Privacy Policy

Home >> Corporate Governancec >> Privacy Policy

Privacy Policy
1. Introduction
 Plus Tech Innovation Public Company Limited is an affiliated company of SABUY Group as defined in clause 2 (the “company”) realize the importance of privacy and protection of personal data. The company has established a personal data protection policy (“policy”) to inform you about the company’s practices in collecting, using, disclosing and/or overseas transfers of the personal data processed by company officers and related person. Operator on behalf of or behalf of the company to be able to use the company’s products and services both now and in the future, such as top-up machines, merchandise vending machines, electronic payment service, deposit/remittance service, bill payment service, retail store management system (POS), Including providing services through online platforms, applications, social media channels and company website, such as: https://sabuytech.com/ https://termsabuyplus.com/ https://sabuysolutions.com/ can be confident that the company is transparent and responsible for collecting, using, disclosing and remitting overseas for personal data by the personal data protection act B.E. 2562 (“personal data protection law”) The company prepared this policy to clarify details about the collection, use, disclosure, and/or transfer personal information to foreign countries with the following contents:
2. Definition
 – Company means Plus Tech Innovation Public Company Limited or any of the affiliated companies of SABUY Group as defined below.
 – Personal Data means information about a natural person, which makes it possible to identify that person either directly or indirectly but does not include information about the deceased in particular.
 – Sensitive Personal Data means Personal Data as provided for in Section 26 of the Personal Data Protection Act B.E. cult religion or philosophy, sexual behavior, criminal records, health information, disability, trade union information, genetic data, biological data, or any other information which affects the owner of personal data similarly as specified in the notification of the Personal Data Protection Committee.
 – Personal Data Processing means any processing of personal data, such as collecting, recording, copying, organizing, keeping, updating, changing, using, recovering, disclosing, forwarding, disseminating, transferring, merging, deleting, destroying, etc.
 – Personal Data Subject means an individual who owns personal data that the company collects, uses or discloses.
 – Personal Data Controller is a person or legal entity who has the authority to decide the collection, use, or disclosure of Personal Data.
 – Affiliated Companies of SABUY Group (1) SABUY Technology Public Company Limited (2) SABUY Money Company Limited (3) SABUY Solutions Company Limited (4) Vending Plus Company Limited (5) SABUY Exchange Company Limited (6) SABUY Capital Plus Company Limited (7) SABUY Market Plus Company Limited (8) SABUY Maxi Insurance Broker Company Limited (9) SABUY Food Plus Company Limited (10) Plus Tech Innovation Public Company Limited (11) PLATT FINSERVE Company Limited (12) TERO SABUY Company Limited (13) Forth Smart SABUY Tech Company Limited ( 14) VDP Holding Company Limited (15) SABUY Digital Company Limited (16) SABUY WASH Company Limited (17) SABUY ACCELERATOR Company Limited (18) SABUY POS Company Limited (19) SABUY Speed Co., Ltd. (20) Speedy Express Service Co., Ltd. (21) A.T.P. FRIEND SERVICES Co., Ltd. (22) SIAM ENTERPRISE CORPORATION Co., Ltd. (23) M POINT EXPRESS Co., Ltd.(24) The Letter Post Service Co., Ltd.
 – Business Partners and Other Juristic Persons, Namely (1) Shipsmile Service Co., Ltd. (2) Quick-Service Co., Ltd. (3) Thai Van Service Co., Ltd. (4) GHL (Thailand) Co., Ltd. (5) Siam Commercial Bank Public Company Limited (6) Kasikorn Bank Public Company Limited (7) Krung Thai Bank Public Company Limited (8) Bank of Ayudhya Public Company Limited (9) CIMB Thai Bank (10) Bangkok Bank Public Company Limited (11) Government Savings Bank (12) Bank for Agriculture and Agricultural Cooperatives (13) Ascend Group Company Limited (14) Forth Smart Service Public Company Limited (15) Buzzebees Co., Ltd. (16) Shopee (Thailand) Co., Ltd. (17) Central JD Money Co., Ltd. (18) Advance Empay Co., Ltd. (19) Kerry Express (Thailand) ) Public Company Limited
 Further, in this policy, if there is no specific mention, it will call “Personal Information,” and “Sensitive Personal Data” are collectively referred to as “Personal Information.”
3. Scope Of Enforcement Of The Policy And Types Of Personal Data Subjects Under This Policy
 This policy applies to the personal information of the personal data subject. Both existing and that may occur in the future, which is processed personal data by the company, officers, contractual employees (“Personal Data Controller”) and includes parties or third parties who process personal data on behalf of the company. (“Personal Data Processor”) under various products and services of the company to use the application products and services.
