Personal Data Protection Policy

 

Grand Unity Development Company Limited places great importance on the protection of personal data and has created this Personal Data Protection Policy for the purpose of elaborating how personal data is managed and to build confidence with the Personal Data Subjects that the Company is handling their personal data in accordance with the provisions of the applicable law. 

This Personal Data Protection Policy is intended to inform you, the Personal Data Subject, of the purposes, collection, usage and/or disclosure of your personal data (hereinafter collectively referred to as “Processing”), as well as the legal rights of Personal Data Subjects related to Personal Data. Therefore, the Company invites you, the Personal Data Subjects, to study and comprehend the personal data protection policy in detail.

 

1. Definition

Unless otherwise defined herein, all capitalized words used in this policy shall have the meaning specified as follows:

1.1 “Personal Data Protection Law” means the Personal Data Protection Act, B.E. 2562 including amendments, decrees, regulations, orders, notifications, rules, and any relevant laws.

1.2 “Services” means to sell, purchase, hire, and services or any activities related to the services provided to the Personal Data Subject by the Company.

1.3 “Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular, such as, identification card number, address, physical and mental identity, social, economic or cultural identity information.

1.4 “Company” means Grand Unity Development Company Limited as the subsidiary of Univentures Public Company Limited.

1.5 “Affiliate” means any company in which the Company or Univentures Public Company Limited owns 50% or more of the total issued shares (first-tier subsidiary), including any other company in which the first-tier subsidiary and/or subsidiaries in the next hierarchy own 50% or more of the total issued shares, and shall include the definition of the affiliated company in accordance with the regulations stipulated by the regulatory authorities at present or in the future.

1.6 “Data Controller” means a person, or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of Personal Data.

1.7 “Personal Data Subject” means a person, company’s directors, a person acts on behalf of the company including representatives of such person receiving the Services provided by the Company.

 

2. Collection of Personal Data

The Company collects Personal Data from the Personal Data Subject both directly and indirectly as follows:

2.1 Personal Data that the Personal Data Subject or the representative of the Personal Data Subject delivers to the following persons:

2.1.1 The Company

2.1.2 Affiliates of the Company

2.1.3 Associates of the Company

2.1.4 Companies within the Company's business group; and

2.1.5 Business partners of the Company

2.2 The provision of Services using one or more of the Company’s channels, such as telephone services;

2.3 The provision of Services via the internet, online connection, including, the use of the Company’s website, applications, on line social media;

2.4 Sources of information other than the Personal Data Subject directly, e.g. government agencies, Affiliates, the Company’s contractual partners, etc. which the Company collects from other sources with the consent of the Personal Data Subject and in accordance with the provisions of the applicable law, except in the case that the Company is required to do so as permitted under the applicable law.

In the event Personal Data of another person has been provided to the Company, the Personal Data Subject warrants that the Personal Data Subject has the right and/or has obtained consent from such person to disclose such Personal Data and has fully complied with the Personal Data Protection Law.

 

3. Types of Personal Data Processed

General Personal Data

General Personal Data is data which can be used to identify the Personal Data Subject, whether directly or indirectly and the Company processes such Personal Data of the Personal Data Subject as follows:

3.1 Personal data e.g., name, surname, gender, age, date of birth, marital status, address, job.

3.2 Contact information, e.g., residential address, place of work, telephone number, Line ID, email address.

3.3 Data that identifies your location while using a website. If the GPS System is enabled, it is deemed that the Personal Data Subject consents for the Company to collect and evaluate your location while using the website. If you want to turn off the location function, the Personal Data Subject can install a program or turn off the GPS function on your mobile phone.

3.4 Data based on computer or communications equipment such as:

3.4.1 Cookies, i.e., data sent from a website to a computer when you visit, enter and interact with the Company’s website

3.4.2 IP Address

3.4.3 Web Browser used to provide access

3.4.4 Webpage

3.4.5 Websites that refer to the Company’s website

3.4.6 Connectivity data using the website’s connection.

3.4.7 Online network connection

3.5 Data regarding Services used (depending on the services used by the Personal Data Subject on the website) e.g. registration to receive information in an electronic format, information related to whistleblowing or complaints, information relating to job applications, information regarding communication through the website and any other information regarding the Personal Data Subject’s activities on the website, including information about the computer and connectivity information using the website’s connection.

3.6 Other data e.g., sound, pictures, video, photographs and closed circuit television recording pictures.

3.7 Other data that may be deemed to be Personal Data under the Personal Data Protection Law.

Special Personal Data

It is a special categories of Personal Data as stipulated in Section 26 of the Personal Data Protection Act, B.E. 2562 such as race, ethnic origin, political opinions, belief, religion, or philosophy, sexual orientation/identity, criminal record, health data, handicap, trade union information, genetic data, biometric data, or any data which may affect the Personal Data Subject in the same manner, the Company will process such Personal Data to the extent required by law and notify the Personal Data Subject prior to or at the time of Processing of such Personal Data according to the conditions prescribed by law.

