1. WHAT DOES PERSONAL DATA MEAN?
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier.
“Sensitive data” means any information revealing racial or ethnic origin, political opinions, religion, or beliefs, or concerning health, sex life, sexual orientation, genetic data, biometric data, including any information that needs more protection as it is sensitive.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, including but not limited to collection, storage, use, disclosure, or erasure or destruction.
2. HOW WE COLLECT THE PERSONAL DATA
2.1 Information that we collect directly from you:
Most of the personal data is directly provided by you through the following means:
- When you contact us for information.
- When you request to use our Services by filling in and submitting a service order form, an application form, and/or other relevant forms.
- When you enter into a negotiation process with us with the possibility that we may do business together.
- When you provide your personal data through our device, website, or application such as when you register at the time of creating an account and/or profile.
- When you voluntarily respond to our survey or contact us via phone, email, application, social media, or our employees.
2.2 Information that we collect from other sources:
We may indirectly receive your personal data from other sources such as subsidiary companies of Jasmine International Public Company Limited (“JAS Group”), business partners, partnerships, subcontractors, including government sectors where such source has the right to disclose your personal data as permitted by the laws.
2.3 Information that we automatically collect:
We also automatically receive your personal data when you use our services, such as your usage and service behavior information, information of the devices you use to contact or interact with us or our services which includes location, time zone, IP address, web browser, and browsing information collected through cookies and other similar technologies.
3. THE TYPE OF PERSONAL DATA WE COLLECT
We ensure that the personal data we collect must be limited to what is necessary in relation to our legitimate purposes as described in section 4 which can be classified as follows:
|TYPE OF PERSONAL DATA
|1. Identifying information
|any information that alone distinguishes you from other people e.g., name, identification number, passport number, photograph, etc.
|2. Contact information
|any information or details allowed us to communicate with you e.g., address, phone number, email, including but not limited to conversation histories between us and you, etc.
|3. Financial information
|any information related to a financial account or transaction e.g., credit card or debit card number, bank account number, information relating to your payment transaction, etc.
|4. Technical information
|any information that can be automatically collected from your device used to access the Services, including but not limited to device identification number, IP address, location, time zone, type or model of the device, browser, operation system, and any other identification factor which may enable identification of your device.
|5. Usage information
|any information on using our Services e.g., the information about the product and/or services you use, service behavior, activity log, date, and time you activated, the viewed pages, searches, how long you spend on a page, favorite content, and other information how you interact with the Service.
4. OUR PURPOSE OF PROCESSING PERSONAL DATA
Under Thailand’s Personal Data Protection Act 2019 (“Thai PDPA”) and applicable laws, the lawful bases we rely on for collecting, using, disclosing and your personal data are:
4.1 HOW WE PROCESS YOUR PERSONAL DATA:
4.1.1 Contractual Obligation
In general, we process personal data to process your request before entering into an agreement or to perform our agreement to which you are a party, including but not limited to:
- For providing our customers with telecommunication services as well as managing usage of our services in various forms.
- For facilitating customers, such as notifying you of updates or announcements, offering privileges, advantages, or benefits, delivering customer services or after-sales services, solving issues, handling complaints, fulfilling requirements, responding to questions or concerns, and any communications in respect of our Services.
- For procurement of products or services from suppliers or business partners.
- For managing payment, such as billing, collecting payment for our service, or sending invoices and purchase orders.
4.1.2 Legitimate Interest
Your personal data may be processed for the following purposes:
- For safety and security control to keep our service secure and prevent threats, such as using closed circuit television (CCTV) in buildings or premises, using authentication, or setting user and password to access control, including investigating, and detecting suspicious activity.
- For debt collection and/or lawsuit to enforce outstanding payment.
- For Public relations via our websites, social media, or other various forms.
- For research, monitoring, and analyzing our marketing and Services to improve quality in our operations and provision of our services as well as develop our marketing and business plans for the best satisfaction of our customers.
