Personal Data Protection Policy
Forward System Limited places great importance on the protection of personal data and has created this Personal Data Protection Policy for the purpose of elaborating how personal data is managed and to build confidence with the Personal Data Subjects that the Company is handling their personal data in accordance with the provisions of the applicable law.
This Personal Data Protection Policy is intended to inform you, the Personal Data Subject, of the purposes, collection, usage and/or disclosure of your personal data (hereinafter collectively referred to as “Processing”), as well as the legal rights of Personal Data Subjects related to Personal Data. Therefore, the Company invites you, the Personal Data Subjects, to study and comprehend the personal data protection policy in detail.
Unless otherwise defined herein, all capitalized words used in this policy shall have the meaning specified as follows:
1.1 “Personal Data Protection Law” means the Personal Data Protection Act, B.E. 2562 including amendments, decrees, regulations, orders, notifications, rules, and any relevant laws.
1.2 “Services” means to sell, purchase, hire, and services or any activities related to the services provided to the Personal Data Subject by the Company.
1.3 “Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular, such as, identification card number, address, physical and mental identity, social, economic or cultural identity information.
1.4 “Company” means Forward System Limited as the subsidiary of Univentures Public Company Limited.
1.5 “Affiliate” means any company in which the Company or Univentures Public Company Limited owns 50% or more of the total issued shares (first-tier subsidiary), including any other company in which the first-tier subsidiary and/or subsidiaries in the next hierarchy own 50% or more of the total issued shares, and shall include the definition of the affiliated company in accordance with the regulations stipulated by the regulatory authorities at present or in the future.
1.6 “Data Controller” means a person, or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of Personal Data.
1.7 “Personal Data Subject” means a person, company’s directors, a person acts on behalf of the company including representatives of such person receiving the Services provided by the Company.
2. Collection of Personal Data
The Company collects Personal Data from the Personal Data Subject both directly and indirectly as follows:
2.1 Personal Data that the Personal Data Subject or the representative of the Personal Data Subject delivers to the following persons:
2.1.1 The Company
2.1.2 Affiliates of the Company
2.1.3 Associates of the Company
2.1.4 Companies within the Company's business group; and
2.1.5 Business partners of the Company
2.2 The provision of Services using one or more of the Company’s channels, such as telephone services;
2.3 The provision of Services via the internet, online connection, including, the use of the Company’s website, applications, on line social media;
2.4 Sources of information other than the Personal Data Subject directly, e.g. government agencies, Affiliates, the Company’s contractual partners, etc. which the Company collects from other sources with the consent of the Personal Data Subject and in accordance with the provisions of the applicable law, except in the case that the Company is required to do so as permitted under the applicable law.
In the event Personal Data of another person has been provided to the Company, the Personal Data Subject warrants that the Personal Data Subject has the right and/or has obtained consent from such person to disclose such Personal Data and has fully complied with the Personal Data Protection Law.
3. Types of Personal Data Processed
General Personal Data
General Personal Data is data which can be used to identify the Personal Data Subject, whether directly or indirectly and the Company processes such Personal Data of the Personal Data Subject as follows:
3.1 Personal data e.g., name, surname, gender, age, date of birth, marital status, address, job.
3.2 Contact information, e.g., residential address, place of work, telephone number, Line ID, email address.
3.3 Data that identifies your location while using a website. If the GPS System is enabled, it is deemed that the Personal Data Subject consents for the Company to collect and evaluate your location while using the website. If you want to turn off the location function, the Personal Data Subject can install a program or turn off the GPS function on your mobile phone.
3.4 Data based on computer or communications equipment such as:
3.4.1 Cookies, i.e., data sent from a website to a computer when you visit, enter and interact with
the Company’s website
3.4.2 IP Address
3.4.3 Web Browser used to provide access
3.4.5 Websites that refer to the Company’s website
3.4.6 Connectivity data using the website’s connection.
3.4.7 Online network connection
3.5 Data regarding Services used (depending on the services used by the Personal Data Subject on the website) e.g. registration to receive information in an electronic format, information related to whistleblowing or complaints, information relating to job applications, information regarding communication through the website and any other information regarding the Personal Data Subject’s activities on the website, including information about the computer and connectivity information using the website’s connection.
