Privacy Policy
Sprout Solutions (Thailand) Limited
Policy relating to Personal Data Protection for Customers
Privacy Policy for Customers
Sprout Solutions (Thailand) Limited (hereinafter the “Company”) aims to protect your Personal Data as you
are the Company’s customer. Your Personal Data will be rotected under the Thai Personal Data
Protection Act BE 2562. The Company as the Data Controller has the legal duty to inform you via
this document of the Company’s purpose to collect, use, and/or disclose Personal Data, including
to inform you of your rights as the data subjects. The contents are as follows:
Definitions
In this privacy policy, the following terms shall have the following meanings:
Definitions
In this privacy policy, the following terms shall have the following meanings:
Categories of Personal Data collected by the Company
Source of Personal Data
The Company may obtain Personal Data directly from you. For instance, you may browse the
Company’s website and provide such Personal Data via the Company’s website, or when you
provide such Personal Data via prepared channels, such as phone calls, other of the Company’s
documents or forms, and communication applications. The Personal Data may also be directly
obtained when you submit documents which contain Personal Data relating to you when you
enter into a contract or a transaction with the Company, when you purchase goods or services
from the Company, or when you submit opinions or request to the Company, and so on.
The Company may receive Personal Data from other sources, such as from the public authorities, business partners, or other reliable websites, and so on.
The Company may receive Personal Data from other sources, such as from the public authorities, business partners, or other reliable websites, and so on.
Purpose of Processing Personal Data
The Company has the following purposes and lawful basis for the collection, use, and/or disclosure
of Personal Data as follows:
Disclosure of Personal Data
The Company shall only disclose your Personal Data under the informed purposes to individuals or
agencies are as follows:
- The Company may disclose your information to the employees of affiliated companies as necessary for the purpose of Processing the data on the basis which you have been previously informed;
- Service provider who acts as a Data Processor which the Company has designated or hired for the purpose of managing or Processing the data for the Company in various services, such as human resource management, information technology services, or other services relating to the operation of the Company, or services which may benefit you;
- Government agencies, regulators, or other agencies with legitimate power, including officials or responsible agencies with power or duties under the laws, such as the Revenue Department, Social Security Department, Department of Business Development, Personal Data Protection Committee, National Police Department, the courts, police departments, Bank of Thailand, and hospitals, and so on;
- Suppliers, contractors, or contracting parties of the Company relating to the Company businesses;
- State enterprises or private agencies, such as banks, financial institutions, insurance companies, and hospitals and so on;
- The Company’s consultants, such as external auditors, trainers or speakers, lawyers or legal consultants;
- Other persons or agencies to whom you have given consent to disclose your Personal Data
Retention Period in Storing Personal Data
The Company will collect your Personal Data for as long as necessary for the purposes which the
Company has informed you, or other purposes listed on this policy. In the case where your
relationship with the Company as the customer ends, or where services and transactions no longer occur between you and the Company, the Company will retain your Personal Data for the duration
which the law has provided, in accordance with legal prescription, or for a period designated by
public agencies, or for the purpose of establishing legal claims. After the expiration of the
retention period of Personal Data, the Company shall proceed to erase, destroy, or anonymise such Personal Data.
Link to Third Parties Website Disclaimer
The Company’s website may contain links to other websites owned by outside persons, and such
persons may collect your data. The Company cannot be responsible for the safety and security of
any Personal Data collected by other websites. You should examine the privacy policy of the
websites and goods and services offered by such websites with utmost scrutiny.
