SW19
Condo House Townhome Land Commercial
Condo House Townhome Office Apartment
Exclusive News About Contact
ภาษาไทย ภาษาไทย
Call LINE LINE Messenger Chat

Privacy Policy

Personal Data Protection Policy in compliance with the Personal Data Protection Act B.E. 2562 (PDPA)

S.W.19 Company Limited (the "Company") fully recognizes the importance of personal data protection and is committed to ensuring that the Company's supervision and management of the personal data protection are effective and in compliance with the Personal Data Protection Act B.E. 2562, its amendment, and other relevant laws. The Company hereby prepared this Privacy Policy (the "Policy") with the primary objective of establishing guidelines and practices for the protection of personal data of individuals involved in the Company's business operation and management. It also aims to ensure that data subjects have confidence in the Company's appropriate measures for maintaining personal data security, transparency, good governance, and compliance with legal requirements. The key contents are as follows:

1

Scope of Application

This Policy applies to all personal data and data subjects whose personal data is collected, used, and disclosed by the Company in connection with establishing legal relations and engaging in business, transactions, and/or various activities with the Company, viz. shareholders, executives, employees, workers, customers, business partners, parties, service providers, clients, hirers, contractors, agents, stakeholders, visitors, observers, and any individuals contacting the Company.

2

Definitions

"Personal Data"

means information or details relating to an individual that enables such individual's identification, whether directly or indirectly, but excluding data of deceased persons.

"Sensitive Data"

means the Personal Data that is significant and requires special protection and a high degree of caution as it could impact the privacy and security of data subject and pose a risk of unfair discrimination.

"Personal Data Processing"

means any actions taken regarding the Personal Data, such as collecting, using, disclosing, recording, copying, organizing, updating, modifying, retrieving, transmitting, publishing, transferring, combining, deleting, destroying, etc.

"Data Subject"

means an individual to whom the Personal Data pertains, but who is neither the owner of such data nor the person creating or collecting it.

"Data Controller"

means a person or juristic person with the authority to make decisions regarding the collection, use, and/or disclosure of the Personal Data.

"Data Processor"

means a person or juristic person that collects, uses, and/or discloses the Personal Data under the instruction of or on behalf of the Data Controller, and is not the Data Controller.

"Data Protection Officer (DPO)"

means an individual who is appointed to advise and monitor the Data Controller and Data Processor on their compliance with the personal data protection laws.

"Personal Data Protection Law"

means the Personal Data Protection Act B.E. 2562 and its future amendments, including any subordinate legislation and relevant regulations.

3

Sources of Personal Data

Personal Data directly collected from Data Subject

  • Personal Details, such as name, surname, gender, nationality, date of birth, age, marital status, photo, signature, fingerprint, etc.
  • Identification Data, such as identification card number, passport number, tax identification number, license number, vehicle's registration, model, and colour, etc.
  • Contact Information, such as address, email address, phone number, social media accounts, etc.
  • Sensitive Data, such as race, ethnicity, religion, beliefs, criminal records, political opinions, health data, medical data, disability data, biometric data, sexual life and orientation, etc.
  • Educational Information, such as curriculum, qualifications, institution, etc.
  • Employment Information, such as work history, position, salary, benefits, etc.
  • Financial Information, such as bank account number, credit card information, income, etc.
  • Market Research Data, such as opinion surveys, behavioural analytics related to product and service selection, service provisions, message exposures, etc.

Personal Data collected by Company

  • Security Data, such as CCTV footage, etc.
  • Communication Data, such as video recordings of meetings, video recordings of seminars, audio recordings of advice, audio recordings of conversations, chat messages from LINE, WhatsApp, Messenger, etc.
  • Automatically Collected Electronic Data such as IP address, cookies, device IDs, location data, log files, system information, app data, network traffic data, etc.

Personal Data collected from External Sources

  • Information from Government Agencies, such as the Department of Business Development, the Land Department, Revenue Department, the Legal Execution Department, Courts, etc.
  • Information from Third Parties, such as business partners, alliance partners, etc.
  • Information from Online Platforms, such as Facebook, YouTube, Instagram, Twitter, TikTok, LinkedIn, Pinterest, etc.
4

Purpose and Legal Base for Processing Personal Data

Purposes that the Company processes the Personal Data shall be based on the following legal bases:

Basis of Consent

For example, for disclosure to affiliates, for product analysis and research, for advertisement and public relation, for taking other actions as consented by the Data Subject, etc.

