Packhai Company Limited (hereinafter referred to as “Service Provider”) recognizes the importance of personal information and other information about users (collectively, the “Information”) so that users can be confident that the Service Provider is transparent and responsible for collecting information, compile use and disclose users information in accordance with the Personal Data Protection Act B.E. 2562 (“Personal Data Protection Act”) including other relevant laws.
- Scope of enforcement of the policy
This policy applies to the personal information of the following individuals:
- Individual customers
- Officers or workers, employees
- Partners and Service providers who are natural persons
- Directors, attorneys, representatives, shareholders, employees or other individuals who has a similar relationship with the entity that has a relationship with the service provider.
- Visitors or the users of www.packhai.com including the using of the service provider’s software, applications, devices or other communication channels controlled by the Service Provider.
Hereafter, individuals of 1) to 5) will collectively referred to “Users”
- The source of personal data collected by the service provider
- Personal data that service providers collect directly from personal data subjects through various service channels such as application process, registration, job application, contract signing, documents, surveys or using of the service, or other service channels supervised by the service provider, or when the Personal Data Subject communicates with the service provider at the office or through other communication channels supervised by the Service Provider.
- Personal data that service providers collect from sources other than the personal data subject. Provided that such sources is subjected by authority to be disclosed the information to the service provider.
In the event that the data subject refuses to provide information that is necessary to provide the service of the service provider, it may result in the service provider being unable to provide that service to the owner of such personal data in whole or in part.
- Types of personal data collected by the service provider
- Personal Information; Information from official documents that identifies individuals such as first name, last name, citizen ID, tax ID, nationality, driver’s license number.
- Other personal Identification; such as gender, marital status, military service status, language etc.
- Contact information; such as home/ mobile phone number, e-mail address, home address, social networks (Line ID, Facebook, Instagram), location map of the accommodation etc.
- Education and Employment information; such as type of employment, occupation, rank, position, duty, expertise work permit status, reference information, tax identification number, employment History etc.
- Information about Insurance; Details about the operator’s insurance policy, such as the insurer assured beneficiary, policy number, policy type, protection limit information etc.
- Information about using the service provider’s services; Details about the provider’s products or services, such as user account name, password, PIN number, Single Sign-on (SSO ID) data, OTP, computer traffic data, geolocation data, photos, videos, audio recordings, usage behavior data (Websites under the care of service providers such as www.packhai.com or various applications) browsing history cookies or similar technologies, device ID (Device ID), device type connection details, browser information, language used, operating system, etc.
- Purposes of collecting Personal data
Service providers collect your personal data for a number of purposes. This depends on the type of product or service or activity you use as well as the nature of your relationship with the service provider.
The purposes stated below are just a general framework for the service provider’s use of personal data. Only the purposes related to the products or services you use or have a relationship with will apply to your personal data.
- To provide services and manage services of service providers, including services under your contracts or according to the purpose of the service provider.
- To enable related transactions between users and service provider.
- To supervise, operate, monitor, monitor and manage the services to facilitate and meet users’ needs in using the services.
- To maintain and update information including documents referred to each user.
- To record the processing of personal data as required by law.
- To be able to analyze data including solving problems related to the service of the service provider.
- To be able to carry out the necessary actions in the management of the organization including recruitment, nomination of directors or persons holding various positions and assessment of qualifications.
- To Prevent, detect, avoid fraud and/ or prohibited actions or illegal that may cause damage to both the service provider and the owner of the personal data.
- As for Identity verification, to be able to verify users’ identity and verify information when applied for the service.
- To improve and modernize the quality of products and services.
- To process risk Assessment and management.
- To send notification, order confirmation and communicate and notify users of matters related.
- To prepare and deliver relevant and necessary documents or information.
- To verify user identity, prevent spam and/ or unauthorized actions or illegal.
- To examine how the personal data subject accesses and uses the services of the service provider, both collectively and individually. And for research-related purposes and analysis.
- To be able to take the necessary actions to fulfill the service provider’s obligations or legal obligations.
- To take the necessary actions for the legitimate interests of the service provider or others or of another legal entity related to the operation of the service provider.
- To prepare documents, research or produce statistics that service providers have been assigned to operate.
- For compliance with applicable laws, notices, ordinances or proceedings relating to litigation.
- Purposes of collecting Personal data
Service providers may disclose your personal information to the following persons. The recipients listed below are just general disclosure frameworks. Only the individual recipients of information related to the products or services user uses or are associated with will apply.
- Government or authorities whom the service provider is required to disclose information for the purpose of legal proceedings or other purposes.
- Various committees related to the legal action of the service provider.
- Contracting parties dealing with the welfare of the service providers’ workers.
- Business alliances such as marketing service providers, advertising media, financial institutions platform provider, telecommunication service providers, etc.