Personal Data Subjects:
 3.1 Individual customers of the company, including natural persons who use or have used products, applications or services; product, application or service information; persons who have been informed of the product, application or service through various media; and who have been offered or solicited by the company to use or receive the product, application or service.
 3.2 Natural persons related to the company’s corporate customers such as directors, corporate representatives, contacts, natural person representatives, attorneys, employees, officers, officers, personnel and other similar persons of the company’s corporate customers. In addition, including any other natural person whose personal information is disclosed by a corporate customer to the company to conduct transactions with the bank to use the company’s products, applications or services; (“Personal Person Related To Corporate Client“)
 3.3 Investors and shareholders of the company, Board of Directors, executives, employees, employees, officers of the company or the company’s advisor (“People Who Have A Relationship With The Company”)
 3.4 Any other natural person with whom the company has any other relationship, interaction or communication or provides personal information to the company in any way, such as a visitor to the company’s website, including application systems, devices or any other communication channels, job applicants, the family of staff sellers of goods or services to the company partners, etc. (“Persons Dealing With The Company In Any Other Way”).
Articles 3.1 to 3.4 are collectively referred to as “You“
4. The Source Of Personal Information Collected By The Company
 This policy shall apply to the collection, use, disclosure and/or overseas transfer of personal data about you. The company may collect or obtain various types of personal information from the following sources:
 4.1 Personal data that the company collects directly from the personal data subject through various channels such as websites, applications and social network service channels controlled by the company, including LINE, Facebook, telephone, fax and online communication channels, including e-mail, call center, face-to-face communication, job applications, contracts, agreements or any documents, letters through questionnaires, business cards, postage, events, meetings and registration for company events.
 4.2 The company collects information from the personal data subject accessing such as the website, products or services, applications, contractual or mission-based, such as tracking the behavior of the company’s websites, products, applications, or services through the use of cookies or from software on the personal data subject’s device, registration through the company’s website, etc.
 4.3 Personal data that the company collects from sources other than the personal data owner directly. Provided that such references have the authority to have a legitimate reason or obtain consent from the personal data subject to disclose personal data to companies such as online platforms, other public resources, business partners, government agencies or a third party financial institution financial service provider credit information company and other places and/or other communication channels where the company collects your personal information, etc.
5. The Company’s Actions In Collecting Personal Information
 5.1 Personal Data Collected By The Company.
  5.1.1 Personal data means information according to the definition of clause 2, in which the company may collect personal information as specified in article 5.2.
  5.1.2 Sensitive personal data means information according to the definition of clause 2, which the company may collect sensitive personal data and the following information:
5.1.2.1 Biometric data. (e.g., fingerprint mock-up data, face photo mock-up data)
5.1.2.2 Sensitive personal data as shown in identity documents or documents supporting transactions and/or legal contracts or documentation to activate products and/or services (e.g., religion, ethnicity).
5.1.2.3 Health information: Information on chronic diseases and/or disabilities.
5.1.2.4 Criminal history data.
5.1.5.5 Information in static images animation and/or sound.
 The company will collect, use, disclose and/or transfer to foreign countries where personal data is sensitive. Only if the company has obtained the express consent or as permitted by law only.
 For static data animation and/or sound, in which the data owner performs duties for the company, the company will collect, use and disclose such information with the data owner’s consent. In the case of still images, animation and/or the sound from the recording through the CCTV, the company will collect, use and disclose such information for security purposes or comply with the law.
 5.2 Types Of Personal Data Subjects And Personal Data The Company Collects
  The company may collect your personal information. The personal information the company collects depends on the relationship between the company and you, the type of product or service you want from the company, types of your personal data, the types of information listed below are just the general framework for collecting personal information about the company, only information related to the product. Applications or services you use or have a relationship with only that will be practical. The details are as follows.
  5.2.1 The company’s individual customers people who have a relationship with the company.
5.2.1.1 Personal details such as title, first name-surname, gender, date of birth, age, weight, height, blood type, nationality, ethnicity, religion, country of birth, signature, family status, marital status, number of children, information about documents issued by government agencies such as ID cards, passports, civil servant cards, tax identification numbers, driver’s license details, information on the name-surname change document. Also, foreigner-related documents, work permits, residence certificates, photographs, audio recordings of telephone conversations, the data recorded from closed-circuit television cameras, including political status, documents related to visas and other legal documents, personal disease information, health information and disability information.
