Privacy Policy
Announcement
Subject: Personal Data Protection Policy
This Privacy Policy Announcement (‘the Announcement’) is prepared to inform and ensure that you, as our customer, understand the format, objectives, methods of collecting, using, or disclosing (collectively referred to as ‘processing’) personal data, as well as your rights, in accordance with the Personal Data Protection Act of 2019.
In this regard, the processing of your personal data for the purposes outlined in this Announcement is carried out by the Company as the Data Controller, which means that the Company is the entity responsible for determining the collection, use, or disclosure of personal data.
1. Definitions“Personal Data” means data about an individual that directly or indirectly identifies that individual, but excluding data of a deceased person.
“Sensitive Personal Data” refers to personal data that is inherently private, detailed, and may entail a risk of unfair discrimination. Examples include race, ethnicity, political opinions, beliefs, religious or philosophical views, sexual behavior, criminal record, health data, disabilities, labor union membership, genetic data, biometrics, images, videos, audio, closed-circuit camera footage, or other data that similarly affects the individual’s rights as defined by the Personal Data Protection Act of 2019.
“the Company” refers to GP mobility public company limited.
“Staff” refers to the Company’s officers and employees.
“Individual Customers” means both former and current individual customers of the Company.
“Corporate Customers” means the former and current corporate customers of the Company, including directors, shareholders, true beneficiaries, employees, guarantors, insurers, and legal representatives, as well as any individuals with authority to act on behalf of corporate customers. The Company recommends that corporate customers take action to ensure that individuals with authority to act or any related individuals are aware of the Company’s Privacy Policy Announcement.
2. Respecting the Right to Privacy
The Company respects the rights of data owners and understands that data owners seek security and confidentiality for their data. Personal data received by the Company will only be used for relevant purposes, and the Company has stringent measures to ensure data security and prevent unauthorized use of personal data, in compliance with the law.3. Data Collection and RetentionThe Company will collect, use, or disclose your personal data only when necessary or legally required. This includes cases where data collection, usage, or disclosure is necessary to fulfill legal obligations, perform contractual obligations with you, serve the legitimate interests of the Company, comply with your consent, and/or for other legal bases. The purposes for which we collect, use, and disclose data may vary depending on the scope of the product and/or service that you may have used or inquired about, including both general personal data and sensitive personal data. We will obtain clear consent from data owners before collecting their data unless otherwise exempted by the Personal Data Protection Act B.E. 2562 (2019) or other laws.The types of personal data collected, used, and disclosed by the Company may vary depending on the scope of the product and/or service that you may have used or inquired about. This includes, but is not limited to, the following data.
Types of Data | Examples of Personal Data |
Personal details | – First name, middle name, last name, alias (if any) – Date of birth – Age – Nationality |
Contact details | – Mailing address – Email address – Phone number – Fax number – Social Media account |
Details used for identity verification and authentication. | – Photocopy of the national identification card. – Personal identification number – Passport information. – Fingerprint signature. |
Verification data. | – Verification for the purpose of establishing facts (Due diligence) (e.g., information related to Know Your Customer (KYC) procedures). – Payment history and credit bureau check |
Other information | – Records of interactions and communications between you and the Company, regardless of the format or method, including but not limited to phone calls, emails, text messages, and online social media communications. – The information you provide to the Company through any channel. |
4.1 To contact, verify, authenticate, and identify you in any transactions.
4.2 To track, record, or notify you of your transactions.
4.3 For research and analysis to best develop products and services that genuinely meet your needs, and/or to contact you with suitable products, services, and benefits.
4.4 For the purpose of improving the quality of our operations, services, and activities related to the Company’s business.
The personal data that the Company collects and processes for the above purposes is necessary for compliance with contracts or various applicable laws. If you do not provide the necessary personal data as mentioned, it may be in violation of the law, and the Company may not be able to manage or facilitate various operations for you.
Furthermore, in the event that there is a change in the purposes of collecting and using personal data in the future, the Company will notify you and take any other actions as required by law, including keeping additional records as evidence.
5. Disclosure of Your Personal DataThe Company will not disclose your personal data to any third party without your consent, and will only disclose it for the purposes that have been previously notified, for the benefit of the Company’s operations and service to the data owner. The Company may be required to disclose your personal data to government agencies and/or regulatory authorities (such as the Securities and stock Exchange Commission), requests from private entities, or other external individuals or organizations involved in legal processes, partners, auditors, and other entities.
