Personal Data Protection Policy

Personal Data Protection Policy

BlueVenture TPA Co., Ltd. encourages you to become understanding of this Personal Data Protection Policy (privacy policy) as this policy describes how the Company treat your personal data such as collection, storage, use, disclosure, including your related rights, etc., so that you shall aware of the Company’s Personal Data Protection Policy. The Company hereby announces the policy as follows:
 

1.Scope of the Policy

    This Personal Data Protection Policy (“Policy”) is intended to describe how the Company collect, use and disclose your Personal Data, including the rights you have in connection with Personal Data. The Company has a duty to secure and protect data which the Company provides services thereon and/or which the Company received from you.

2.Definitions

    2.1 “Personal Data” means any data that enables an individual to be identified either direct or indirect, but excluding specific information of a deceased.
    Personal data provided by the Data Controller or Data Subject to the Company in order for the Company to perform its duty in accordance to the conditions specified in the service agreement and/or the stated purpose, can be categorized into 2 categories as follows:

      2.1.1 General Personal Data means first name and last name, gender, date of birth, age, residential address, telephone number, fax number, username, email address or any data with the person’s name or having a number, code, or other information that make such person be identified, such as fingerprints, a voice record of a person or photograph, and includes information about the deceased person as well.

      2.1.2 Sensitive Personal Data means data about race, ethnicity, political opinions, ethical, religion or philosophy believe, sexual behavior, criminal record, health information, labor union data, genetic information, biometrics, or any other information which similarly affects the Data Subject.

    2.2 “Data Controller” means a juristic person who is a service recipient of the Company, and company that collect Personal Data directly from the data subject which has the authority to make decisions about the collection, use or disclosure of Personal Data.

    2.3 “Data Processor” means a the Company which engage in collection, use or disclosure of personal data by order or on behalf of the Data Controller in order to allow the Company to perform its duties according to the conditions specified in the Service Agreement, while the Company is not being a Data Controller.

    2.4 “The Company” means BlueVenture TPA Company Limited and including its authorized person.

    2.5 “Employee” means employee of the Company.

3.Respect for individual rights

    The Company respects and value to the rights, Personal Data and protection of your Personal Data. The Company is well aware that you wish to have a security in the storage of Personal Data.

4.Limited Collection of Personal Data

    4.1 The Company shall use lawful and fair method to collect and store your Personal Data; where the collection will be made only as necessary for the performance under Company’s purposes and as provided by law.

    4.2 The Company, as the Data Controller will ask for your consent before collecting Personal Data, except

      1) To achieve objectives related to the preparation of historical documents or archives for the public interest or in connection with studies, research or statistics purpose where appropriated security measure for protection of your rights and freedom has been prepared.

      2) It is necessary in order to prevent or suppress harm to life, body or health of a person.

      3) It is necessary in order to perform contractual obligations of which you are a party or perform according to your request prior to the contract execution.

      4) It is necessary for the lawful benefit of the Company or of other person or entity, unless such benefit is less important than your fundamental rights in Personal Data.

      5) It is for your benefit while consent cannot be requested at the moment.

      6) It is for the benefit of the investigation of the inquiry official or the court procedure.

      7) It is to comply with laws such as the Personal Data Protection Act, Electronic Transactions Act, Telecommunications Business Act, Anti-Money Laundering Act, Civil and Criminal Code, Code of Civil and Criminal Procedure, etc.

    4.3 Sources of Personal Data

      4.3.1 Collect Personal Data directly from the Data Subject.

      4.3.2 Collect Personal Data obtained from Data Controller who are the Customer of the Company.

      4.3.3 Collect Personal Data from sources other than the data subjects, for example, searches for personal data via a website or inquiries made by third parties. In these cases, the Company will notify data subjects of the personal data collection without delay, but not more than 30 (thirty) days from the date the Company collects personal data from such sources, and request consent to collect the personal data from the data subjects, except where exempted by law from the need to request consent from or notify the data subject.

    4.4 The Company may inquire and collect additional data from you in order to keep your data accurate, up to date and complete at all time.

5.Purposes for collecting Personal Data

    Your Personal Data collected by the Company as a Data Processor will be used for the purposes of providing the services according to the order or on behalf of the Data Controller. For the Personal Data collected directly from you, the Company will notify you of the purposes of collecting, use or disclosing your information to relevant persons or entities, duration of storage, your legal rights to Personal Data and the agency which you may enquire about your Personal Data; and the Company apply strict security measures as well as prevention against unauthorized use of your Personal Data without your prior consent.
    The Company shall collect and use your Personal Data for the benefit of providing services to you, including the services you are interested in or other services, providing digital services or market research and for conduct any promotional activities, or for analysis, building database and to use the data to offer services, benefits or any product according to your interest.
    The Company will keep such data for only for as long as it is necessary for the aforementioned purposes, and will not act in contrary to those stated in the purposes of data collection, except

      1) It has informed you of new purposes and received your consent.

      2) It is required by laws.

6.Limited use of Personal Data

    6.1 The Company, as the Data Controller, may use or disclose your Personal Data only with your consent, and it must be used only for the purposes of the Company. The Company shall ensure that the Company’s personnel shall not disclose, display or make your Data appear to third party in any other manner other than the Company’s purposes, except;

      1) To achieve objectives related to the preparation of historical documents or archives for the public interest. Or in connection with studies, research or statistics, which provides appropriate safeguards to protect your rights and freedoms.

      2) It is necessary to prevent or suppress harm to life, body or health of a person.