5.2.1.2 Educational information such as educational background, training history, job visits, and internships.
5.2.1.3 Work information such as work history, occupation, position, job description, type of business, type of organization, age of service, workplace, social security information and personal data appear in relevant documents such as supporting documents, certificated registration, Por.Por.20, business certificate and corporate tax documents.
5.2.1.4 Contact information such as the postal address on the ID card or house registration, current postal address, work postal address, delivery details of the phone number, fax numbers, maps, location data, email addresses, LINE ID, Facebook account and other IDs from your social networking sites.
5.2.1.5 Financial information such as income levels, sources of income and investments. Country of origin of income and investment, salary certificate statement, salary slip, financial status, information name and bank account number, your electronic money information, expenses, daily spending amounts, receipts, bills and other relevant information.
5.2.1.6 Information relating to the provision of services to you, such as the type of product or service you have selected, details as per application request, company’s products or services, remittance services, tax withholding, employee relations of the company or other companies, details in forms and information related to KYC and CDD, political affiliation information or a person with political status, suitability test results, the level of access to information in your system, information in a power of attorney, any other information in the documentary evidence supports submitting an application or application for the company’s services.
5.2.1.7 Transaction information, such as details of transactions to and from you, date and/or time of transfer or payment due, payment methods and receipts transaction, the amount net, the amount received, money transfer information, transaction reason, account number, mobile phone number used for transaction confirmation, transactional data of the company’s products and services, information and details contract (expiration date, contact date).
5.2.1.8 Technical details such as your internet protocol (IP) address and information about the communication devices you use to transact with the company.
5.2.1.9 Information about your FATCA, such as your status in the United States (e.g. nationality, place of birth, and permanent residence).
5.2.1.10 Behavioral details such as behavior, lifestyle, attitudes, information about other interactions and facts about your actions with the product or service, your feedback and opinions on the type of products or services you receive, details of your claims and complaints.
5.2.1.11 Marketing and communication details, such as your choice to receive the company’s marketing information, third-parties in SABUY Group Companies, business partners and your communication options.
5.2.2 Natural persons related to corporate clients of the company and other persons contacting the company.
5.2.2.1 Personal details such as title, first name-surname, date of birth, age, nationality, race, religion, signature, marital status, information about documents issued by government agencies (e.g., identity cards, passports), form details and information related to KYC and CDD; Information recorded from closed-circuit cameras.
5.2.2.2 Work information such as occupation, position, job description, type of business, type of organization that works, age of work, location of work and level of access to information in the system, personal data appearing in relevant documents such as shareholder lists, power of attorney, identification letter of the authorized person on behalf of the company.
5.2.2.3 Contact information such as the postal address on your ID card or house registration, current work postal address, phone number, fax number and e-mail address.
5.2.2.4 Technical details such as your internet protocol (IP) address and information about the communication devices you use to use our products, services, and websites.
5.2.3 Third party personal information
If you provide the personal information of third parties to the company, such as guarantors, senior management, authorized persons, delegates, directors, shareholders, employees, siblings, parents, spouses, trust founders and trust, representative persons in line of control or ownership, co-owners, other persons who are not the company’s customers and any other persons with whom you have a relationship in connection with the company. By providing such person’s personal information to the company, such as first name, last name, address details, emergency contact telephone numbers, and family members’ income. Please make this policy available to such third parties to be aware of it and seek consent if necessary or have other legal bases for disclosing personal information of third parties to the company.
5.2.4 Minor personal information
In the case where the consent of the minor is not in any way that the minor may give consent alone as provided in section 22, section 23 or section 24 of the civil and commercial code. The company will collect personal information about minors (A person under the age of 20 or a person who has not reached the age of majority by legal marriage) only with the consent of the statutory parental authority. The company does not intend to collect personal information from minors without the consent of the users of parental powers as required by law. If the company learns that the company collects personal information from a minor without the consent of the user of parental power as required by law, whether intentionally or unintentionally, the company will immediately suspend, suspend or terminate the use of the service of the minor or will only collect, use and/or disclose personal data where there is a legal base other than consent or as permitted by law.
6. Legal Bases And Purposes For Collecting Personal Data
The company will consider establishing a legal basis for collecting your personal data as appropriate and in the context of the company’s services, products and applications. The company will collect your personal data only as necessary under the purposes stated by the company in this policy or comply with the law.
The company collects, uses, discloses and/or transfers to foreign countries your personal data for some purposes. It’s depends on the type of product, application, service or activity you use as well as your relationship with the company or considerations in each context are important. The purposes stated below are just the framework for the company’s use of personal data, but only for the purposes related to the products, applications or services you use or has a relationship with only that will apply to your personal data.
