Personal Data Protection Policy

 

Grand Unity Development Company Limited (the “Company”) places great importance on the protection of personal data and has created this personal data protection policy for the purpose of elaborating how personal data is managed and to build confidence with the personal data owners that the Company is handling their personal data in accordance with the provisions of the applicable law.  

This personal data protection policy is intended to inform you, the personal data owner, of the purposes, collection, usage and/or disclosure of your personal data, as well as the legal rights of personal data owners related to personal data. Therefore, the Company invites you, the personal data owners, to study and comprehend the personal data protection policy in detail.

 

1. Collection of Personal Data 

The Company collects personal data from the personal data owner both directly and indirectly as follows:

  • Data that the personal data owner or the representative of the personal data owner delivers to the following persons:
    • The Company.
    • A subsidiary of the Company.
    • An affiliated of the Company.
    • A business partner of the Company. 
  • The provision of services using one or more of the Company’s channels, such as telephone services;
  • The provision of services via the internet, including, the use of the Company’s website, applications, on line social media;
  • Sources of information other than directly the owner of the personal data, e.g. state agencies, a company in the group, the Company’s contractual partners, etc. which the Company collects from other sources with the consent of the personal data owner and in accordance with the provisions of the applicable law, except in the case that the Company is required to do so as permitted under the applicable law

 

2. Types of personal data that are collected, used and/or disclosed 

Personal data is data which can be used to identify the owner of the personal data, whether directly or indirectly and the Company collects, uses and/or discloses the personal data of the personal data owner as follows:

  • Personal data e.g. name, surname, gender, age, date of birth, marital status, address, job.
  • Contact information, e.g. residential address, place of work, telephone number, Line ID, email address.
  • Data that identifies your location while using a website. If the GPS System is enabled, it is deemed that the personal data owner consents for the Company to collect and evaluate your location while using the website. If you want to turn off the location function, the personal data owner can install a program or turn off the GPS function on your mobile phone. 
  • Data based on computer or communications equipment such as:
    • Cookies, i.e. data sent from a website to a computer when you visit, enter and interact with websites from the Company’s website.
    • IP Address.
    • Web Browser used to provide access.
    • Websites that refer to the Company’s website.
    • Connectivity data using the website’s connection.
  • Data regarding services used (depending on the services used by the personal data owner on the website) e.g. registration to receive information in an electronic format, information related to whistleblowing or complaints, information relating to job applications, information regarding communication through the website and any other information regarding the personal data owner’s activities on the website, including information about the computer and connectivity information using the website’s connection.
  • Other data e.g. sound, pictures, video, photographs and closed circuit television recording pictures.
  • Other data that may be deemed to be personal data under the Personal Data Protection Act B.E.2562.

 

3. Purpose of collection, use and/or disclosure of personal data

The Company collects, uses and/or discloses personal data of the personal data owner for the purpose of the services provided by the Company as well as to comply with the laws which the Company and/or the personal data owner are required to comply with and for the other purposes as provided in this policy as follows:

  • To provide services required by the personal data owner.
  • To improve and develop the services provided by the Company to be efficient.
  • For the purpose of communication, e.g. warning notification, to respond when contacted by the personal data owner.
  • To confirm the identity of the personal data owner, whether for the purpose of recruiting, identification of the person making the contact, entering or exiting the office for security purposes.
  • When the personal data owners give their explicit consent, the following purposes will be provided:
    • To announce various information regarding the Company and/or affiliates of the Company as well as to provide services and special privileges related to such services.
    • To announce information regarding products and services and activities of the Company.
    • For direct marketing.
    • For market research, analysis of the behavior and interests of the personal data owner for marketing purposes as well as other services that may be offered in the future to better match the requirements of the personal data owner for improved service when using the website.
  • To comply with contractual obligations with the personal data owner or to fulfill requests of the personal data owner prior to entering into the contract.
  • To comply with the provisions of the applicable law.
  • For the lawful interests of the Company or other persons or entities.

 

4. Security protection measures for the personal data 

The Company has created safety and security measures as required by law in order to prevent loss, access to, use of, change, amendment or disclosure of personal information without authorization or permission. The Company improves and tests the technology system of the Company on a regular basis to ensure that the personal data has a high level of security and reliability.

However, the Company cannot guarantee the safety of personal data in all cases. If the personal data is lost, accessed, used, changed, amended or leaked due to a computer virus attack or electronic theft (hack) or accessed by an unauthorized person or due to a force majeure event or any other cause, the Company is not liable for any damage or loss arising from such event whatsoever. The Company recommends the personal data owner to install anti-virus software programs to prevent being hacked or personal data theft and to maintain the confidentiality of the personal data.

 

5. Disclosure and/or transfer of personal data to third parties

The Company may at its sole discretion disclose and/or transfer the personal data to a third party that is identifiable and has a personal data protection policy and security protection measures as may be required by law, subject to the consent of the personal data owner or subject to the scope permitted by law, including to subsidiaries, affiliates, business partners, contractual partners, state agencies and other agencies provided under law.

 

6. Personal Data Owner’s Rights 

  • Personal data owners can exercise their rights under personal data protection laws and revoke consent of the Company collect, use and/or disclose personal data at any time, provided that the exercise of their rights is in accordance with the provisions of law and the criteria set by the Company at that time or as may be amended in the future. Revoking permission by the personal data owner may affect certain services provided. The Company may not be able to provide services to the fullest extent or the personal data owner may not be able to use the services or benefits of the Company.
  • The exercise of rights of the personal data owner may be restricted under the applicable law and there may be certain cases where the Company may decline or may be unable to proceed in accordance with the personal data owner’s exercise of rights, in which case the Company will notify the reason for such denial.  

 

7. Exceptions to Protection of Personal Data

The following actions to personal data shall not be deemed the violation of the personal data protection policy;

  • An action towards personal data that has been disclosed in public at the time or before personal data owner disclose personal data to the Company, or personal data that is publicly disclosed which is not caused by the Company.
  • Disclosure of personal data with your written consent or permission by other means.
  • Disclosure of personal data as necessary by laws, orders, rules, regulations, court order, government authorities, or other necessity.

 

8. Period of Storing Personal Data

The Company will maintain the personal data for the necessary amount of time to complete the purposes provided above or until the Company receives notice of revocation of consent to collect the personal data from the personal data owner or to protect the interests of the Company, unless the law permits longer storage periods.

 

9. Changes to the details regarding the personal data protection policy

The Company reserves the right to modernize, change and amend the details of the personal data protection policy, either in full or in part at any time at the Company’s sole discretion. Any changes will be effective following announcement on this website.

 

10. Governing Law

This personal data protection policy is governed by and interpreted in accordance with the laws of Thailand. Any disputes relating to the website including rights, obligations and any acts under this policy shall be subject to the jurisdiction of the courts of Thailand.

 

11. Contact us

If the personal data owner has any questions, suggestions or complaints regarding this personal data protection policy and/or wishes to notify the exercise of any of its rights under this personal data protection policy, please contact  our customer service center 02 652 4000 from 09.00 a.m. to 10.00 p.m. every day or email us at dp@grandunity.co.th

 

Effective date: 26 April 2021
V.2.1.1