Obodroid Corporation Limited
This Policy applies to users who access to website/application, customers, any visitors of our offices, guests of our events (collectively referred to as “you” , “Data Subject”). “Personal Data” means any data that identifies you as an individual or relates to an identifiable individual, including but not limited to your name, address, profile picture, email address, phone number, IP address, shopping habits, preferences and information about your lifestyle.
If you are supplier/vendors, business partners or job applicants, please read other relevant privacy policies.
- What kind of personal data we collect
- Purpose of collection / use / disclosure of your personal data
- How we collect your personal data
- How we process your personal data
- Whom we share and disclose your personal data with
- How long we retain your personal data
- Your privacy rights and how you can exercise them
- How we protect your personal data
- Changes to this policy
- How to contact us
What kind of personal data we collect
In the course of our business, we may collect and process various types of personal data depending on your relationship with the Company, including:
– Contact data (including names, postal addresses, email addresses, and numbers)
– Personal detail (including gender, age, National Registration Identity Card, CCTV)
– User Account Information (including log-in details, email address, and other information provided through your account);
– Financial Information (including salary record, bank account information, credit card information);
– Transaction Information (including payment status, transaction history, receipt, invoice);
– Subscription Information (including consent record of the Company, its affiliates, or Business Partners;
– Behavior Information (including users’ behavior on websites or any platforms, consumer behavior for product and service, your location when you have visited our projects, your preferences and opinions.
– Information collected by electronic systems and other similar technologies including Log file or IP Address, which these information will be collected while you are using the online platform.
In some cases, we may request your explicit consent to collect sensitive information, including religion, race, ethnicity and criminal records, unless allowed or required by the applicable laws.
If you have provided personal information of third parties to us, we assume that you have the authority to provide personal information of third parties and the third party have allowed us to use the personal information for the purposes set out in this policy.
Purpose of collection / use / disclosure of your personal data
- To provide service which is requested by you, for example, in case you subscribe for information and promotion, the Company will only store and use basic information such as first name, last name, e-mail address and telephone number for any subsequent communication with you
- To improve website performance, create marketing plan, analyze data usage, evaluate the performance of service, improve and develop products and services of the Company.
- To comply with contracts to which you are a party or of which the Company uses services, such as to share your location information where the Company uses the location service of a third party.
- To pursue any legal actions, such as to prevent or cease any loss of life or damage to body or health of a person, for educational study or statistics in order to provide an appropriate measure to protect your rights and freedom.
- To serve any other purposes which have been notified at the time of collection of your Personal Data or any other purposes in relation to any of the above purposes.
We will not use or disclose your personal data UNLESS it is necessary for the purposes set out above or disclosed to any person in the Company or the parties involved in the contract, as required by law, governmental authority, supervision organization or with your consent.
How we collect your personal data
We may collect your personal data directly from you or indirectly through a variety of sources including, but not limited to:
- Online platforms: we may collect your personal data when you register for an account, participate in a survey, contest, or promotional offer, subscribe to receive promotional communications or otherwise connect with us.
- Offline interaction: we may collect your personal data from offline, such as when you visit our offices, contact us via phone, or attend our events or give us business cards.
- Our affiliates and business partners: in this case, we will consider and take appropriate measures to ensure that we are able to collect your personal data without violation of the applicable laws.
- Open-source material such as public website.
How we process your personal data
Generally, the Company will only process only personal data that is necessary to fulfil and in a lawful manner, which the lawful basis can be classified, as follows:
1) The purpose of which we have obtained your consent
- Marketing and Communications
When we cannot rely on other lawful basis, we will request your consent for the purpose of marketing and communication, including offering products or services of us, our affiliates, or business partners.
- Sending or Transferring your personal information overseas
Unless allowed or required by applicable laws, when we have to transfer your personal data to a country without adequate personal data protection standards for a personal data, we will request your consent prior to such transfer.
- Collection of sensitive data
When you voluntarily provide your sensitive data to us, it means that you have granted us the permission to use your sensitive data for the following purpose:
(a) Health Information, including congenital disease, blood group, food allergy, are collected for food preparing in the events.
(b) Religion is collected for the benefits of providing facilities to suit you;
(c) Race/Nationality may be collected when you provide the national registration identity card
(d) Criminal Record is collected for fraud prevention and security purpose
Please note that your sensitive data in form of anonymized information may be used for statistical purpose to develop products or services that will be better and more suitable for you.
We may process your personal data where we need to perform under the contract that we are about to enter into or have entered into with you, whether verbal or written contract, which including the following circumstances:
(a) Considering your eligibility and suitability before entering into a contract or providing a service to you.
(b) Taking any action in connection with contractual obligations between the Company and you, inkling contacting you to fulfil your obligation, sending the relevant documents.
(c) Verifying your identity when you prefer to exercise your rights under the contractual obligation between the Company and you.
3) Legitimate Interest
We may rely on our legitimate interests or third parties’ legitimate interest to process your personal data. In this case, necessity, data subject’s fundamental rights and interest will be considered. The following circumstances constitute a legitimate interest:
(a) We may rely on our security purpose, including when we collect visitors’ information, request ID cards in exchange for visitor card, record CCTV.
(b) We may rely on our internal management purpose, including when the company of DTGO companies enter into the event of merger or reorganization or similar event, we may transfer your personal data to third parties as part of such event on need to know basis.
(c) We may process your personal data to enhance and improve products and services for you and all customers of DTGO Companies.
