Personal Data Protection Policy
Grand Unity Development Company Limited places great importance on the protection of personal data and has created this Personal Data Protection Policy for the purpose of elaborating how personal data is managed and to build confidence with the Personal Data Subjects that the Company is handling their personal data in accordance with the provisions of the applicable law.
This Personal Data Protection Policy is intended to inform you, the Personal Data Subject, of the purposes, collection, usage and/or disclosure of your personal data (hereinafter collectively referred to as “Processing”), as well as the legal rights of Personal Data Subjects related to Personal Data. Therefore, the Company invites you, the Personal Data Subjects, to study and comprehend the personal data protection policy in detail.
1. Definition
Unless otherwise defined herein, all capitalized words used in this policy shall have the meaning specified as follows:
1.1 “Personal Data Protection Law” means the Personal Data Protection Act, B.E. 2562 including amendments, decrees, regulations, orders, notifications, rules, and any relevant laws.
1.2 “Services” means to sell, purchase, hire, and services or any activities related to the services provided to the Personal Data Subject by the Company.
1.3 “Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular, such as, identification card number, address, physical and mental identity, social, economic or cultural identity information.
1.4 “Company” means Grand Unity Development Company Limited as the subsidiary of Univentures Public Company Limited.
1.5 “Affiliate” means any company in which the Company or Univentures Public Company Limited owns 50% or more of the total issued shares (first-tier subsidiary), including any other company in which the first-tier subsidiary and/or subsidiaries in the next hierarchy own 50% or more of the total issued shares, and shall include the definition of the affiliated company in accordance with the regulations stipulated by the regulatory authorities at present or in the future.
1.6 “Data Controller” means a person, or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of Personal Data.
1.7 “Personal Data Subject” means a person, company’s directors, a person acts on behalf of the company including representatives of such person receiving the Services provided by the Company.
2. Collection of Personal Data
The Company collects Personal Data from the Personal Data Subject both directly and indirectly as follows:
2.1 Personal Data that the Personal Data Subject or the representative of the Personal Data Subject delivers to the following persons:
2.1.1 The Company
2.1.2 Affiliates of the Company
2.1.3 Associates of the Company
2.1.4 Companies within the Company's business group; and
2.1.5 Business partners of the Company
2.2 The provision of Services using one or more of the Company’s channels, such as telephone services;
2.3 The provision of Services via the internet, online connection, including, the use of the Company’s website, applications, on line social media;
2.4 Sources of information other than the Personal Data Subject directly, e.g. government agencies, Affiliates, the Company’s contractual partners, etc. which the Company collects from other sources with the consent of the Personal Data Subject and in accordance with the provisions of the applicable law, except in the case that the Company is required to do so as permitted under the applicable law.
In the event Personal Data of another person has been provided to the Company, the Personal Data Subject warrants that the Personal Data Subject has the right and/or has obtained consent from such person to disclose such Personal Data and has fully complied with the Personal Data Protection Law.
3. Types of Personal Data Processed
General Personal Data
General Personal Data is data which can be used to identify the Personal Data Subject, whether directly or indirectly and the Company processes such Personal Data of the Personal Data Subject as follows:
3.1 Personal data e.g., name, surname, gender, age, date of birth, marital status, address, job.
3.2 Contact information, e.g., residential address, place of work, telephone number, Line ID, email address.
3.3 Data that identifies your location while using a website. If the GPS System is enabled, it is deemed that the Personal Data Subject consents for the Company to collect and evaluate your location while using the website. If you want to turn off the location function, the Personal Data Subject can install a program or turn off the GPS function on your mobile phone.
3.4 Data based on computer or communications equipment such as:
3.4.1 Cookies, i.e., data sent from a website to a computer when you visit, enter and interact with the Company’s website
3.4.2 IP Address
3.4.3 Web Browser used to provide access
3.4.4 Webpage
3.4.5 Websites that refer to the Company’s website
3.4.6 Connectivity data using the website’s connection.
3.4.7 Online network connection
3.5 Data regarding Services used (depending on the services used by the Personal Data Subject on the website) e.g. registration to receive information in an electronic format, information related to whistleblowing or complaints, information relating to job applications, information regarding communication through the website and any other information regarding the Personal Data Subject’s activities on the website, including information about the computer and connectivity information using the website’s connection.
3.6 Other data e.g., sound, pictures, video, photographs and closed circuit television recording pictures.
3.7 Other data that may be deemed to be Personal Data under the Personal Data Protection Law.
Special Personal Data
It is a special categories of Personal Data as stipulated in Section 26 of the Personal Data Protection Act, B.E. 2562 such as race, ethnic origin, political opinions, belief, religion, or philosophy, sexual orientation/identity, criminal record, health data, handicap, trade union information, genetic data, biometric data, or any data which may affect the Personal Data Subject in the same manner, the Company will process such Personal Data to the extent required by law and notify the Personal Data Subject prior to or at the time of Processing of such Personal Data according to the conditions prescribed by law.