- Service providers such as storage service providers (e.g., cloud, document warehouse), system developers, software, applications, websites, couriers, payment service provider, internet service provider, telephone operator , social media service provider, risk management service provider, external consultant, transport service providers, etc.
- Sending or transferring personal data abroad
In some cases, the service provider may be required to transmit or transfer users’ personal data abroad in order to perform the purposes of providing the service, for example to send personal data to Cloud with a platform or a server located abroad (eg Singapore or the United States, etc.), to support information technology systems located outside Thailand, depending on the services of the service providers individual user uses or is involved in on a per-case basis.
- Period for collecting users’ personal information
The service provider will retain the user personal data only for the period as long as it is necessary for the purpose for which it was collected as detailed in the policy or in accordance with relevant laws. However, after the expiration of the period and your personal data is no longer necessary for the purpose, the service provider will delete, destroy your personal data or make your personal information unidentifiable in accordance with the standards for the destruction of personal data that the committee or law will announce or in accordance with international standards.
In exercising rights or litigation in connection with your personal data, the service provider reserves the right to continue to retain that information until the dispute has been finalized by order or judgment.
- Providing services by third parties or sub-processors.
Service providers may assign or procure third parties to process personal data on behalf of the service provider, such third parties may offer services such as hosting, subcontracting (outsourcing) or as a service provider (Cloud computing service/provider) etc. By entrusting a third party to process personal data as a personal data processor, the service provider will provide an agreement stating the rights and obligations of the service provider as the personal data controller and that of the person who Providing services entrusted as a personal data processor. This also includes defining in detail the types of personal data the service provider entrusts to process, objectives, scope of processing of personal data and other related agreements in which personal data processors are obliged to process only to the extent specified in the Agreement and cannot be processed for other purposes.
- Security of personal data
Service providers strictly applies measures to protect users’ personal information by limiting the right of access to personal data to be able to be accessed only by specific officers or authorized or designated persons who have the need to use such information for the purposes for which the personal data subject has been notified. Such individuals must strictly adhere to and comply with the privacy protection measures of the service providers as well as having a duty to maintain the confidentiality of personal data that they know from the performance of their duties in which it must complies with international standard data security measures and in accordance with the notification of the Personal Data Protection Committee.
- Connecting to external websites or services
However, the service provider is not associated and has no control over the privacy protection measures of such websites or services and cannot be held responsible for the content, policies, damage or actions caused by third party websites or services.
- Your rights under the Personal Data Protection Act B.E. 2562
- Right to request access to your personal data; users have the right to request the access, receive a copy and request to disclose the origin of personal data collected without your consent by the service provider.
Unless the service provider has the right to refuse your request on grounds of law or court order or in the event that the exercise of your rights will have an effect that may cause damage to the rights and freedoms of others.
- Right to request correction of personal data; If you find that your personal information is inaccurate, not complete or not up to date, you have the right to request amendments to make them accurate, current, complete and not misleading.
- Right to delete or destroy personal data; You have the right to ask the service provider to delete or destroy your personal data or make your personal data unable to identify. The exercise of the right to delete or destroy this personal information shall be subject to the conditions prescribed by law.
- Right to request the suspension of the use of personal data; You have the right to request the suspension of the use of your personal data in the following cases
- During the period that the service provider performs an audit at the request of the personal data subject to correct the personal data.
- Personal data is illegally collected, used or disclosure.
- When the personal data no longer needs to be kept in accordance with the purposes for which the service provider has informed of the collection. But the owner of the personal data wishes the service provider to keep that information for the purposes of exercising legal rights.
- During the period the service provider is proving the legitimate grounds for collecting the users’ personal data; or investigate the need to collect, use or disclose personal information for the public interest due to the personal data subject has exercised the right to object the collection, use or disclosure of personal data.
- Right to object to the processing of personal data; You have the right to object to the collection, use or disclose of your personal information. Unless the service provider has grounds for refusing the request by law.
- Right to withdraw consent; In the event that you have given consent to the service provider for collecting, using or disclosing personal information, you have the right to withdraw your consent at any time during the period that your personal data is retained by the service provider. Unless there is a legal limitation on the provider’s need to keep the information or there is a contract between you with service providers that benefit you
- Right to claim, send or transfer personal information; You have the right to obtain your personal information from the service provider in a readable or generally usable form. You may also ask the service provider to send or transfer data in such form to another personal data controller. However, the exercise of this right must be under the conditions prescribed by law.
The service provider may consider improving, amend or change this policy at its discretion and will notify you through the website www.packhai.com with the effective date of each revised version is indicated.
However, the Service Provider encourages you to check regularly for new policies. through the application or the channel operated by the service provider, especially before you disclose personal information to the service provider.