- Website Privacy Policy
- CCTV Privacy Policy
- Visitor Privacy Policy
ความมุ่งมั่นในการคุ้มครองข้อมูลส่วนบุคคล
บริษัท พอยท์ อเวนิว จำกัด เป็น "นิติบุคคล" ที่จดทะเบียนถูกต้องตามกฎหมายที่ดำเนินธุรกิจในประเทศไทย ความเป็นส่วนตัวของคุณมีความสำคัญมากสำหรับเรา ด้วยเหตุนี้ เราจึงได้พัฒนานโยบายคุ้มครองข้อมูลส่วนบุคคลของเว็บไซต์นี้ ซึ่งสอดคล้องกับกฎหมายไทย พระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562 เพื่อให้คุณเข้าใจว่าเราเป็นใคร เรารวบรวม สื่อสาร และเปิดเผยอย่างไร รวมทั้งการใช้ข้อมูลส่วนบุคคล ต่อไปนี้เป็นโครงสร้างนโยบายของเรา
- ก่อนหรือในขณะที่รวบรวมข้อมูลส่วนบุคคล เราจะระบุวัตถุประสงค์ในการรวบรวมข้อมูล
- เราจะรวบรวมและใช้ข้อมูลส่วนบุคคลของคุณโดยมีวัตถุประสงค์เพื่อบรรลุวัตถุประสงค์ที่ระบุไว้โดยเราและเพื่อวัตถุประสงค์ที่เข้ากันได้อื่น ๆ เท่านั้น
- เราจะเก็บรักษาข้อมูลส่วนบุคคลตราบเท่าที่จำเป็นเพื่อให้เป็นไปตามวัตถุประสงค์เหล่านั้น
- เราจะรวบรวมข้อมูลส่วนบุคคลด้วยวิธีการที่ถูกต้องตามกฎหมายและยุติธรรม และตามความเหมาะสม ด้วยความรู้หรือความยินยอมของบุคคลที่เกี่ยวข้อง
- ข้อมูลส่วนบุคคลควรมีความเกี่ยวข้องกับวัตถุประสงค์ในการใช้งาน และในขอบเขตที่จำเป็นสำหรับวัตถุประสงค์เหล่านั้น ควรมีความถูกต้อง ครบถ้วน และเป็นปัจจุบัน
- เราจะปกป้องข้อมูลส่วนบุคคลด้วยการป้องกันความปลอดภัยที่เหมาะสมจากการสูญหายหรือการโจรกรรม ตลอดจนการเข้าถึง เปิดเผย คัดลอก ใช้หรือแก้ไขโดยไม่ได้รับอนุญาต
- เราจะจัดเตรียมข้อมูลให้กับลูกค้าเกี่ยวกับนโยบายและแนวปฏิบัติที่เกี่ยวข้องกับการจัดการข้อมูลส่วนบุคคล
เรามีความมุ่งมั่นที่จะดำเนินธุรกิจของเราตามหลักการเหล่านี้เพื่อให้แน่ใจว่าการรักษาความลับของข้อมูลส่วนบุคคลได้รับการคุ้มครองและดูแลรักษา
WHO WE ARE
บริษัท พอยท์ อเวนิว จำกัด เป็นเจ้าของและดำเนินการเว็บไซต์ที่ตั้งอยู่ https://pointavenue.co.th/ ซึ่งต่อไปนี้คือพวกเรา/เรา
คำจำกัดความ
WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT?
