Privacy Policy

Privacy Policy

Sansiri Public Company Limited, subsidiaries and/or joint venture (hereinafter collectively referred to as “Company”) realize the importance of personal data protection. Therefore, this personal data protection policy is established to explain how the Company treats the Personal Data, such as, the collection, storage, use, disclosure, including various rights of the data subject, and so on. To notify the data subject of the Company’s privacy policy, this policy is announced as follows.

1. Definition

“Personal Data” means any information relating to a person which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular.

“Sensitive Personal Data” means any information, which is indeed personal relating to a person, but sensitive and may lead to unfair discrimination, such as, the information pertaining to racial, ethnic, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, heath data, disability, trade union information, genetic data, biometric data or of any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee.

“Personal Data Protection Committee” means the Committee appointed to have the duties and supervisory authority, to issue the criteria, measures, or any other guidelines in relation to personal data protection in accordance with the Personal Data Protection Act, B.E.2562 (2019).

2. Collection of Personal Data

The Company will collect the Personal Data under the lawful and fair objectives, scope, and methods which the collection shall be made only to the extent necessary to carry out the Company’s objectives. In this regard, the Company shall notify and seek consent from the data subject, by electronic means or the Company’s methods. In case the Sensitive Personal Data of the data subject shall be collected by the Company, the Company shall request for the explicit consent of the data subject prior to the collection, unless the collection of Personal Data and Sensitive Personal Data is under any exception prescribed by the Personal Data Protection Act, B.E.2562 (2019) or other laws.

3. Objectives of Collection or Use of Personal Data

The Company will collect or use the Personal Data of data subject for performing the Company’s objectives, for example, as follows.

  • 3.1 For proceeding with your request, such as, in case you have registered for receiving the information and promotions, the Company will collect and use only basic information, i.e., name and surname, email address, telephone number for contacting back or in case you have proceeded with online booking, the Company will collect and use the information required for issuing the reservation documents.
  • 3.2 For modifying and improving the performance of website and application, preparing the marketing plan, analyzing the usage information, evaluating the services, as well as, improving and developing the Company's products and services.
  • 3.3 For communicating, notifying various information relating to the Company's products and services, including the benefits and promotions relating to such products and services, or any change in connection with the privacy policy in the future.
  • 3.4 For the performance of a contract to which you are a contract party, including the contract parties which the Company uses the services, such as, for sharing your location in case the Company uses the location determination services of the others.
  • 3.5 For proceeding with legal actions, such as, for preventing or suppressing a danger to a person’s life, body, or health, for the purpose relating to research or statistics, in which the suitable protection measures are provided, to safeguard your rights and freedoms.
  • 3.6 For other objectives notified at the time of collection of your Personal Data or other objectives in relation to any of above objectives.

The Company will not use or disclose your Personal Data, unless it is a use or disclosure, as needed, in accordance with above-specified objectives, or it is a disclosure to the Company’s personnel, or any person relating to the contract, or it is to comply with the laws, the government authorities, the supervisory officials, or you have given consent.

4. Disclosure of Personal Data

The Company will not disclose the Personal Data of data subject to any person without consent, and the disclosure shall be in accordance with the objectives have been notified. However, for the purposes of the performance of the Company and for providing services to the data subject, it may be necessary for the Company to disclose the Personal Data of data subject to affiliated companies or other persons, both domestic and overseas, such as, various service providers which shall perform any duties relating to the Personal Data. To disclose Personal Data to such person, the Company shall cause such person to keep the Personal Data confidential and ensure that the Personal Data shall not be used for any other purposes apart from those specified by the Company.

In addition, the Company may disclose the Personal Data of data subject under the criteria prescribed by laws, such as, the disclosure to the government authorities, government agencies, supervisory authorities, including the case where the disclosure is required by the virtue of laws, i.e., requesting for the data for proceeding with lawsuit or legal actions, or any request from private organization or any third party which is in connection with the legal actions.

5. Guideline for Personal Data Protection

The Company shall specify various measures, including security measures for Personal Data which is in compliance with the laws, regulations, criteria, and guidelines regarding the personal data protection for the Company’s employees and other relevant persons, as well as shall support and promote the employees to have knowledge and awareness of the duties and responsibilities in collection, storage, use, and disclosure of Personal Data of the data subject. In this regard, the Company’s employees shall comply with the policy and guidelines on personal data protection specified by the Company so that the Company will be able to comply with the policy and laws relating to personal data protection correctly and efficiently.

6. Retention Period

The Company will retain your Personal Data for the period as necessary for performing the objectives of collection, use or disclosure of the Personal Data specified herein. The criteria applied for prescribing the retention period are the period in which it is still necessary for Sansiri to use your Personal Data according to the specified objectives. In addition, Sansiri may continue to retain your Personal Data as the period necessary for complying with the laws, or legal prescription, or for the establishment, compliance or exercise of legal claims, or defense of legal claims, or for other cases according to the policy and internal regulations of Sansiri.  

7. Rights of the Data Subject

The data subject has the following rights.

  • 7.1 Right to withdraw the consent to process the Personal Data that has been given. However, the withdrawal of consent shall not affect the collection, use, or disclosure of Personal Data that has been previously given.
  • 7.2 Right to access the Personal Data and to request for a copy of Personal Data, including to request the disclosure of the acquisition of the Personal Data obtained without consent.
  • 7.3 Right to rectify the Personal Data to keep it accurate.
  • 7.4 Right to erase the Personal Data.
  • 7.5 Right to request for the suspension of use of Personal Data.
  • 7.6 Right to request the transfer of Personal Data.
  • 7.7 Right to object the processing of Personal Data.
  • 7.8 Right to lodge a complaint.

The data subject can exercise the above rights by submitting a request to the Company in writing or through the electronic mail according to the form specified by the Company (download) at the “Contact Channels” specified below. In this regard, the Company will consider and notify the result of consideration according to the request of the data subject within 30 days from the date of receiving such request. However, the Company may reject the right of data subject if it is stipulated by laws.

8. Review and Modification of the Privacy Policy

The Company may occasionally update or modify this policy to be in compliance with the legal requirements, the change of Company’s operation, including the suggestion and opinions from various agencies in which the Company will explicitly notify the modification prior to the commencement of such modification.

9. Contact Channels

Sansiri Public Company Limited
Data Protection Officer

Contact place: 59 Soi Rim Khlong Phra Khanong, Phra Khanong Nuea Sub-district, Vadhana District, Bangkok 10110
Telephone no.: 1685
Email: cs@sansiri.com