Basis of Contract

For example, to make the Company fulfil contractual obligations between the Data Subject and the Company, to perform as requested by the Data Subject, etc.

Basis of Legal Obligation

For example, to comply with lawful orders of government agencies or authorities, to comply with laws and regulations applicable to the Company, etc.

Basis of Legitimate Interest

For example, for access control and venue security, for risk prevention and management, for CCTV recordings, etc.

Basis of Vital Interest

For example, to control, monitor, and protect epidemics, to notify emergencies, etc.

Basis of Public Interest

For example, for data collection of disease dissemination, for crime prevention, for environmental protection, etc.

5

Collection of Personal Data

Collection of Personal Data

The Company will collect only the Personal Data necessary for the purposes explicitly specified and legally permissible. The consent will be obtained from the Data Subject by the Company prior to or at the time of collecting the Personal Data, unless an exemption from obtaining the Data Subject's consent is provided by law.

Collection of Sensitive Data

The Company will collect only the Sensitive Data necessary for the purposes explicitly specified and legally permissible. The consent will be obtained from the Data Subject by the Company prior to or at the time of collecting the Personal Data.

Collection of Personal Data from Minors, Incompetent Persons, or Quasi-Incompetent Persons

The Company will obtain consent from the legal representatives, guardians, or custodians (as the case maybe) prior to or at the time of collecting the Personal Data.

6

Use and Disclosure of Personal Data

The Company may have the necessity to disclose the Personal Data to affiliates, contractual parties, government agencies, and/or other individuals and juristic persons which are alliance partners or entities cooperating with the Company.

The Personal Data shall be used and disclosed as necessary, in a limited manner, and in accordance with the purposes notified to the Data Subject prior to or at the time of collection.

If the use and disclosure of the Personal Data is necessary or for any other benefits, related to the purposes already notified to the Data Subject by the Company, the Company shall seek the Data Subject's consent in prior, unless an exemption from obtaining the Data Subject's consent is provided by law.

7

Retention Period of Personal Data

The Company will retain the Personal Data for as long as necessary to fulfil the purposes of the Personal Data Processing as stated in this Policy. The criteria of retention period include legal prescription periods, the establishment, exercise, and defence of legal claims, or other grounds in accordance with the Company's internal policies and requirements, etc.

The Company will retain the Personal Data as required by specific laws, such as the Accounting Act B.E. 2543, the Anti-Money Laundering Act B.E. 2542, the Computer Crime Act B.E. 2550, and the Revenue Code, etc.

If the retention period cannot be clearly determined, the Company will retain the data for a reasonable period based on standard data retention practices, such as a 10-year civil claim limitation period, etc., or as deemed necessary for business and administrative purposes.

Once the retention period for the Personal Data has expired, the Company will delete, destroy, and/or anonymize such data.

In the event of disputes, legal claims, or litigation involving the Personal Data, the Company reserves the right to retain such data until a final court order or judgement has been issued.

8

International Transmission or Transfer of Personal Data

If the Company needs to transmit or transfer the Personal Data to any foreign country, it will take actions to ensure that the destination country or international organization receiving the data provides adequate measures for the Personal Data protection, exempt in cases of (1) complying with applicable laws; (2) obtaining a consent from the Data Subject; (3) having the necessity for the performance of a contract to which the Data Subject is a contractual party, or to take steps at the request of the Data Subject prior to entering into a contract; (4) complying with a contract between the Company and another individual or juristic person for the benefit of the Data Subject; (5) protecting and preventing harms to the life, body, or health of the Data Subject or another person where the Data Subject is unable to provide any consent at that time; and/or (6) having the necessity for the performance of tasks carried out in the substantial public interest.

If the destination country does not have any adequate data protection measures, the Company will obtain a prior consent from the Data Subject and take actions in compliance with applicable laws, as well as any other measures it deems necessary and appropriate to ensure that the transmitted and transferred Personal Data is protected in accordance with international data protection standards.