แบบฟอร์ม:
เมื่อคุณส่งคำถามหรือขอข้อมูลเพิ่มเติม เราจะรวบรวมเฉพาะชื่อ นามสกุล ที่อยู่อีเมล หมายเลขโทรศัพท์ หัวข้อคำถาม และข้อความของคุณถึงเราเท่านั้น เพื่อให้เราสามารถโต้ตอบและตอบคำถามหรือข้อกังวลของคุณได้
Google Analytics:
นโยบายคุกกี้
เว็บไซต์นี้ใช้คุกกี้ บริษัท พอยท์ อเวนิว จำกัด ใช้คุกกี้เพื่อปรับแต่งเนื้อหา เพื่อมอบคุณสมบัติโซเชียลมีเดีย และเพื่อวิเคราะห์การเข้าชมของเรา เรายังแบ่งปันข้อมูลเกี่ยวกับการใช้งานเว็บไซต์ของคุณกับโซเชียลมีเดียของเรา และพันธมิตรด้านการวิเคราะห์ที่อาจรวมเข้ากับข้อมูลอื่น ๆ ที่คุณมอบให้พวกเขาหรือที่พวกเขาได้รวบรวมจากการใช้บริการของคุณ
คุกกี้คือไฟล์ข้อความขนาดเล็กที่เว็บไซต์สามารถใช้เพื่อทำให้ประสบการณ์ของผู้ใช้มีประสิทธิภาพมากขึ้น
กฎหมายระบุว่าเราสามารถจัดเก็บคุกกี้บนอุปกรณ์ของคุณได้หากมีความจำเป็นอย่างยิ่งต่อการทำงานของเว็บไซต์นี้ สำหรับคุกกี้ประเภทอื่นๆ ทั้งหมด เราต้องได้รับอนุญาตจากคุณ
เว็บไซต์ของเราใช้คุกกี้ประเภทต่างๆ คุกกี้บางตัวถูกวางโดยบริการของบุคคลที่สามที่ปรากฏบนหน้าเว็บของเรา
You can at aContent on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.ny time change or withdraw your consent from the Cookie Declaration on our website.
เนื้อหาที่ฝังตัว
เนื้อหาในเว็บไซต์นี้อาจรวมถึงเนื้อหาที่ฝังอยู่ (เช่น วิดีโอ รูปภาพ บทความ ฯลฯ) เนื้อหาที่ฝังจากเว็บไซต์อื่นมีลักษณะเหมือนกับว่าผู้เยี่ยมชมได้เยี่ยมชมเว็บไซต์อื่น เว็บไซต์เหล่านี้อาจเก็บรวบรวมข้อมูลเกี่ยวกับคุณ ใช้คุกกี้ ฝังการติดตามบุคคลที่สามเพิ่มเติม และตรวจสอบการโต้ตอบของคุณกับเนื้อหาที่ฝังตัวนั้น รวมถึงการติดตามการโต้ตอบของคุณกับเนื้อหาที่ฝังไว้ หากคุณมีบัญชีและลงชื่อเข้าใช้เว็บไซต์นั้น
เราเก็บรักษาข้อมูลของคุณไว้นานแค่ไหน
หากคุณกรอกแบบฟอร์มการติดต่อของเรา เนื้อหาและข้อมูลเมตาจะถูกเก็บไว้อย่างไม่มีกำหนด เพื่อให้เราสามารถรับรู้และอนุมัติการสื่อสารติดตามผลใดๆ กับคุณ เรายังจัดเก็บข้อมูลส่วนบุคคลที่คุณให้ไว้ในโปรไฟล์ผู้ใช้ เราใช้ข้อมูลนี้เพื่อตอบคำถามหรือข้อกังวลของคุณและเพื่อถ่ายทอดข้อมูลที่คุณต้องการ เฉพาะผู้ดูแลเว็บไซต์ที่ได้รับอนุญาตเท่านั้นที่สามารถดูและแก้ไขข้อมูลนั้นได้
Rights of the Data Subject (You)
เจ้าของข้อมูล มีสิทธิ์ร้องขอการเข้าถึงและรับสำเนาของข้อมูลส่วนบุคคลที่เกี่ยวข้องกับเขาหรือเธอ ซึ่งอยู่ภายใต้ความรับผิดชอบของผู้ควบคุมข้อมูล หรือขอให้เปิดเผยการได้มาซึ่งข้อมูลส่วนบุคคลที่ได้รับโดยไม่ได้รับความยินยอมจากเขาหรือเธอ
ผู้ควบคุมข้อมูล จะต้องดำเนินการตามคำขอโดยไม่ชักช้า แต่จะต้องไม่เกิน 30 วัน นับจากวันที่ได้รับคำขอดังกล่าว
ผู้ควบคุมข้อมูลสามารถปฏิเสธคำขอได้ก็ต่อเมื่อได้รับอนุญาตตามกฎหมายหรือตามคำสั่งศาล และการเข้าถึงและการได้รับสำเนาข้อมูลส่วนบุคคลดังกล่าวจะส่งผลเสียต่อสิทธิและเสรีภาพของผู้อื่น
