Policy of
Personal Data Protection
Master
Ad Public Company Limited and affiliate companies value
the personal data of the stakeholders of the company such as shareholders,
staffs, employees, advisors, customers, agreement partners, and service
receivers of all affiliate companies, therefore setting up the policy for
Personal Data Protection to express to shareholders, company directors, staffs,
employees, advisors, customers, agreement partners, and service receivers of
the objectives of compiling, using, revealing and processing including period
of keeping such personal data and having the right as the owner of personal data
based The Personal Data Protection Act, B.E.2562 (2019).
Definitions
“Company”
means Master
Ad Public Company Limited and affiliate companies.
“Personal
Data” means
data related to the person which can identify that person regardless of
directly or indirectly but not includes the data of the decease specifically.
Samples
of personal data:
1. Name-surname or nickname
2.
Identification Number, Passport Number, Work Permit Number, Social Security
Number, License Number, Taxpayer Number, Professional License Number and
Account Number.
3.
Address, telephone Number and e-mail
4.
Equipment or tool data such as IP Address, MAC address, Cookie and Line ID.
etc.
5. Biometrics data such as photo of face, fingerprints, X-ray
film, identification of voice data and genetic data, etc.
6. Data identified properties of person and
car registration and land title deed.
7. Data which can link to identify person
such as date of birth, place of birth, race, nationality, religion, weight,
height, data of location, medical data, educational data, financial data,
employment data and criminal records etc.
8.
Data of skill, capacity of staffs and data of performance appraisal including
the opinion of the Company towards performance of staffs.
9. Data of record used to follow up and
inspect person’s activities such as log file etc.
10.
Data which can be used to search for other persons in
the internet.
“Person
who controls personal data” means person or juristic person authorized to
make decision concerning compilation, use or revealing personal data.
“Person who processes personal
data” means
person or juristic person authorized to make decision concerning compilation,
use or revealing personal data as assigned or on behalf of the person who is in
charge of controlling personal data.
“Person” means common person
“Officer
protecting Personal Data”
means person who is assigned to have authority to advise and inspect the
operation, coordination and cooperation with the Office of Personal Data
Protection Committee including the related offices.
Policy and Practice Guide
The
Company has collected, used, kept and revealed
Personal Data of the owner of the Personal Data by signifying the correctness,
completeness and updating of Personal Data by means of legal and
justification. The Company shall
collect Personal Data as necessary to operate pursuant to its duties and
objectives to operate the Company’s business according to the specified laws
only. Whereas the Company shall
notify the owner of Personal Data and request for the consent before
collecting, using or revealing such Personal Data
except in the case of specified laws and/or in other cases specified in this
Policy.
1.
Collected Personal
Data
Types
of Personal Data collected, implementing, processing or revealing shall be
subjected to the objectives of the given data of the owner of Personal Data
while the Company aims to collect Personal Data as necessary or concerned as
follows:
1.1)
Personal Data of Shareholders are the data used for providing
certificate of ownership for holding shares which is the Personal Data of
Company’s shareholders such as name-surname, identification card number or
other cards, telephone numbers, date of birth, gender, e-mail address etc.
1.2)
Personal Data of the
Board of Directors of the Company are the data of which the Company used
for transactions or actions on behalf of the Company such as name-surname,
identification card number or other cards, telephone numbers, date of birth,
gender, e-mail address, family data, skill and efficiency in their performance,
signatures, criminal records etc.
1.3) Personal Data of staffs, employees,
advisors, and student trainees are the data transferred from the filling of
the Personal Data in the Application form in order to consider hiring employees
and to make records of employees, to allocate human resources, to manage and
develop personnel, to provide fringe benefit, to provide security and health
for employees, to increase knowledge, skill and efficiency including the use of
Personal Data for joining with the Company’s activities such as name-surname,
copy of identification card or other cards, copy of house registration, copy of
educational record in every level, telephone numbers, date of birth, gender,
e-mail address, Line ID, photos, data related to working record, copy of
Employment Certification which may include the name and address of former
employers, Health record, family data, data of legitimate father, mother, wife,
husband, children, blood group, working skill, signatures, photos, record of
lawsuit regardless of civil or other cases, including daily case report of the
police and Court’s order concerned, criminal record, document of medical
checking, map of current address, document supporting working collateral, copy
of bank account number including data of medical checkup and result of
employee’s medical checkup according to the medical checkup list each year as
well as doctor’s recommendation or treatment plan etc.
1.4) Personal Data of Staff is the data which the Company uses to
support advertising activities, public relations including promoting the image
of the Company such as
name-surname, identification card number or other cards, telephone numbers,
date of birth, gender, e-mail address, picture, animation video etc.
1.5) Personal Data of Staff is the data which the Company uses to do
the transactions or on behalf of the
Company such as
name-surname, identification card number or other cards, telephone
numbers, date of birth, gender,
e-mail address , etc.
