Privacy Policy
Please find below our Privacy Policy that provide measures on protecting your Personal Data. We shall ensure that your Personal Data is handled in accordance with the Personal Data Protection Act B.E. 2562 (2019) in Thailand and other applicable laws.
1. Definitions
Terms and Definitions used in this Privacy Policy are set out in the table below:
Personal Data | Personal Data refers to information about an individual from which that Person can be identified whether by either a direct or an indirect means. However, Personal Data does not include information of deceased Person and anonymous data. |
Data Controller | means a natural or legal person who has powers and duties to make decision regarding the collection, use and disclosure of Personal Data. |
Data Processor | means a natural or legal person who proceeds the collection, use or disclosure of Personal Data according to the order or on behalf of Data Controller; however, such natural of legal person who proceeds such activities is not Data Controller. |
Data Subject | means any individual person who can be identified, directly or indirectly, via Personal Data. |
Person | means a natural person. |
Business Partners | means a natural or legal person who directly or indirectly controls, is controlled, owns, is owned, manages,is managed by the Company including any legal entities whom the Company discloses, transfers, or receives Personal Data, for example, consulting and law firms, telemarketing companies, co-brand partners, correspondent banks, recruitment agencies, business alliances, external service providers (suppliers, vendors, outsources) and/or government affairs or regulators in order to comply with applicable laws. |
DPO | Data Protection Officer |
2. Types of Personal Data Collected
We may collect the following data : This may include Personal Data from you, either directly or indirectly. This may come from the registration to participate in various activities, consent to application subscription / receiving news. Filling in forms, questionnaires, requests, and other situations as you choose to provide us with your Personal Data or video and audio recorded by CCTV when accessing areas where CCTV is installed within our premises or from other reliable sources such as our affiliates, subsidiaries, business partners or government agencies, etc. By the type of Personal data that we collect. Is as follows:
- I. Personal Data: data about individuals which can be used to identify specific individual, whether by a direct or an indirect means such as name, surname, date/ month/ year of birth, gender, ID number, driving license number, passport number.
- II. Information about your vehicle: such as vehicle registration number, car brand, model, color.
- III. Contact Data: such as House registration address, current address, contact number (Mobile phone / Home phone number), LINE ID, Facebook account and various social media accounts, and other similar data that you have given us.
- IV. Sensitive Data: such as race, beliefs, religion, health information (including food and general allergies) and biometric data, including criminal history data. In the event that Company has unintentionally received it and has no intention to collect such data, will not use your sensitive data;
- V. Financial and Transactional Data: such as bank account number, credit card number, debit card number, bank statement, payment information, income information, expenditure information, tax deductible item, tax exemption list, provident fund.
- VI. Technical and Usage Data: such as IP Address, login information, website browsing information, cookie ID, device types and settings, platforms, and other technologies used to access the Company and the Company’s website.
- VII. Profile Data: such as username and password, interests, likes and information from survey responses.
- VIII. Marketing and Communication Data: such as Data Subjects’ preferences in receiving marketing materials from the company, and from third party. This also include contact information Data Subjects have with Company, such as from other social media channels.
- IX. Employment and Education data: such as employee ID number, employment history (including job titles, work history, and training records), education background, recruitment information (such as CV and cover letter), images and salary.
- X. Other Data: such as Information from CCTV both motion pictures, still picture, and your voice. This includes images of your property, such as vehicles, that are recorded in our premises, including the date and time of you enter or exit the parking lot or your parking fee information.
If you are unable to provide the personal data we request We may not be able to provide you with our services, such as not allowing you to use our parking lot, not allowing access to the Premiere Lounge, not being able to enter the building or the premises.
In the event that you have delivered documents provide us with identity verification, such as a copy of the identification card or other similar official documents that may contain sensitive data such as race, religion, blood group, you can conceal sensitive data before submitting the documents to us.
If you do not conceal such sensitive data, we reserves the right to do so, and it does not he collection of your sensitive data.
Personal Data excludes:
- I. Personal Data which is publicly available at the point of collection.
- II. Business contact information such as business phone number and business address.
- III. Anonymous data.
- IV. Deceased Person.
We also collect, use, and disclose aggregated data, such as statistical, and demographic information. The aggregated data may be derived from your Personal Data; however, the data is not considered as Personal Data since it cannot be used to identify a specific individual. For example, we may use some of your information after the process of anonymization in order to create statistical information of people who make a reservation through our website. We are aware that the data used must not be able to revert to identifiable information. If the data is then able to be used to identify a specific individual, we will consider it as Personal Data and processed in accordance with this Privacy Policy.
For personal data that is required by law, your consent is required before collecting. The company will collect only as needed. With the consent of the customer unless there is an exception by law Allowing the company to collect without obtaining the consent of the customer.
