Appman Co., Ltd (hereinafter referred to as “the Company”) respects the privacy of personal data owners (hereinafter referred to as “you”). Therefore, we have established a policy and procedure for collecting, using, and disclosing your personal data in compliance with the Personal Data Protection Act B.E. 2562 (2019) (hereinafter referred to as “PDPA”). We have prepared this privacy policy to inform you of our data handling practices, including what personal data we collect, how we use it, how we store and transfer it, and your rights regarding your personal data. Additionally, we have provided channels for you to contact us for inquiries, complaints and feedback on your personal data. The details are as follow :
- Collection of personal data
The Company will collect your personal data, which may include general personal data or sensitive personal data in document or electronic format, and may be obtained directly from you or from third parties. The Company will only collect, use, and/or disclose your personal data to the extent necessary for the intended purpose and within the scope permitted by law.
- Personal data that the Company collects, uses and/or discloses
The Company will collect your personal data in accordance with the nature of personal data processing activities for the achievement of objectives and/or as required by law. The personal information that the company will collect includes the following:
| General identification data | Such as title, name, surname, signature, date of birth, educational history, employment history, marital status, facial photograph, moving image, voice, national identification number, passport number, driver’s license number, vehicle registration book, driving license, house registration, work permit. |
| Contact data | Such as postal address, email address, telephone number, fax number, social media accounts or any other similar information. |
| Employment data | Such as occupation, workplace, job title, length of employment, employer details, salary, remuneration, and bonuses. |
| Financial data | Such as salary certificates, bank account numbers, income and financial status. |
| Data of third parties or related persons | Such as names of parents and children, personal information related to legal entities such as directors, employees, officers, authorized persons, agents and persons involved in transactions. |
| Company’s service usage data | Such as information on the platform, products and services used, such as the computer’s IP address, device model and type, network, device ID, GPS location, technical specifications, and specific identity data (such as web beacon, browser type and version, access data, single sign-on (SSO), login log, date and time of access, duration of use, cookies, login data, log, search history, viewing data, time zone setting, location, language settings, plug-in type and version, operating system and platform, and other technologies on the device used). |
| Sensitive personal data | Such as nationality, race, religion, and/or blood type as shown on the national ID card, criminal records, health information, disabilities, and information about physical abnormalities. |
| Other data | Such as records of your communication and interactions with the Company, regardless of the format or method, including but not limited to phone calls, video calls, emails, chat messages, online social media communication, and any other data that you provide to the Company through any channels. |
- Objectives and grounds of data processing
The Company will collect, use, and/or disclose your personal data only if the collection, use and/or disclosure of your personal data is necessary or has legal grounds for the following purposes:
- Compliance with the contract between you and the Company: The Company is required to collect, use and/or disclose your personal data for the purpose of carrying out transactions, activities, and/or any requested services by you before entering into the agreement, or for any other services related purposes, to verify your identity, assess your qualifications, or to enable the company to communicate and provide benefits to you. The Company may also use your personal data for mobile applications, online product platforms, IT support and helpdesk services, account creation and maintenance, managing access to any systems that you have been granted access to, and cancelling accounts that are no longer in use. Failure to provide your personal data may impact the Company’s ability to carry out the terms of the contract or provide the services as specified by the company or as required by law.
- Compliance with laws, regulations and relevant guidelines: The Company is required to collect, use, and/or disclose your personal information to maintain and safeguard the system, ensure the security of management, or make reports.
- Legal benefits of the Company: The Company collects, uses, and/or discloses your personal information to prevent and reduce the risk of illegal activities, manage claims and disputes, initiate lawsuits, and conduct relevant legal proceedings, provide convenience or receive services from legal, financial, and/or other consultants, develop and improve products, services, and systems of the Company, enhance the Company’s work standards, ensure security in the premises, collect evidence and verify the accuracy of information such as recording images and sounds of meetings, training, seminars, recording names and videos of visitors, collecting names of persons with authority, directors, representatives, and employees who have legal relations with the Company and verifying the accuracy of documents.
- Carry out the purposes for which you have given clear consent. The company will only use your data for the purposes for which you have given consent.
- For the purpose of creating historical records or annotations for public benefit, education, research or statistics.
- For the prevention or suppression of danger to a person’s life, body or health.
- For public benefit or for performing duties assigned by the state to the Company.
- In cases where the Company intends to collect, use, and/or disclose sensitive personal information, such as checking personal history, criminal records from the Criminal Records Division, Royal Thai Police, health records, medical certificates, etc. The company will seek your clear consent and use your information solely for the purposes for which you have given consent.
4. Disclosure of your personal data
The company will not disclose the personal data that has been collected unless it has obtained your prior consent to disclose or it is necessary to disclose the data under the following circumstances:
- Government agencies or organizations responsible for legal compliance.
- Authorized persons, representatives, or agents of yours with legal authority to act on your behalf.
