Privacy Policy Ananda Development Public Company Limited
Ananda Development Public Company Limited (“Company”) realizes the importance of personal data protection. The protection of personal data is a social responsibility and builds trust between the customer and the trading partners. The company hereby shall act in accordance with the laws concerning the data protection and other related regulations.
This privacy policy is issued so the personal data is managed suitably and there are sufficient security measures to protect and secure the personal data of the customers which the company will be collecting, using and disclosing in accordance with the laws concerning the data protection and related regulations.
1. Definition
- Company Means Ananda Development Public Company Limited
- Ananda subsidiaries Means Ananda Development Public Company Limited, its subsidiaries and group companies; The Works Community Management Co., Ltd., Helix Co., Ltd., The Agent (Property Expert) Co., Ltd. and other companies (More info, see www.ananda.co.th/th/ananda-group )
- Date owner Means the owner of the personal data whose data is collected, used or disclosed, including but not limited to the customers, shareholders, trading partners, service provider and the interested parties
- Data Means the personal data, data which is not personal, system data, address or cookies
- Personal Data Means personal data which can identify a person, directly or indirectly as per the Personal Data Protection Act B.E. 2562, its amendments and the related laws
- Sensitive data Means racial or ethnic origin, political opinions, religious or philosophical beliefs, person’s sex life, criminal records, data concerning health, trade union membership, the processing of genetic data, biometric data or any other data for the purpose of uniquely identifying a natural person as per the Announcement of the commission.
- Biometric data Means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data or finger prints data
- Public data Means data that the data owner has disclosed to the public such as online profiles which requires social media credential such as Facebook, Instagram, Twitter, Line and other online platforms which is used to connect or use the company’s services i.e. social media account ID, interests, likes and friends list of the data owner which the data owner have a control and can keep it private via the online settings provided by the service provider
- Data controller Means any person having the power and duties to make decisions regarding the collection, use, or disclosure of the personal data
- Data processor Means any person who operates in relation to the collection, use, or disclosure of the personal data pursuant to the orders given by or on behalf of a data controller
- Data processing Means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
- Application Means program or sets of orders used to control the work of mobile computing and its components in order to work as per the order and satisfy the needs of the users. The application shall consist of User Interface or UI as the medium
- IP Address Means a numeric identifier of each devices such as computer or printer which uses internet protocol Cookie Means small text files that websites place on your device as you are browsing when connected to the internet. This is to collect your personal data. The cookies will be sent to the origin website every time you visit the website.
- Log Means data that occurs due to the utilization of the application, including the origins, destination, route, time, date, quantity, duration, type of service or other related data concerning the application utilization.
- Anonymous data Means Data that has passed the anonymous process
- Office Means Office of the Personal Data Protection Commission
Privacy Policy
Company realizes and gives importance to personal data protection. The company shall strictly act to secure and keep the personal data confidential. The personal data shall not be used without the data owner’s consent. The company shall proceed as per the purpose and by the data owner’s consent provided to the company to collect, use or disclose the personal data or shall act in accordance with the laws and international standards.
2. Method of receiving
The company shall collect the personal data as follows;
- 2.1 Personal data received directly from the data owner
- 2.2 Personal data received from the subsidiaries
- 2.3 Personal data received from a third party such as agent, shops or service providing companies that process the data, trading partners, alliances.
- 2.4 Personal data collected from visiting websites such as name of the internet user and IP Address, date and time of visiting the website, websites that are visited, address of the website which is directly connected with the company’s address.
- 2.5 Application utilization behavior where the log will be collected from using the company’s application
- 2.6 Personal data which can be collected from the public records and non-public records, which the company has the right to collect as per the law.
- 2.7 Personal data collected from the government’s organization or authorized agencies.
3. Purpose of collecting, using and disclosing the personal data
The company has the purpose to collect, use or disclose the personal data as follows;
- 3.1 To provide services, modifying the products and services of the company or to provide future services and products, maintenance and proceed in any ways concerning the services.