      3) It is necessary to perform the contract with which you are a party. Or to be used in the processing of your request before entering into a contract

      4) It is necessary for the legitimate interests of the Company or of other persons or entities. Unless such benefits are less important than your fundamental rights in Personal Data.

      5) It is for your benefit and obtaining consent cannot be done at that time

      6) It is for the benefit of the investigation of the inquiry official. Or the judgment of the court

      7) It is to comply with laws such as the Personal Data Protection Act, Electronic Transactions Act, Telecommunications Business Act, Anti-Money Laundering Act, Civil and Criminal Code, Code of Civil and Criminal Procedure, etc.

    6.2 The Company may use the information services of third party service providers to maintain Personal Data. Which the service provider must have security measures by prohibiting to collect Use or disclose Personal Data other than those specified by the Company.

    6.3 In some cases, the Company may allow other individuals or entities to access or use your Personal Data as necessary. And for the purposes of the Company, the Company, as the controller of Personal Data, requires your prior consent.

7.Measures and methods on the security of Personal Data

    The Company shall put in place the security measures for the processing of Personal Data appropriately under both technical and administrative aspect to prevent loss, destruction, access, use, modification, alteration or disclosure of Personal Data without authority or illegally; and shall develop the information security management system with the standard prescribed by laws, including creating a sense of responsibility in Personal Data security for employee, company staff and contractors or external service providers of the Company to be strictly performed.
    If you suspect that your Personal Data may have been disclosed to third parties or lost or stolen and an unauthorized transaction has been made. Please notify the Company immediately at the company’s office or email DataProtectionOfficer@blueventuretpa.com.

8.Involvement of Personal Data Subjects

    8.1 If you wish to know Personal Data about yourself can submit the request and the purpose of the use at the office of the Company. When the Company received the request The Company will complete the process within 30 (thirty) days or within a reasonable time.

    8.2 You have the right under the conditions stipulated by the law as follows.

      8.2.1 Right of access or request a copy of Personal Data about yourself or request to disclose the acquisition of Personal Data about you in the event that you have not given your consent to collection or storage.

      8.2.2 The right to request the company to correct or change its Personal Data to be correct, complete and up to date.

      8.2.3 The right to obtain Personal Data about ourselves from the Company in a format that can be read or used with automated tools or devices. Including requesting the company to send or transfer Personal Data to another data controller

      8.2.4 Right to object to collection, use or disclosure or not to allow the company to process your personal data Unless the company can prove that the company is legally collecting, using or disclosing the Personal Data of the users. Or to comply with or exercise legal claims or to raise up to fight legal claims or to perform duties under a contract between you and the Data Controller. Or by virtue of other lawful rights

      8.2.5 Right to request deletion or make Personal Data a non-personally identifiable information that owns the Personal Data Unless the company has to comply with the applicable laws in keeping such information.

      8.2.6 Right to request for suspension of use or disclose Personal Data about them

      8.2.7 Right to withdraw consent to the collection of Personal Data, such withdrawal will not have any effect. With data processing that has been done

      8.2.8 Right to complain In the event that the Company, including its employees or contractors, violates or fails to comply with the Personal Data Protection Act B.E.

    However, the service users can submit a request for the above right at the Company’s office or email DataProtectionOfficer@blueventuretpa.com When the company receives the request, the company will consider and notify the result of the consideration within 30 (thirty) days or within a reasonable time, however, such rights may be subject to restrictions according to the law. And the company will record the said request as evidence as well.

    8.3 Impact of exercising the right to withdraw consent

    You can withdraw your consent only if it is collecting information from consent . Withdrawal of consent can be in any form. Either electronically or in writing, the Company will make the revocation clear. It’s easy to understand and no harder than asking for consent. Once the Company has received your request for revocation, you will receive the request for revocation. The Company will “notify the impact” of withdrawing consent and “cease processing data”.

    However, if it is necessary that you provide Personal Data to the Company in order to comply with the law or the contract or to use the service or enter into a contract with the Company. The Company will inform you in advance and will notify the impact if you do not consent to the Personal Data to the Company.

9.Time for retention of Personal Data and withdrawal of consent

    9.1 The company will keep your Personal Data for as long as necessary for the purposes of the company. Or is it necessary to establish legal claims? Compliance with or exercising legal claims Or lifting up to fight legal claims or for law practice Or according to instructions given by the data controller only Unless the order is contrary to the law or the provisions on the protection of personal data under this Act.

    When such storage period is overdue, The Company will delete, destroy or make the Personal Data an anonymous data.

    9.2 The company will have an inspection system to delete or destroy Personal Data after the expiration of the retention period specified by the company. Or according to the terms of the service contract Or orders received from the Data Controller Including information that is irrelevant or excessively necessary for the purpose of collecting Personal Data with the consent Or proceed as you request Or where you have withdrawn your consent Unless retained for the purpose required by law.

10.Amendments and Disclosure of Personal Data Protection Policy

    The company will review and update the Personal Data protection policy to be in line with the change of service. Operations under the Company’s objectives and to be up to date and to be a consistently acceptable standard The Company will disclose the privacy policy to you through the company’s website. Or other channels as appropriate.

11.Data Protection Officer

    The Company has implemented the Personal Data Protection Act 2019 by appointing a Data Protection Officer (DPO) to investigate the Company’s actions regarding data collection, use and disclosure. Personal data in accordance with the Personal Data Protection Act 2019, including laws related to the protection of Personal Data. An instruction for relevant persons to perform the specified action In order to complete the implementation of the Personal Data Protection Policy.

12.Contacting the Company

    If you have additional questions about the privacy policy, you can contact the Data Protection Officer at the Company’s office or email DataProtectionOfficer@blueventuretpa.com.