suffix solution - Privacy Policy

Personal Data Protection Policy

Suffix Solution Company Limited and Subsidiary

Introduction

Suffix Solution Company Limited and Subsidiaries (referred to as "Suffix Solution") recognizes the importance of personal data protection and respects the privacy rights of the data subject. For the purpose of statutory compliance and business objective of company in relation to the collection, usage and disclosure of personal data to be protected as comply by the law and regulations, Suffix Solution establishes the Personal Data Protection Policy ("Privacy Policy") under the Personal Data Protection Act B.E. 2562 (2019) (as amended) and other applicable laws and regulations ("PDPA").

Scope

In order to inform the data subject of the Privacy Policy, Suffix Solution establishes the procedures and guidelines on the personal data protection under the PDPA (“Procedures”). The Procedures is to ensure the protection and security of personal data collection of each category.

Description

Subsidiary Company refers to the company or juristic persona that Suffix Solution has control over or under the control of Suffix Solution. Suffix Solution holds more than 50 percent of the voting rights, either from the direct or indirect vote throughout the vote rights.

Personal Data refers to personal information that, directly or indirectly, is able to identify the data subject, but the information of the deceased is excluded.

Sensitive Personal Data refers to, under Section 26 of the PDPA, Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.

Data Processing refers to the collection, use, or disclosure of personal data.

Personal Data Collection

Under the PDPA, Suffix Solution statutorily collects the Personal Data as necessary, within the relevant company’s objectives and scope only. In regard, Suffix Solution makes the data subject aware of and consent such in writing or electronically, in accordance with the requirements of the PDPA, subject to PDPA with regard to the collection of the Personal Data.

>Types of Personal Data

The types of personal data that may be collected by Suffix Solution are under the characteristics of the activities, locations and method of collection, which may include the followings:

(1) the identifiable personal data.

(2) the Sensitive personal data.

(3) personal contact information.

(4) personal financial information.

(5) employment information.

(6) other information i.e. technical information from the usage of Suffix Solution’s websites or applications, activity usage and access to Log files, IP address, Cookies.

> Source of Personal Data Collection

Basically, Suffix Solution collects the Personal Data directly from the data subject. Nevertheless, Suffix Solution may collect the Personal Data from other sources, rather than directly from the data, i.e.:

(1) Public sources.

(2) Share or securities registrar.

(3) Any communication method, either face-to-face or via any communication tools.

(4) related persons of the data subject.

If, however, Suffix Solution has to collect the Personal Data from other sources, it will do so in compliance with the PDPA.

Objectives of Personal Data Protection

Suffix Solution collects, uses or discloses the Personal Data for the following purposes:

· for the benefit of Suffix Solution’s business operations under the statutory, contractual obligations and the legitimate interest;

· for the improvement and enhancement of business efficiency such as database preparation, analysis, and development of operating processes;

· for verification or identification when accessing digital systems;

· for legal verification of the data subject;

· for the fulfillment of purposes that has been informed to the data subject and consented by the data subject;

· for other purposes, which are not prohibited by the law, and/or for compliance with the laws, rules, announcements, or regulations relevant to the operation of Suffix Solution;

· for the purpose of storing, recording, backing up, or destroying of the Personal Data.

Suffix Solution will not act in contrary to the above purposes; provided that:

(1) it notifies the new purposes to the data subject and consent is obtained accordingly;

(2) it is for the purpose of PDPA or relevant laws compliance.

Consent

Suffix Solution collects, uses, discloses and processes the Personal Data upon the prior or simultaneously express consent of the data subject in writing, or via electronic means, save it is not possible to obtain the consent accordingly.

In the case Suffix Solution collects, uses, or discloses the Sensitive Personal Data, it will obtain an explicit consent from the data subject, unless otherwise specified by laws.

The consent of the data subject refers to the data subject’s consent to Suffix Solution to collect, use, disclose, or keep the Personal Data of the data subject by any person residing or juristic persons locating, either domestically and internationally as herein stated, unless otherwise specified by laws.

Objection of Consent

The consent of the Personal Data is a voluntary action of the data subject. The data subject may object to a consent requested by Suffix Solution. As a result, such objection may cause Suffix Solution unable to enter into an agreement, obligation, or to give welfare, to grant to or accept any products or services from, the data subject, to proceed with the data subject’s requests, or to perform any contractual obligations, terms and conditions.

The Usage and Disclosure of Personal Data

Suffix Solution will neither use nor disclose the Personal Data to a third party without the data subject’s consent. The Personal Data is disclosed for the purpose(s) the data subject has been informed prior to or at the time of collecting such Personal Data, unless exempted by the PDPA, or statutorily required to disclosure. However, for the purpose of Suffix Solution’s operations and rendering of services to the data subject, Suffix Solution may disclose the Personal Data of the data subject, in and outside the country, to the following person:

(1) Suffix Solution’s subsidiaries;

(2) shareholders or stakeholders;

(3) parties to the contracts, subcontractors, or service providers related to the operation of Suffix Solution;

(4) any person consented by the data subject to use or be disclosed the data subject’s Personal Data;

(5) person or government agency according to the law, or by the court order, or any other competent authority.

In addition, Suffix Solution procures that the abovementioned person treats the Personal Data as confidential and will not use it for any other purposes than stipulated herein.

Security Measures and Retention Period of Personal Data

Suffix Solution establishes the Personal Data collection, use or disclosure measures, as well as the security measures, which are in accordance with the PDPA, related regulations and guidelines, with which Suffix Solution’s employees and other related person have to comply so that the protection of Personal Data is efficient and of security standard required by laws. The standard of security measures is the compliance to the Personal Data Protection Act, regulations, rules, laws, and practices on the protection of data for Suffix Solution employees and related persons. In order to provide an effective and safe protection of personal data in accordance with the legal standards.

Suffix Solution will retain the Personal Data only for the necessary duration, and will collect, use and disclose the Personal Data, as defined in this Policy, in accordance with the duration criteria, namely the period during which the data subject is still related to Suffix Solution, and may still retain the Personal Data within 10 years from the date on which the data subject terminates the relationship with Suffix Solution accordance with policies and the internal regulations of Suffix Solution.

Suffix Solution will delete, destroy, or destruct the personal data after the expiration of the period of time.

Data Subject Rights

The data subject has the following rights under the laws:

(1) The right to access, request a copy, or request of disclosure on unconsented data;

(2) The right to correct the Personal Data;

(3) The right to request for deletion, destroying, or anonymization of the Personal Data;

(4) The right to withdraw the consent;

(5) The right to obtain or transfer the Personal Data;

(6) The right to request the suspension of the use of Personal Data;

(7) The right to object to the collection, use, or disclosure of the Personal Data;

(8) The right to complain to official or the regulatory authority for the protection of the Personal Data.

The request of any rights shall neither affect the processing of Personal Data for which the data subject has lawfully consented, nor violate any statutory requirements to be complied by Suffix Solution.

Contact Information

In case the data subject has any questions about the Personal Data Protection Policy, or wish to exercise the rights as specified in Article, please contact us:call: 02-114-7987 or e-mail: serv@suffixsolution.com