3.6 Other data e.g., sound, pictures, video, photographs and closed circuit television recording pictures.
3.7 Other data that may be deemed to be Personal Data under the Personal Data Protection Law.
Special Personal Data
It is a special categories of Personal Data as stipulated in Section 26 of the Personal Data Protection Act, B.E. 2562 such as race, ethnic origin, political opinions, belief, religion, or philosophy, sexual orientation/identity, criminal record, health data, handicap, trade union information, genetic data, biometric data, or any data which may affect the Personal Data Subject in the same manner, the Company will process such Personal Data to the extent required by law and notify the Personal Data Subject prior to or at the time of Processing of such Personal Data according to the conditions prescribed by law.
4. Purpose of Processing of Personal Data
The Company is entitled to process Personal Data of the Personal Data Subject for the purpose of the Services provided by the Company as well as to comply with the laws which the Company and/or the Personal Data Subject are required to comply with and for the other purposes as provided in this policy as follows:
4.1 To provide Services required by the Personal Data Subject.
4.2 To comply with contractual obligations with the Personal Data Subject including the contractual partners of the Company to improve and develop the Services provided by the Company to be efficient.
4.3 For the purpose of communication, e.g., warning notification, to respond when contacted by the Personal Data Subject.
4.4 To verify the identity of the Personal Data Subject, whether for the purpose of recruiting, identification of the person making the contact, entering or exiting the office for security purposes.
4.5 When the Personal Data Subjects give their explicit consent, the following purposes will be provided:
4.5.1 To announce various information regarding the Company, Affiliates and/or its associates as well as to provide services and special privileges related to such Services.
4.5.2 To provide information regarding products and services and activities of the Company.
4.5.3 For direct marketing.
4.5.4 For market research, analysis of the behavior and interests of the Personal Data Subject for marketing purposes as well as other services that may be offered in the future to better match the requirements of the Personal Data Subject for improved the Services when using the website.
4.5.5 To comply with contractual obligations with the Personal Data Subject or to fulfill requests of the Personal Data Subject prior to entering into the contract.
4.5.6 For the other purposes related to the interests of the Company and its Affiliates.
4.6 To comply with the provisions of the applicable law.
4.7 For the legitimate interests of the Company or other persons or entities.
4.8 For other purposes notified to the Personal Data Subject prior to or at the time of Processing of such Personal Data or other purposes related to any of the abovementioned purposes.
5. Security Protection Measures for the Personal Data
The Company has created safety and security measures as required by law in order to prevent loss, access to, use of, change, amendment or disclosure of personal information without authorization or permission. The Company improves and tests the technology system of the Company on a regular basis to ensure that the Personal Data has a high level of security and reliability.
However, the Company cannot guarantee the safety of personal data in all cases. If the personal data is lost, accessed, used, changed, amended or leaked due to a computer virus attack or electronic theft (hack) or accessed by an unauthorized person or due to a force majeure event or any other cause, the Company is not liable for any damage or loss arising from such event whatsoever. The Company recommends the Personal Data Subject to install anti-virus software programs to prevent being hacked or Personal Data theft and to maintain the confidentiality of the Personal Data.
6. Disclosure and/or Transfer of Personal Data to Third Parties
The Company may at its sole discretion disclose and/or transfer the Personal Data to a third party that is identifiable and has a personal data protection policy and security protection measures as may be required by law, subject to the consent of the Personal Data Subject or subject to the scope permitted by law, including to Affiliates, Associates, companies within the Company's business group, business partners, contractual partners, government agencies and other agencies provided under law.
