For personal data collected prior to the effective date of Personal Data Protection Act B.E. 2562, we can continue to collect and use them according to the previous purposes that we are informed about. However, in case the collection and use are not within the previous purposes, the collection and use must be complied with Personal Data Protection Act B.E. 2562.
Article 2. Definition
“Personal Data” means any information relating to a person which can be identified, directly or indirectly, however, does not include information of the deceased in particular.
Nonetheless, Personal Data does not include non-personally identifiable business contact information, such as, company name, company address, company registration number, office phone number, office email address using for work purpose (for example, email@example.com), anonymous data or pseudonymous data, information of the deceased, etc.
“Sensitive Data” means Personal Data related to race, ethnicity, political opinions, personal belief on cult, religion or philosophy, sexual behavior, criminal records, health information, disability, information of labor union, genetic data, biological data, or any other data that affects the Data Subject in a similar manner as specified by the Personal Data Protection Committee.
“Processing” means any processing of Personal Data, such as, collecting, recording, organizing, structuring, retaining, updating, changing, recovering, using, disclosing, forwarding, publishing, transferring, merging, deleting, destroying.
“Data Subject” means a natural person who owns Personal Data.
“Data Controller” means a natural person or juristic person with power and duties to make a decision regarding collection, use and disclosure of Personal Data.
“Data Processor” means a natural person or juristic person who proceeds with the collection, use or disclosure of Personal Data under orders given by or on behalf of Data Controller, whereby the person who proceeds as such is not Data Controller.
“Cookies” means a small file of a computer to temporarily store necessary Personal Data on the computer of Data Subject for convenience and speed of communication which is effective only while using the website system.
Article 3. Personal Data Collected by the Company
3.1 We may collect the following Personal Data:
3.1.1 Personal Information. title, full name. gender, age, occupation, qualification, job title, position or status, business type, nationality, country of residence, date of birth, marriage status, information on the card issued by government agencies (for example, ID card number, social security number, passport number, tax identification number, driving license information or similar identification documents), house registration number, signature, voice, audio, photograph, picture, video recording, video clip, KYC/e-KYC, credibility information (including but not limited to credit standing and financial institutions) from the National Credit Bureau Reliability Assessment Service Provider which is used to assess reliability risk management and credit modeling, bankruptcy detail, household income, salary, personal income or other personal information provided by Data Subject to us.
3.1.2 Contact Details. address, delivery details, billing details, address for submitting invoices, telephone number, mobile phone number, facsimile number, office phone number, email address, LINE id, Facebook ID, Google ID, Twitter ID and other accounts on social media.
3.1.3 Financial Information. credit/debit cards details, banking details, type of credit card, date of issuance and date of expiry, billing cycle, account details, payment history, risk profile for business partners, credit rating and solvency, information in accordance with the declaration of suitability, and other financial information.
3.1.4 Marketing and Communication Information. Your desire to receive marketing information from us, from our business partner, or other companies, your preferred form of communication, your wish list items, record of notification of our promotions of products and services or other marketing information and other communication form including information related to use of website, platform, good and services of employees and Q&A records.
3.1.5 Profile Details. Username and password, profile, expense, details related to products and services (previous orders, purchased items, cancellation order, online order, purchase number), financial record, PIN, information related to your area of interest and preference, feedback and survey result, satisfaction survey, social media usage, activity attendance record, your usage of discount code and promotion for customer, purchase detail, customer service detail.
3.2 We have no policy to collect your Sensitive Data. However, in case it is necessary to collect such Sensitive Data, we will request for your explicit consent prior to our collection, unless the applicable laws allow us to collect the Sensitive Data without consent.
3.3 You agree not to send untrue and/or misleading information to us. You further agree to inform us if there is any untrue information or any change of information. We reserve the right to request for further information or document(s) to verify information provided by you, as we view appropriate.