In addition, the company will collect your personal information with your express consent. Unless the personal data protection law section 24 or section 26 gives power, the company will not collect personal data related to nationality, ethnicity, political opinion, cult religion or philosophy, sexual behavior, criminal records, health information, disability, trade union information, genetic information, biological information or any other information that similarly affects you as announced by the Personal Data Protection Committee without your express consent except in the case where the data protection law stipulates that it can be done.
The details of the legal base and purpose for collecting personal data are as follows.
6.1 Objectives Based On Your Consent
6.1.1 For marketing and communication purposes:
6.1.1.1 To carry out marketing and communications, marketing advertising, sales, special offers, press releases, public relations, promotions and presentation of products and services of the company, SABUY Group Companies, business partners and other legal entity.
6.1.1.2 For searching, recommend suitable products and services to recommend products and services that may be of interest to you to know your needs and adjust products and services to suit you.
6.1.1.3 To improve the company’s business operations, products, applications, services and an affiliated company of SABUY Group business partners and other legal entities (e.g., for assessment, market research, model analysis and develop geo-structured product distribution services.
6.1.1.4 For planning strategies and campaigns, the company’s products meet customer’s needs. Determine the effectiveness of the company’s promotional campaigns to improve the efficiency of the company’s business to suit the preferences of the company’s customers to see and troubleshoot problems with existing products and services.
6.1.2 To learn the needs and satisfy them, e.g., to know more about the products, applications, and services you have received and used and other products or services you may be interested in. Including processing your personal data by considering the types of products, applications and services that you use from the company, how you would like the company to contact you, etc., as well as to obtain information from satisfaction surveys in the use of the company’s products, applications and services.
6.1.3 To manage the website, mobile applications and platforms, e.g., to administer, operate, monitor and manage the company’s websites, applications and platforms to facilitate and ensure that these are functioning properly, efficiently and safe for facilitate to improve the layout of the website and the company’s platform.
6.1.4 To offer financial services of the company and/or companies in the SABUY Group to you.
6.1.5 Research, statistical data preparation and data analysis business: for use in the data analytics business) of the company, an affiliated companies of SABUY Group business partners and other legal entities.
6.1.6 Processing of sensitive personal data: the company may use your sensitive personal data for the following purposes.
6.1.6.1 Biometric data (e.g., fingerprint data biometrics data for face mockup) for KYC and CDD authentication and identification purposes. Including providing services to you.
6.1.6.2 Sensitive personal data as shown in transaction documents and/or contracts or in connection with activating products and/or services (e.g., religion, ethnicity). The company will cross out or override the information concerning your sensitive personal data (e.g., religion, race) on the identity document or documents supporting transactions and/or legal contracts or supporting documents, activate products and/or services. The company may do so on its own without notice to you or the company may request that you act on or override your sensitive personal data by yourself.
You are free to consent to the company collecting, using or disclosing your personal information. However, the company does not stipulate conditions for giving consent to access the service or enter into a contract with the company if the personal data is not necessary or relevant for entering or receiving the service.
If the legal basis is to seek consent, you have the right to withdraw your consent at any time and if it is to collect, use or disclose personal information of a minor. The revocation of authorization must be made by a user of parental power as specified in article 5.2 (4). Consent can be revoked at:
Fill information on the link :
Contacting through the following channels
Call center
Telephone number : 02-754-2650
Withdrawal of consent will not affect the collection, use and disclosure of personal data that you have given your consent to before withdrawal of consent.
6.2 Various Purposes And Other Legal Bases
The company will collect, use, disclose and/or transfer your personal information to foreign countries by the law on legitimate interests. The basis for entering into and performing the contract legal compliance base or other legal bases as permitted by the personal data protection act, as the case may be and depends on the relationship between the company and you, the products, applications or services you use with the following objectives:
6.2.1 For registration and identification, e.g., to register a product or service for you, verify, identify and verify you or your identity, your authority or agent. Includes authenticating and verifying your identity digitally.
6.2.2 To supply products, applications or services and customer relationship management, e.g., to enter into any agreements or contracts relating to products, applications or services and managing relationships with you. To determine your eligibility (e.g., to check your bankruptcy status to analyze the quality of your business and related parties). To support transactions and other activities related to products, applications or services to you, such as depositing, withdrawing, transferring, paying or receiving payments for goods and services. To consider approving the delivery of the product, using the application or providing various services. To deliver details of agreements or contracts, products, applications or services, financial transactions and services related to payment, which includes verification, confirmation and cancellation of transactions to receive/send letters, parcels and important documents to you. To produce reports informing customers of product-related information, application or service usage data. To deliver product progress news, applications and services to verify the correctness of the document, activities related accounting and balance sheet, validate account to assess conflicts of interest, provide management services or perform post-sales transactions. To allocate and cancel inactivity (e.g., cancel the service, etc.).