เจ้าของข้อมูลมีสิทธิที่จะร้องขอจากผู้ควบคุมข้อมูล ให้ลบหรือทำลายข้อมูลส่วนบุคคล หรือปิดบังข้อมูลส่วนบุคคลให้เป็นข้อมูลที่ไม่ระบุตัวตนซึ่งไม่สามารถระบุเจ้าของข้อมูลได้ โดยมีเหตุผลดังต่อไปนี้:
- ข้อมูลส่วนบุคคลนั้นไม่จำเป็นอีกต่อไปเกี่ยวกับวัตถุประสงค์ในการรวบรวม ใช้ หรือเปิดเผยข้อมูลดังกล่าว
- เจ้าของข้อมูลเพิกถอนความยินยอมซึ่งการรวบรวม ใช้ หรือเปิดเผยขึ้นอยู่กับ และในกรณีที่ผู้ควบคุมข้อมูลไม่มีเหตุทางกฎหมายสำหรับการเก็บรวบรวม ใช้ หรือเปิดเผยดังกล่าว
- เมื่อเจ้าของข้อมูลคัดค้านข้อมูลส่วนบุคคลที่รวบรวมโดยไม่ได้รับความยินยอมภายใต้ข้อยกเว้นตามข้อกำหนดค วามยินยอมตามมาตรา 26 (4) (5)) และผู้ควบคุมข้อมูลไม่สามารถพิสูจน์ข้อยกเว้นของการยกเว้นดังกล่าวได้ (ที่กล่าวถึงข้างต้น)
- ข้อมูลส่วนบุคคลถูกรวบรวม ใช้ หรือเปิดเผยอย่างผิดกฎหมายภายใต้กฎหมายนี้
คุณสามารถส่งคำขอเพื่อลบได้ตลอดเวลาที่: dpo@pointavenue.com
ความปลอดภัย
เพื่อปกป้องข้อมูลส่วนบุคคลของคุณ เราใช้มาตรการป้องกันที่เหมาะสมและปฏิบัติตามแนวทางปฏิบัติที่ดีที่สุดในอุตสาหกรรม เพื่อให้แน่ใจว่าจะไม่สูญหาย นำไปใช้ในทางที่ผิด เข้าถึง เปิดเผย เปลี่ยนแปลง หรือทำลายอย่างไม่เหมาะสม
การเปลี่ยนแปลงนโยบายความเป็นส่วนตัวของเว็บไซต์นี้
เราขอสงวนสิทธิ์ในการแก้ไขนโยบายความเป็นส่วนตัวนี้ได้ทุกเมื่อ ดังนั้น โปรดตรวจสอบบ่อยๆ การเปลี่ยนแปลงและการชี้แจงจะมีผลทันทีที่โพสต์บนเว็บไซต์ หากเราทำการเปลี่ยนแปลงเนื้อหาในนโยบายนี้ เราจะแจ้งให้คุณทราบที่นี่ว่าได้รับการปรับปรุงแล้ว เพื่อให้คุณทราบว่าข้อมูลใดที่เรารวบรวม เราใช้ข้อมูลอย่างไร และภายใต้สถานการณ์ใด หากมีเราใช้และ/หรือเปิดเผยมัน.
ความยินยอมของคุณ
การใช้เว็บไซต์ของเราต่อไปแสดงว่าคุณยินยอมให้เราติดตามการเยี่ยมชมของคุณโดยไม่ระบุชื่อ เราไม่มีรายละเอียดส่วนบุคคลของคุณในขณะนี้ หากคุณไม่ต้องการถูกติดตามโดยไม่ระบุตัวตน เพียงแค่ปิดเบราว์เซอร์ของคุณหรือไปที่เว็บไซต์อื่น
Contact Information
If you have questions, you can contact us at: dpo@pointavenue.com or visit us at 982/22 3rd Floor, Unit 3121-3122, Gateway Ekamai Shopping Center, Sukhumvit Road, Phra Khanong Subdistrict, Khlong Toei, Bangkok 10110 or call us at +66 2 105 338
Privacy Policy For CCTV Use
Point Avenue Thailand (the “Company”) uses closed-circuit television (CCTV) in and around the Company’s premises to monitor a specific space for the safety and security of the Company’s premises, assets, employees, customers, and visitors. This privacy notice provides information on the collection, use and disclosure of the personal data collected by the Company’s use of CCTV. This policy serves as notice on the Company’s CCTV use based on the Personal Data Protection Act, B.E.2562 (2019). The Company may update this notice from time to time.
คำจำกัดความ
“Company” meansPoint Avenue Thailand and branches.