1.6) Personal Data of Applicant is the
data which the owner of the Personal Data gives consent to support the
consideration for employment whereas it is subjected to the Application/Form in
which the owner fills in such as name-surname, copy of identification card or
other cards, copy of house registration, copy of educational record in every
level, telephone numbers, date of birth, gender, e-mail address, Line ID, pictures, data related to
working record, copy of Employment Certification which may include the name and
address of former employers, Health record, family data, data of legitimate
father, mother, wife, husband, children, blood group, working skill, signatures
picture, record of lawsuit regardless of civil or other cases, including daily
case report of the police and Court’s order concerned etc.
1.7) Personal Data of the Owner’s right
in land, building or the landlord is the data provided between the owner of the
Data and the Company to support the management of advertising area, making
lease contract, place leasing and other contracts subjected to the condition in
the mutual agreement such as name-surname, identification card number or other
cards, telephone numbers, date of birth, gender, e-mail address, data related
to the area or properties, bank account number etc.
1.8) Personal Data of the Contractor, Project
Consultant, Business partner or Contract party of Company which
the Company uses for making contract with Contractor, Project Consultant
Contract including buying and selling with the business partner or Contract
party, documents for tendering or bidding
such as name-surname, identification card number or other cards,
professional license, passport,
telephone numbers, date of birth, gender, e-mail address etc. subjected
to the condition of contract or documents used for each job.
1.9)
Personal Data of the coordinator of the customer is the
data which the Company uses for coordinating, marketing promotion or selling
products of the Company and uses for sending report of advertising media services used such as
name-surname, position, office, telephone numbers, date of birth, gender,
e-mail address, behavior data, personal favorite, etc. subjected to the
condition or data which the Coordinator agrees to reveal the Personal Data,
while some of them may not be updated because currently, the Company is not
managing the sales and contact the customer directly but the Company still needs
to collect the data for using in the future.
1.10) Personal Data of visitors in
the Company’s place is the data recording the building entrance and exit and
safety and uses it for safety inspection
by providing record in the visitor book for visitors entering and
exiting the building such as name-surname, identification card number or other
cards etc.
1.11)
Personal Data of the
people living nearby the office is the data used to support the joining
activities according to the Company’s projects in which the community can join
in such as name-surname, identification card number or other cards, telephone
numbers, date of birth, gender, e-mail address etc.
1.12)
Other Personal Data is
the data which is specified by law to request for consent of the owner of
Personal Data before collecting them. The Company shall notify the owner of the
Personal Data and request for consent of the owner of Personal Data before
collecting data or according to the period specified by law.
2. Methods of Collecting Personal
Data
The
Company sets up methods of collecting Personal Data of the owner of the
Personal Data by the following methods.
2.1) Personal Data of Shareholders which is
the data used for owner right document for holding shares which are the
Personal Data of the shareholders of the Company where the Control Division to
comply with the Company’s rules and regulations are supervising and keeping the
data in computer system linking with system of securities depository of
Thailand Securities Depository Co., Ltd. whose job is to be Securities
Registrar and to provide the Company’s registration of securities holders.
2.2) Personal Data of the Board of
Directors of the Company are the data of which the Company used for
transactions or actions on behalf of the Company shall be kept in the computer
system database and registration of Company’s Directors documents file in the
Company’s secretary section.
2.3) Personal Data of staffs,
employees, advisors, and student trainees which are the data used to consider
recruiting employees shall be kept in Computer system database (Maco Center and
Payroll Program) and kept in the
record file for individual in the area of Human Resources.
2.4) Personal Data of staffs is the data
which the Company uses to support advertising activities, public relations
including promoting the image of the Company shall be kept in file format
computer system in the area of Marketing Communication and/or Human Resources.
2.5)
Personal Data of Staff is the data which the Company uses to do the
transactions or on behalf of the Company shall be kept in file format computer
system in the area of laws and cases.
2.6) Personal Data of Applicant is the data
which the owner of the Personal Data gives consent to support the consideration
for employment shall be kept in the Computer system database (MACO Center) and kept in the document file in the
area of Human Resources.
2.7) Personal Data of the Owner’s right in
land, building or the landlord is the data provided between the owner of the
Data and the Company to support the management of advertising area, making
lease contract, place leasing and other contracts subjected to the condition in
the mutual agreement shall be kept in the files of Leasing Area Contract in the
area on strategic management and computer system database (Ayuda Program).
2.8) Personal Data of the Contractor, Project
Consultant, Business partner or Contract party of Company which
the Company uses for making contract with Contractor, Consultant Contract
including buying and selling with the business partner or Contract party,
documents for tendering or bidding shall be kept in the Hiring Contract file in
the area of Laws and cases or/and Business Development Division.
