Privacy Policy
Personal Data Protection Policy
TechCons Biz Co., Ltd. (“Company”) recognizes, is committed to, and values the protection of personal data. Therefore, this Privacy Policy has been established to explain how the Company collects, processes, uses, and discloses personal data, as well as the rights of data subjects, in compliance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and other relevant laws and regulations.
To this end, the Company has issued this Privacy Policy with the following details
1. Scope of Application This Privacy Policy applies to all personal data processing activities carried out by the Company, including personal data processors who have access to personal data due to their involvement in the Company’s operations. They must comply with the law and this Privacy Policy.
For personal data collected by the Company before the PDPA came into effect, the Company will continue to collect and use such data for its original purpose. However, disclosure and other activities not related to the collection and use of such data will be conducted in accordance with the PDPA.
2. Definitions “Privacy Policy” refers to this policy created to inform data subjects about the Company’s data processing in accordance with the PDPA.
“Company” refers to TechCons Biz Co., Ltd.
“Personal Data” means any information about an individual that can identify them directly or indirectly, excluding information related to deceased persons.
“Sensitive Personal Data” refers to personal data concerning race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health information, disabilities, trade union membership, genetic and biometric data, or any other information that may impact the data subject as defined by the Personal Data Protection Committee.
“Processing” includes the collection, storage, use, disclosure, and transfer of personal data.
“Data Subject” means any natural person who is the owner of personal data.
“Data Controller” refers to a person or entity with the authority to make decisions regarding the collection, use, disclosure, and transfer of personal data.
“Data Processor” means a person or entity processing personal data on behalf of or under the instructions of the data controller without having control over the data.
“Cookies” refer to small computer files that temporarily store necessary personal data on a data subject’s device to facilitate and expedite online communications while using the Company’s website.
3. Roles and Responsibilities
3.1 Roles and Responsibilities of the Company As a Data Controller or Data Processor under the PDPA, the Company and its employees must comply with the following
Role
Responsibilities
Executives
Ensure compliance with this Privacy Policy, regularly review and monitor employees’ adherence to data protection measures.
Employees & Staff
Strictly follow the Privacy Policy.
Data Protection Officers (DPOs)
Provide guidance, manage, and oversee compliance with the PDPA.
Report directly to senior management in case of compliance issues.
Cooperate with the Personal Data Protection Committee.
Maintain the confidentiality of personal data they process.
Carry out duties in compliance with the law.
3.2 Roles and Responsibilities of the Data Controller and Data Processor for Employee and Customer Personal Data
Role
Responsibilities
Data Controller
– Ensure the processing of personal data is carried out lawfully and in accordance with the purpose of collection, without infringing upon the rights of data subjects.
– Prevent unauthorized disclosure or access to personal data by individuals who do not have the right to do so.
– Implement appropriate security measures to protect personal data and prevent loss, unauthorized access, use, modification, or disclosure.
– Investigate and report personal data breaches to the relevant authorities.
– Manage data subject requests and rights under the law.
– Oversee the appointment and responsibilities of the Data Processor.
– Conduct data protection impact assessments where necessary.
– Provide clear guidance and criteria for data processing to the Data Processor.
– Record and maintain logs related to data processing activities.
– Implement and maintain a data protection policy and ensure compliance within the organization.
– Provide training and awareness programs on personal data protection for relevant personnel.
Data Processor
– Process personal data only under the instructions of the Data Controller and not for any other purposes.
– Prevent unauthorized disclosure or access to personal data.
– Implement security measures to protect personal data from loss, unauthorized access, use, or modification.
– Notify the Data Controller in the event of a data breach.
– Record personal data processing activities in accordance with the instructions of the Data Controller.
– Assist the Data Controller in responding to data subject requests and carrying out data protection impact assessments.
– Follow the criteria and methods for personal data processing as determined by the Data Controller.
– Comply with the Data Controller’s data protection policies.
– Provide cooperation in audits and inspections related to personal data protection.
– Avoid using or disclosing personal data without proper authorization.
– Ensure personnel involved in data processing are properly trained in data protection measures.
4. Collection of Personal Data
The Company will collect personal data only as necessary and in compliance with legal requirements. When collecting sensitive personal data, the Company will obtain explicit consent unless the collection falls under exemptions provided by the PDPA.
