“Personal Data” means any information relating to a person which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular.
“Sensitive Personal Data” means any information, which is indeed personal relating to a person, but sensitive and may lead to unfair discrimination, such as, the information pertaining to racial, ethnic, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, heath data, disability, trade union information, genetic data, biometric data or of any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee.
“Personal Data Protection Committee” means the Committee appointed to have the duties and supervisory authority, to issue the criteria, measures, or any other guidelines in relation to personal data protection in accordance with the Personal Data Protection Act, B.E.2562 (2019).
The Company will collect the Personal Data under the lawful and fair objectives, scope, and methods which the collection shall be made only to the extent necessary to carry out the Company’s objectives. In this regard, the Company shall notify and seek consent from the data subject, by electronic means or the Company’s methods. In case the Sensitive Personal Data of the data subject shall be collected by the Company, the Company shall request for the explicit consent of the data subject prior to the collection, unless the collection of Personal Data and Sensitive Personal Data is under any exception prescribed by the Personal Data Protection Act, B.E.2562 (2019) or other laws.
The Company will collect or use the Personal Data of data subject for performing the Company’s objectives, for example, as follows.
The Company will not use or disclose your Personal Data, unless it is a use or disclosure, as needed, in accordance with above-specified objectives, or it is a disclosure to the Company’s personnel, or any person relating to the contract, or it is to comply with the laws, the government authorities, the supervisory officials, or you have given consent.
The Company will not disclose the Personal Data of data subject to any person without consent, and the disclosure shall be in accordance with the objectives have been notified. However, for the purposes of the performance of the Company and for providing services to the data subject, it may be necessary for the Company to disclose the Personal Data of data subject to affiliated companies or other persons, both domestic and overseas, such as, various service providers which shall perform any duties relating to the Personal Data. To disclose Personal Data to such person, the Company shall cause such person to keep the Personal Data confidential and ensure that the Personal Data shall not be used for any other purposes apart from those specified by the Company.
In addition, the Company may disclose the Personal Data of data subject under the criteria prescribed by laws, such as, the disclosure to the government authorities, government agencies, supervisory authorities, including the case where the disclosure is required by the virtue of laws, i.e., requesting for the data for proceeding with lawsuit or legal actions, or any request from private organization or any third party which is in connection with the legal actions.
The Company shall specify various measures, including security measures for Personal Data which is in compliance with the laws, regulations, criteria, and guidelines regarding the personal data protection for the Company’s employees and other relevant persons, as well as shall support and promote the employees to have knowledge and awareness of the duties and responsibilities in collection, storage, use, and disclosure of Personal Data of the data subject. In this regard, the Company’s employees shall comply with the policy and guidelines on personal data protection specified by the Company so that the Company will be able to comply with the policy and laws relating to personal data protection correctly and efficiently.
The Company will retain your Personal Data for the period as necessary for performing the objectives of collection, use or disclosure of the Personal Data specified herein. The criteria applied for prescribing the retention period are the period in which it is still necessary for Sansiri to use your Personal Data according to the specified objectives. In addition, Sansiri may continue to retain your Personal Data as the period necessary for complying with the laws, or legal prescription, or for the establishment, compliance or exercise of legal claims, or defense of legal claims, or for other cases according to the policy and internal regulations of Sansiri.
The data subject has the following rights.
The data subject can exercise the above rights by submitting a request to the Company in writing or through the electronic mail according to the form specified by the Company (download) at the “Contact Channels” specified below. In this regard, the Company will consider and notify the result of consideration according to the request of the data subject within 30 days from the date of receiving such request. However, the Company may reject the right of data subject if it is stipulated by laws.
The Company may occasionally update or modify this policy to be in compliance with the legal requirements, the change of Company’s operation, including the suggestion and opinions from various agencies in which the Company will explicitly notify the modification prior to the commencement of such modification.
Sansiri Public Company Limited
Data Protection Officer
Contact place: 59 Soi Rim Khlong Phra Khanong, Phra Khanong Nuea Sub-district, Vadhana District, Bangkok 10110
Telephone no.: 1685