4. Purpose of Processing of Personal Data
The Company is entitled to process Personal Data of the Personal Data Subject for the purpose of the Services provided by the Company as well as to comply with the laws which the Company and/or the Personal Data Subject are required to comply with and for the other purposes as provided in this policy as follows:
4.1 To provide Services required by the Personal Data Subject.
4.2 To comply with contractual obligations with the Personal Data Subject including the contractual partners of the Company to improve and develop the Services provided by the Company to be efficient.
4.3 For the purpose of communication, e.g., warning notification, to respond when contacted by the Personal Data Subject.
4.4 To verify the identity of the Personal Data Subject, whether for the purpose of recruiting, identification of the person making the contact, entering or exiting the office for security purposes.
4.5 When the Personal Data Subjects give their explicit consent, the following purposes will be provided:
4.5.1 To announce various information regarding the Company, Affiliates and/or its associates as well as to provide services and special privileges related to such Services.
4.5.2 To provide information regarding products and services and activities of the Company.
4.5.3 For direct marketing.
4.5.4 For market research, analysis of the behavior and interests of the Personal Data Subject for marketing purposes as well as other services that may be offered in the future to better match the requirements of the Personal Data Subject for improved the Services when using the website.
4.5.5 To comply with contractual obligations with the Personal Data Subject or to fulfill requests of the Personal Data Subject prior to entering into the contract.
4.5.6 For the other purposes related to the interests of the Company and its Affiliates.
4.6 To comply with the provisions of the applicable law.
4.7 For the legitimate interests of the Company or other persons or entities.
4.8 For other purposes notified to the Personal Data Subject prior to or at the time of Processing of such Personal Data or other purposes related to any of the abovementioned purposes.
5. Security Protection Measures for the Personal Data
The Company has created safety and security measures as required by law in order to prevent loss, access to, use of, change, amendment or disclosure of personal information without authorization or permission. The Company improves and tests the technology system of the Company on a regular basis to ensure that the Personal Data has a high level of security and reliability.
However, the Company cannot guarantee the safety of personal data in all cases. If the personal data is lost, accessed, used, changed, amended or leaked due to a computer virus attack or electronic theft (hack) or accessed by an unauthorized person or due to a force majeure event or any other cause, the Company is not liable for any damage or loss arising from such event whatsoever. The Company recommends the Personal Data Subject to install anti-virus software programs to prevent being hacked or Personal Data theft and to maintain the confidentiality of the Personal Data.
6. Disclosure and/or Transfer of Personal Data to Third Parties
The Company may at its sole discretion disclose and/or transfer the Personal Data to a third party that is identifiable and has a personal data protection policy and security protection measures as may be required by law, subject to the consent of the Personal Data Subject or subject to the scope permitted by law, including to Affiliates, Associates, companies within the Company's business group, business partners, contractual partners, government agencies and other agencies provided under law.
7. Transfer of Personal Data to Foreign Country
The Company may send or transfer the Personal Data to a foreign country for the purpose of performing the Company affairs. The Personal Data Subject agrees and gives explicit consent to the Company to transfer the Personal Data to a foreign country, international organization, or any person under the jurisdiction of another country. The Personal Data Subject acknowledges that the destination country receiving such Personal Data may not have adequate data protection standards in accordance with the Personal Data Protection Law. In this regard, the Company will carry out the appropriate procedures for protecting personal data security at the same level as the Personal Data Protection Laws of Thailand.
8. Personal Data Subject’s Rights
Personal Data Subjects can exercise their rights under Personal Data Protection Law details as follow;
8.1 The right to access Personal Data that the Company has retained, including the right to request correction of inaccurate or incomplete data.
8.2 The right to request electronic copies of Personal Data for provision to third parties or request the Company to send it directly to a third party.
8.3 The right to object to the Processing of your Personal Data for marketing purposes and any other purposes.
8.4 The right to request erasure of your Personal Data when such data is not required to be retained, including the right to limit the scope of Personal Data Processing, in the event that such data cannot be deleted.
8.5 The right to request the restriction of the use of your Personal Data only in the part that is not necessary in the operation of the Company.
8.6 The right to request the Company to provide Personal Data that is accurate, up to date, complete and does not cause misunderstandings.
8.7 The right to file a complaint with government authorities in the event it is deemed that a violation of the Personal Data Subject’s has occurred.
