- Website Privacy Policy
- CCTV Privacy Policy
- Visitor Privacy Policy
Committed to Personal Data Protection
Point Avenue Limited is a legally registered “Juristic Person” operating its business in Thailand. Your privacy is very important to us. Accordingly, we have developed this Website Personal Data Protection policy, which conforms to Thai Law PDPA B.E. 2562, in order for you to understand who we are, how we collect, communicate, and disclose as well as make use of personal information. The following outlines our policy.
- Before or at the time of collecting personal information, we will identify the purpose for which the information is being collected.
- We will collect and use your personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes.
- We will only retain personal information as long as necessary for the fulfillment of those purposes.
- We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
- Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up to date.
- We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- We will make readily available to customers information about our policies and practices relating to the management of personal information.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
WHO WE ARE
Point Avenue Limited owns and operates the website located at https://pointavenue.co.th/, hereinafter we/us.
Definitions
WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT?
Forms:
When you submit an inquiry or request additional information, we only collect your first name, last name, your email address, telephone number, the subject of your question and your message to us, so that we can correspond and answer your questions or concerns.
Google Analytics:
Cookie Policy
This website uses cookies. Point Avenue Limited use cookies to personalize content, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Cookies are small text files that can be used by websites to make a user’s experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
Our website uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at aContent on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.ny time change or withdraw your consent from the Cookie Declaration on our website.
Embedded Content
Content on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
How long we retain your data
If you fill in our contact form, the contents and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up communications with you. We also store the personal information you provide in a user profile. We use this information to answer your questions or concerns and to relay information you want. Only authorized representatives of Point Avenue Limited can see this information.
Rights of the Data Subject (You)
The Data Subject is entitled to request access to and obtain copy of the Personal Data related to him or her, which is under the responsibility of the Data Controller, or to request the disclosure of the acquisition of the Personal Data obtained without his or her consent.
The Data Controller shall fulfill the request without delay, but shall not exceed 30 days from the date of receiving such request.
The request can be rejected by the Data Controller only where it is permitted by law or pursuant to a court order, and such access and obtaining a copy of the Personal Data would adversely affect the rights and freedoms of others.
The data subject shall have the right to request from the Data Controller, to erase or destroy the Personal Data, or anonymize the Personal Data to become anonymous data which cannot identify the data subject, where the following ground applies:
- The Personal Data is no longer necessary in relation to the purposes for which it was collected, used or disclosed.
- The data subject withdraws consent on which the collection, use, or disclosure is based on, and where the Data Controller has no legal ground for such collection, use, or disclosure.
- When the data subject completely object the Personal Data which is collected without consent under the exemption to consent requirements under Section 26 (4) (5)) and the Data Controller fails to prove the exception of such exemption (mentioned above).
- The Personal Data have been unlawfully collected, used, or disclosed under this law.
You can send your request for removal anytime to: dpo@pointavenue.com
Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
Changes to this Website Privacy Policy
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
Your Consent
By continuing to use our website you have given us consent to track your visit anonymously. We do not have any of your personal details at this time. If you do not want to be tracked even anonymously, simply close your browser or visit another website.
Contact Information
If you have questions, you can contact us at: dpo@pointavenue.com or visit us at 982/22 3rd Floor, Unit 3121-3122, Gateway Ekamai Shopping Center, Sukhumvit Road, Phra Khanong Subdistrict, Khlong Toei, Bangkok 10110 or call us at +66 2 105 338
Privacy Policy For CCTV Use
Point Avenue Thailand (the “Company”) uses closed-circuit television (CCTV) in and around the Company’s premises to monitor a specific space for the safety and security of the Company’s premises, assets, employees, customers, and visitors. This privacy notice provides information on the collection, use and disclosure of the personal data collected by the Company’s use of CCTV. This policy serves as notice on the Company’s CCTV use based on the Personal Data Protection Act, B.E.2562 (2019). The Company may update this notice from time to time.
Definitions
“Company” meansPoint Avenue Thailand and branches.
“Personal Data” means data related to a person which can identify that person regardless of whether it is directly or indirectly but does not include the data of a deceased person.
Samples of the personal data that the Company may collect include:
- Name-surname or nickname
- Identification number, passport number, work permit number, social security number, driving license number, taxpayer number, professional license number and various account numbers,
- Residential address, telephone number, mobile number and e-mail address, etc.