Article 4. The Collection of Personal Data belongs to the Minor, the Incompetent Person and the Quasi-Incompetent Person
We will collect data belongs to the minor, the incompetent person, and the quasi-incompetent person only upon receipt of consent from he or she who exercises paternal power, the guardian, and the curator, respectively. We will not collect the data of the customer we know that they are under 20 years old, or of the customer of the incompetent person and the quasi-incompetent person, if the consent is required but there is no consent from he or she who exercises paternal power or the guardian and the curator, as the case may be. If we become aware of the fact that we unintentionally collect data from those who are under 20 years old, incompetent person or quasi-incompetent person, we will immediately delete such data or Processing only the data we have rights under the applicable laws to do so without consent.
Article 5. Source of Personal Data
We collect or receive Personal Data from the sources below:
5.1 Personal Data provided directly by you
We collect Personal Data from Data Subject directly through various service channels: (1) when you access and/or use our service platforms; or register an account with us;
(2) when you submit form, including but not limited to registration form or other form relating to our products and services both online form or paper form;
(3) when you enter into an agreement with us, provide us your information for communication between us or when you use our products and services;
(4) when you contact us, such as, telephone communication (which will be recorded), letter, facsimile, face to face meeting, social media platform, email address and when you contact our customer service agents;
(5) when you use our online services or contact us via online platforms, website, application or use our services, including but not limited to, using Cookies, which we may be applied when you use or access application and website;
(6) when you grant us a permission from your device to disclose your information to our application or platform of ours;
(7) when you connect your user account with our platform or social media account or other accounts of yours, or using social media features within service policy of such service providers;
(8) when you make a transaction through services provided by us;
(9) when you provide your feedback or make a complain to us;
(10) information we collect as a result of Data Subject’s use of our website, products and services under the contract between us, for example, to track behaviors of the Data Subject when he or she uses our website, products, services through the application of Cookies or through software on the device of Data Subject; and
(11) when you provide your Personal Data to us for whatever reasons.
5.2 Personal Data Collected from Other Sources
5.2.1 Example of other sources we collect your Personal Data: public information, information from mother company or affiliate company (receipt of information from service provider we engaged to collect Personal Data on our behalf), business partnership, agencies we provide our services (including website and social media of such agencies), official sources of government agencies those have reliable database relating to people, other government agencies (Bank of Thailand, Revenue Department, Anti-Money Laundering Office, Office of Insurance Commission, Legal Execution Department, Ministry of Commerce, Security and Exchange Commission, Land Department, Court), and other third party (customer referral, customer representative or other person authorized by the customer)
5.3 Automated individual decision-making, including profiling
We may use automated technology to collect personal data. When using our website and/or application through computer and/or mobile devices This automated technology may include cookies, web beacons, pixel tags and other similar tracking technologies. There are details are as follows;
(1) Personal information provided through the website and/or application of the product, including name, address, telephone number, Social Media Handle.
(2) Personal data collected for marketing activities on other websites or on applications or social media. when participating in promotions or campaigns or other similar programs to make history.
(3) Information collected automatically through computer system monitoring, including IP address, browser usage. or operating system Website pages visited and the source website from which the visitor links to the website; and
(4) Information about the exact location including real-time geolocation data from a mobile device or computer and geolocation-based services. Location-Based Services may use GPS signals (GPS), Bluetooth signals and IP addresses in conjunction with public Wi-Fi Hotspots; and Location of cell towers (Cell Tower) and other technologies to determine the approximate location of the device.
Article 6. Quality of the Data
We collect your Personal Data for Processing according to our purposes and missions. We consider the correctness, completeness and up-to-date of the data, in order to collect the Personal Data.
Article 7. Purposes of Processing the Personal Data
We may collect, use and disclose your Personal Data for the following purposes:
7.1 To create, improve, manage and deliver products and services, benefits and privileges
7.2 To provide you with our services including but not limited to processing any of your transactions.
7.3 For the preparation of the database and history of our service through the service, whether through any contact channels.
7.4 To publicize the content that is information from us which has sent to you Including the preparation of promotional programs related to the content that is suitable for you.