“ข้อมูลส่วนบุคคล” means data related to a person which can identify that person regardless of whether it is directly or indirectly but does not include the data of a deceased person.
Samples of the personal data that the Company may collect include:
- Name-surname or nickname
- Identification number, passport number, work permit number, social security number, driving license number, taxpayer number, professional license number and various account numbers,
- Residential address, telephone number, mobile number and e-mail address, etc.
- Equipment or tools data such as IP address, MAC address, cookies, Line ID, etc.
- Biometric data such as photo of your face, fingerprints, X-ray film, voice identification data, video footage, genetic data, etc.
- Data identified properties of person like car registration, land title deeds, etc.
- Data which can link to identify a person such as date of birth, place of birth, race, nationality, religion, weight, height, location data, medical data, educational data, financial data, employment data, criminal records, etc.
- Data of skill, opinions of staffs, data of performance appraisal, including the opinion of the Company towards your performance, etc.
- Data of record used to follow up and inspect a person’s activities such as, log files, etc.
- Data which can be used by searching for persons on the internet.
“ผู้ควบคุมข้อมูล” means person or juristic person authorized to make decision concerning compilation, use or revealing personal data.
“ผู้ประมวลผลข้อมูล” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such Person or juristic person is not the Data Controller.
“เจ้าของข้อมูล” means common person who the company will collect data from.
“เจ้าหน้าที่คุ้มครองข้อมูล” means person who is assigned to have authority to advise and inspect the operation, coordination and cooperation with the Office of Personal Data Protection Committee including the related offices.
Policy and Practice Guide
The Company’s CCTV System has collected, used stored and disclosed Personal Data collected from Data Subjects and will continue to collect, use, store, and disclose personal information of its Data Subjects. The Company is dedicated to maintaining the accuracy, completeness, and to update personal information using lawful and fair means. The Company’s CCTV System will collect personal data as required to operate effectively and according to the authority and objectives of the Company’s business operations which are in accordance with the law. The Company notifies Data Subjects, by posting clearly marked signs, that the Company’s CCTV System is collecting data.
Methods of Collecting
The Company’s CCTV system captures the Data Subject, and all individuals as well as their belongings (such as vehicles) entering the monitored area in or around the Company’s premises and facilities 24 hours per day, every day.
What Personal Data is Collected?
- captured images, motion pictures, voice recordings
- individual’s belongings
- color, make, model of any of the above
- the activity of the Data Subject as they move around the Company’s premises
The Purpose for Personal Data Collection
The Company may collect, use, disclosure, or process your personal data; for the following objectives:
- to protect individuals’ life, body, health, personal safety, and belongings,
- to protect and prevent the Company’s premises, facilities and assets from damage, disruption, vandalism, and other crimes,
- to support law enforcement agencies in the prevention, detection, and prosecution of crime and to act as a deterrent against crimes,
- to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings,
- to assist in the investigation or proceedings concerning a whistleblowing complaint; and loment proceedings,
- to verify individuals’ identity.
Declarations
- The Company’s CCTV System is in operation 24 hours a day, except in case of system failure or maintenance.
- The Company installs CCTV cameras in clearly visible areas and shall not install in any private area such as bathrooms, changing rooms or rest rooms.
- The Company places signage in the monitored area to alert you that a CCTV System is in use and your personal data is being recorded.
Legal Basis for Collecting Personal Data
The Company’s CCTV System may collect, use, disclose, or process the Data Subject’s personal data for any of the following legal reasons.
- Vital Interest: The collection, use, disclosure, or processing is necessary for the prevention or suppression of a danger to a Data Subject’s life, body, or health.
- Legitimate Interest: It is in the Company’s legitimate interest to collect, use, disclose, or process the Data Subject’s personal data in order to achieve any of the purposes described above.
- Legal Obligations: The Company has a duty to comply with the legal obligations prescribed by the applicable laws, including but not limited to the laws regarding safety and environment in the workplace.
Disclosure of Personal Data
- The Company may disclose the personal data of a Data Subject to third parties if it is considered that the disclosure is necessary for the purposes described above.
- The Company may disclose the personal data of a Data Subject to law enforcement agencies if the disclosure is necessary for compliance with the legal obligations and to support or assist them in the prevention, detection, and prosecution of crime.