9

Connection with External Systems or Services

The Company may connect with external systems or services, such as internet, online platforms, servers, websites, applications, cloud services, links, etc. These services may have their own privacy policies that differ from this Policy. The Company recommends that the Data Subject review the external systems or services' privacy policies before using the services. The Data Subject acknowledges and understands that the Company has no affiliation with or control over such systems or services and cannot be held responsible for any damage or actions arising therefrom.

10

Legal Rights of Data Subject

Right to Withdraw Consent

The Data Subject has the right to withdraw its consent which has already been granted to the Company at any time, unless the Company is legally required under applicable laws to retain the Personal Data or the Data Subject is still obligated under agreements with the Company.

Right to Access Personal Data

The Data Subject has the right to request access to the Personal Data, request its copy, or inquire about the source of its Personal Data that was collected without their consent, unless the Company has the right to refuse such requests as restricted by laws or court orders, or where it may adversely affect the rights and freedoms of the others.

Right to Rectify Personal Data

The Data Subject has the right to request the correction of their inaccurate, incomplete, or outdated Personal Data to prevent any misunderstandings.

Right to Erase or Destroy Personal Data

The Data Subject has the right to request the deletion, destruction, or anonymization of their Personal Data in cases of (1) the Personal Data is no longer necessary for the purposes of collection; (2) the Data Subject withdraws its consent; (3) the Data Subject objects to the collection, use, or disclosure of the Personal Data and the Company has no grounds to deny such objection; and/or (4) the Personal Data was collected, used, or disclosed unlawfully.

Right to Restrict Personal Data Processing

The Data Subject has the right to request the restriction of the Personal Data Processing in cases of (1) the Company is in the process of verifying the accuracy of the Personal Data; (2) the Personal Data was unlawfully collected but the Data Subject requests restriction instead; (3) the Personal Data is no longer necessary but the Data Subject requests retention for legal claims; and/or (4) the Company is in the process of verifying legitimate grounds for collecting the Data Subject's Personal Data.

Right to Object

The Data Subject has the right to object the collection, use, or disclosure of the Personal Data at any time: (1) when processing is conducted under exemption; (2) when processing is for direct marketing purposes; and/or (3) when processing is for scientific, historical, or statistical research purposes.

Right to Data Portability

The Data Subject has the right to request the receipt of their Personal Data in a format that is commonly used and machine-readable. The Data Subject also has the right to request the Company to transmit or transfer their Personal Data to another Data Controller, unless the Company is unable to do so due to technical limitations.

Right to Investigate and Complain about Personal Data Leak

The Data Subject has the right to investigate or file a complaint if there is a reasonable ground to believe that the collection, use, or disclosure of the Personal Data has been conducted in violation of applicable laws. The Data Subject also has the right to be notified by the Company in the event of a Personal Data breach or leak which poses a high risk to its rights and freedoms.

11

Personal Data Protection Measures

The Company has established policies, guidelines, and standards for safeguarding the Personal Data through both organizational measures and technical measures. These measures are intended to prevent unauthorized access or breaches of the Personal Data. Examples include the Privacy Policy, confidential information policy, strict IT security systems, and confidentiality agreements, etc. The Company also regularly reviews and updates these documents.

12

Data Protection Officer

The Company complies with the Personal Data Protection Act B.E. 2562 by appointing a Data Protection Officer (DPO) responsible for monitoring the Company's operations relating to the collection, use, and disclosure of the Personal Data, ensuring the compliance with the Personal Data Protection Law.

13

Review and Amendment of Policy

The Company will review this Privacy Policy at least once a year, or whenever significant changes occur that materially impact this Policy and require amendment. This is to ensure that the Policy remains accurate, complete, up-to-date, and suitable for current circumstances. The latest version will be published on the Company's website at sw19.co.th and through other appropriate communication channels to ensure public awareness.

14

Contact Information

For further inquiries regarding Personal Data protection, exercising legal rights, whistleblowing, or filing complaints, please contact the Company via the following channel:

Data Controller

S.W.19 Company Limited

111/1, The 111 Praditmanutham Project, Tower B, Room no. 403-404, Praditmanutham Road, Ladprao, Ladprao, Bangkok 10230

salesinfo@sw19.co.th 096-697-9399