- Equipment or tools data such as IP address, MAC address, cookies, Line ID, etc.
- Biometric data such as photo of your face, fingerprints, X-ray film, voice identification data, video footage, genetic data, etc.
- Data identified properties of person like car registration, land title deeds, etc.
- Data which can link to identify a person such as date of birth, place of birth, race, nationality, religion, weight, height, location data, medical data, educational data, financial data, employment data, criminal records, etc.
- Data of skill, opinions of staffs, data of performance appraisal, including the opinion of the Company towards your performance, etc.
- Data of record used to follow up and inspect a person’s activities such as, log files, etc.
- Data which can be used by searching for persons on the internet.
“Data Controller” means person or juristic person authorized to make decision concerning compilation, use or revealing personal data.
“Data Processor” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such Person or juristic person is not the Data Controller.
“Data Subject” means common person who the company will collect data from.
“Data Protection Officer” means person who is assigned to have authority to advise and inspect the operation, coordination and cooperation with the Office of Personal Data Protection Committee including the related offices.
Policy and Practice Guide
The Company’s CCTV System has collected, used stored and disclosed Personal Data collected from Data Subjects and will continue to collect, use, store, and disclose personal information of its Data Subjects. The Company is dedicated to maintaining the accuracy, completeness, and to update personal information using lawful and fair means. The Company’s CCTV System will collect personal data as required to operate effectively and according to the authority and objectives of the Company’s business operations which are in accordance with the law. The Company notifies Data Subjects, by posting clearly marked signs, that the Company’s CCTV System is collecting data.
Methods of Collecting
The Company’s CCTV system captures the Data Subject, and all individuals as well as their belongings (such as vehicles) entering the monitored area in or around the Company’s premises and facilities 24 hours per day, every day.
What Personal Data is Collected?
- captured images, motion pictures, voice recordings
- individual’s belongings
- color, make, model of any of the above
- the activity of the Data Subject as they move around the Company’s premises
The Purpose for Personal Data Collection
The Company may collect, use, disclosure, or process your personal data; for the following objectives:
- to protect individuals’ life, body, health, personal safety, and belongings,
- to protect and prevent the Company’s premises, facilities and assets from damage, disruption, vandalism, and other crimes,
- to support law enforcement agencies in the prevention, detection, and prosecution of crime and to act as a deterrent against crimes,
- to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings,
- to assist in the investigation or proceedings concerning a whistleblowing complaint; and loment proceedings,
- to verify individuals’ identity.
Declarations
- The Company’s CCTV System is in operation 24 hours a day, except in case of system failure or maintenance.
- The Company installs CCTV cameras in clearly visible areas and shall not install in any private area such as bathrooms, changing rooms or rest rooms.
- The Company places signage in the monitored area to alert you that a CCTV System is in use and your personal data is being recorded.
Legal Basis for Collecting Personal Data
The Company’s CCTV System may collect, use, disclose, or process the Data Subject’s personal data for any of the following legal reasons.
- Vital Interest: The collection, use, disclosure, or processing is necessary for the prevention or suppression of a danger to a Data Subject’s life, body, or health.
- Legitimate Interest: It is in the Company’s legitimate interest to collect, use, disclose, or process the Data Subject’s personal data in order to achieve any of the purposes described above.
- Legal Obligations: The Company has a duty to comply with the legal obligations prescribed by the applicable laws, including but not limited to the laws regarding safety and environment in the workplace.
Disclosure of Personal Data
- The Company may disclose the personal data of a Data Subject to third parties if it is considered that the disclosure is necessary for the purposes described above.
- The Company may disclose the personal data of a Data Subject to law enforcement agencies if the disclosure is necessary for compliance with the legal obligations and to support or assist them in the prevention, detection, and prosecution of crime.
Period of Retention of Collected Personal Data
- The Company’s Sales Department may retain the Data Subject’s personal data no longer than is necessary to achieve the purposes described in this notice or as required by applicable laws.
- The Company’s Sales Department may need to retain the Data Subject’s personal data for so long as is necessary to deal with any disputes or legal proceedings that may arise.
- If the Company’s Sales Department no longer needs to retain the Data Subject’s personal data, the Company may destroy, delete, anonymize, or remove the Data subject’s personal data from their systems.