Period of Retention of Collected Personal Data
- The Company’s Sales Department may retain the Data Subject’s personal data no longer than is necessary to achieve the purposes described in this notice or as required by applicable laws.
- The Company’s Sales Department may need to retain the Data Subject’s personal data for so long as is necessary to deal with any disputes or legal proceedings that may arise.
- If the Company’s Sales Department no longer needs to retain the Data Subject’s personal data, the Company may destroy, delete, anonymize, or remove the Data subject’s personal data from their systems.
Protecting the Data Subjects’ Personal Data
Protecting the privacy of Data Subjects is extremely important to the Company and the Company has policies and procedures for data security. The company limits access to the Data Subject’s personal data to those who need it. The Company has implemented a variety of security measures in its best effort to ensure that the personal information contained in the company’s system is secure. Personal Data is stored on secure servers and networks, can only be accessed by authorized officers or processors who are given special permission to access such systems by the Company. Access to data requires a specific username and password and the password’s validity period is set.
Besides the above-mentioned measures and methods of safety protection, the Company uses an extremely high level of technology to protect personal data as listed below:
- Firewalls: to allow only authorized persons to access the Company’s data. The Company arranges its Firewall in layers (these are special security measures in place on the Company’s network) between the computer and internet system of the Company.
- Limited Access and MFA: The Company restricts access to systems containing sensitive data and enforces strong multi-factor authentication policies.
- Security Training: The Company regularly holds security training for its employees and employees learn how to handle data in their possession or data that they encounter through email or other electronic sources.
Rights of the Data Subject (You)
The Data Subject has the following rights pursuant to the law:
- Right to withdraw consent: The Data Subjects may withdraw their consent to the processing of personal data for which they have already given their consent to the Company, at any time, unless there is a limitation of their right to withdraw consent by law or contracts that provide benefits to the Data Subject which must not affect the collection, use or disclosure of information that the Data Subject has given their consent as required by law.
- Right to access personal data: The Data Subjects have the right to request access and obtain a copy of their personal data, which is under the responsibility of the company, or request the Company disclose the acquisition of such personal data in which the Data Subject did not give consent to the Company.
- Right to obtain personal data: The Data Subjects have the right to obtain personal information about themselves from the Company or personal information that the company has sent or transferred to another data controller unless by technical condition it is not possible. In the event that the company has personal data in a form that can be read or commonly used by electronic tools or devices that work automatically and that personal data can be used or disclosed by electronic means and provided that the exercise of that right must not infringe on the freedoms of others.
- The right to request the transmission or transfer of personal data: Data Subjects have the right to ask the company to send or transfer their personal information that the company has collected to another data controller when it can be done by electronic means, provided that the exercise of such rights shall not infringe upon the rights or freedoms of other persons.
- The right to object to the collection, use or disclosure of personal data: Data Subjects have the right to object to the collection, use or disclosure of personal information about them at any time. Unless it is a lawful collection, use or disclosure of personal information.
- Right to request erasure of personal data: Data Subjects have the right to request that the Company delete or destroy or make personal information non-identifiable to the person who holds the personal information, in the following cases:
- Such personal information is information that is no longer necessary to keep for the purpose of collecting, using, or disclosing personal information.
- When the subject of personal data withdraws consent for the collection, use or disclosure of personal information. And the company has no legal authority to collect, use or disclose personal information.
- When the Data Subject objects to the collection, use or disclosure of personal data and the Company cannot refuse such objection by law.
- When personal information of a Data Subject has been unlawfully collected, used, or disclosed.
- The right to request the suspension of the use of personal data: Data Subjects have the right to ask the company to suspend the use of personal information in the following cases.
- Such personal data is information that is currently being investigated in order to correct the information and make it current.
- When personal information has been unlawfully collected, used, or disclosed.
- Such personal information is no longer necessary to keep for the purpose of collecting, using, or disclosing. But the Company is required to keep the personal data for legal reasons.
- Such personal data is information that is in the process of rejecting objections by the Company.
- Right to correct personal data: Data Subjects have the right to ask the Company to correct their personal data so it could be accurate, current, complete and not cause any misunderstandings.
- Right to complain: Data Subjects have the right to complain to the Personal Data Protection Committee if the Company or its employees or contractors violate or fail to comply with the Personal Data Protection Act B.E. 2562.
The Participation of the Data Subject
- Using the Rights according to the list in Article 7, the Data Subject’s, successors, heirs, legal representative, caretakers, or legal guardians shall notify the Company in writing to proceed as requested within the period specified by law.