6. Your Rights as the Data SubjectIn your capacity as the data subject you have rights as provided by the Personal Data Protection Act of 2019, including the following.
6.1 Right to access personal data: You have the right to request access to and obtain a copy of your personal data within the responsibility of the Company, including requesting the Company to disclose how the data, to which you have not consented, has been acquired.
6.2 Right to rectify personal data: If you find that the data held by the Company is inaccurate or you have made changes to your personal data, you have the right to request the Company to rectify your personal data to ensure it is accurate, up-to-date, complete, and not misleading.
6.3 Right to erase personal data: You have the right to request the Company to erase or destroy your personal data or make it non-identifiable in accordance with the law.
6.4 Right to suspend the use of personal data: You have the right to request the Company to suspend the use of your data as required by law.
6.5 Right to receive or transfer personal data: You have the right to request the Company to transfer your personal data provided to the Company in accordance with the law.
6.6 Right to object to the processing of personal data: You have the right to object to the processing of data related to you for the purposes of collection, use, or disclosure of personal data as specified by the law.
6.7 Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data you have previously consented to, except when such withdrawal is limited by law or by a contract beneficial to you as the data subject.
6.8 Right to be notified of changes to the privacy notice: The Company may consider reviewing and amending this notification as appropriate, to ensure that your personal data is adequately protected.
6.9 Right to lodge a complaint: You have the right to lodge a complaint with the authorized officials under the Personal Data Protection Act of 2019 if the Company violates or fails to comply with the said Act.
Please note that the Thai Personal Data Protection Act of 2019 grants data subjects specific rights concerning their personal data and its processing.In the event that the data subject requests the exercise of rights under the Personal Data Protection Act B.E. 2562, when the Company receives such a request, it will process it within the time frame specified by law. Furthermore, the Company reserves the right to reject or not proceed with the request in cases where the law allows. In cases where the data subject chooses to provide only specific personal data, it may result in not being able to receive full services from the Company, and the Company may not be able to work with the data subject or provide any services if the data subject does not consent to the required data.
The data subject can request the exercise of the aforementioned rights by submitting a request to the group of companies in writing or via email (E-Mail) using the form provided by the group of companies, which can be downloaded from this link and submitting the form through the “Contacting the Company” channel in section 12. The Company will consider and notify the results of the data subject’s request within 30 days from the date of receiving the request as stated above.
7. Data Retention PeriodThe company will retain your personal data for as long as necessary and justifiable to achieve the purposes for which the company received that personal data and to use for reference or verification in cases of necessity. However, unless the law permits a longer retention period, in cases where it is impossible to specify a clear data retention period, the data will be retained for a duration that may be reasonably expected, following the standards of data collection (e.g., the maximum statutory age of 10 years).
8. Personal Data Security MeasuresThe company has appropriate measures in place to ensure the security and confidentiality of your personal data, both technically and in terms of management. These measures are designed to prevent data loss or unauthorized access, destruction, use, alteration, modification, or disclosure of personal data without authorization, and they are in compliance with the company’s Information Security Policy.
9. Personal Data Protection Officer
The company complies with the Personal Data Protection Act of 2019 by appointing a Personal Data Protection Officer (DPO) to oversee the company’s practices regarding the collection, use, and disclosure of personal data in accordance with the Personal Data Protection Act of 2019 and related privacy laws.
10. Personal Data Controller
The company complies with the Personal Data Protection Act of 2019 by appointing a Personal Data Controller, whose responsibility is to make decisions regarding the collection, use, and disclosure of personal data in accordance with the Personal Data Protection Act of 2019 and related privacy laws.
11. Review and Modification of Privacy Notices
The company complies with the Personal Data Protection Act of 2019 by appointing a Data Protection Officer (DPO) to oversee the company’s activities related to the collection, use, and disclosure of personal data to ensure compliance with the Personal Data Protection Act of 2019 and relevant privacy laws.
12. Contact Information
You can contact the Data Protection Officer (DPO) for inquiries regarding this notice at
Company: GP mobility public company limited.
Address: 2 Soi Wipawadee Rangsit 50, Wipawadee Rangsit Road, Lad Yao, Chatuchak, Bangkok 10900
Contact Email: DPO@gpmobility.co.th or phone at 02-108-1222