6.2.3 To impress with after-sales service, e.g., to communicate with you about products using applications and services that you receive from affiliated companies of SABUY Group or business partners and other legal. Entities to process and update your information as a customer of the company. To provide advice and facilitate your use of the product, applications and services. To deal with customer service-related questions. To handle complaints, requests and feedback. To deal with technical issues. To notify and provide solutions to problems for you. To carry out customer relationship management activities.
6.2.4 To provide identity verification and verification services, such as providing support for the Electronic Know-Your-Customer (EKYC) process and the digital identification process.
6.2.5 For marketing purposes, promotion and communications, e.g., to carry out marketing and communications-related activities, marketing advertising, sales, special offers, news, public relations promotion and presentation of products and services of the company, SABUY Group companies, business partners and other legal entities as you have specified your needs or have used the service before or as you have previously given consent, including product and service information that is similar to your interests and history of receiving products and services both, directly and indirectly. To enable you to participate in the offers and privileges, campaigns, events, organizing contests, sweepstakes, prize draws, other promotions and all related advertising services. To facilitate joining the event company activities, If the company does not require your consent.
6.2.6 To manage information technology, e.g., for the purposes of managing the business of the company. Including for information technology operations, communication systems management, information technology security and information technology security auditing, business management for compliance, policies and internal processes.
6.2.7 To comply with the law, e.g., to comply with the law, legal process or orders of government agencies, including orders of government agencies outside Thailand and/or to cooperate with courts, competent authorities, government agencies and regulatory agencies. Use the law when the company has reason to believe that it requires the company to do so and if it is necessary to disclose your personal information to comply with it. To report suspicious transactions to anti-money laundering agencies, financial services law enforcement and other government and law enforcement agencies and investigate or prevent crime.
6.2.8 To protect the company’s legitimate interests, e.g., to maintain the security and integrity of the company or SABUY Group’s business, to exercise the company’s rights and to protect the interests of the company or SABUY Group when it is required and lawful, to carry out management, preparation of internal policy reports according to the scope of operations of the company.
6.2.9 To examine and prevent business risks to the company, e.g., to prove your identity, to verify that there is a practice following other laws and regulations, e.g., to comply with anti-money laundering rules and prevent corruption cyber threats, various illegal activities (e.g., money laundering, financial support to terrorism and proliferation of weapons of mass destruction offenses relating to a property, life, body, liberty and reputation).
6.2.10 To manage risks, e.g., to manage risks, performance check and assess the risks to establish a risk index, prepare a summary of information for risk management, to analyze and predict potential risks, including how to cope with assessing product risks and suggesting if any changes and methods are needed in risk management.
6.2.11 To prevent or suppress a danger to the life, body or health of a person.
6.2.12 For the performance of other duties of the company for your personal information, depending on the relationship between the company and you, e.g., you as a shareholder of the company that the company will hold a shareholders’ meeting or you as a committee or executives or consultants of the company appointed by the company, including you in any capacity whatever the company is required to perform due to its obligations under any contract or agreement. In this regard, if you do not provide personal information to the company may affect you, e.g., the company may not be able to perform the actions you have requested, you may not be comfortable or the contract is not performed and you may be damaged or lose an opportunity. In addition, your failure to provide such personal information may affect compliance with any laws that the company or you are required to comply with and may have relevant penalties.
6.3 Handling Of Sensitive Personal Data Held By The Company Before The Personal Data Protection Law Applies To The Company.
If you were an existing customer of the company before the personal data protection act came into force, the company may collect sensitive personal data such as (1) religion, (2) race, (3) disability, (4) sensitive personal information used in transactions and/or contracts, (5) sensitive personal data that is used to enable the use of products and/or services further, for the purpose of documentary evidence collection only. The company will not use it for other purposes.
7. Disclosure Of Your Personal Information
The company may disclose or transfer your personal data to the following third parties who collect, use, disclose and/or share your personal data for the purposes under this policy. These third parties may be located in Thailand or outside Thailand. You can view their privacy policies for details about how they collect, use and/or disclose your personal information because you are the personal data subject to the privacy policy of such third parties.