- 3.2 To operate business concerning the products or services such as down payment, appointment to transfer the ownership, activities concerning the management of the juristic person or housing estate juristic person etc.
- 3.3 To manage the relationship between the company and the data owner.
- 3.4 To confirm and/or identify the data owner who shall access the services or contact the company.
- 3.5 To communicate, inform and/or receive news from the company or any alterations of the company.
- 3.6 To proceed as per the intentions of the data owner which are given to the company.
- 3.7 To propose benefits and/or services of the company i.e. suggestions and/or proposes concerning the products and services, including the promotion for promoting the market or entering into businesses which are concerning the company’s services.
- 3.8 To operate the business of the company such as analyzation of data, inspection, developing a new product, alteration or modification of services, analyzation of services, conducting surveys on sales promotion activities and consideration of the company’s business and its expansion.
- 3.9 To proceed with necessary and suitable works as follows;
3.9.1 Inspect and prevent the violation against the laws
3.9.2 Answer to the request of the government or government agencies including international government where the data owner is residing
3.9.3 Enforcing the rules on services providing and the privacy policies
3.9.4 Protect the company’s business
3.9.5 Protect the privacy rights, security and assets of the company, personnel, data owner or any other person
3.9.6 Remedy, protect or limit the damages that may occur - 3.10 To act in accordance with the laws, investigation of the officers or the supervising agency to act in accordance with the rules, regulations or related laws.
Other purposes which are not specified, the data owner shall be informed when the company wishes to collect the personal data. Once the company has received the personal data, the company shall collect, use or disclose it only under the purposes specified in no. 3 if they enter the following conditions;
- 1. A consent is given to the company in accordance with the laws
- 2. It is a necessity to act in accordance with the agreement where you are one of the party or to act in accordance with your request prior to entering the agreement
- 3. To prevent or stop danger to the live, body or health of a person
- 4. Necessity to proceed with the business for the company’s benefit or to act in accordance with the authority provided by the government to the company
- 5. Necessity to gain the lawful benefits as per the law for the company or any other person except the benefits are less important than the basic personal data
- 6. To act in accordance with the law
- 7. To issue a historic letter or letter for public benefit or research or statistics. The company shall suitably protect the rights and liberty.
4. Purpose of processing the personal data
Personal data
| Type of data | Purpose of processing |
|---|---|
|
• Name
• Address • Office address • Telephone no. • ID Card no. • Passport no. • Date of birth • Nationality • Gender • Setting • Privacy setting • Other data concerning the additional data collection in accordance with the purpose |
When you visit our website, you will be requested to register with the company and/or you may need to provide your personal data for the purpose of collect the personal data for company’s marketing such as
• Contacting and proposing of company’s services or any other proposes concerning Ananda’s projects which may have shown some interest to the company
• To inform you about the news, products and news • To check your identity • To provide security to your account • To inform you about the changes |
|
• Credit card number
|
Credit card data will be collected and inspected via a third-party payment system. This information shall not be permanently collected on the company’s server. The information will immediately be deleted after the inspection by the third party.
|
|
• IP Address
|
To identify you
|
Search history
| Type of data | Purpose of processing |
|---|---|
|
• Browser type
• Domain • Visited websites • Time of vising the website • Website address • Data for supporting the customers • Log |
• To gain information for visiting and using the website and application of the company
• To manage the website and the application; for internal purposes, solve the website problems, analyze the data, test, research, security purposes, inspection of the distortion and management of the account • To identify and solve the problems |
System information
| Purpose of processing |
|---|
| • To give information when visiting and using the company’s website, for managing the website; for internal purposes, solve the website problems, analyze the data, test, research, security purposes, inspection of the distortion and management of the account and to develop the user’s experience |
Address
| Purpose of processing |
|---|
| Website will use the information collected by the cookie for statistics analyzation or other activities of Ananda to develop Ananda’s products and services |
Cookie
| Purpose of processing |
|---|
| Website will use the information collected by the cookie for statistics analyzation or other activities of Ananda to develop Ananda’s products and services |
6. Duration and place of collecting the personal information
The company will process the information only until it is necessary. The company identify the purpose and the necessity to collect and process the data. This shall also be in accordance with the law. The company shall store the data for a period after the agreement has expired but will be in accordance with the period and prescription of law. The company will have a suitable location to store the personal data for each type. The company will have to store the personal data even if the prescription has expired such as when there is a case etc.