3. Website Third-party Links
Our website may lead you to a third-party website when you access the website. Such action may allow other websites to collect, use, or disclose your Personal Data. We are not responsible for any processing activities of Personal Data occurred on other websites. Hence, we encourage you to read the privacy policy of every websites you visit, for the interests of your data privacy.
4. Processing of Data in Legal Basis
We will process your Personal Data under following legal basis:
- 4.1 Consent: We process Personal Data based on consensual basis. In the event that you have provided us explicit consent to us, we will process your Personal Data within the scope of the purpose we have informed you.
- 4.2 Contract: We process Personal Data under the contractual basis. We use this legal basis when the processing of Personal Data is necessary to fulfill the contract for which you are a part of, or to use in fulfilling your request prior to entering into the contract. For example, processing your Personal Data is crucial to our ability to provide products and services as well as internal processes in achieving contractual objectives.
- 4.3 Legal Obligation: We process Personal Data in accordance with legal compliance, such as the prevention and detection of irregular transactions which may involve with illegal activities. For example, we have legal obligation to report your Personal Data to the Revenue Department or other government affairs as required by law.
- 4.4 Public Task: We process Personal Data under the necessity to carry out the mission for the public, or perform duties as the government agency has assigned to us.
- 4.5 Vital Interest: We process Personal Data under the necessity emergency medical situation to protect life and death of Data Subject or another natural Person.
- 4.6 Legitimate Interest: We process Personal Data under the necessity to take steps for our legitimate interests or other individual or juristic person which are not overriding your interests or fundamental rights and freedoms of the data subject.
- 4.7 Research Objective: We process Personal Data under the necessity to achieve the purpose relating to the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics
However, if you do not provide Personal Data to us, it may affect your inconveniences and may not be in compliance with our contract. Furthermore, it may affect certain legal compliance which can result in penalties.
5. Purpose of Personal Data Processing:
We collect, use, or disclose your Personal Data, for the following purposes;
- 5.1 To manage, provide, improve and develop products and services such as researching, marketing research Conducting surveys, assessments, analyzes or processing based on your interests or behavior. To create a positive experience in purchasing our products and services. Or improve marketing activities, campaigns, various communication channels In order to give you the utmost satisfaction.
- 5.2 To improve develop websites, platforms, applications to work efficiently and meet your needs.
- 5.3 For the benefit of authentication or identifying your identity when accessing various services or execution of a contract
- 5.4 To provide the following marketing & communication activities such as promotion, giving privileges, news notifications Information and benefits, campaigns, activities, competition events Various prizes sweepstakes, organizing loyalty programs, redeeming points, paying with points, drawing prizes, registering to participate in activities / receiving gifts / receiving vouchers, history of redemption / paying by points.
- 5.5 To be used in customer relationship management, such as your desired communication, answering questions, complaints, responding to complaints, providing assistance or facilitating you in the service.
- 5.6 To prevent, reduce risks and maintain safety in the area of the office building. In the area of the shopping mall, the place in charge of the company. Therefore, we have installed a closed circuit camera (CCTV) to record 24 hours a day.
- 5.7 To meet the purpose of procurement, product quality inspection and services/products performance assessment.
- 5.8 To comply with relevant laws and regulations and/or cooperate with the court, regulators, government agency and law enforcement bodies for exercising legal authority.
- 5.9 To exercise our right or protect our legitimate interest where it is necessary to do sol, for example, Investigation and prevention of misconduct, crime or breaking the law, track events.
- 5.10 To carry out the contract with our Business Partners.
- 5.11 To provide any other benefits that you have given consent for.
In the event that Company wishes to process sensitive data, Company has to acquired your explicit consent before or during the collection of such data
However, the collection, use, or disclosure of Personal Data will be processed on legal basis. We may process your Personal Data on different legal basis, depending on the purpose of data processing.
6. Personal Data Disclosure
We will not disclose your personal information to third parties without your consent unless there is a legal exception to us to collect, use or disclose without asking your consent. But if we have necessary to disclose your personal data We will only disclose the personal data as necessary to the entitled persons only. It is for the purposes described above in this Privacy Policy. It may be disclosed to individuals or entities. An example is as follows. The company provides website development services, platforms, applications, marketing and promotion services, Information service companies audit service company, The company provides installation and maintenance services for CCTV cameras, Security service company, Persons who are authorized to be representatives of the consulting firm, the consulting firm. Affiliates, subsidiaries, or business partners Government agency, etc.
7. Cross Boarder Transfer of Personal Data
We will not transfer personal data outside Thailand unless the personal data is protected with the same or higher standard of protection under this Policy. In the event that we have necessity to send or disclose customers’ personal data internationally, we will create personal data protection agreement or contract with the contracting partner in that country.