7.1 Companies In The SABUY Group
The company may be required to disclose your personal information to other parties for the purposes specified in clause 6 above to companies within the SABUY Group. Disclosure of information to companies in the SABUY Group mentioned above will allow those in the group to use the consent that the company has obtained to process your personal data.
7.2 Company Service Provider
The company may use other companies, agents or contractors to provide services on behalf of the company or to assist with business operations and the provision of products and services to you, including taking any action for your benefit. The company may share your personal information with third party service providers, service provider agents, business support service providers, subcontractors, service providers or any other third party service provider to support the service of the company including but not limited to (1) Internet service providers, software, website developers, digital media, information technology service providers and companies information technology support providers, suppliers or provide digital services or products, for example, offer and provide digital platforms, including services related to technology (platform as a service), applications or any other systems for the company, providing identity verification services to companies (2) Logistics and transportation service providers (3) Payment and payment systems providers (4) Research service companies (5) Analytical service company (6) Survey service company (7) Auditor (8) Customer service center (9) Marketing service company advertising material design creation and communication (10) Company that provides services for campaigns, events, events, marketing events and customer relationship management (11) Telecommunications and communications service providers (12) Storage and cloud services providers (13) Printing services providers (14) Lawyer, legal advisor for the benefit of the company. Including exercising legal claims and fighting legal claims, auditors and/or other professionals to assist in the business operations of the company. (15) Service providers of archiving and/or destruction of documents (16) Employment agencies (17) Joint data analysts for analysis and development of products and/or services, conducting research or producing statistical data business administration and marketing promotions, such as publicizing events, products and/or services to you.
During the provision of such service, the service provider may have access to your personal information, however, the company will only provide your personal information to the service provider as necessary to perform the service and the company will request the service provider, not using your personal data for other purposes. The company will ensure that the service providers it works with maintain the security of your personal data as required by law.
7.3 Business Partners Of The Company And Other Legal Entities
The company may transfer your personal information to business partners and other legal entities to conduct business and provide services to the company’s customers and potential customers using the company’s services, including but not limited to the card-issuing company, companies that provide payment services for products and services, analytics service companies, market research survey service providers, financial transaction service providers, joint product release partners (such as co-brands) and other sponsors.
7.4 Third Parties Required By Law
In some cases, the company may be required to disclose your personal information to comply with the law. Including law orders, law enforcement agencies, courts, legal enforcement departments, competent authorities, government agencies or any other person. If the company believes it is necessary to comply with the law or to protect the rights of the company, Third party rights or for the safety of persons or to investigate, prevent or resolve fraud, security, safety, including any other risks.
7.5 Outsider
The company may be required to disclose your personal data legally for the purposes stated in this policy to other third parties and customers who transact with you or in connection with you, other persons with legal references, etc., as the case may be.
8. Transferring Your Personal Information Abroad
In some cases, the company may need to send or transfer your personal data to foreign countries to provide services to you, e.g., to send personal data to the cloud (Cloud) that has a platform or server (Server) abroad to support information technology systems located outside Thailand, depending on the service of the company you use or are involved in individual activities.
However, at the time of preparing this policy, the personal data protection committee has not announced a list of destination countries that have adequate personal data protection standards. As follows, when the company needs to send or transfer your personal data to the destination country, The company will take steps to ensure that the personal data sent or transferred has adequate personal data protection measures in accordance with international standards or proceeds according to the conditions in order to be able to send or transfer that data according to the law, including:
8.1 It complies with the law that requires companies to send or transfer personal information abroad.
8.2 Has notified you and obtained your consent, if the destination country has insufficient standards for personal data protection by the announcement of the list of countries announced by the personal protection commission.
8.3 It is necessary to perform the contract with which you are a party to the company or is made at your request before entering into that contract.
8.4 It is an action under the company’s contract with another person or entity for your benefit.
8.5 To prevent or suppress a danger to your life, body or health or another person when you cannot give consent at that time.
8.6 It is imperative to carry out missions for the benefit of the public.
9. Period Of Retention Of Personal Information
The company will keep your personal data for a while necessary to carry out the purposes for which the company received such information. The company will delete or destroy your personal information or make your communication more identifiable. However, in the event of a dispute, exercise of rights or lawsuits related to your personal data, comply with the law. The company reserves the right to keep your personal data until the dispute has been finalized by order or judgment.
10. Providing Services By Third Parties Or Sub-Providers
The company may assign or procure third parties (Personal data processors) to process personal data on its behalf or on behalf of the company. Such third parties may offer services in various ways, such as hosting, subcontracting (Outsourcing) or being a cloud service provider (Cloud computing service/provider) or being a job in the nature of outsourcing of other forms.