7.5 For analysis, processing, marketing promotion activities, research and sales, including product publicity and services whether it is from us or our affiliates, partners, business partners or of others via notification via mobile device screen, SMS or social media.
7.6 To be used to improve the service Improvements to our website and application to suit the needs of service users and effectively.
7.7 To be a communication channel for receiving feedback, feedback from viewers to improve the content of our channel to meet the needs of service users
7.8 To be a channel for contacting users who participate in the fun and answer questions in the prize draw list from us.
7.9 For the management of your user account registered in our system. To develop and improve the use of the website and its applications to be more user-friendly and efficient.
7.10 To perform the contract Terms and Conditions made to users
7.11 To comply with laws and regulations of government agencies such as the Personal Data Protection Act, Electronic Transactions Act, Civil and Commercial Code, Criminal Code, Civil Procedure Code and Criminal Procedure Code, etc.
7.12 To send publicity advertisements, coupons, news and other information concerning our promotion or special events directly to you on the website and/or application. You may opt out of receiving certain types of advertising messages by following the instructions provided.
7.13 For marketing communications related to products and services from us including our partners and non-commercial use of information.
Article 8. The Processing of Personal Data
Our Processing of your Personal Data shall be done within purposes and scopes. The Processing shall also be done with lawful, transparent, and fair methods according to the following basis.
8.1 The Collection of Personal Data
The collection of Personal Data can be done within a specific purpose and only to the extent necessary in accordance with the purpose or can be done for the benefits directly related to the purpose of such collection. On or before the collection, the Data Subject must be informed of the following:
(1) Purpose of the collection;
(2) Personal Data to be collected;
(3) Potential impact, in case the Data Subject chooses not to provide Personal Data when he or she is required to provide Personal Data to comply with applicable laws or contracts or for entering into the contract;
(4) Types of persons or agencies those Personal Data may be disclosed to; and
(5) Rights of Data Subject.
8.2 The Use of Personal Data
8.3 The Disclosure of Personal Data
8.3.1 We may disclose your Personal Data to the third party for improvement of services quality, for providing any convenience to you correctly and continuously, or for you to make the transaction successfully and with the maximum benefit. The disclosure of Personal Data will be limited to the purpose or necessary for the benefit that is directly related to the purpose and the consent of Data Subject must be obtained prior or at the time of disclosure, except the below, which we may not request for consent:
(1) for the benefit of planning or statistics or censuses of government agencies;
(2) to prevent or suppress threatening a person’s life, body or health;
(3) it is a public disclosure according to the applicable laws;
(4) for the benefit of the investigation by the competent legal officer or in the trial and adjudication of the court; or
(5) it is required by the applicable laws or by court order
(1) the disclosure to our affiliate companies, partners, business partners, subsidiaries and/or third party service provider in order to provide you our services and offer you benefits and other services of ours as well as to develop our products and services, such as to analyze information, to process the information, to process the credit card, to provide IT services and to prepare related infrastructures, to develop customer service platform, to send email/SMS, to develop website, to develop mobile application, to reinsurance, to conduct satisfactory survey and research, to manage customer relationship. However, there will be confidentiality agreement to ensure that Personal Data will be kept confidential. In case the recipient of information is a juristic person, such a juristic person must have an acceptable personal data protection standard.
Our Affiliate companies which we may disclose your personal data are as follows;
Agency for Real Estate Affairs Co., Ltd.
Area Wow Co., Ltd.
FIABCI-Thai, INTERNATIONAL REAL ESTATE
Thai Real Estate Business School
(2) the disclosure to government agencies, government, or other legal organizations to comply with applicable laws, order, request or to coordinate with related agencies for legal compliance matters.
In this case, we will require the recipient of Personal Data to take appropriate measures to protect your Personal Data appropriately, to Processing only where necessary and to implement a protection measure to prevent unauthorized use and disclosure.