Protecting the Data Subjects’ Personal Data
Protecting the privacy of Data Subjects is extremely important to the Company and the Company has policies and procedures for data security. The company limits access to the Data Subject’s personal data to those who need it. The Company has implemented a variety of security measures in its best effort to ensure that the personal information contained in the company’s system is secure. Personal Data is stored on secure servers and networks, can only be accessed by authorized officers or processors who are given special permission to access such systems by the Company. Access to data requires a specific username and password and the password’s validity period is set.
Besides the above-mentioned measures and methods of safety protection, the Company uses an extremely high level of technology to protect personal data as listed below:
- Firewalls: to allow only authorized persons to access the Company’s data. The Company arranges its Firewall in layers (these are special security measures in place on the Company’s network) between the computer and internet system of the Company.
- Limited Access and MFA: The Company restricts access to systems containing sensitive data and enforces strong multi-factor authentication policies.
- Security Training: The Company regularly holds security training for its employees and employees learn how to handle data in their possession or data that they encounter through email or other electronic sources.
Rights of the Data Subject (You)
The Data Subject has the following rights pursuant to the law:
- Right to withdraw consent: The Data Subjects may withdraw their consent to the processing of personal data for which they have already given their consent to the Company, at any time, unless there is a limitation of their right to withdraw consent by law or contracts that provide benefits to the Data Subject which must not affect the collection, use or disclosure of information that the Data Subject has given their consent as required by law.
- Right to access personal data: The Data Subjects have the right to request access and obtain a copy of their personal data, which is under the responsibility of the company, or request the Company disclose the acquisition of such personal data in which the Data Subject did not give consent to the Company.
- Right to obtain personal data: The Data Subjects have the right to obtain personal information about themselves from the Company or personal information that the company has sent or transferred to another data controller unless by technical condition it is not possible. In the event that the company has personal data in a form that can be read or commonly used by electronic tools or devices that work automatically and that personal data can be used or disclosed by electronic means and provided that the exercise of that right must not infringe on the freedoms of others.
- The right to request the transmission or transfer of personal data: Data Subjects have the right to ask the company to send or transfer their personal information that the company has collected to another data controller when it can be done by electronic means, provided that the exercise of such rights shall not infringe upon the rights or freedoms of other persons.
- The right to object to the collection, use or disclosure of personal data: Data Subjects have the right to object to the collection, use or disclosure of personal information about them at any time. Unless it is a lawful collection, use or disclosure of personal information.
- Right to request erasure of personal data: Data Subjects have the right to request that the Company delete or destroy or make personal information non-identifiable to the person who holds the personal information, in the following cases:
- Such personal information is information that is no longer necessary to keep for the purpose of collecting, using, or disclosing personal information.
- When the subject of personal data withdraws consent for the collection, use or disclosure of personal information. And the company has no legal authority to collect, use or disclose personal information.
- When the Data Subject objects to the collection, use or disclosure of personal data and the Company cannot refuse such objection by law.
- When personal information of a Data Subject has been unlawfully collected, used, or disclosed.
- The right to request the suspension of the use of personal data: Data Subjects have the right to ask the company to suspend the use of personal information in the following cases.
- Such personal data is information that is currently being investigated in order to correct the information and make it current.
- When personal information has been unlawfully collected, used, or disclosed.
- Such personal information is no longer necessary to keep for the purpose of collecting, using, or disclosing. But the Company is required to keep the personal data for legal reasons.
- Such personal data is information that is in the process of rejecting objections by the Company.
- Right to correct personal data: Data Subjects have the right to ask the Company to correct their personal data so it could be accurate, current, complete and not cause any misunderstandings.
- Right to complain: Data Subjects have the right to complain to the Personal Data Protection Committee if the Company or its employees or contractors violate or fail to comply with the Personal Data Protection Act B.E. 2562.
The Participation of the Data Subject
- Using the Rights according to the list in Article 7, the Data Subject’s, successors, heirs, legal representative, caretakers, or legal guardians shall notify the Company in writing to proceed as requested within the period specified by law.
- The operation of the Company in accordance with the request above, pursuant to the rights of the Data Subject, may result in the limitation of services provided, or limiting of transactions or limiting any actions that can benefit the Data Subject, under the conditions of the company and according to the law.