(d) We may process your personal data for marketing and communications purposes which will not materially affect the fundamental rights and the data subjects has the right to opt-out at any time.
(e) During the event, seminar, or any other sale events, whether online or physical event, the photograph/ video, or audio may be recorded as a part of event’s atmosphere.
(f) Where we have a relationship with any juristic person, we may collect personal data of relevant individual, including copies of ID card and contact detail of authorized representatives.
(g) We may collect sales activities including interaction history, number of sales, appointment or contact record for performance analysis and enhancement purposes.
4) Other legal basis for processing your personal data
In addition to legal grounds specified in 1. – 3., the Company may rely on other legal grounds to process your personal data, including include where processing is necessary for compliance with a legal obligation; where processing is necessary to protect the vital interests of a data subject or another person; where processing is necessary for performance of a task carried out in the public interest in the exercise of official authority vested in the controller. The other legal grounds are processing for various purposes, including:
(a) to comply with the requirement on financial report required by auditors and/or government authorities and to cooperate with the law enforcement entities, government authorities, regulators and/or the court’s order regarding legal proceeding or investigation.
(b) to comply with the Computer Crime Laws in Thailand, we may need to record Log file.
Notwithstanding the foregoing, we may use your anonymized data for any purpose without your consent.
Whom we share and disclose your personal data with
We may share or transfer your personal data to the following recipient to fulfil and in accordance with the purposes under this Policy. The recipients may be located or have server(s) located in Thailand or outside Thailand. The recipients can be categorized as follows: (for each type including representatives its employees and directors)
(a) DTGO Companies
As Obodroid Corporation Limited is an affiliate of the DTGO Companies, by the nature of the internal management, we may share or disclose your personal data to other entities within DTGO Companies to fulfill and in accordance with the purposes under this Policy. For the purpose of sharing and transferring, the company will make sure that your personal information will be shared or transferred safely and having an appropriate standard for protection of personal data.
Any intra-group sharing shall be based on the necessity of each business as shown in the Table.
(b) Third Party Service Providers
The Company may disclose or share your personal data to third party service providers in the event that the company hires or appoints the third party service providers to process your personal data for/ on behalf of the company for the purposes specified in this Policy, including for website administrative management, delivery of products/services, marketing, data storage, IT solution, payment system.
(d) Business partners
We may share your personal data to our business partners when they jointly offer products or services jointly with us; when we offer their products/services to you.
(e) Third parties required by law
In order to comply with the applicable laws or regulations, we may be required to disclose or share your personal information to competent authorities, courts, or any other persons, which their right is specific defined by laws or if or there is reason to believe that such disclosure is necessary to protect the rights of the Company or third parties.
Where the Company discloses or transfers personal data to any third parties, other than DTGO Companies, the Company will enter into an agreement with the third party setting out the purposes of processing and the respective obligations of each party in place to protect data against unauthorized or accidental use, access, disclosure, damage, loss, or destruction.
Where your personal data is transferred to a third party or servers located outside Thailand, the company will take any necessary measures to ensure that personal data is transferred safely with appropriate privacy protection measures.
How long we retain your personal data
We will only retain the personal data for as long as necessary to fulfill the purposes for which we collected it, and to the extent permitted by the Personal Data Protection Act B.E. 2562 or other applicable laws.
We have prepared schedules to specify the appropriate retention periods to ensure that when we no longer need to use your personal data we will remove it from our systems and records and/or take steps to anonymize it so that you can no longer be identified from it.
Your privacy rights and how you can exercise them
Under the Personal Data Act B.E. 2562, you have the following rights that you may exercise in relation to your Personal Data processed by us as follows:
- The right to receive a copy of your personal data processed by us and to obtain other information about how we collect/process your personal data and why we process your personal data. Your personal data will generally be provided to you in electronic form.
- The right to rectify inaccurate, incomplete, or misleading personal data relating to you.
- The right to request the erasure, destruction, anonymization of your personal data.
- The right to request to restrict the processing of your personal data.
- The right to ask that we transfer the personal data to another data controller (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
- The right to object to any processing which is based on our legitimate purpose or other legal ground.
- The right to withdraw your consent, at any time, where we process personal data based on consent at any time. However, we may continue processing your personal data based on another legal basis.
If you would like to exercise your rights, ask questions, or complain about unlawful processing, you may send your request at email firstname.lastname@example.org. We will require you to identify yourself before meeting your request. Normally, we will respond to you in writing via email, as soon as practicable, within 30 days upon receiving your request with clear information.
We are entitled to reject your request if your rights are conditional as prescribed by laws. In addition, normally, there is no charge to make a request, however we reserve the right to charge a reasonable fee if the request is unreasonable or complex.
You also have the right to lodge a complaint to the Data Protection Committee if your request is rejected and you are dissatisfied with our reasons or the response is not provided to you within the period.
How we protect your personal data
We have implemented (has required third parties to implement) appropriate technical and physical measures to safeguard and protect personal data from unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data.
How to contact us
The Company is deemed to be a Data Controller under the Personal Data Protection Act B.E.2562. If you have any question or would like to exercise your rights, you may contact us at the following address:
Attn: Personal Data Protection Office
Address: Obodroid Corporation Limited
Whizdom Essence Sukhumvit 5/665 Floor 1
5 Sukhumvit Road, Bang Chak, Phra Khanong, Bangkok 10260
Phone: 02-2880481 (ext. 313-314)