 

4. Purpose of Processing of Personal Data

The Company is entitled to process Personal Data of the Personal Data Subject for the purpose of the Services provided by the Company as well as to comply with the laws which the Company and/or the Personal Data Subject are required to comply with and for the other purposes as provided in this policy as follows:

4.1 To provide Services required by the Personal Data Subject.

4.2 To comply with contractual obligations with the Personal Data Subject including the contractual partners of the Company to improve and develop the Services provided by the Company to be efficient.

4.3 For the purpose of communication, e.g., warning notification, to respond when contacted by the Personal Data Subject.

4.4 To verify the identity of the Personal Data Subject, whether for the purpose of recruiting, identification of the person making the contact, entering or exiting the office for security purposes.

4.5 When the Personal Data Subjects give their explicit consent, the following purposes will be provided:

4.5.1 To announce various information regarding the Company, Affiliates and/or its associates as well as to provide services and special privileges related to such Services.

4.5.2 To provide information regarding products and services and activities of the Company.

4.5.3 For direct marketing.

4.5.4 For market research, analysis of the behavior and interests of the Personal Data Subject for marketing purposes as well as other services that may be offered in the future to better match the requirements of the Personal Data Subject for improved the Services when using the website.

4.5.5 To comply with contractual obligations with the Personal Data Subject or to fulfill requests of the Personal Data Subject prior to entering into the contract.

4.5.6 For the other purposes related to the interests of the Company and its Affiliates.

4.6 To comply with the provisions of the applicable law.

4.7 For the legitimate interests of the Company or other persons or entities.

4.8 For other purposes notified to the Personal Data Subject prior to or at the time of Processing of such Personal Data or other purposes related to any of the abovementioned purposes.

 

5. Security Protection Measures for the Personal Data

The Company has created safety and security measures as required by law in order to prevent loss, access to, use of, change, amendment or disclosure of personal information without authorization or permission. The Company improves and tests the technology system of the Company on a regular basis to ensure that the Personal Data has a high level of security and reliability.

However, the Company cannot guarantee the safety of personal data in all cases. If the personal data is lost, accessed, used, changed, amended or leaked due to a computer virus attack or electronic theft (hack) or accessed by an unauthorized person or due to a force majeure event or any other cause, the Company is not liable for any damage or loss arising from such event whatsoever. The Company recommends the Personal Data Subject to install anti-virus software programs to prevent being hacked or Personal Data theft and to maintain the confidentiality of the Personal Data.

 

6. Disclosure and/or Transfer of Personal Data to Third Parties

The Company may at its sole discretion disclose and/or transfer the Personal Data to a third party that is identifiable and has a personal data protection policy and security protection measures as may be required by law, subject to the consent of the Personal Data Subject or subject to the scope permitted by law, including to Affiliates, Associates, companies within the Company's business group, business partners, contractual partners, government agencies and other agencies provided under law.

 

7. Transfer of Personal Data to Foreign Country

The Company may send or transfer the Personal Data to a foreign country for the purpose of performing the Company affairs. The Personal Data Subject agrees and gives explicit consent to the Company to transfer the Personal Data to a foreign country, international organization, or any person under the jurisdiction of another country. The Personal Data Subject acknowledges that the destination country receiving such Personal Data may not have adequate data protection standards in accordance with the Personal Data Protection Law. In this regard, the Company will carry out the appropriate procedures for protecting personal data security at the same level as the Personal Data Protection Laws of Thailand.

 

8. Personal Data Subject’s Rights

Personal Data Subjects can exercise their rights under Personal Data Protection Law details as follow;

8.1 The right to access Personal Data that the Company has retained, including the right to request correction of inaccurate or incomplete data.

8.2 The right to request electronic copies of Personal Data for provision to third parties or request the Company to send it directly to a third party.

8.3 The right to object to the Processing of your Personal Data for marketing purposes and any other purposes.

8.4 The right to request erasure of your Personal Data when such data is not required to be retained, including the right to limit the scope of Personal Data Processing, in the event that such data cannot be deleted.

8.5 The right to request the restriction of the use of your Personal Data only in the part that is not necessary in the operation of the Company.

8.6 The right to request the Company to provide Personal Data that is accurate, up to date, complete and does not cause misunderstandings.

8.7 The right to file a complaint with government authorities in the event it is deemed that a violation of the Personal Data Subject’s has occurred.

Such exercise of the Personal Data Subject’ s rights shall be subject to the terms, notices and regulations set by the Company, which will be in accordance with the Personal Data Protection Law, including the Company's Personal Data Protection Policy and other criteria specified by the Company. A written request for exercise of rights shall be submitted to the Company's Data Protection Officer by means of the contact specified in Clause 13. of this policy. The consideration of the request is at the Company's sole discretion, and the Company's decision regarding the request is final.

Withdrawing consent may affect certain Services. As a result, the Company may not be able to provide Services to the fullest potential or certain services or benefits of the Company may not be made available or accessible. However, withdrawing consent will not affect the Processing of Personal Data for which consent has been provided.

 

9. Exceptions to Protection of Personal Data

The following actions to Personal Data shall not be deemed the violation of the Personal Data Protection Policy;

9.1 An action towards Personal Data that has been disclosed in public at the time or before Personal Data Subject disclose Personal Data to the Company, or Personal Data that is publicly disclosed which is not caused by the Company.

