1. Collection and Safekeeping of Personal Data
“Personal Data” is data that can directly or indirectly identify your identity, i.e.
1.1 Information used to verify your identity, for example, name and surname, ID card, ID number, photo, and other identified information of you.
1.2 Contact information, for example, the information available on your business card, email address, telephone number, office address, and social media account.
1.3 Information related to your work, for example, employment, information related to the management of your work safety, hygiene and environment, bank account (for payment), remuneration, occupation, position and other personal data you have given to us when you contact us or supply products or services to us.
1.4 When you visit our premises in the areas where we install CCTV, we collect, monitor, and process your images and video recorded by CCTV.
1.5 Sensitive Data, for example, health information, biometric information, religion, race, and ethnicity.
2. Purposes of Collecting, using and/or disclosing, your Personal Data
2.1 We will collect use and disclose your personal data following the legal basis.
(1) It is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. For example, checking the contracting party, contract administration, making or preparing a contract and relating documents, contract performance, payment of goods and services, evaluate the work according to the agreements, contract, or other documents relevant to the contract.
(2) It is necessary for compliance with a law to which the data controller is subjected. For example, taxation law, and civil and commercial law.
(3) It is necessary for the legitimate interests of the data controller or any other persons or juristic persons other than the data controller. For example, to manage our business, develop our goods and products, research, examine and prevent fraud and crime, to maintain and provide security measures of information technology (IT) systems.
(4) It is necessary for the establishment, compliance, exercise or defense of legal claims.
(5) It is required by law to obtain your explicit consent under PDPA. For example, to conduct marketing research and data analysis which include sending news and privileges to you via channels of communication.
2.2 In case, it is necessary for us to collect, use, and disclose your personal data to perform the contract or comply with the law, but you do not give such personal data to us. As a result, we may not be able to perform the contract or follow your request or we may violate the laws or have other negative impacts.
3. Changes in the Purpose of Processing your Personal Data
4. How We Collect your Personal Data
We will collect your personal data directly from you when you contact us; supply products or services to us; have transactions with us; contact us via the website or social media or telephone.
5. Disclosure of your Personal Data
(1) Service providers, contractors, any relating agents, or relating contract parties.
(2) Government agencies or entities under other laws.
6. Security Measures
We have appropriate security measures to protect your personal data from loss, unauthorized access and use, and unauthorized disclosure, change, or destruction. We will have access control only for employees, contractors, representatives, and third parties who need to know and perform their duty. If there is any third-party processing of your personal data, we will control such a third party to process your personal data within our instruction appropriately.
7. Time period to Protect Personal Data
We will delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purpose of collecting that personal data.
8. Your Rights Related to Personal Data
Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulations set out by us.
8.1 Right to the withdraw consent
If you have given consent to us to collect, use and/or disclose your personal data (whether before or after the effective date of the Personal Data Protection Law), you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
8.2 Right of Access
You have the right to access your personal data that is under our responsibility; to request us to make a copy of such data for you, and to request us to reveal how to obtain your personal data.
8.3 Right to data portability
You are entitled to request your personal data which has been processed to be in a format that can be read or used in general with an automated device or equipment and can be used or disclosed via automated methods. You are also entitled to request us to send or transfer your personal data of said format to other data controllers if it can be processed via the automated method, and to request personal data of said format which is directly sent or transferred by us to other data controllers unless it cannot be processed due to technical difficulties.
8.4 Right to object
You are entitled to lodge an objection to the collection, use or disclosure of your personal data at any time. If the collection, use or disclosure of your personal data, to which you lodge an objection, is undertaken under the legitimate interest of us or any person or any juristic person, or for public benefit, we shall continue to collect, use and/or disclose your personal data only if we can provide legal reasons that the collection, use and/or disclosure of your personal data is sufficiently important, or is undertaken for the establishment, defense, use of, or compliance with, the rights to claim in accordance with applicable law, as the case may be.
8.5 Right to deletion or destruction
You are entitled to request us to delete or destroy your personal data or make it anonymous if you believe that your personal data has been collected, used and/or disclosed illegitimately, which is not in compliance with applicable laws or if you deem that it is no longer necessary for us to keep your personal data under the objectives of this policy or when you exercise your right to withdraw consent or your right to object as mentioned earlier.
8.6 Right to suspension
You are entitled to request us to suspend the use of personal data if we are conducting an investigation per your request to exercise your right to rectification or right to object, or for any other case wherein it is no longer necessary for us to keep your personal data and we must delete or destroy your personal data in accordance with applicable laws, but you have sought to request us to suspend the use of your personal data instead.
8.7 Right to rectification
You are entitled to rectify your personal data to keep it accurate, up-to-date, complete and not misleading.
8.8 Right to lodge a complaint
You are entitled to lodge a complaint to relevant competent authorities if you believe that the collection, use and disclosure of your personal data violates or does not comply with applicable laws.
Exercising the aforementioned rights may be restricted by applicable laws, and, in certain cases, there may be compelling reasons that may cause us to deny your request or may prevent us from complying with your requests such as in compliance with laws or court orders, for the public benefit, exercising the aforementioned rights may potentially violate other persons’ rights or freedoms, etc. If we deny the aforementioned request, we shall give you the reason(s) for such denial.
You can submit your request to exercise your rights. We will manage within 15 days.
9. Will we rectify or revise this policy?
We may consider rectifying, revising or changing this policy from time to time, as deemed appropriate and permitted by law. In case of rectification or revision of or change in this policy, we will announce the current policy on our website.
10. How can you contact us and the data protection officer?
If you have any suggestions or would like to inquire about information regarding details of the collection, use and/or disclosure of your personal data including exercising your rights under this policy, you can contact us In addition, you can contact the data protection officer by email at email address DPO@ueno-fc.co.th.
Head office: No. 33/129 Wall Street Tower, 26th Floor, Room No. 2601, Surawong Road, Suriyawongse Sub-district, Bangrak District, Bangkok 10500 Thailand Tel. : (+66) 2237 0823