The company shall secure your personal information as per the administrative safeguard, technical safeguard and physical safeguard in order to prevent it from the processing of data by a third party. Therefore, there shall be confidentiality, integrity and availability. This is to prevent the violation of personal data. The company has determined the privacy policy, regulations and rules on personal data protection such as information technology security standards and preventing a third party to receive information from the company to use or disclose for any other purposes or unlawfully or illegally using the data. The company alters and modifies the policies, regulations and rules from time to time as deems suitable.
Apart from this, the company has determined its employees, personnel, agents and person receiving information to keep the information confidential and secure as per the company’s measures every time while processing your information.
7. Disclosing and transferring of personal data
Disclosing of personal data
The company will disclose the personal data to a third party and/or organization or outside agency in the following events;
- The related companies or the subsidiaries: The company shall share your personal information to the companies under Ananda which includes The Works Community Management Co., Ltd., Helix Co., Ltd., The Agent (Property Expert) Co., Ltd. and other companies for the purpose of marketing.
- Contractor/Party: In the event, the company has employed a contractor where it is necessary to use your personal data such as postal code, statistics analyzation, online activities, the website shall make the contractor act in accordance with it to keep your privacy. It is forbidden for the contractor to use your personal information for any other purposes apart from supporting Ananda’s work.
- Seller/Broker; In some events, the company may share your data to the authorized seller or broker; The Agent (Property Expert) Co., Ltd. for some specific purposes such as processing of credit card.
- Government or its organization or any other agencies as per the law; in order to act in accordance with the laws, orders, requests to coordinate with the agencies for the law related matters.
Transferring, assigning and/or sending the personal data overseas
In the event, the company has to transfer, assign and/or send the data oversea, the company will determine the standard of covenants and/or joint venture with agency or organization which will receive the data to have an acceptable standard for data protection and to coordinate with the law. This is to ensure that the personal data will be secured i.e.
- In the event, the company has the necessity to store and/or transfer, assign the personal data for storing
- Processing of data in the Cloud; The company shall consider the organization which has international standard for security and shall store the data by entering the password or by any other means which will not identify the personal data.
Nevertheless, the data owner can check the name of the third parties to whom the company will disclose the personal data via Business Partners. However, the list may be altered, added or reduced but the company shall always update the list.
8. Utilization of sensitive data
To sell the products or services of the company or to collect the personal data in some cases, the company has the necessity to collect the sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, person’s sex life, criminal records, data concerning health, trade union membership, the processing of genetic data, biometric data or health data etc. In such cases, the company shall inform and request for the data owner’s consent to use the sensitive data as per the company’s purpose
9. Utilization of personal data for marketing
Apart from the purposes mentioned-above and under the law, the company shall use the personal data for the purpose of marketing such as to send promotion documents via the post, e-mail or any other methods including the direct marketing. This is to provide additional benefits to the data owner who is the customer of the company.
You may choose to deny the communication for the purpose of marketing except the necessary communication and/or services such as invoice to pay the installments and receipt etc.
10. Security and confidentiality of the personal information
The data owner may therefore be confident in the management of the company, in order to prevent the risk which may occur to the personal information from illegal access, information leakage, modification and loss of data, the company shall act in accordance with the international standard in securing the information technology and shall continuously manage the business in accordance with the law.
The company has the policy to protect the personal information of the data owner by limiting the accessibility to the personal information. The company shall only allow the responsible person to access the information for the purpose of proposing the products, financial products and services such as employees, agents, financial consultant and investment consultant of the company. The person who are authorized to access the data shall strictly act in accordance with the preventive measures and shall keep the data confidential. The company shall keep both physical and electronic forms of data secure in accordance with the measures.