9.2 Disclosure of Personal Data by obtaining the Personal Data Subject’ s consent, whether in writing or by any other means.

9.3 Disclosure of Personal Data as necessary by laws, orders, rules, regulations, court order, government authorities, or other necessity.

 

10. Period of Retaining Personal Data

The Company will retain the Personal Data for the necessary amount of time to complete the purposes provided above or until the Company receives notice of withdrawal of consent to collect the Personal Data from the Personal Data Subject or to protect the interests of the Company, unless the law permits longer retention periods.

 

11. Amendments to regarding the Personal Data Protection Policy

The Company reserves the right to update, amend and change the details of the Personal Data Protection Policy, in whole or in part, at any time at the Company's sole discretion. The Company will provide notification of the change of the personal data protection policy through the Company's website, www.grandunity.co.th. Such changes will take effect immediately after the Personal Data Protection Policy is published on the Company's website.  The Personal Data Subject is required to regularly check on the Company's Personal Data Protection Policy. The Company assumes that the Personal Data Subject is fully aware of the Personal Data Protection Policy that has been updated, amended and changed.

 

12. Governing Law

This Personal Data Protection Policy is governed by and interpreted in accordance with the laws of Thailand. Any disputes relating to the website including rights, obligations and any acts under this Personal Data Protection Policy shall be subject to the jurisdiction of the courts of Thailand.

 

13. Contact us

Should the Personal Data Subject have any questions, suggestions or complaints regarding this Personal Data Protection Policy and/or notifying the intention to exercise its rights, please contact the Company's Personal Data Protection Officer through the following channel:

 

Grand Unity Development Company Limited

No. 900 Tonson Tower, 7th Floor, Ploenchit Road,

Lumpini Sub-District, Patumwan District, Bangkok 10330

Email: dp@grandunity.co.th

 

This Personal Data Protection Policy effective from 20th May 2022

GUD.1.1

 

Cookies Policy

This website and/or application service is provided by Grand Unity Development Company Limited (the “Company”) and the website and/or application uses cookies to distinguish the ways in which you use the website and/or application from others so that you are able to enjoy the experience of using the website and/or application and allow the Company to improve the quality of service. If you wish to continue to use this website and/or application without any change to the settings, it shall be deemed that you agree to accept the cookies on the Company’s website and/or application.

1. What are Cookies

Cookies are small sized files that are downloaded to your computer device or mobile phone device and records data and settings, such as the status of your current login and your language setting and helps make your access to the website and/or application (collectively, the “Service”) more convenient and continual. It also collects your access history. Cookies do not have any risk and/or danger to your device. Cookies are created based only upon the Services utilized.

 

2. Benefit of Cookies

Cookies inform the Company which part of the Service of the website and/or application has been accessed by recording the settings during the first use of the Service using cookies allowing you to access the Service in a prompt manner using the same settings on each occasion, unless the cookies are deleted, in which case the settings will be deleted and revert to the default settings. In addition, data related to your use of the Service will help us to improve Services by letting us know how you interact with the data on the Company’s website and/or application and allowing the Company to use the data to improve Services provided in the website and/or application, improve the display of data, advertising, products and services to be in line with your requirements as well as give you a good experience when using the Service in order to satisfy the Service recipient’s needs in full.

 

3. Using Cookies

When you login to use the Service of the website and/or application and there is a pop-up regarding the cookies policy, the Company’s cookies will be downloaded to your device in order to store statistical information and your browser history while using the Service, data or Services you are interested in. It is not possible to learn your identity from these cookies.    

Examples of facilitating your use of the Service by implementing cookies are as follows:

  • To remember the user status, such as language setting;
  • To remember answers provided already so that you don’t have to answer the same question again
  • Providing Social Media Sharing functions to allow you to share content that you are interested in through Social Networks

            The Company uses plugin programs and third party services to provide services and to facilitate your use of the Services as described above, including, Google Analytics, Facebook Analytics and Line. In addition, the Company may apply cookies together with pixel tag type technologies to ascertain the utilization and history of your use of the Services, data or services that you are interested in and to analyze in order to improve Services, show content, advertisements or announcements of activities that are suitable as well as Services that match your interests in order to improve your satisfaction even more. In any case, the Company uses cookies subject to the terms and conditions of the Company’s personal data protection policy, details of which you can find in the “Personal Data Protection Policy”  

 

4. Cookies Settings

You can control the cookies settings by setting your browser and/or application settings on your device and privacy setting for collecting data using cookies. However, if your browser or application settings turn off all of the cookies (including cookies required for use), you may not be able to access some or all of the website and/or application Services or it may cause some functions or all functions on the website and/or application to not work in an efficient manner.

 

5. Changes to the Cookies Policy

The Company reserves the right to improve, adjust and amend all or some of the details of the cookies policy at any time, as well as any other information on the Company’s website and/or application to be current at the Company’s sole discretion. Such changes shall become effective immediately upon being announced on the Company’s website and/or application.