4.1 Personal Data Collection Methods The Company may collect personal data through the following channels
4.1.1 Directly from the data subject (e.g., contracts, document submissions).
4.1.2 From associated individuals (e.g., family members, references, colleagues).
4.1.3 Automatically collected data (e.g., cookies).
4.1.4 From external sources (e.g., publicly available information, social media).
4.2 When collecting personal data, data subjects will be informed of the details as specified in this policy, including the purposes and legal bases for collecting, using, disclosing, or processing their personal data. In cases where consent is required by law, the Company will obtain explicit consent from the data subject.
4.3 In the event that the Company has collected personal data prior to the effective date of the personal data protection law, the Company will continue to retain and use such personal data in accordance with the original purposes previously informed to the data subject. The data subject has the right to update, correct, or withdraw consent by contacting the Company through the contact details provided in this policy.
5. Use of Personal Data
The Company processes personal data for its business operations, contractual obligations, and compliance with laws and regulations.
6. Retention Period of Personal Data
The Company retains personal data in accordance with legal timeframes, including tax laws, labor laws, and accounting regulations. If no specific retention period is mandated, the data will be kept only as necessary for operational purposes.
Although the Company may not be able to specify the exact retention period of personal data in a format that is easily understandable in this announcement, the Company will retain personal data only for as long as necessary and in accordance with the following:
6.1 When the data remains relevant to the purposes for which it was collected.
6.2 When it is necessary to retain the data due to the ongoing employment relationship between the Company and the data subject.
6.3 When there is a legal or policy requirement to retain such data.
6.4 When required by applicable laws, such as labor laws or company regulations. The Company will implement a monitoring and review process to delete or anonymize personal data once the retention period has expired or when the data is no longer necessary or relevant to the original purposes of collection
7. Disclosure and Sharing of Personal Data
The Company may share personal data with
a) Business affiliates, including directors, employees, contractors, and legal representatives.
b) Government agencies (e.g., Revenue Department, Ministry of Commerce, Ministry of Labor).
c) Financial institutions (e.g., banks).
d) Legal entities (e.g., debt collection agencies, law firms, courts).
e) Third-party service providers (e.g., IT service providers, printing companies). If data is transferred internationally, the Company ensures adequate protection in line with local regulations.
f) In the event that the Company is required to disclose or transfer personal data outside the country to a recipient, authorized representative, or person acting on behalf of the data subject under applicable law, the Company will proceed to ensure that the personal data of the data subject receives adequate protection and security measures in accordance with standard regulations. If the destination country does not have adequate personal data protection standards as recognized by the relevant regulatory authority, the Company will ensure that appropriate safeguards are in place or will request consent from the data subject as required by law. The data subject may contact the Company to request more information about the protective measures in place for cross-border data transfers. In any case, the Company will comply with the legal requirements applicable in the destination jurisdiction regarding the transfer of personal data.
8. Security Measures
The Company implements security measures to protect personal data from unauthorized access, use, or disclosure. These measures include
8.1 Advanced technical security systems to ensure data confidentiality and integrity.
8.2 Access restrictions and regular monitoring.
8.3 Encryption and secure data storage in servers and databases.
8.4 Employee confidentiality agreements to prevent unauthorized disclosure.
8.5 Third-party compliance requirements for data security.
8.6 Regular training programs to enhance awareness of data protection responsibilities.
9. Rights of Data SubjectsUnder the PDPA, data subjects have the following rights
9.1 Right to Access: Request access to and a copy of personal data.
9.2 Right to Rectification: Request correction of inaccurate or incomplete data.
9.3 Right to Erasure: Request deletion or anonymization of personal data.
9.4 Right to Restriction of Processing: Request to limit the processing of data under specific conditions.
9.5 Right to Object: Object to data processing in certain situations.
9.6 Right to Data Portability: Request transfer of data to another entity.
9.7 Right to Withdraw Consent: Withdraw consent at any time without affecting past lawful processing.
9.8 Right to Lodge a Complaint: File complaints with the Personal Data Protection Committee if rights are violated.
10. Data Security
The Company ensures proper security measures to prevent data loss, unauthorized access, or unlawful disclosure.
11. Use of Cookies
The Company uses cookies to improve website functionality, monitor access, and optimize the user experience.
12. Changes to the Privacy Policy
The Company may update this policy periodically. Any changes will be published on the Company’s website.
13. Contact Information
For inquiries or concerns about this Privacy Policy, please contact
TechCons Biz Co., Ltd. Address: 163 Thai Samut Building, Room 17GH, 17th Floor, Surawong Road, Suriyawong, Bang Rak, Bangkok 10500
Tel : 02-634-4409
E- mail : info@techconsbiz.com