, etc.
Personal Data excludes business contact information such as company name, company address, company registration number, company email address (firstname.lastname@example.org), etc.
“Sensitive Data” means Information that is genuine personal matter of the Person which is sensitive and may be at risk of unfair discrimination such as race, ethnic, origin, etc.
“Data Subject” (Data Subject) means Any individual person who can be identified, directly or indirectly, via an identifier such as a name, identification card number, or via factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity
“Processing” means The operations in relation to the collection, use, disclosure, amend, or transfer of the Personal Data
2. Collection and Purposes of the Collection
The collection of Personal Data shall be limited to the extent necessary in relation to the lawful purpose of the Company. In collecting of the Personal Data, the Company shall inform the Data Subject, prior or at the time of such collection, of the following details;
2.1 The purposes of the collection
2.2 Details of Personal Data to be collected
2.3 The possible effect where the Data Subject does not provide Personal Data in case his or her Personal Data is required for compliance with a law, or contract, or where it is necessary to provide the Personal Data for the purpose of entering into the contract.
2.4 The categories of persons or entities to whom collected Personal Data may be disclosed
2.5 The rights of the Data Subject
The collection, use, or disclosure of Personal Data shall not be conducted in a manner that is different from the purpose previously notified to the Data Subject, unless the Data Subject has been informed of such new purpose, and the consent is obtained prior to the time of collection, use, or disclosure.
3. Use or Disclose of Personal Data
The Company shall use or disclose Personal Data as necessary according to the purpose notified to the Data Subject prior to or at the time of such activity, unless:
3.1 It is for the purpose relating to research or statistics, in which the suitable measures to safeguard the Data Subject's rights and freedoms are put in place.
3.2 It is for preventing or suppressing a danger to a Person’s life, body or health.
3.3 It is necessary for the performance of a contract to which the Data Subject is a party, or in order to take steps at the request of the Data Subject prior to entering into a contract.
3.4 It is necessary for the performance of a task carried out in the public interest of the Company.
3.5 It is necessary for the investigation by the competent officers in compliance with the law, or for the adjudication in the court.
3.6 It is necessary for compliance with a law to which the Data Controller is subjected.
4. The Company shall provide appropriate security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of Personal Data.
5. The Company shall review the security measures when it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety, at least once a year. It shall also be in accordance with the minimum standard specified and announced by the Personal Data Protection Committee.
6. The Company shall put in place the procedures and rules in the circumstance where the Personal Data is to be provided to other Persons or legal persons, apart from the Company, the Company shall take action to prevent such person from using or disclosing such Personal Data unlawfully or without authorization.
7. The Company shall put in place the examination system for erasure or destruction of the Personal Data when the retention period ends, or when the Personal Data is irrelevant or beyond the purpose necessary for which it has been collected, or when the Data Subject has request to do so, or when the Data Subject withdraws consent, except where the retention of such Personal Data is for the purpose of freedom of expression, or for the following proposes;
8. The Company shall notify the Personal Data Protection Office of any Personal Data breach without delay and, where feasible, within 72 hours after having become aware of it, unless such Personal Data breach is unlikely to result in a risk to the rights and freedoms of the Persons. If the Personal Data breach is likely to result in a high risk to the rights and freedoms of the Persons, the Company shall also notify the Personal Data breach and the remedial measures to the Data Subject without delay. The notification and the exemption to the notification shall be made in accordance with the rules and procedures set forth by the Personal Data Protection Committee.
9. The Company shall designate, in written, a Data Protection Officer to give advices with respect to compliance with the PDPA, to investigate the performance of the Company with respect to the collection, use, or disclose of the Personal Data for compliance with the PDPA, to coordinate and cooperate with the Personal Data Protection Office in the circumstance where there are problems with respect to the collection, use, or disclosure of the Personal Data with respect to the compliance with the PDPA, to keep confidentiality of the Personal Data known or acquired in the course of his or her performance of duty under the PDPA. In the event that there is any problem when performing the duties, the Data Protection Officer must be able to directly report to the Chief Executive of the Company.
Internet Thailand Public Company Limited, located at 1768 Thai Summit Tower, 10th – 12th Floor and IT Floor, New Petchburi Road, Bangkapi, Huaykwang, Bangkok 10310
Tel: 0 2257 7000
Email : DPCemail@example.com DPOfirstname.lastname@example.org
Website : www.inet.co.th