The Rights of Data Subject
As a Data Subject, you have the rights to request the Company to use your Personal Data within
the scope of the laws as follows:
- You have the right to access your Personal Data and the right to request for a copy of your Personal Data being controlled by the Company or request the Company to inform any acquisitions of Personal Data in which consent has not been given;
- You have the right to amend your Personal Data to make the information accurate, upto-date, and not misleading. In the case where you foresee that such data is inaccurate, outdated, incomplete, or may cause misunderstanding;
- You have the right to withdraw your consent given to the Company for the purpose of collecting, using, and disclosing your Personal Data at any moment, except in the case where such withdrawal is limited by the law, or a contract which benefits you, such as in the case where you are the Company’s debtor or bound by any legal obligations towards the Company. In any case, your withdrawal of consent may make it impossible for you to receive services or engage in transactions with the Company, or may reduce the efficiency of the services to be received from the Company;
- You have the right to receive the Personal Data concerning yourself from the Company. In which the Company shall arrange such Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means. You are also entitled to request the Company to send or transfer the Personal Data in such formats to other Data Controllers if it can be done by the automatic means or entitled to request to directly obtain the Personal Data in such formats that the Company sends or transfers to other Data Controllers unless it is impossible to do because of the technical circumstances;
- You have the right to object the Processing of your Personal Data at any moment in the
following cases:
- Such Personal Data is collected for the purpose of the Company’s public tasks or for the Company’s necessary legitimate interest;
- Such Personal Data is being used for the purpose of direct marketing; or
- Such Personal Data is being processed for the purpose of scientific, historic,
- or statistic study, except in the case where such Processing is done for the benefit of the Company’s public task;
- You have the right to request the Company to erase or destroy or anonymise Personal Data to be non-identifiable data in some cases;
- You have the right to request the Company to temporarily restrict the use of your
Personal Data in the following cases:
- Where the Company is in the process of investigating in accordance with your request to amend your Personal Data;
- When such Personal Data which shall be erased or destroyed because it has been unlawfully collected, used, and/or disclosed, but you request for restriction of the use instead;
- When such Personal Data is no longer necessary for the Company to retain, but you have provided contrary intention for the Company to instead retain such data for the establishment, compliance, exercise or defense of legal claims; or
- In the case where you exercise your right to object the Processing of data and the Company is conducting an investigation to comply with your request; or
- You have the right to lodge a complaint to the Personal Data Protection Committee under the Personal Data Protection law in the case where the Company, its employees, employers, or the Data Processors violate or fail to comply with the Personal Data Protection Act BE 2562.
Data Security Measures in Storing Personal Data
The Company recognised the importance of maintaining the security of your Personal Data.
Therefore, the Company has designated a proper security measure for protecting your Personal
Data to prevent loss, access, destruction, usage, modification, correction, or disclosure by
unauthorised persons in order to comply with the policy and/or code of conduct in maintaining
the Company’s information security.
The Company will organise a security measure for Personal Data, which encompasses
management, technical, and physical measures in controlling the use of Personal Data. Such
measures shall include at least the following conducts:
- Implementing access control of the Personal Data and equipment used for storing and Processing Personal Data, with utmost consideration given to practical usage and security;
- Determining permissions or right to access the Personal Data;
- Managing the access of users in order to ensure that only authorised persons can access the Personal Data;
- Establishing duties for users in order to prevent unauthorised access, disclosure, acknowledgment, or copy of Personal Data, including stealing of Personal Data storage equipment; and
- Organising a method for traceable access, modification, erasure, and transfer or Personal Data to be suitable for the methods and media under which the data has been collected, used, or disclosed.
Revision of Privacy Policy
This privacy policy is created for the purpose of informing details and methods to secure your
Personal Data. The Company may occasionally partly or wholly modify this policy in accordance
with changing laws, rules, and regulations. Thus, it is best that you keep yourself updated to any
changes.
Contact Information
If you have any questions or wish to contact the Company for further information concerning the
Processing of your Personal Data, including your rights as the data subject under this policy, or
wish to report illegitimate use of your Personal Data, you may contact the Company via the
following channels:
Sprout Solutions (Thailand) Limited
5 Soi Pipat
Silom
Bangkok 10500
Email: [email protected]
Phone: +66 2 401 9250
Data Protection Officer
Email: [email protected]
Phone: +66 2 401 9250