- Directly related service providers for the purpose of collecting the aforementioned data.
- To comply with relevant laws.
5. International data transfer
The Company may store your personal data on computer servers or clouds provided by third parties located in foreign countries, or may have other necessary reasons to transfer your personal data to foreign countries. If the destination country has insufficient personal data protection standards compared to Thailand, the Company will take various steps and measures to ensure that the destination country or data recipient in the foreign country has sufficient personal data protection standards or to ensure that the transfer of your personal data is safe and in compliance with the criteria established by personal data protection laws. In this regard, the Company may request your consent for the transfer of your personal data to foreign countries as mentioned above.
6. Storage of personal data
The Company will retain your personal data for as long as necessary to achieve the purposes set forth in this Privacy Notice and for an additional period of 10 years from the date on which the Company ends its relationship or last contact with you, unless the law requires or allows the Company to retain your personal data for a different period. The Company will collect and retain your personal data for as long as necessary to comply with the law or for the Company’s lawful business purposes.
7. The rights of personal data owners
You may exercise your rights as provided by the laws governing the protection of personal data, which are as follows:
7.1 Right to Withdraw Consent
You have the right to withdraw your consent for the Company to collect, use and/or disclose your personal data that you have provided to the Company at any time, subject to the procedures and methods specified by the Company, unless the withdrawal of consent is limited by law or a contract that benefits you. However, your withdrawal of consent will not affect the collection, use and/or disclosure of your personal data that has already been consented to before the withdrawal.
7.2 Right to Access
You have the right to access and obtain copies of your personal data held by the Company, including personal data that the Company has obtained without your consent, unless the Company has reasons to deny your request under the law or a court order or unless your request may impact or cause harm to the rights and freedoms of other individuals.
7.3 Right to Data Portability
You have the right to request your personal data in a format that can be commonly used and machine-readable and can be used or disclosed automatically. You also have the right to request that the Company transfer your personal data to a third party or to receive the personal data that the Company has sent or transferred to a third party, unless technically infeasible or the Company has a legal reason to deny your request.
7.4 Right to Object
You have the right to object to the collection, use and/or disclosure of your personal data according to the Company’s compliance with the law or the collection, use and/or disclosure of your personal data are for direct marketing purposes, unless the company has a legal reason to deny your request.
7.5 Right to Erasure
You have the right to request that the Company delete or make your personal data unidentifiable in the following circumstances:
- You withdraw your consent previously given to the Company.
- When you exercise your right to object to the collection, use, and/or disclosure of your personal data for direct marketing and other related purposes, the Company is not required to retain such personal data.
- If it is believed that your personal data has been collected, used and/or disclosed unlawfully, or in other cases as prescribed by law, unless the company has a legal basis for refusing your request.
7.6 Right to Restriction of Processing
You have the right to request that the Company suspend the use of your personal data in the following circumstances:
- You may request that the Company suspend the use of your personal data during the period in which the Company is verifying a request to correct personal data.
- You may request that the Company suspend the use of your personal data during the period in which the Company is verifying a request to refuse to the collection, use and/or disclosure of personal data.
- You may request that the Company suspend the use of your personal data instead of deleting or destroying personal information.
- When the Company is not required to retain the personal data for the relevant purposes, but you need to request that the Company retain your personal data for the purpose of establishing, exercising or defending legal claims.
7.7 Right to Rectification
You have the right to request that the Company correct or update your personal data to be accurate, complete and up-to-date and not to cause misunderstandings.
7.8 Right to Complain
You have the right to file a complaint with the Personal Data Protection Commission or the Office of the Personal Data Protection Commission if the Company does not comply with the personal data protection law.
8. Measures for personal data security
The Company has implemented a policy to protect personal data, guidelines for best practices and strict measures to ensure the security of personal data for both employees and external contractors. These measures are in line with the Company’s policy and practices for information technology security, to limit, secure, and prevent unauthorized access, use, modification or disclosure of your personal data, as well as protect your personal data from unauthorized or unlawful access, use, modification, or disclosure.
9. Changes to Privacy Notice
The Company may amend, supplement, modify, or update this privacy policy to comply with applicable laws, regulations, and/or any other reason deemed appropriate by the Company. Therefore, we recommend that you periodically review this privacy policy. In the event that the company amends, supplements, modifies or updates this privacy policy, we will inform you, as the data subject, of such changes via the website and/or through the contact channels you have provided to the Company and/or through any other appropriate channels.
10. Contact information
If you wish to exercise any of the legal rights mentioned above or if you have any inquiries, suggestions, or complaints regarding this privacy policy, you can contact the data protection officer of Appman Co., Ltd., or contact the Company through the following channels:
Email: datacontroller@appman.co.th or dpo@appman.co.th
Address: 2525 FYI Center Building 2, Unit 801-807, 8th Fl., Rama 4 Road,