Rights Reserved
The Company requests to reserve the rights to reject any requests under the rights of the data subject in the following cases.
- The law enables the Company to have the right to reject the request from the Data Subject.
- The personal data requested can be anonymized or made unidentifiable.
- The Data Subject has no evidence to attest that they are the owners of the personal data or the authorized person/stakeholder of the Data Subject.
- There is no personal data related to the Data Subject in the database of the Company.
- The Data Subject or the authorized person/stakeholder of the Data Subject makes multiple requests to the Company for the same reasons or for unreasonable purposes.
Adjustment to the Policy on Personal Data Protection
- The Company may adjust security measures in order to increase the efficiency of the security measures on its personal data collection, use, storage and disclosure. The Company will do so according to the highest standard specified by law.
- In case the Company makes any changes to this Policy, the Company shall notify the Data Subjects by publicizing on the Company’s website – https://pointavenue.co.th/
Contact Information
Data Controller: Point Avenue Co., Ltd
Data Processor: Point Avenue Co., Ltd and Partners
Address: 982/22 3rd Floor, Unit 3121-3122, Gateway Ekamai Shopping Center, Sukhumvit Road, Phra Khanong Subdistrict, Khlong Toei, Bangkok 10110
Phone: 02-105-3380
Data Protection Officer: James Pridmore
Email: dpo@pointavenue.com
Privacy Policy For Visitors to the Center
Point Avenue Co., Ltd. (“The Company”) values the personal data of the Visitors to the Company (“Data Subjects”), therefore the Company created this policy for Personal Data Protection to detail to its Data Subjects the objectives of compiling, using, revealing and processing their personal data including the period for keeping such personal data and explaining to them their rights as Data Subjects on the personal data collected based on the Personal Data Protection Act, B.E.2562 (2019). The Company reserves the right to update this notice from time to time.
Definitions
“Company” means Point Avenue Co., Ltd. and branches
“Personal Data” means data related to a person which can identify that person regardless of whether it is directly or indirectly but does not include the data of a deceased person.
Samples of the personal data that the Company may collect include:
- Name-surname or nickname
- Identification number, passport number, work permit number, social security number, driving license number, taxpayer number, professional license number and various account numbers,
- Residential address, telephone number, mobile number and e-mail address, etc.
- Equipment or tools data such as IP address, MAC address, cookies, Line ID, etc.
- Biometric data such as photo of your face, fingerprints, X-ray film, voice identification data, genetic data, etc.
- Data identified properties of person like car registration, land title deeds, etc.
- Data which can link to identify a person such as date of birth, place of birth, race, nationality, religion, weight, height, location data, medical data, educational data, financial data, employment data, criminal records, etc.
- Data of skill, opinions of staffs, data of performance appraisal, including the opinion of the Company towards your performance, etc.
- Data of record used to follow up and inspect a person’s activities such as, log files, etc.
- Data which can be used by searching for persons on the internet.
“Data Controller” means person or juristic person authorized to make decision concerning compilation, use or revealing personal data.
“Data Processor” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such Person or juristic person is not the Data Controller
“Data Subject” means common person who the company will collect data from
“Data Protection Officer” means person who is assigned to have authority to advise and inspect the operation, coordination and cooperation with the Office of Personal Data Protection Committee including the related offices.
Policy and Practice Guide
The Company has collected, used stored and disclosed Personal Data collected from Data Subjects and will continue to collect, use, store, and disclose personal information of Data Subjects. The Company is dedicated to maintaining the accuracy, completeness, and to update personal information using lawful and fair means. The Company will collect personal data as required in order to operate effectively and according to the authority and objectives of the Company’s business operations which are in accordance with the law. The company will notify the Data Subjects and seek their consent before collecting, using, storing, or disclosing their personal information, unless required by law and/or in other cases as set forth in this Policy.
Methods of Collecting Personal Data
The type of Personal Data that will be collected, used, stored and disclosed from a Data Subject shall be subject to the objectives of the Company which aims to collect Personal Data as required using both paper and digital forms as well as gathering information through telephone conversations and email.