2.9) Personal Data of the coordinator of the
customer is the data which the Company uses for coordinating, marketing
promotion or selling products of the Company and uses for sending report of advertising media services used shall be
kept in computer system database (Sugar
CRM, Ayuda, Navision Program).
2.10)
Personal Data of visitors in the Company’s place is the data
recording the building entrance and exit and safety and uses it for safety
inspection by providing record in
the visitor book for visitors entering and exiting shall be taken care of and
kept by the Building Management Division.
2.11) Personal Data of the people living
nearby the office is the data used to support the joining activities according
to the Company’s projects in which the community can join in shall be kept in
the document file in the area of Human Resources.
2.12)
Other Personal Data which the Company collects and keeps according to the
objectives of Company’s Business shall be kept and taken care of by the
responsible persons in each field.
3. Objectives of Collecting and Using
Personal Data
The
Company shall collect, use or reveal personal data of the owner of the personal
data in Clause 2 according to the objectives of collecting, using or revealing
personal data while the Company shall notify such objectives including the
possible effect from not giving personal data and request for consent from the
owner of personal data in order that the owner of personal data gives consent
before proceeding except the processing of the following personal data:
3.1)
For the benefit of the Company’s operation such as data analysis, inspection,
adjustment services providing of the Company.
3.2)
To achieve the objectives related to education, research
or statistic for which are provided with appropriate measures to protect the
right and liberty of the owner of the personal data.
3.3)
To take care and protect or cease life, body or health
threatening danger of person.
3.4)
To comply with the Contract in which the owner of the personal data is a
contract party or to use it for the proceed as the owner of the personal data
requests before entering into such contract.
3.5) For the legal benefit of the Company or the
person or other juristic person who
is not the Company except such benefit is less important than basic right in
the personal data of the owner of the personal data.
3.6) For the appraisal and develop the work
efficiency or for more efficient performance.
3.7)
To manage concerning labor protection, social security
and fringe benefit management.
3.8) To inspect data related to the
Applicant and to contact with the Applicant.
3.9)
To keep safety of the office building.
3.10)
To implement the management, keeping, reserving or
wiping out the personal data,
3.11)
To operate any action that the Company finds it necessary or appropriate as
follows:
(1) To inspect, protect and detect the
unlawful or suspected unlawful action.
(2) To be under the enforcement law.
(3) To comply with law proceeding including
case consideration.
(4) To serve the request from the government
office, country including the government office and the government of the
country in which the owner of the personal data is residing.
(5)
To enforce the specification for service providing and
announcement related to the personal data of the company,
(6)
To protect the operation of the Company
(7)
To protect privacy safety or properties of the Company, owner of personal data
or other persons.
(8)
To help the Company find the ways to remedy or limit the damages which may
occur.
If
the owner of the personal data does not give some types of personal data, not
giving consent and/or waiving the consent to collect, use and/or reveal the
data may result that the Company cannot perform according to your request or
provide the service for the owner of the personal data.
When
any person giving personal data of anybody related to the outsider to the
Company such as guarantee for employment or employment certifier etc., that
person giving the data to the Company has notified and guarantee that the data
giver has already notified those owners of
the data in full concerning the details of this Policy.
4. Method of Personal Data Protection
Protection
of privacy of the owner of data is very significant for the Company and the
Company has the policy and procedures of security of data by limitation of the
right to access the personal data of the owner to the person in need of using
the data. The Company is using
variety measures with the best effort to ensure that the personal data kept in
Company’s system are safe. Personal
Data shall be kept in the secured network and accessible only to the officer or
the processor authorized to access such system by the Company only, while the
code which is difficult to guess and fix the expiry time of the code.
Besides
the above mentioned measures and methods of safety protection, the Company
still use high technology to protect personal data as follows:
4.1) Firewall
to allow only authorized persons to access the Company’s data. The Company arranges Firewall in layers
(Security measure system of the network) between the computer and internet
system of the Company.
4.2) Virus and Malware
Scan: The Company installs Virus
and Malware Scan and update it from time to time in all computers and servers
of the Company.
5. Period of Collecting Personal Data
The
Company shall keep the personal data of the owner of the personal data for a
period as follows:
5.1) The Company shall keep the personal data
of the owner of the personal data for necessary period to achieve the
objectives specified in the processing of such personal data by the period of
keeping the personal data shall be varied subject to the objectives specified
in the processing of such personal data.
5.2) The Company shall keep the personal data
for the period as specified by relevant laws considering the business practice
for each type of personal data.
After such period, the Company may proceed with suitable steps to delete
or wipe out such personal data from the collected data or having the personal
data of the owner been unidentified owner of the data without prior notice to
the owner of data.
