Privacy Policy Contact person
This policy is for contacting the company.
Principles
TechCons Biz Co., Ltd., a provider of online document approval and management software in a paperless format, serves as a data controller for individuals visiting the company. We highly prioritize the protection of personal data and information security, ensuring confidence and trust in our reliable management practices. This policy outlines how the company processes the personal data of visitors, external auditors, government officials, and other related individuals, ensuring compliance with privacy protection laws.
Scope
This policy covers the company’s practices regarding the collection, use, disclosure, and security measures for personal data. It defines the legal basis for processing personal data, storage duration, disclosure policies, and contact information, ensuring compliance with relevant data protection laws.
Definitions
Company: Refers to TechCons Biz Co., Ltd. Personal Data: Any information that directly or indirectly identifies an individual, excluding deceased individuals.
Processing: Any action performed on personal data, whether automated or manual, such as collection, recording, storage, retrieval, modification, use, disclosure, restriction, or destruction.
Data Subject: Refers to any individual whose personal data is processed, specifically company visitors.
Data Controller: A person or entity responsible for determining the purposes and methods of processing personal data.
Collection and Receipt of Personal Data
The Company receives personal data directly from data subjects. The personal data may be collected through means such as CCTV footage and through the exercise of rights by the data subject as communicated to the Company.
Collected Personal Data
The personal data of individuals who contact or visit the Company, collected under this Personal Data Protection Policy for Visitors, includes
- Personal data directly provided by the data subject to the Company
- Personal data automatically collected by the Company from the data subject
- Personal data automatically collected by the Company from the data subject
Data Type
objective
Processing base
period
Processing base
Third-Party Sharing
Name, surname (Thai & English), title, signature, phone number, CCTV footage, date/time of visit, check-in/check-out time
Security monitoring and legal compliance
Legitimate Interest
Not less than 90 days but no more than 2 years from the date the data is recorded.
Legitimate Interest
Not disclosed
In the event of a purpose change, the company will notify the data subject and maintain records accordingly. Data will only be processed for stated purposes unless
1. A new purpose is communicated to the data subject.
2. It is required by the Personal Data Protection Act (PDPA) or other applicable laws.
Data Subject Rights
Visitors to the company have the following data protection rights under the PDPA
- Right to be informed – Receive details on data collection, purposes, methods, retention period, and contact information.
- Right to access – Request access and obtain a copy of personal data.
- Right to data portability – Request transfer of personal data in an accessible format to another controller.
- Right to object – Object to data collection, use, or disclosure.
- Right to erasure – Request data deletion, anonymization, or destruction under specific legal conditions.
- Right to restrict processing – Request temporary restriction on data processing.
- Right to rectification – Request updates to inaccurate or incomplete data.
- Right to withdraw consent – Withdraw previously given consent for data processing.
- Right to lodge a complaint – File complaints regarding data breaches or unlawful processing.
The company may decline requests where legally permitted or justified. If a data subject disagrees with the response, they may escalate concerns to the Personal Data Protection Committee.
Exercising Data Subject Rights
As the data subjects, visitors to the company have the right to submit requests regarding their personal data. Such requests must be made in writing using the Visitor Entry Permit Form (F-IT-017).
The company will make every effort to process or respond to requests within 30 days or within the legally mandated timeframe. The company will comply with all applicable data protection laws when handling requests from visitors in their capacity as data owners. Visitors may request the company to
Personal Data Security Measures
The company implements personal data security management in accordance with information security and personal data protection standards. These measures ensure that personal data is safeguarded against loss, unauthorized access, misuse, alteration, or unlawful disclosure. To achieve this, the company enforces technical and administrative safeguards, access control protocols, and operational procedures that comply with legal requirements. Additionally, the company fosters awareness and accountability among employees and relevant personnel regarding the collection, use, and disclosure of personal data. All employees and involved personnel are required to adhere strictly to the company’s data protection policies and guidelines to ensure comprehensive security and compliance.
Development and Maintenance of Personal Data Protection Standards
The company continuously enhances its personal data management system to ensure appropriate and effective data protection standards. It also provides education and training to employees, staff, and relevant personnel to ensure they can effectively implement personal data protection measures in their roles. Additionally, the company assigns Data Protection Officers (DPOs) to oversee, audit, monitor, and assess the company’s personal data management practices regularly. These officers also coordinate and collaborate with the Office of the Personal Data Protection Committee to ensure the company complies with regulations, policies, service agreements, and legal requirements related to personal data protection. The company remains committed to strictly adhering to all applicable laws and guidelines in this regard.
Disclosure of Personal Data
The company may disclose personal data of external visitors only to relevant and necessary parties in accordance with their responsibilities or as required by law. This includes disclosure to the company’s security personnel, government agencies, or regulatory authorities, but only in cases where a security inspection request has been formally made.
Retention Period for Personal Data
The company will retain personal data in the form of Visitor Log Reports for registration purposes and as electronic data for meeting reports and video footage from surveillance cameras. Personal data will be stored for as long as necessary for the purposes defined by law, including those related to compliance with legal requirements, contracts, or the company’s policies. If required by law, the company may retain personal data longer to meet legal obligations or to exercise legal rights within the prescribed statutory limitation periods.
Contacting the Company
Visitors can contact the Human Resources Department or the Personal Data Protection Officer for inquiries or to exercise their rights at
TechCons Biz Co., Ltd.
Address: 163 Thai Samut Building, 17th Floor, Unit 17GH, Surawong Road, Suriya Wong Subdistrict, Bang Rak District, Bangkok 10500
Website : https://wolftcb.com
Policy Review and Updates
The company may periodically review and update this Personal Data Protection Policy to ensure it aligns with changes in personal data processing practices and relevant laws. Any significant updates will be communicated via the company’s website www.wolftcb.com or other appropriate channels.