- The operation of the Company in accordance with the request above, pursuant to the rights of the Data Subject, may result in the limitation of services provided, or limiting of transactions or limiting any actions that can benefit the Data Subject, under the conditions of the company and according to the law.
Rights Reserved
The Company requests to reserve the rights to reject any requests under the rights of the data subject in the following cases.
- The law enables the Company to have the right to reject the request from the Data Subject.
- The personal data requested can be anonymized or made unidentifiable.
- The Data Subject has no evidence to attest that they are the owners of the personal data or the authorized person/stakeholder of the Data Subject.
- There is no personal data related to the Data Subject in the database of the Company.
- The Data Subject or the authorized person/stakeholder of the Data Subject makes multiple requests to the Company for the same reasons or for unreasonable purposes.
Adjustment to the Policy on Personal Data Protection
- The Company may adjust security measures in order to increase the efficiency of the security measures on its personal data collection, use, storage and disclosure. The Company will do so according to the highest standard specified by law.
- In case the Company makes any changes to this Policy, the Company shall notify the Data Subjects by publicizing on the Company’s website – https://pointavenue.co.th/
Contact Information
Data Controller: Point Avenue Co., Ltd
Data Processor: Point Avenue Co., Ltd and Partners
Address: 982/22 3rd Floor, Unit 3121-3122, Gateway Ekamai Shopping Center, Sukhumvit Road, Phra Khanong Subdistrict, Khlong Toei, Bangkok 10110
Phone: 02-105-3380
Data Protection Officer: James Pridmore
Email: dpo@pointavenue.com
Privacy Policy For Visitors to the Center
Point Avenue Co., Ltd. (“The Company”) values the personal data of the Visitors to the Company (“Data Subjects”), therefore the Company created this policy for Personal Data Protection to detail to its Data Subjects the objectives of compiling, using, revealing and processing their personal data including the period for keeping such personal data and explaining to them their rights as Data Subjects on the personal data collected based on the Personal Data Protection Act, B.E.2562 (2019). The Company reserves the right to update this notice from time to time.
คำจำกัดความ
“Company” means Point Avenue Co., Ltd. and branches
“ข้อมูลส่วนบุคคล” means data related to a person which can identify that person regardless of whether it is directly or indirectly but does not include the data of a deceased person.
Samples of the personal data that the Company may collect include:
- Name-surname or nickname
- Identification number, passport number, work permit number, social security number, driving license number, taxpayer number, professional license number and various account numbers,
- Residential address, telephone number, mobile number and e-mail address, etc.
- Equipment or tools data such as IP address, MAC address, cookies, Line ID, etc.
- Biometric data such as photo of your face, fingerprints, X-ray film, voice identification data, genetic data, etc.
- Data identified properties of person like car registration, land title deeds, etc.
- Data which can link to identify a person such as date of birth, place of birth, race, nationality, religion, weight, height, location data, medical data, educational data, financial data, employment data, criminal records, etc.
- Data of skill, opinions of staffs, data of performance appraisal, including the opinion of the Company towards your performance, etc.
- Data of record used to follow up and inspect a person’s activities such as, log files, etc.
- Data which can be used by searching for persons on the internet.
“ผู้ควบคุมข้อมูล” means person or juristic person authorized to make decision concerning compilation, use or revealing personal data.
“ผู้ประมวลผลข้อมูล” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such Person or juristic person is not the Data Controller
“เจ้าของข้อมูล” means common person who the company will collect data from
“เจ้าหน้าที่คุ้มครองข้อมูล” means person who is assigned to have authority to advise and inspect the operation, coordination and cooperation with the Office of Personal Data Protection Committee including the related offices.
Policy and Practice Guide
The Company has collected, used stored and disclosed Personal Data collected from Data Subjects and will continue to collect, use, store, and disclose personal information of Data Subjects. The Company is dedicated to maintaining the accuracy, completeness, and to update personal information using lawful and fair means. The Company will collect personal data as required in order to operate effectively and according to the authority and objectives of the Company’s business operations which are in accordance with the law. The company will notify the Data Subjects and seek their consent before collecting, using, storing, or disclosing their personal information, unless required by law and/or in other cases as set forth in this Policy.