Types of Personal Data Collected
- Contact details such as full name, address, telephone number, mobile number, email address;
- Personal details such as gender, nationality, occupation, date of birth, marital status, photograph, picture, voice records, signature, identification card number, passport number, tax identification number, including information from driving license, or other similar information from official government issued identification documents; and
- Other data such as CCTV data and video footage, and voice records taken on the company premises.
Purposes for Personal Data Collection
- to provide the Data Subject with company services and meet contractual obligations with the Data Subject, or enter into any agreements with the Data Subject, or to take any necessary steps before entering into such agreements.
- to verify the identity of the Data Subject and respond to their requests;
- to protect the security and integrity of the Company;
- to help improve the Company’s operations or products and services;
- to comply with the Company’s legal obligations and/or cooperate with courts, regulators, government authorities and law enforcement bodies for exercising the official authority vested in the Company;
- to exercise the Company’s rights or protect the legitimate interests where it is necessary to do so, for example, to detect or prevent fraud claims, intellectual property infringement claims, or violations of law;
- for public interest in protection of the Data Subject or other individuals on the company premises; and
- to prevent or suppress a danger to the Data Subject or others’ life, body or health, as the case may be.
If the Data Subject fails to provide the personal data requested, the company may not be able to provide services to Data Subject (for example, to respond to the Data Subject’s request at the reception).
When any third party gives personal data (“data giver”) of anyone related to the Data Subject to the Company, such as a guarantee for the Data Subject, that person giving the data to the Company has already been informed by the Data Subject that the data giver has given consent to the Company to collect, use, store, and disclose the data giver’s Personal Data as per the details of this Policy.
Legal Basis for Collecting Personal Data
The Company may collect, use, disclosure, or process the Data Subject’s personal data for any of the following legal reasons.
- Vital Interest: The collection, use, disclosure, or processing is necessary for the prevention or suppression of a danger to a Data Subject’s life, body, or health.
- Legitimate Interest: It is in the Company’s legitimate interest to collect, use, disclose, or process the Data Subject’s personal data in order to achieve any of the purposes described in Article 3 above.
- Legal Obligations: The Company has a duty to comply with the legal obligations prescribed by the applicable laws, including but not limited to the laws regarding safety and environment in the workplace.
Disclosure of Personal Data
- The Company may disclose the personal data of a Data Subject to third parties if it is considered that the disclosure is necessary for the purposes described above.
- The Company may disclose the personal data of a Data Subject to law enforcement agencies if the disclosure is necessary for compliance with the legal obligations and to support or assist them in the prevention, detection, and prosecution of crimes.
Period of Retention of Collected Personal Data
- The Company may retain the Data Subject’s personal data no longer than is necessary to achieve the purposes described in this notice or as required by applicable laws.
- The Company may need to retain the Data Subject’s personal data for so long as is necessary to deal with any disputes or legal proceedings that may arise.
- If the Company no longer needs to retain the Data Subject’s personal data, the Company may destroy, delete, anonymize, or remove the Data subject’s personal data from their systems.
Rights of the Data Subject
The Data Subject has the following rights pursuant to the law:
- Right to withdraw consent: The Data Subjects may withdraw their consent to the processing of personal data for which they have already given their consent to the Company, at any time, unless there is a limitation of their right to withdraw consent by law or contracts that provide benefits to the Data Subject which must not affect the collection, use or disclosure of information that the Data Subject has given their consent as required by law.
- Right to access personal data: The Data Subjects have the right to request access and obtain a copy of their personal data, which is under the responsibility of the company, or request the Company disclose the acquisition of such personal data in which the Data Subject did not give consent to the Company.
- Right to obtain personal data: The Data Subjects have the right to obtain personal information about themselves from the Company or personal information that the company has sent or transferred to another data controller unless by technical condition it is not possible. In the event that the company has personal data in a form that can be read or commonly used by electronic tools or devices that work automatically and that personal data can be used or disclosed by electronic means and provided that the exercise of that right must not infringe on the freedoms of others.
- The right to request the transmission or transfer of personal data: Data Subjects have the right to ask the company to send or transfer their personal information that the company has collected to another data controller when it can be done by electronic means, provided that the exercise of such rights shall not infringe upon the rights or freedoms of other persons.
- The right to object to the collection, use or disclosure of personal data: Data Subjects have the right to object to the collection, use or disclosure of personal information about them at any time. Unless it is a lawful collection, use or disclosure of personal information.