Article 9. The limitation on use and/or disclosure of Personal Data
9.1 We will use and disclose your Personal Data only upon receipt of your consent. The use and disclosure have to be in accordance with the purpose your consent is provided for, We will take appropriate measures to ensure that our employees, staffs and operators will not use and/or disclose your Personal Data beyond the purpose your consent is for, except:
9.1.1 It is required by the applicable laws, such as Personal Data Protection Act, Electronic Transaction Act, Telecommunications Business Operation Act, Anti-Money Laundering Act, Civil and Commercial Code, Criminal Code, Civil and Commercial Procedure Code and Criminal Procedure Code.
9.1.2 It is for the benefit of investigation of the inquiry officer or for the benefit of the trial of the court.
9.1.3 It is for your own benefit and the request for your consent could not be made at that time.
9.1.4 It is necessary for our legitimate interest or the third party’s legitimate interest.
9.1.5 It is necessary to prevent or suppress harm to a person’s life, body, or health
9.1.6 It is necessary for the performance of the contract to which the Data Subject is a party or for the execution of Personal Data’s request prior to entering into such contract.
9.1.7 to achieve objectives related to historical documentation, public interest, benefit of the study, research, statistics preparation which has provided appropriate measures on Personal Data protection.
9.2 We may use IT services of third-party service providers for storage of Personal Data. Such third-party service providers must have appropriate Personal Data security measures and must not collect, use or disclose Personal Data beyond the scope we instruct.
Article 10. Third-Party or Subcontract Service Provider
We may authorize or engage third parties (for Processing Personal Data) to Process Personal Data instead of us or on behalf of us. Such third parties may offer various services, such as Hosting, Outsourcing, Cloud computing service/provider or etc.
To authorize the third party to Processing the Personal Data, we will require an agreement to deal with rights and obligations of ours, as Data Controller, and of the authorized person, as Data Processor. Such agreement shall also deal with details and types of Personal Data we authorize the Data Processor to Processing as well as purpose and scope of Processing and other related conditions and arrangements. The Data Processor has duty and obligation to Processing within the purpose and scope and as instructed by us only. The Data Processor is not allowed to Processing for other purposes.
If the Data Processor subcontracts the Processing, instead of or on behalf of the Data Processor, to its subcontractor (Sub-Data Processor). We will supervise the Data Processor to have an agreement with the Sub-Data Processor in the form and standard not lower than the agreement between us and the Data Processor.
Article 11. Cross-border Personal Data Transfer
We may transmit or transfer Personal Data of yours cross-border to our affiliate companies or third party company or to the recipient of Personal Data which are normal course of our business, such as, transmission and transfer of Personal Data to be stored on server/cloud in some countries, if doing so is necessary for performance of our contractual obligations to which you are a party; to perform our contractual obligations under the contracts between us and other natural or juristic person for the benefits of Data Subject; to proceed as per your request prior to entering into the contract; to prevent or suppress a danger to life, body or health of yours or any other person; or to comply with laws or as necessary to carry out mission for public interest.
In the event that the destination country has insufficient standards for personal data protection, we will ensure that the transmit and transfer of Personal Data are in compliance with applicable laws and will take necessary measures to protect Personal Data that are deemed necessary and appropriate in accordance with confidentiality standards, for example, to require confidentiality agreement from recipient in the destination country, or if the recipient is an affiliate, we may choose to implement a personal data protection policy that has been reviewed and approved by relevant legal authority and ensure that the transmission and transfer of Personal Data to the said affiliate is in compliance with personal data protection policy instead of taking action as required by the laws.
Article 12. The collection and retention period of Personal Data
We will delete, destroy, or make the Personal Data unidentifiable after expiration of the retention period or when we view it is not necessary to retain your Personal Data.
Article 13. Security Measures to Protect the Personal Data
Security of the Personal Data is our priority. We implemented appropriate technical and administrative security measures to prevent the loss of Personal Data, the unauthorized access, use or disclose, the misuse, the modification and the destruction. Examples of our technology and process for security of Personal Data are encryption and access restriction to ensure that there are only the authorized persons who can access your Personal Data and these persons are well-trained about the importance of Personal Data protection.