Methods of Collecting Personal Data
The type of Personal Data that will be collected, used, stored and disclosed from a Data Subject shall be subject to the objectives of the Company which aims to collect Personal Data as required using both paper and digital forms as well as gathering information through telephone conversations and email.
Types of Personal Data Collected
- Contact details such as full name, address, telephone number, mobile number, email address;
- Personal details such as gender, nationality, occupation, date of birth, marital status, photograph, picture, voice records, signature, identification card number, passport number, tax identification number, including information from driving license, or other similar information from official government issued identification documents; and
- Other data such as CCTV data and video footage, and voice records taken on the company premises.
Purposes for Personal Data Collection
- to provide the Data Subject with company services and meet contractual obligations with the Data Subject, or enter into any agreements with the Data Subject, or to take any necessary steps before entering into such agreements.
- to verify the identity of the Data Subject and respond to their requests;
- to protect the security and integrity of the Company;
- to help improve the Company’s operations or products and services;
- to comply with the Company’s legal obligations and/or cooperate with courts, regulators, government authorities and law enforcement bodies for exercising the official authority vested in the Company;
- to exercise the Company’s rights or protect the legitimate interests where it is necessary to do so, for example, to detect or prevent fraud claims, intellectual property infringement claims, or violations of law;
- for public interest in protection of the Data Subject or other individuals on the company premises; and
- to prevent or suppress a danger to the Data Subject or others’ life, body or health, as the case may be.
If the Data Subject fails to provide the personal data requested, the company may not be able to provide services to Data Subject (for example, to respond to the Data Subject’s request at the reception).
When any third party gives personal data (“data giver”) of anyone related to the Data Subject to the Company, such as a guarantee for the Data Subject, that person giving the data to the Company has already been informed by the Data Subject that the data giver has given consent to the Company to collect, use, store, and disclose the data giver’s Personal Data as per the details of this Policy.
Legal Basis for Collecting Personal Data
The Company may collect, use, disclosure, or process the Data Subject’s personal data for any of the following legal reasons.
- Vital Interest: The collection, use, disclosure, or processing is necessary for the prevention or suppression of a danger to a Data Subject’s life, body, or health.
- Legitimate Interest: It is in the Company’s legitimate interest to collect, use, disclose, or process the Data Subject’s personal data in order to achieve any of the purposes described in Article 3 above.
- Legal Obligations: The Company has a duty to comply with the legal obligations prescribed by the applicable laws, including but not limited to the laws regarding safety and environment in the workplace.
Disclosure of Personal Data
- The Company may disclose the personal data of a Data Subject to third parties if it is considered that the disclosure is necessary for the purposes described above.
- The Company may disclose the personal data of a Data Subject to law enforcement agencies if the disclosure is necessary for compliance with the legal obligations and to support or assist them in the prevention, detection, and prosecution of crimes.
Period of Retention of Collected Personal Data
- The Company may retain the Data Subject’s personal data no longer than is necessary to achieve the purposes described in this notice or as required by applicable laws.
- The Company may need to retain the Data Subject’s personal data for so long as is necessary to deal with any disputes or legal proceedings that may arise.
- If the Company no longer needs to retain the Data Subject’s personal data, the Company may destroy, delete, anonymize, or remove the Data subject’s personal data from their systems.
Rights of the Data Subject
The Data Subject has the following rights pursuant to the law:
- Right to withdraw consent: The Data Subjects may withdraw their consent to the processing of personal data for which they have already given their consent to the Company, at any time, unless there is a limitation of their right to withdraw consent by law or contracts that provide benefits to the Data Subject which must not affect the collection, use or disclosure of information that the Data Subject has given their consent as required by law.
- Right to access personal data: The Data Subjects have the right to request access and obtain a copy of their personal data, which is under the responsibility of the company, or request the Company disclose the acquisition of such personal data in which the Data Subject did not give consent to the Company.
- Right to obtain personal data: The Data Subjects have the right to obtain personal information about themselves from the Company or personal information that the company has sent or transferred to another data controller unless by technical condition it is not possible. In the event that the company has personal data in a form that can be read or commonly used by electronic tools or devices that work automatically and that personal data can be used or disclosed by electronic means and provided that the exercise of that right must not infringe on the freedoms of others.
- The right to request the transmission or transfer of personal data: Data Subjects have the right to ask the company to send or transfer their personal information that the company has collected to another data controller when it can be done by electronic means, provided that the exercise of such rights shall not infringe upon the rights or freedoms of other persons.