However, these circumstances shall be relied on only if they would not beoverridden by your interests or fundamental rights and freedoms.
4.1.3 Legal Obligation
Also, we may process your personal data to comply with applicable laws and regulations and/or as required by courts, regulators, government authorities, including the National Broadcasting and Telecommunication Commission (“NBTC”).
In case that we cannot rely on other legal bases, we may further ask for your explicit consent to process your personal data for the following purpose:
- For our marketing communication to offer our Services and inform you of news, your beneficial or privileged, including product recommendations.
- For research, monitoring, and analyzing to develop our operations and services.
In this regard, our request for consent will be explicitly made in written or electronic means, whether via short message service, website, or any other statement separated from other terms and conditions of our agreement.
If you give consent to us, you may withdraw your consent at any time, except if your withdrawal is restricted by applicable laws.
4.1.5 Sensitive Data
If necessary, we may process your sensitive data with your explicit consent or for other purposes to the extent permitted by law in the following circumstances:
- Where necessary for providing telecommunication Services suitable to disabled persons
- Where necessary for identity authentication.
- Where it is carried out in accordance with Thai PDPA or other regulations.
4.2 CAN WE RELY ON MORE THAN LAWFUL BASIS:
It may be possible that more than one basis applies to the processing depending on the specific purpose for which we are using your data.
In some circumstances, our purpose of the processing may be materially changed over time, or we may have a new purpose that we did not originally anticipate. In such cases, we will provide you with prior notice or request your consent, depending on the specific purpose, from time to time via electronic means such as website, short message service (SMS), or any other appropriate methods at our discretion.
4.3 WHAT HAPPENS IF YOU REFUSE TO GIVE US YOUR PERSONAL DATA:
If you decide not to provide certain personal data which needs to be registered for the use of our Services, we may not be able to provide all or part of our Services or benefits and we may not be able to fulfil our contractual obligations with you.
5. DISCLOSURE OF PERSONAL DATA
After receiving your personal data, we will collect, use, or disclose your personal data for the purposes specified in the previous session and will process your personal data only to the extent permitted by law. That is, it is based on a lawful basis for processing the data. Also, we may share and disclose your personal data to the third parties as follows:
|1. Our Affiliated Companies
|We may share your personal data with our affiliates whether companies within JAS Group (Jasmine International Public Company Limited) and/or JTS Group (Jasmine Technology Solution Public Company Limited).
|2. Personal Data Processors and/or Contracted Service Provider
|Your personal data may be disclosed and/or shared with our Contracted Service Provider who provides services such as IT and system administration and hosting, cloud computing, marketing and advertising management, business consultants, legal counsels, payment and transaction processing in order to provide our Service to you.
|3. Public Authorities
|To the extent we are required by the applicable laws, we may disclose your personal data with governmental authorities or supervisory authorities which includes but not limited to the National Broadcasting and Telecommunication Commission (NBTC), the National Cyber Security Agency (NCSA), the Royal Thai Police, or the court of competent jurisdiction to comply with our legal obligation.
Also, your personal data may be disclosed to handle claims and disputes, including collecting debt, filing lawsuits, and processing other relevant legal proceedings.
|4 Third parties involved in
a corporate transaction
|If we have plans or are involved in any corporate transaction with external persons or entities e.g., merger, reorganization, dissolution, sale of our business unit, assets, or stock, as well as other fundamental corporate changes, we may share your personal to the extent necessary for such transaction.
In some circumstances we may need to transfer your personal data to the foreign country. In such a case, we will provide suitable protection measures as specified by applicable laws.
6. STORAGE OF PERSONAL DATA
6.1 HOW WE KEEP YOUR PERSONAL DATA:
We keep your personal data in our information systems that have appropriate security measures to ensure that your personal data are secure as prescribed by law including but not limited to:
- Having proper Information Security Measures in place, including technical, physical, and organizational safeguards against accidental or unauthorized access to, destruction, loss, alteration, or disclosure of your personal data.