- Right to request erasure of personal data: Data Subjects have the right to request that the Company delete or destroy or make personal information non-identifiable to the person who holds the personal information, in the following cases:
- Such personal information is information that is no longer necessary to keep for the purpose of collecting, using, or disclosing personal information.
- When the subject of personal data withdraws consent for the collection, use or disclosure of personal information. And the company has no legal authority to collect, use or disclose personal information.
- When the Data Subject objects to the collection, use or disclosure of personal data and the Company cannot refuse such objection by law.
- When personal information of a Data Subject has been unlawfully collected, used, or disclosed.
- The right to request the suspension of the use of personal data: Data Subjects have the right to ask the company to suspend the use of personal information in the following cases.
- Such personal data is information that is currently being investigated in order to correct the information and make it current.
- When personal information has been unlawfully collected, used, or disclosed.
- Such personal information is no longer necessary to keep for the purpose of collecting, using, or disclosing. But the Company is required to keep the personal data for legal reasons.
- Such personal data is information that is in the process of rejecting objections by the Company.
- Right to correct personal data: Data Subjects have the right to ask the Company to correct their personal data so it could be accurate, current, complete and not cause any misunderstandings.
- Right to complain: Data Subjects have the right to complain to the Personal Data Protection Committee if the Company or its employees or contractors violate or fail to comply with the Personal Data Protection Act B.E. 2562.
Protecting the Data Subjects’ Personal Data
Protecting the privacy of data subjects is extremely important to the Company and the Company has policies and procedures for data security. The company limits access to the data subject’s personal data to those who need it. The Company has implemented a variety of security measures in its best effort to ensure that the personal information contained in the company’s system is secure. Personal data is stored on secure servers and networks, can only be accessed by authorized officers or processors who are given special permission to access such systems by the Company. Access to data requires a specific username and password and the password’s validity period is set.
Besides the above-mentioned measures and methods of safety protection, the Company uses a very high level of technology to protect personal data as listed below:
- Firewalls: to allow only authorized persons to access the Company’s data. The Company arranges its Firewall in layers (these are special security measures in place on the Company’s network) between the computer and internet system of the Company.
- Limited Access and MFA: The Company restricts access to systems containing sensitive data and enforces strong multi-factor authentication policies.
- Security Training: The Company regularly holds security training for its employees and employees learn how to handle data in their possession or data that they encounter through email or other electronic sources.
The Participation of the Data Subject
- Using the Rights according to the list in Article 7, the Data Subject’s, successors, heirs, legal representative, caretakers, or legal guardians shall notify the Company in writing to proceed as requested within the period specified by law.
- The operation of the Company in accordance with the request above, pursuant to the rights of the Data Subject, may result in the limitation of services provided, or limiting of transactions or limiting any actions that can benefit the Data Subject, under the conditions of the company and according to the law.
Rights Reserved
The Company requests to reserve the rights to reject any requests under the rights of a data subject in the following cases.
- The law enables the Company to have the right to reject the request from the Data Subject.
- The personal data requested can be anonymized or made unidentifiable.
- The Data Subject has no evidence to attest that they are the owners of the personal data or the authorized person/stakeholder of the Data Subject
- There is no personal data related to the Data Subject in the database of the Company.
- The Data Subject or the authorized person/stakeholder of the Data Subject makes multiple requests to the Company for the same reasons or for unreasonable purposes.
The Adjustment to the Policy on Personal Data Protection
- The Company may adjust security measures in order to increase the efficiency of the security measures on its personal data collection, use, storage and disclosure. The Company will do so according to the highest standard specified by law.
- In case the Company makes any changes to this Policy, the Company shall notify the Data Subjects by publicizing on the Company’s website https://pointavenue.co.th
Contact Information
Data Controller: Point Avenue Co., Ltd
Data Processor: Point Avenue Co., Ltd and Partners
Address: 982/22 3rd Floor, Unit 3121-3122, Gateway Ekamai Shopping Center, Sukhumvit Road, Phra Khanong Subdistrict, Khlong Toei, Bangkok 10110
Phone: 02-105-3380
Data Protection Officer: James Pridmore
Email: dpo@pointavenue.com
This page was updated on 4th October 2022