If the company enters into an agreement or commence into a covenant with a third party, the company shall determine the security measures for the personal data and to keep the information confidential as suitable.
11. Rights of the data owner
You have the rights in accordance with the laws. You may utilize your rights as per the law and the policy determined herein or which will be determined in the future and the company’s rules.
Withdrawal of consent
If a consent is given to the company to collect, use and disclose your information (consent prior or after the enforcement of the data protection laws), you have the right to withdraw the consent at any time when the data is with the company except that your rights have been limited by law or agreement which is for your benefit.
Right to access the data
You may request to access your information which is with the company and may request for a copy of the data and may request the company to disclose the way the data was collected without the consent.
Rights to transfer the data
You may request your personal information which the company has altered so it can be easily be read or used via the automatic equipment or tools and may use the or disclose the data automatically. You also have the right to directly send or transfer the personal data in the automatic form to the data controller except there are any technical errors.
Right to object
You have the right to object at all times if the data which is collected, used and disclosed is for the benefit of the company or third party or for the public interest. In the case of objection, the company shall collect, use and disclose the personal information only for the part where the company can provide lawful reasons that is supersedes your basic rights or which is in accordance with the law or used to fight a case, as the case maybe.
Right to be forgotten or removal of data
You have the right to be forgotten or have the right to get your data removed or convert the data to be unidentifiable, if it is believed that the information collected, used and disclosed is unlawful or it is believed that the company no longer needs to store the data as per this privacy policy or when there is a withdrawal of consent or have utilized the objectionable rights as mentioned-above.
Right to restrict the data processing
You have the right to restrict the data temporarily when the company is under the process of considering the amendment of personal data or request to object or any other events where the company no longer needs to store the information and shall delete the personal information but you have requested to restrict instead.
Right to amend the data
You have the right to amend your personal information to be correct, present and compete which will not cause misunderstanding.
Right to complaint
You have the right to complain the authorized agency if it is believed that the data collected, used and is disclosed in such a way which violates or breaches the law. Kindly refer to no. 16 to contract the Personal Data Protection Commission
Utilization of rights
The rights can be utilized by filing the form and submitting it to the responsible agency. However, your rights many be limited by the related laws. If necessary, the company may deny or may not proceed as per the request such as to act in accordance with the law or court’s order, for the public interest, injunction due to possible breach on rights and liberty etc. If the company denies the request, a reason shall be provided by the company.
Duration for utilizing the rights
| Rights | Duration |
|---|---|
|
Rights to withdraw
|
7 Days
|
|
Right to access
Right to transfer the data Right to object Right to be forgotten or removal of data Right to restrict the data processing |
30 Days
|
|
Right to amend the data
|
7 Days
|
To delete, destroy or change the form of the data into an anonymous data or to withdraw the consent shall be done under the law and agreement with the company only. Such utilization of rights may have an impact on the performance of the agreement or services as the data owner would be anonymous. There will be limitations and may cause the data owner not receive benefits and news from the company.
12. Connectivity with an external website
The company’s website is connected to a third party’s website whose data protection policy may differ from the company. It is requested that the data owner shall study the privacy policy of those websites to decide the disclosure of the personal data. The company shall not be liable for the contents and damages which may occur due to the website of the third party.
13. Data protection officer
The company has appointed a data protection officer to inspect the storing, collecting, using or disclosure of personal information to coordinate with the Personal Data Protection Act B.E. 2562 and the policies, regulations, announcements, orders of the company and shall coordinate and cooperate with the Personal Data Protection Commission and other duties as per the Personal Data Protection Act B.E. 2562 which is amended.
14. Modification of the privacy policy
The company reserves the right to modify, alter or amend the privacy policy in the future under the laws. All the modifications shall be announced via www.ananda.co.th/th/privacy-policy/mar2020