- Having Identity and Access Management (IDAM) in place to limit access to personal data for authorized persons.
- Having Data Destruction Procedure when the personal data is no longer necessary for the purposes for which your personal data are processed by us or after expiry of our retention periods.
- Having the Incident Response Plan for promptly addressing any security incidents and personal data breaches that may occur and for reporting such incidents to supervisor authorities in Thailand such as the Personal Data Protection Commission (PDPC) and the National Broadcasting and Telecommunication Commission (NBTC) and/or you, as the data subject, within the period as specified in the applicable laws.
6.2 HOW LONG WE KEEP YOUR PERSONAL DATA:
We will keep your personal data for as long as necessary to fulfill the purposes of providing our services to you in accordance with the agreement between us as required or permitted under internal policy and/or applicable laws as follows:
- During the service period, we are required to maintain your personal data for at least the last ninety (90) days unless your personal data is necessary to verify the complaint, we may keep your personal data until the complaint review period is completed.
At the end of the retention period, we will erase, destroy, or anonymize your personal data to be unidentifiable data by following our internal policies and procedures.
7. COOKIES POLICY
7.1 REQUIRED COOKIES:
On our websites, we place required cookies that are needed and essential to operate basic website functionality, then there is no option to opt-out of these cookies.
7.2 FUNCTIONALITY COOKIES:
We will use functionality cookies or other similar technologies to collect our website visitors’ information such as your device, browser, and website usage, for the purpose of enhancing the performance of our website and allowing our website to customize your website experience to let you are able to use easily, quickly, and more efficient. However, you may control and manage functionality cookies via your individual browser and device setting.
7.3 ANALYTIC COOKIES:
We may use third-party analytics cookies to collect information and report our website usage. In this regard, we will anonymize information of our website visitors prior to sharing it to our contracted service providers or processors to the extent allowed by applicable laws. However, you may control and manage functionality cookies via our website setting.
10. DATA SUBJECT RIGHTS
As the data subject, you have the rights under the Thai PDPA as follows:
|DATA SUBJECT RIGHTS
|1. Right to withdraw Consent
|You have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on such consent before its withdrawal
|2. Right of Access
|You have the right to request access to and obtain copies of your personal data.
|3. Right to Rectification
|You have the right to request us to correct or complete your personal data you think is inaccurate or incomplete to keep your personal data up to date.
|4. Right to Erasure
|You have the right, in certain circumstances, to request us to erase your personal data to the extent of applicable laws.
|5. Right to restriction of processing
|you have the right, in certain circumstances, to request us to restrict the processing to the extent of applicable laws.
|6. Right to object
|you have the right, in certain circumstances, to object to the processing of your data to the extent of applicable laws.
|7. Right to Data Portability
|You have the right, in certain circumstances, to request us to transfer the personal data you gave us to other organizations or you, to the extent possible.
|8. Right to lodge a complaint
|You have the right to lodge a complaint for any infringement of the personal data by submitting a complaint to the National Broadcasting and Telecommunication Commission (NBTC) or the Personal Data Protection Commission (PDPC).
To exercise your rights, please contact us by using our contact information below. We will use our reasonable endeavors to respond to all legitimate requests within fifteen (15) days from the date on which the request is received by us or any period as set forth by applicable laws. If your request is rejected, we will provide you with the response together with our reasons for such rejection. However, you are entitled to lodge a complaint to the National Broadcasting and Telecommunication Commission (NBTC) or the Personal Data Protection Commission (PDPC) in the event that we do not take action regarding your legitimate request.
11. CONTACT US
JASTEL NETWORK COMPANY LIMITED
200 Moo4, 7th Fl., Jasmine International Tower, Chaengwattana Road, Pakkret, Nonthaburi, 11120, Thailand.
Phone: +66 2100 3167
Email: [email protected]