Assigning a third party to the processing of personal data as a processor of that personal data , the company will provide an agreement stating the rights and obligations of the company as a personal data controller and of persons entrusted by the company as a personal data processor, including defining in detail the types of personal data the company is entrusted to process. Including objectives scope of the processing of personal data and other related agreements in which personal data processors are obliged to process personal data only to the extent specified in the contract and in accordance with the instructions of the company and cannot be processed for other purposes.
Suppose a personal data processor is assigned a sub-processor. In that case, the company will direct the personal data processor to provide a documentary agreement between the personal data processor and the personal data processor, processing range in a format and standard not lower than the agreement between the company and the processor of personal data.
11. Security Of Personal Data
The company will keep your personal information very well through the technical and administrative measures (Organizational measure) that meets international standards and follows the notification of the personal data protection committee to maintain appropriate security and security in processing personal data and to prevent infringement of personal data, loss access, destruction, use, alteration, alteration and use of the data or disclosure of off-purpose information or without power or wrongfully.
The company has measures to protect personal information by limiting the right of access to personal information to be accessed by specific officers or authorized or authorized persons who need to use such information for the purposes for which it has been notified to the owner of personal information only. Such persons must strictly adhere to and comply with the company’s data protection measures, as well as have a duty to maintain the confidentiality of personal information that they know from the performance of their duties. In addition, executives, employees, contractors, agents, consultants and company data recipients must maintain personal data following the confidentiality measures prescribed by the company.
In addition, when the company has sent transfers or disclosed personal information to third parties, whether for the provision of services following the mission, contract or other forms of the agreement, the company will set measures for personal data security and confidentiality that are appropriate and following the law to confirm that the company’s personal information will always be safe and secure.
The company will ensure that your information is accurate, current, complete and does not cause misunderstandings.
12. Connecting To External Websites Or Services
The company’s services may contain links to third-party websites or services. Websites or services may have a personal data protection policy different from this one. The company recommends that you consult the privacy protection policy of that website or service to know in detail before using it. The company is not associated with and has no control over the privacy protection measures of such websites or services. We cannot be held responsible for the content, policies, damages or actions caused by third-party websites or services.
13. Linking Personal Data To Other Parties Or Entities
13.1 The company may associate personal information with other individuals or entities. The company will inform you before linking personal information and ask for consent (in case consent is required) with at least the following details:
13.1.1 The person or entity to which the personal data will be linked.
13.1.2 Purpose of linking personal data.
13.1.3 Methods for linking personal data.
13.1.4 Personal data to be linked.
13.2 If the data link changes, the company will notify you of such changes and seek consent before proceeding (in case of requiring approval).
14. Personal Data Protection Officer
The company has appointed a personal data protection officer to inspect, supervise and advise on the collection, use or disclosure of personal data. Including coordinating and cooperating with the office of the personal data protection commission to comply with the personal data protection law.
15. Your Rights As The Subject Of Personal Data
Your rights in this section are rights under the personal data protection act. You can request to exercise various rights available under the provisions of the law and the policies set by the company before or while or to be amended in the future, as well as the rules and procedures for rights management as determined by the company. The details of various rights are as follows:
15.1 Right to withdraw consent: If you have given consent to the company for collecting, using or disclosing personal data (Whether that consent was given before or after the personal data protection act B.E. 2562 came into force), you have the right to withdraw your consent at any time during the period the company keeps your personal data. Unless there is a legal limitation of the company’s obligation to keep the information or there is still a contract between you and the company that benefits you.
15.2 Right to request access to personal data: You have the right to request access to, receive a copy and to request disclosure of the source of the personal data we have collected without your consent, unless the company has the right to deny your request for legal grounds or a court order or in the event that the exercise of your rights will have an effect that may cause damage to the rights and freedoms of others. For your privacy and security, the company may ask you to verify your identity before providing the requested personal information.
15.3 Right to object to the processing of personal data: You have the right to object to the collection, use or disclosure of your personal data at any time, unless the company has grounds for refusing a lawful request (The company can demonstrate that the collection, use or disclosure of your personal data is more legitimate or for the establishment of legal claims compliance or exercise of legal claims or the public benefit of the company).
15.4 Right to request rectification of personal data to be accurate, complete and up-to-date: you have the right to request that your personal data be corrected, updated and not misleading.