Such exercise of the Personal Data Subject’ s rights shall be subject to the terms, notices and regulations set by the Company, which will be in accordance with the Personal Data Protection Law, including the Company's Personal Data Protection Policy and other criteria specified by the Company. A written request for exercise of rights shall be submitted to the Company's Data Protection Officer by means of the contact specified in Clause 13. of this policy. The consideration of the request is at the Company's sole discretion, and the Company's decision regarding the request is final.
Withdrawing consent may affect certain Services. As a result, the Company may not be able to provide Services to the fullest potential or certain services or benefits of the Company may not be made available or accessible. However, withdrawing consent will not affect the Processing of Personal Data for which consent has been provided.
9. Exceptions to Protection of Personal Data
The following actions to Personal Data shall not be deemed the violation of the Personal Data Protection Policy;
9.1 An action towards Personal Data that has been disclosed in public at the time or before Personal Data Subject disclose Personal Data to the Company, or Personal Data that is publicly disclosed which is not caused by the Company.
9.2 Disclosure of Personal Data by obtaining the Personal Data Subject’ s consent, whether in writing or by any other means.
9.3 Disclosure of Personal Data as necessary by laws, orders, rules, regulations, court order, government authorities, or other necessity.
10. Period of Retaining Personal Data
The Company will retain the Personal Data for the necessary amount of time to complete the purposes provided above or until the Company receives notice of withdrawal of consent to collect the Personal Data from the Personal Data Subject or to protect the interests of the Company, unless the law permits longer retention periods.
11. Amendments to regarding the Personal Data Protection Policy
The Company reserves the right to update, amend and change the details of the Personal Data Protection Policy, in whole or in part, at any time at the Company's sole discretion. The Company will provide notification of the change of the personal data protection policy through the Company's website, www.grandunity.co.th. Such changes will take effect immediately after the Personal Data Protection Policy is published on the Company's website. The Personal Data Subject is required to regularly check on the Company's Personal Data Protection Policy. The Company assumes that the Personal Data Subject is fully aware of the Personal Data Protection Policy that has been updated, amended and changed.
12. Governing Law
This Personal Data Protection Policy is governed by and interpreted in accordance with the laws of Thailand. Any disputes relating to the website including rights, obligations and any acts under this Personal Data Protection Policy shall be subject to the jurisdiction of the courts of Thailand.
13. Contact us
Should the Personal Data Subject have any questions, suggestions or complaints regarding this Personal Data Protection Policy and/or notifying the intention to exercise its rights, please contact the Company's Personal Data Protection Officer through the following channel:
Grand Unity Development Company Limited
No. 900 Tonson Tower, 7th Floor, Ploenchit Road,
Lumpini Sub-District, Patumwan District, Bangkok 10330
Email: dp@grandunity.co.th
This Personal Data Protection Policy effective from 20th May 2022
GUD.1.1
Cookies Policy
Grand Unity Development Co. Ltd., (hereinafter referred to as “the Company”) has implemented Cookies Policies in order that the information on the different types of Cookies and similar technologies (“Cookies”) used on the Company website and other electronic business services (hereinafter referred to as “website”) which is controlled and managed by the Company, whereby this announcement will explain how the Company uses the Cookies, for what reason, and how the data subject will be able to accept or reject the Cookies.
1. What are Cookies?
Cookies are small pieces of data stored in Text Files. The Company’s website will send the Cookies to the browser of the data subject which may be stored in the computer or other devices that the data subject uses to access websites. An important aspect of Cookies is they enable the websites on each of the devices used by the data subject to remember the settings of each of those devices.
Additional information regarding Cookies can be found at https://allaboutCookies.org/
2. How the Company uses Cookies
The Company uses Cookies and other similar technology for various purposes as follows:
1) To record information regarding browser usage and settings used by the data subject which will help the data subject access the browser promptly thereby providing a positive experience and satisfaction in the services provided.
2) In order to assess the efficiency of the service provided by websites that are not working properly yet and need improving.
3) To collect and analyze data regarding usage of the website and services that have been accessed in order that the Company is able to understand what is of interest to data subjects and how they use the services of the company.
4) In order that the Company can continually improve the experience of the data subjects who assess the website and also help the company deliver services and send relevant announcements directly to the data subject.
Furthermore, the services provided by the company may also be available in other websites whereby those third-party websites may also use Cookies for one or more purposes whereby the data subject can see from the details of the Cookies in those websites.
3. What Cookies does the Company use?
The Company’s website uses the Company’s Cookies (First Party Cookies) and Cookies of others (Third Party Cookies) for which the settings are set by the third-party service provider which provides services in order to enhance the company’s website.