7. Transfer of Personal Data to Foreign Country
The Company may send or transfer the Personal Data to a foreign country for the purpose of performing the Company affairs. The Personal Data Subject agrees and gives explicit consent to the Company to transfer the Personal Data to a foreign country, international organization, or any person under the jurisdiction of another country. The Personal Data Subject acknowledges that the destination country receiving such Personal Data may not have adequate data protection standards in accordance with the Personal Data Protection Law. In this regard, the Company will carry out the appropriate procedures for protecting personal data security at the same level as the Personal Data Protection Laws of Thailand.
8. Personal Data Subject’s Rights
Personal Data Subjects can exercise their rights under Personal Data Protection Law details as follow;
8.1 The right to access Personal Data that the Company has retained, including the right to request correction of inaccurate or incomplete data.
8.2 The right to request electronic copies of Personal Data for provision to third parties or request the Company to send it directly to a third party.
8.3 The right to object to the Processing of your Personal Data for marketing purposes and any other purposes.
8.4 The right to request erasure of your Personal Data when such data is not required to be retained, including the right to limit the scope of Personal Data Processing, in the event that such data cannot be deleted.
8.5 The right to request the restriction of the use of your Personal Data only in the part that is not necessary in the operation of the Company.
8.6 The right to request the Company to provide Personal Data that is accurate, up to date, complete and does not cause misunderstandings.
8.7 The right to file a complaint with government authorities in the event it is deemed that a violation of the Personal Data Subject’s has occurred.
Such exercise of the Personal Data Subject’ s rights shall be subject to the terms, notices and regulations set by the Company, which will be in accordance with the Personal Data Protection Law, including the Company's Personal Data Protection Policy and other criteria specified by the Company. A written request for exercise of rights shall be submitted to the Company's Data Protection Officer by means of the contact specified in Clause 13. of this policy. The consideration of the request is at the Company's sole discretion, and the Company's decision regarding the request is final.
Withdrawing consent may affect certain Services. As a result, the Company may not be able to provide Services to the fullest potential or certain services or benefits of the Company may not be made available or accessible. However, withdrawing consent will not affect the Processing of Personal Data for which consent has been provided.
9. Exceptions to Protection of Personal Data
The following actions to Personal Data shall not be deemed the violation of the Personal Data Protection Policy;
9.1 An action towards Personal Data that has been disclosed in public at the time or before Personal Data Subject disclose Personal Data to the Company, or Personal Data that is publicly disclosed which is not caused by the Company.
9.2 Disclosure of Personal Data by obtaining the Personal Data Subject’ s consent, whether in writing or by any other means.
9.3 Disclosure of Personal Data as necessary by laws, orders, rules, regulations, court order, government authorities, or other necessity.
10. Period of Retaining Personal Data
The Company will retain the Personal Data for the necessary amount of time to complete the purposes provided above or until the Company receives notice of withdrawal of consent to collect the Personal Data from the Personal Data Subject or to protect the interests of the Company, unless the law permits longer retention periods.
11. Amendments to regarding the Personal Data Protection Policy
The Company reserves the right to update, amend and change the details of the Personal Data Protection Policy, in whole or in part, at any time at the Company's sole discretion. The Company will provide notification of the change of the personal data protection policy through the Company's website, www.forwardsystem.co.th. Such changes will take effect immediately after the Personal Data Protection Policy is published on the Company's website. The Personal Data Subject is required to regularly check on the Company's Personal Data Protection Policy. The Company assumes that the Personal Data Subject is fully aware of the Personal Data Protection Policy that has been updated, amended and changed.
12. Governing Law
This Personal Data Protection Policy is governed by and interpreted in accordance with the laws of Thailand. Any disputes relating to the website including rights, obligations and any acts under this Personal Data Protection Policy shall be subject to the jurisdiction of the courts of Thailand.
13. Contact us
Should the Personal Data Subject have any questions, suggestions or complaints regarding this Personal Data Protection Policy and/or notifying the intention to exercise its rights, please contact the Company's Personal Data Protection Officer through the following channel:
Forward System Limited
No. 888/222-224 Mahatun Plaza 2nd Floor,
Ploenchit Road Lumpini Sub-District,
Patumwan District, Bangkok
This Personal Data Protection Policy effective from 20th May 2022