8. Data Security
We classify your Personal Data as confidential information and apply various security measures to be responsible for maintaining the confidentiality and safety of customer Personal Data in accordance to the agreements.
We have established procedures to handle data breach and will notify you according to legal requirement.
9. Data Retention
We will retain your Personal Data for a period according to the purpose for which it was collected and/or to comply with obligations under various laws and regulations.
In the case of video recording and / or audio from CCTV (CCTV), the retention period is 30-45 days from the date of recording. Picture and sound will be deleted automatically.
10. Data Subject Rights
States below are your rights as Data Subject under the Personal Data Protection Act that you should be aware of.
-
- 10.1 Right to Withdraw Consent: You have the right to withdraw your consent on which the collection, use, or disclose is based on at any time. As a result, we will stop the processing of your information as soon as possible and if we do not have other lawful basis which allow us to process your Personal Data, we will then delete your information.
- 10.2 Right to Access: You have the right to request access and to obtain a copy of your Personal Data related to you under our responsibility or to request disclosure of the acquisition of the Personal Data obtained without your consent. Once we have received the request, will proceed to comply within 30 days.
- 10.3 Right to Rectification: You have the right to request correction and rectification on your Personal Data to ensure that the data is correct, up-to-date, and complete.
Note: Customers using Terminal 21 Korat Reward Application can edit the personal information of the customer that has previously been provided. By logging into the system (Login) in the Application and going to the “Setting” menu and going to “Profile” to correct the information.
- 10.4 Right to Data Portability: You have the right to request us to send or transmit your Personal Data to another Data Controller by the transmission that can be done with automatic means. You also have the right to receive directly your Personal Data in the format that we send or transfer to another Data Controller, except where it is not technically feasible.
- 10.5 Right to Erasure: You have the right to request us to erase, destroy, or anonymized your Personal Data in the cases stated below:
- I. Personal Data is no longer necessary for the purpose in which it is collected for.
- II. Data Subject withdraw consent in processing Personal Data and we have no legal ground for further retaining or processing activity.
- III. Data Subject object processing of Personal Data for direct marketing purposes.
- IV. Processing of Personal Data is unlawful.
- 10.6 Right to Restriction of Processing: You have the right to restrict the processing of Personal Data if the stated conditions are met:
- I. Processing of Personal Data is no longer necessary but we can demonstrate that there is a compelling legitimate ground.
- II. Processing of Personal Data is unlawful but Data Subject wants to restrict the processing activity instead of deletion.
- III. Personal Data is under review for completeness and accuracy upon your request.
- IV. Processing of Personal Data is carried out for the establishment, compliance, or exercise /defense of legal claims.
- 10.7 Right to Object: You have the right to object the processing of Personal Data if the stated conditions are met:
- I. Personal Data is being processed for direct marketing purposes
- II. Personal Data is being processed for research purposes either in the field of science, history, or statistics, unless it is necessary to performance of a task carried out for reasons of public interest.
- III. Personal Data is collected for our necessity to carry out public tasks or for other legitimate ground. Unless we are able to demonstrate higher legitimate grounds, or the processing activity is to establish legal claims or compliance
- 10.8 Right to Lodge a Complaint: You have the right to submit complaint to the relevant government agencies in the event that Company’s employees, vendors, contractors, of the company violates or fail to comply with the personal data protection requirements.
11. Data Breach Notification
- 11.1 The Company shall maintain a record of all Personal Data breaches and notices. Record of Personal Data breaches shall include the fact of the incident, its effects, and the mitigation action planned or taken. The Personal Data breaches record is subjected to confidentiality and shall be kept and maintained by the Company.
- 11.2 Where the Company is of the view that a breach, including a potential or alleged breach, may have a material reputational or financial impact, the Company shall escalate the matter to the management. The management shall assess and determine whether to report to the relevant government agencies and/or notify the Data Subject involved.
- 11.3 The Company have to notify data breach, without undue delay and not later than 72 hours after the acknowledgement to the relevant government agencies, unless the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where it is highly likely to result in a risk to the rights and freedoms of natural persons, the Company shall notify data breach to the Data Subject without undue delay.
12. Contact Us
If you wish to exercise Data Subjects Rights, please click Data Subject Action Request Form (Data subject can start exercising when Personal Data Protection Act Effective from June 1, 2022 onwards.) or if you have any question or complain, you can contact us via the following channels:
Data protection officer of Terminal 21 Korat Shopping Mall
Location: Siam Retail Development Co.,Ltd. 587,589, 589/7-9 Ram Intra Road,
Khannayao Sub-district, Khannayao District, Bangkok, 10230
Phone Number: 02-947-5000 per 5923
Email Address: dpo@terminal21korat.in.th
Date : 1 August 2021