- The right to object to the collection, use or disclosure of personal data: Data Subjects have the right to object to the collection, use or disclosure of personal information about them at any time. Unless it is a lawful collection, use or disclosure of personal information.
- Right to request erasure of personal data: Data Subjects have the right to request that the Company delete or destroy or make personal information non-identifiable to the person who holds the personal information, in the following cases:
- Such personal information is information that is no longer necessary to keep for the purpose of collecting, using, or disclosing personal information.
- When the subject of personal data withdraws consent for the collection, use or disclosure of personal information. And the company has no legal authority to collect, use or disclose personal information.
- When the Data Subject objects to the collection, use or disclosure of personal data and the Company cannot refuse such objection by law.
- When personal information of a Data Subject has been unlawfully collected, used, or disclosed.
- The right to request the suspension of the use of personal data: Data Subjects have the right to ask the company to suspend the use of personal information in the following cases.
- Such personal data is information that is currently being investigated in order to correct the information and make it current.
- When personal information has been unlawfully collected, used, or disclosed.
- Such personal information is no longer necessary to keep for the purpose of collecting, using, or disclosing. But the Company is required to keep the personal data for legal reasons.
- Such personal data is information that is in the process of rejecting objections by the Company.
- Right to correct personal data: Data Subjects have the right to ask the Company to correct their personal data so it could be accurate, current, complete and not cause any misunderstandings.
- Right to complain: Data Subjects have the right to complain to the Personal Data Protection Committee if the Company or its employees or contractors violate or fail to comply with the Personal Data Protection Act B.E. 2562.
Protecting the Data Subjects’ Personal Data
Protecting the privacy of data subjects is extremely important to the Company and the Company has policies and procedures for data security. The company limits access to the data subject’s personal data to those who need it. The Company has implemented a variety of security measures in its best effort to ensure that the personal information contained in the company’s system is secure. Personal data is stored on secure servers and networks, can only be accessed by authorized officers or processors who are given special permission to access such systems by the Company. Access to data requires a specific username and password and the password’s validity period is set.
Besides the above-mentioned measures and methods of safety protection, the Company uses a very high level of technology to protect personal data as listed below:
- Firewalls: to allow only authorized persons to access the Company’s data. The Company arranges its Firewall in layers (these are special security measures in place on the Company’s network) between the computer and internet system of the Company.
- Limited Access and MFA: The Company restricts access to systems containing sensitive data and enforces strong multi-factor authentication policies.
- Security Training: The Company regularly holds security training for its employees and employees learn how to handle data in their possession or data that they encounter through email or other electronic sources.
The Participation of the Data Subject
- Using the Rights according to the list in Article 7, the Data Subject’s, successors, heirs, legal representative, caretakers, or legal guardians shall notify the Company in writing to proceed as requested within the period specified by law.
- The operation of the Company in accordance with the request above, pursuant to the rights of the Data Subject, may result in the limitation of services provided, or limiting of transactions or limiting any actions that can benefit the Data Subject, under the conditions of the company and according to the law.
Rights Reserved
The Company requests to reserve the rights to reject any requests under the rights of a data subject in the following cases.
- The law enables the Company to have the right to reject the request from the Data Subject.
- The personal data requested can be anonymized or made unidentifiable.
- The Data Subject has no evidence to attest that they are the owners of the personal data or the authorized person/stakeholder of the Data Subject
- There is no personal data related to the Data Subject in the database of the Company.
- The Data Subject or the authorized person/stakeholder of the Data Subject makes multiple requests to the Company for the same reasons or for unreasonable purposes.
The Adjustment to the Policy on Personal Data Protection
- The Company may adjust security measures in order to increase the efficiency of the security measures on its personal data collection, use, storage and disclosure. The Company will do so according to the highest standard specified by law.
- In case the Company makes any changes to this Policy, the Company shall notify the Data Subjects by publicizing on the Company’s website https://pointavenue.co.th
Contact Information
Data Controller: Point Avenue Co., Ltd
Data Processor: Point Avenue Co., Ltd and Partners
Address: 982/22 3rd Floor, Unit 3121-3122, Gateway Ekamai Shopping Center, Sukhumvit Road, Phra Khanong Subdistrict, Khlong Toei, Bangkok 10110
Phone: 02-105-3380
Data Protection Officer: James Pridmore
Email: dpo@pointavenue.com
This page was updated on 4th October 2022