6. Person or Office to which the personal
data may be revealed
The
Company may reveal the personal data of the owner of the personal data to
auditor or outside auditor of the Company as specified by law.
7. Rights of the Owner of the Personal Data
The
owner of the personal data has the right to proceed concerning his own personal
data as follows:
7.1) The Right to waive the consent The owner of the personal
data shall waive the consent to process the personal data given consent to the
Company whensoever except the limit of right to waive the consent by the law or
contract to which benefits the owner of the personal data whereas such waiving
of consent shall not affect the collection, usage or revealing which the owner
of the personal data has already given the consent as specified by law.
7.2) The Right to access the Personal
Data The owner of the
personal data has the right to request for access and copies of personal data
concerning himself for which the Company is responsible or request the
Company to reveal the source of acquiring such personal data of which he does
not give his consent to the Company.
7.3) The Right to request for Personal
Data The owner of
personal data has the right to request for personal data related to
himself from the Company or the personal data which the Company sends or
transfers to other personal data Controller except it cannot be technically
done. In case the Company formats
the personal data which can be read or used in general with the automatic tool
or equipment and can be used or revealed the personal data by automatic method
while such right shall not violate the right and liberty of the others.
7.4) The Right to send or transfer
the Personal Data The
owner of the personal data
has the right to request the Company to send or transfer his own
personal data collected by the Company to other personal data Controller if it
can be done by automatic method while such right shall not violate the right
and liberty of the others.
7.5) The Right to reject the
collecting, using or revealing the personal data
The owner of personal data has the right to reject the collecting, using
or revealing personal data related to himself whensoever except the
collecting, using or revealing personal data have been done
legally.
7.6) The Right to request the Company to
delete personal data The owner of the personal
data has the right to request the
Company to delete or wipe out or make the personal data of the owner been
unidentified owner of the personal data in the following cases:
(1) Such personal data is no need to keep
according to the objectives of collecting using or revealing the personal data
(2) When the owner of personal data revokes
his consent to collect, use or reveal personal data and the Company does not
have the right to deny such collecting using or revealing the personal data
according to the law.
(3) When the owner of personal data rejects
the collecting, using or revealing personal
data and the Company does not have the right to deny such rejection according
to the law.
(4) When the personal data is collected, used or revealed illegally.
7.7) The
Right to request the Company to stop using the personal data The owner of
the personal data has the right to request the Company to stop using the
personal data in the following cases:
(1) Such personal data is the data which is
under inspection to correct the data and update it.
(2) When the personal data is collected used
or revealed illegally.
(3) Such personal data is the data which is not needed to keep
according to the objectives to collect, use, reveal the personal data but the
owner of the personal data needs to keep it for the lawful rights.
(4) Such personal data is the data which is during the denial of
the rejection of the Company.
7.8) Rights to correct
personal data The owner of the personal data has
the right to request the Company to correct his own personal data to be
accurate, update, complete and does not build up misunderstanding.
7.9) Rights to file the
complaint The owner of
the personal data has the right to file the complaint to the Data Protection
Board of Directors in case the Company or the employee or the employees of the
Company violate the or do not comply with The Personal Data Protection Act,
B.E.2562 (2019).
8. The Participation of the Owner of the
Personal Data
Using
the Rights according to the list in Clause 7, the owner of the personal data,
successor, heirs, legal representative, caretaker or legal guardian shall
notify the Company in writing to proceed as requested within the period
specified by law.
The
operation of the Company in accordance with the request pursuant to the right
of the owner may result in the limitation of services providing, making
transactions or any actions benefit to the owner of the personal data under the
conditions of the company and according to the law.
9. Rights Reserved
The
Company requests to reserve the rights to reject the request according to
Clause 7. in the following cases.
9.1) The law enables the Company to have the
right to reject the request from the owner of personal data.
9.2) Personal data requested to be the
anonymous data or identify the owner of the personal data.
9.3) The Applicant has no evidence to attest
that he is the owner of the personal data or the authorized person/stakeholder
of the owner of the personal data.
9.4) No personal data appeared in the
collection of the Company.
9.5) The owner of the personal data or the
authorized person/stakeholder of the owner of the personal data requests the Company to proceed in the
same way or with the repeated content more than it is necessary or unreasonable
purpose.
10. The Adjustment of the Policy on the
Personal Data Protection
The
Company shall adjust the security measures in order to
increase the efficiency of the security measures on the personal data properly
and according to the standard specified by law.
In
case the Company changes the Personal Data Protection, the Company shall notify
the owners of personal data by publicizing in the Company’s website:
www.masterad.com
11. Contact
Us
Person who controls personal
data
Master Ad Public Company Limited
1, Soi
Ladprao 19, Ladrao Rd.,
Chomphon, Chatuchak, Bangkok 10900
Tel. 02-938-3388 E-mail:
privacy-policy@masterad.com