Cookies used by the Company can be separated into 2 categories according to storage methods:
1) Session Cookies are temporary Cookies which remember data while a data subject is assessing the Company’s website such as recording the language settings used by the data subject. This information is then deleted from the computer or the device used by the data subject when the data subject exits the website, or the browser is shut down.
2) Persistent Cookies are long term Cookies that stay according to the time limit set or until the data subject deletes it. These types of Cookies will aid the Company in remembering the data subject and settings and when the data subject accesses the website again, the Cookies will enable the data subject to use the website more conveniently and quickly.
The Company uses 2 types of Cookies according to the objectives as follows:
1) Strictly Necessary Cookies – These Cookies are necessary to the website of the Company so that the data subject can access the various parts of the website. If these Cookies are closed, the data subject will not be able to assess the services or data of the Company.
2) Performance Cookies – These Cookies help the Company to keep track of the number of users and reasons for accessing the website so the company can calculate and improve the efficiency of its website. Furthermore, Cookies also help the Company to know which pages are most popular or least popular in order to understand viewers’ interests. As all of this data will be stored by the Cookies, it is therefore not possible to point to a specific user. It the data subject does not permit these Cookies to work, the Company will not be able to know when the data subject accesses the Company’s website.
3) Functional Cookies are cookies that aid in the operation and amendment of the website to suit the user such as live videos and live conversations whereby these cookies may be set by the Company or other service providers whose services the company has added into its web page. If the Data Subject does not permit these cookies, some functions of the website may not function properly.
4) Targeting Cookies – These types of Cookies are set via the Company’s website by service providers who are advertising partners of the Company. These service providers may use Cookies to create a profile according to the interests of the data subject and display advertisements that interest the data subject on other websites. These types of Cookies buy pinpointing each browser and device of the data subject. If the data subject does not permit these Cookies, the data subject will not see the target advertisements on the various websites.
Therefore, as mentioned, the services of the Company may be provided through different websites. It is possible to choose to use different Cookies on each website as convenient or necessary for a particular service for which the Company will show the information and details of the different Cookies including the type of the Cookies that is used on the first page of the Company’s website for each service explaining the Cookies policy with a link (Cookies Settings) into which the data subject can click to read the details of each of the Cookies which are used.
4. How the Data Subject Can Manage Cookies
Most browsers are set to accept Cookies automatically, but the data subject is able to accept or deny Cookies from the services provided by the Company at all times by making settings on the browser that is used by the data subject.
The links below will take the data subject to the "help" services provided by the following commonly used browsers. The data subject can search for information regarding how to manage the Cookies of the browsers they are using.
1) Internet Explorer : https://support.microsoft.com/th-th/help/17479/windows-internet-explorer-11-change-security-privacy-settings
2) Microsoft Edge : https://support.microsoft.com/en-us/help/4534105
3) Google Chrome : https://support.google.com/chrome/answer/95647?hl=en
4) Firefox : http://support.mozilla.org/en-US/kb/Cookies
5) Safari : https://support.apple.com/en-gb/guide/safari/sfri11471/mac
6) Safari iOS : https://support.apple.com/en-us/HT201265
7) Android : http://support.google.com/chrome/answer/2392971?hl=en-GB
Please note, if the Data Subject chooses to turn off the Cookes on their browser or other devices, the Data Subject may find that some aspects of the Company’s website may not function or provide normal services.
If the Data Subject should require additional information, please go to the following link: https://www.aboutcookies.org/how-to-delete-cookies
5. Connecting to external websites of third parties
The Company's website may include links to other websites or social media of third parties including content or videos that come from social media platforms such as YouTube or Facebook which will enable the data subject to access content and connect with other persons on social media outlets from the company's website. The website or social media of the parties may automatically enable Cookies whereby the Company cannot control or take responsibility for those Cookies. It is therefore suggested that the data subject should carefully read and study the policy all announcements of cookie usage of external parties.
6. Improvements and Amendments of Details of Cookie Policies
The Company will review these policies at least once a year and if any amendments or changes are made to this Policy, the company will make the announcements to the data subjects.
7. Contacting the Company
As Grand Unity Development Co. Ltd., is a company in the Univentures Group of Companies, in the case that the data subject should have any concerns or queries regarding policies, complaints or requests regarding legal rights, please contact the person charged with care and custody of the personal data of the company via the following channels:
Univentures Public Company Limited,
Address: 22nd Floor, Park Ventures Ecoplex, 57 Wireless Road, Lumpini, Pathumwan, Bangkok 10330
Email: dp@univentures.co.th
Tel: +66 2643 7100 ext. 7195, 7624 and 7625
This Cookies Policy has been revised from the 2022 version and will be effective from September 1, 2025 onwards.