15.5 Right to deletion or destruction of personal data: you have the right to request the company to delete or destroy your personal data or make the personal data non-identifiable to the person who is the data subject as follows:
15.5.1 Your information is not necessary to be kept for collecting, using or disclosing information.
15.5.2 When you have exercised your right to withdraw your consent and the company has no legal authority to collect, use or disclose your personal information.
15.5.3 When you exercise the right to object under article 15.3 and the company cannot refuse the request by law.
15.5.4 When your information has been unlawfully collected, used or disclosed.
However, the company is not obligated to do so if the company is required to retain such personal data for compliance with the law or for the establishment of legal claims, compliance or exercise of legal claims or to raise the defense of legal claims.
15.6 Right to request to suspend the use of personal data. You have the right to ask the company to discontinue the use of your data in the following cases:
15.6.1 When the company is in the process of verifying that you have requested to correct your personal data to be correct, complete and up-to-date.
15.6.2 When personal data needs to be deleted or destroyed, but you ask to suspend the use instead.
15.6.3 When your personal data no longer needs to be kept for the purposes stated by the company for collecting your information, but you need the company to retain it to establish a legal claim or exercise a statutory declaration or raising the defense of legal claims.
15.6.4 When during the period when the company is proving the legitimate grounds for collecting your personal information or investigating the need to collect, use or disclose personal information for the public interest, due to the subject of personal data having exercised the right to object.
15.6.5 The collection, use or disclosure of personal information can be done in an automated way and may request the company to transmit or transfer such data in such form to other personal data controllers. However, the exercise of this right must be subject to the conditions prescribed by law.
If you wish to exercise any of the rights outlined in this section, you can do it through the following channels.
Any of the above claims may be limited by applicable law. There may be cases in which the company can refuse your request in an appropriate and fair, for example when companies are required to comply with the law or court order. If you believe that the collection, use, disclosure and/or overseas transfer of your personal data by the company is a violation of the applicable personal data protection law, you have the right to complain to an agency concerned with protecting personal data. However, you may notify the company of your concern first, to consider resolving your concerns. Please get in touch with the company through the following channels.
Fill information on the link :
Contacting through the following channels
Call center
Telephone number : 02-754-2650
16. Complaints To Supervisory Authorities
In the event that you find that the company has not complied with personal data protection laws, you have the right to complain to the personal data protection committee or a supervisory authority appointed by the personal data protection committee or by law. Please get in touch with the company for the opportunity to know the facts and clarify various issues, as well as to resolve your concerns at the first opportunity.
17. Actions Related To Corporate Customers
The company does not intend to disclose information about corporate customers or individuals connected to corporate customers for marketing purposes. The company will collect and use such personal data within the company only. If a corporate customer of the company discloses personal information of a person related to a corporate customer, you as a corporate customer is obligated to do the following to allow the company to provide services or products to you:
17.1 Has verified the accuracy and completeness of the personal information of other persons disclosed to the company and will notify the company. If there is any change in the personal information of another person provided.
17.2 Has obtained consent or can rely on another legal base to collect, disclose and/or transfer that person’s personal information by applicable law.
17.3 Has communicated this policy to such persons.
17.4 Will take steps to enable the company to collect, use, disclose and/or transfer personal data for the purposes set out in this policy and to complete the relevant transaction. Including the company’s right to report the results of retail customers’ transactions with corporate clients. Including any other related information back to corporate customers.
18. Changes To Privacy Policy
The company may change this personal data protection policy from time to time if there is a change in its personal data protection practices due to reasons such as technological changes, legal changes. Amendments to this privacy policy will become effective when the company publishes it on [ www.plustech.co.th ]. However, if such amendments have a material impact on you as the data subject. The company will give you reasonable prior notice before the change takes effect.
19. Cookie
The company collects and uses cookies and other similar technologies on websites under its supervision, such as https://sabuytech.com/ https://termsabuyplus.com/ https://sabuysolutions.com/ or your device according to the services you use. This is for the safety of the company’s services and to provide you with convenience and a good experience in using the company’s services. This information will be used to improve the company’s website to better meet your needs. You can set or delete the use of cookies by yourself from the settings in your web browser.
20. Contact Us
Suppose you have questions about the company’s practices and activities related to your personal data. In that case, you can contact the company’s personal data protection officer or designated person as detailed below. The company is happy to assist you in providing information and suggestions. Please contact the company.
Provide contact details
Call center
Telephone number : 02-754-2650
Personal data protection officer
41/1 Moo.10, Poochaosamingprai Road, Samrong Tai Sub-district,
Phra Pradaeng District, Samut Prakan, 10130, Thailand