We implemented appropriate security measures to prevent the loss, the unauthorized access/use/change/modification/disclosure of the non-related party or unauthorized party. We also review the measures as necessary or when there are changes in technology to ensure appropriate security performance. However, we will not be liable for any loss resulting from the Data Subject or authorized person of Data Subject’s use or disclosure of Personal Data to any third party, including negligence or ignoring the log out system.
Article 14. Rights of Data Subject
You, as the Data Subject, have rights to (1) withdraw your consent given to the Company for Processing Personal Data (2) access to and receive copy of your Personal Data that we collect, use and disclose (3) request for data portability (4) object the Processing of your Personal Data (5) request for erasure of Personal Data, deletion of Personal Data or make the Personal Data unidentifiable (6) request to suspend the use of your Personal Data (7) request to rectify your Personal Data to be up-to-date, complete and not misleading (8) lodge a complaint, if you view that the company or the company’s staff or representative have violated your rights under Personal Data Protection Act B.E. 2562.
Any request to exercise your abovementioned rights must be done in writing. The company will use its best efforts to process your request within the appropriate timeline and within the period prescribed by the applicable laws. The company will take actions as prescribed by applicable laws relating to your rights as Data Subject.
Your right under Article 14.1 may be limited by related laws. Please be informed that there are instances where it is necessary that we may refuse or unable to act on your request, such as it is the duty of the company to perform as required by the laws or the court order, for the public interest or in case the exercise of your right violates other’s right and freedom etc. In case the company rejects your request, rest assured that the Company will elaborate the reasons.
The company reserves the rights to charge services fee relating to and necessary for the company’s action as per your request to exercise your rights.
We may use some of your personal data for marketing purposes and personalizing to serve your interests. You may be informed about the activities, Promotional offers, products and services you may be interested in. You can cancel the notification of such information from the company any time.
Article 16. Cookies
“Cookies” is information we send to the computer or device of a Data Subject through a web browser when the Data Subject accesses the website or other online channel of ours and installs such information in the system of Data Subject. Using Cookies will allow our website to save and remember the data of Data Subject until the Data Subject leaves the web browser; until the Data Subject deletes such Cookies; or until the Cookies is not allowed by Data Subject to function.
Data Subjects will be more comfortable when using services on our website, if Cookies are used. The reason is Cookies will help memorize websites accessed by the Data Subject. In this regard, we may request your consent for using information collected or stored by Cookies in the following cases:
(1) for the system to display information or allow the Data Subject to access certain services, such as notifying or sending instructions to us; processing or raising a query relating to the insurance policy; or changing personal information (password, email address, mobile phone number etc.)
(2) in order that we can provide news or publication about us and our services that are beneficial and appropriate to each Data Subject
(3) to be used as preliminary information for improvement of the content and services of website in accordance with the needs of Data Subject as much as possible
(4) to be used for statistical analysis or for our other activities.
Article 18. Link to Third Party’s Website
By using our application or website, you agree that it may contain links to social networks, platforms and other websites operated by third parties. It is our attempt to link to the websites that have appropriate standards to protect personal data, however, the Company has no responsibility to the content or standard of personal data protection of those websites unless otherwise agreed. You acknowledge that the information provided by you to such a website of a third party will be collected by such a third party and the Personal Data will be processed according to such third party’s policy (if any). In this case, we cannot control and, therefore, cannot be responsible for the use of your Personal Data by such a third party.
Article 19. Communication Channel
Details of Data Controller
[Telephone] 0 2295 2294
Details of Data Protection Officer
Name: Thai Real Estate Business School Co., Ltd.
Address: No. 5/15 Nonsri Rd., Chong Nonsi,
Yannawa, Bangkok, THAILAND 10120
[Telephone] 0 2295 2294
Article 20. Governing Law
Announced on 1 May 2022