Privacy Policy
Overview
Tossakan processes personal data of Personnel with the reasonable measures to act in compliance with the Thailand’s Personal Data Protection Act B.E. 2562 (“PDPA”). You can see our full detailed Privacy Policy through the attached QR code, however, the summary of our Privacy policy is shown below
Tossakan Visitors’ Privacy Policy 1.0
1. Purpose and scope
2. What personal data do we process?
3. How do we collect your personal data?
4. How does Tossakan use your Personal Data?
5. Usage of Personal Data with External Third-party Organization
6. Transferring Personal Data to Foreign Countries
7. Security Measures for Personal Data Protection
8. Time Period of Personal Data Storage
9. Website Visitors’ Personal Data Rights
10. Policy Revision
1.Purpose and scope
This Privacy Policy applies to all Tossakan Website Visitors. Tossakan mainly acts as the data controller under PDPA. Therefore, SKY ICT is committed to collect and process Website Visitors’ personal data in accordance with the purpose and scope of GFIN (Thailand) Co., Ltd. specified herein this Privacy Policy.
This Privacy Policy covers data subjects who are Tossakan Personnel, including Company Directors (Internal), Executives (Internal), Employees, Outsource Employees, Employees through probation and New Employees.
As used in this Privacy Policy, the following terms shall have the meanings set forth below:
‘Processing’ means anything done with Tossakan Website Visitors’ personal data, including collection, storage, use, disclosure and deletion.
‘Legal Bases’ means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of PDPA.
This policy may be revised at any given time as notified to Personnel through appropriate channels.
2.What personal data do we process?
Tossakan stores the following Website Visitors personal data :
- Address/Contact including but not limited to Address, Phone number, and Email
- Identity Data including but not limited to Full name and Portrait photo
- ID Data including but not limited to
- IT Data including but not limited to the Cookie ID
- Profile Data including but not limited to Nationality, Age, Birthdate and Salary
3.How do we collect your personal data?
In general, Tossakan will directly collect Website Visitors’ personal data through these processes (or channels) including but not limited to:
- Collecting cookie ID from the user's website (see cookies policy for details)
- Fill in the form on the website.
However, Company may collect additional data through Third-party Organizations which include
- Google Platform
- CRM Web
4.How does SKY ICT use your Personal Data?
Tossakan uses Website Visitors’ personal data to carry out tasks per Tossakan’s scope and purpose of providing groups of activities, including but not limited to:
Tossakan will process Website Visitors’ personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes unclarified above, Tossakan would ask for new consent to process Website Visitors’ personal data on such uses.
5.Usage of Personal Data with External Third-party Organization
Tossakan may be required to pass on personal data to external third-party organizations and process personal data in accordance with the contract or the legal obligation of Tossakan. These organizations may include:
- Sparrow
- Optiwise
For the case where personal data is being passed on the external third-party organizations, Tossakan will ensure that the minimum amount of personal data is being sent and consider anonymization and psuedonnymisation techniques for greater security. Nevertheless, external third-party organizations who will process Website Visitors’s personal data for Tossakan will be required to have an appropriate privacy policy. Tossakan does not permit these external third-party organizations to use the Website Visitors’s personal data in a way that diverge from the agreed scope and purpose.
6.Transferring Personal Data to Foreign Countries
According to these data processing activities specified herein this Privacy Policy,
Tossakan does not transfer Website Visitors’ personal data to any foreign countries.
7.Security Measures for Personal Data Protection
Tossakan has implemented security measures to ensure the security of Website Visitors’ personal data. External third-party organizations must carry out the processing of personal data in accordance with Tossakan’s policy and agrees to ensure the security of Website Visitors’ personal data
8.Time Period of Personal Data Storage
Proinside will store Website Visitors’ personal data throughout for the appropriate period according to Tossakan’s scope and purpose including other important matters such as legal requirements, financing and auditing purposes.
9.Website Visitors’ Personal Data Rights
Your personal data rights include:
- Right of Access – you have the right to request a copy of all your personal data and assess if the company is processing your personal data in accordance with the law or not
- Right to Data Portability – for the case where a company has an automated platform allowing you to access your personal data automatically:
- You have the right to ask for your personal data to be transferred automatically to other organizations
- You have the right to ask for your personal data to be directly transferred to other organization, with the exceptions of cases where there is a technological limitation
- Right to Object – you have the right to object to any data process activity of your personal data for the legal bases, including:
- Public Task or Legitimate Interest
- Direct Marketing Purposes
- Right to Erasure – you have the right to request data deletion or anonymization, in accordance to the following cases:
- Expiration of data processing required terms
- Consent has been withheld
- Objections raised on the data processing activity
- The processing activity is not in accordance with the law
- Right to restrict processing – you have the rights to restrict any data processing activities, in accordance with the following cases:
- During the process of personal data assessment as requested
- For cases related to personal data which has initially asked for deletion and erasure but was followed by an additional request of processing restriction instead
- For cases when the data processing terms have passed, but you have requested for processing restriction due to legal reasons
- During the process of personal data processing objection verification
- Right to Rectification – You have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, the company might not edit this themselves.
In the cases where Tossakan may not be able to carry out and exercise your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the rights to retract your consent by emailing to all related parties. Tossakan will be required to terminate all processes as soon as possible. However, the retraction only is carried out to all data processing after the retraction. Any data process activity carried out before the retraction will not be reversed.
Please be informed that Tossakan does record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available
at: https://www.law.chula.ac.th/event/9705/
In the case where you have the intention to exercise your personal data protection rights, please contact [contact@gfinthailand.com].
Tossakan will process this request in a secure and timely manner. Also, in case that Tossakan fails to preserve your rights under PDPA, you can file a complaint to Office of the Personal Data Protection Commission (‘PDPC’)
10.Policy Revision
This Privacy Policy applies to all Tossakan Website Visitors and was last updated on 4/18/2021. Tossakan holds the rights to review and edit the policy as the company sees fit. Any revision made will be notified to all related parties regarding the changes in data processing activity procedures.