Last updated: 27 December 2022
Business Partner Privacy Policy
Gowabi (Thailand) Company Limited (the "Company", "we", "us" and/or "our") recognizes the importance of protecting your personal data as our business partner. This Business Partner Privacy Policy (the " Privacy Policy") describes how we collect, use, and/ or disclose personal data of personnel, authorized persons, directors, shareholders, and other contact persons of the business partner (collectively referred to as "you" or "your") and informs you about data protection rights. In this Privacy Policy, "Business Partner" includes, but is not limited to, individual partners and business partners.
We collect, use, and/ or disclose your personal data because we have an existing or potential business relationship with you or the Business Partner you work for, act on behalf of, or represent, such as our Business Partner that provides products or services to us or communicates with us in relation to our business that may involve you.
- What personal data we collect?
- How do we collect your Personal Data?
-
Directly from you (such as when you do business with us, signing contracts, filling in forms, or when you interact with us, including interaction through our online platform, website, or mobile application, communication through email, telephone, questionnaire, business cards, post, during meetings or activities, or when we visit you).
-
From the Business Partner that you work for, act on behalf of, or represent.
-
From the resources in the system, our central drive or central database and/or electronic files.
- How do we use your Personal Data?
-
Business communication: such as communication with Business Partners about our or our Business Partners' products, services, and projects (e.g., by delivering documents, responding to inquiries or requests, or reporting progress).
-
Business Partner selection: such as evaluating suitability and qualifications of you or the Business Partner, verifying your identity and the Business Partner's status, conducting due diligence or other form of background checks or risk identification on you and the Business Partner (including screening against publicly available data from government law enforcement agency), execution of contracts with you or the Business Partner, and evaluating your and the Business Partner's management.
-
Business Partner data management: such as creating a Business Partner account, recording data in the system, maintaining and updating lists/ directories of Business Partners (including your Personal Data), keeping and managing contracts and related documents in which you may be referred to.
-
Relationship management: such as processing payments, performing accounting, auditing, billing, and collection activities, and providing support services.
-
Information technology ("IT") systems and support: such as providing IT and helpdesk support and managing your access to any systems to which we have granted you, removing inactive accounts, implementing business control to enable our business to operate, and to identify and resolve issues in our IT systems and to keep our systems secure, performing IT system development, implementation, operation, and maintenance.
-
Security and system monitoring: such as authentication and access controls, monitoring of systems, devices, and internet, ensuring IT security, prevention and solving crimes, as well as risk management, fraud prevention, and accident reports.
-
Management and communication among entities within the organization: including auditing, reporting, delivering or managing documents, data processing, risk control or management, statistical analysis and planning, trends, and similar or related activities.
-
Marketing purposes: such as informing you of useful news and publications, including events, offering new services, negotiating price, and conducting surveys.
- Who do we disclose your Personal Data to?
- International transfers of your Personal Data
- How long will we retain your Personal Data?
- How long will we retain your Personal Data?
-
The right to access your Personal Data, receive a copy of your Personal Data, or request that we disclose how we obtained your Personal Data without your consent.
-
The right to rectify your Personal Data if the data is incomplete, inaccurate, misleading, or not up-to-date.
-
The right to have your Personal Data erased, destroyed, or anonymized.
-
The right to receive Personal Data in a structured, commonly- used, and machine-readable format by automated means, and to submit or transfer the data to another organization.
-
The right to object to the collection, use, or disclosure of or restrict the use of your Personal Data.
-
The right to withdraw consent for our collection, use, or disclosure of your Personal Data that requires your consent at any time.
- Security measures
- Amendment to this Privacy Policy
- Contact Us
- Appropriate Authority Contact Channel
“Personal Data” means any information relating to you, which enables the identification of you, whether directly or indirectly (not including data of a deceased person). We may collect Personal Data as listed below.
Personal details: such as full name, title, age, gender, photograph, video, GPS location, date of birth, nationality, information on government-issued documents (e.g., national identification card number, passport number, tax identification number, driver license number, and house registration number), signature (including electronic signature), bank account and payment information (e.g., account name, bank, type of account, account number, currency paid), and other personally identifiable information (e.g., LINE ID).
Contact details: such as telephone number, mobile phone number, address, email address, and other similar information.
Other information: in respect of the relationship between us and our Business Partners: (e.g., any information given by you to us in contracts, forms, or questionnaires), data in respect of transactions you made with us and computer data.
We collect your Personal Data through various channels, including
We will collect, use, and/ or disclose your Personal Data depending on the nature of our relationship with you on the legal basis of legitimate interests, entering into or performance of a contract, legal compliance, consent, or any other bases as permitted by the data protection law, as the case may be, for the following purposes:
Where we need to collect your Personal Data as required by law, or for entering into or performing the contract we have with you, but you fail to provide that Personal Data to us as requested, we may not be able to fulfil the relevant purposes as listed above.
Where we need your consent for activities of the collection, use, or disclosure of your Personal Data, we will request your consent for such activities separately.
We may need to disclose your Personal Data to a third party, such as a third-party vendor engaged by us (e.g., cloud service providers, data analytics service providers and advisors).
In certain cases, we may disclose your Personal Data to government agencies, law enforcement entities, courts, regulators, or other persons, where we reasonably believe it is necessary for compliance with the law or the protection of our rights or a third party's, for individuals' personal safety or to detect, prevent, and address fraud and security issues. In the event of business reorganization, merger, sale, purchase, joint venture, assignment, transfer or other disposition of our business, assets or stocks or any similar transaction, whether in whole or in part, we may disclose your Personal Data to the assignee(s) of our rights and/ or obligations. In any case, we will comply with this Privacy Policy to respect your Personal Data.
We may need to disclose or transfer your Personal Data to a country whose personal data protection standards may be higher or lower than the personal data protection standards in Thailand. For example, we may keep your Personal Data on a cloud platform or a server located outside Thailand in order to receive IT support.
If we need to transfer your Personal Data to foreign countries which have lower personal data protection standards, we will ensure that those standards are adequate, or will ensure that the applicable personal data protection law permits the transfer. For example, we may need to receive contractual confirmation from a third party who has access to the Personal Data that it will be protected under the equivalent personal data protection standards as Thailand.If you need additional information regarding the way that we protect your Personal Data after it is transferred outside Thailand, please contact us using the details in "Contact Us."
We will retain your Personal Data for the duration of the contract and/or during the period that we still need to use your Personal Data for contact or any other reasonable purpose or for the purpose of proving and investigating in case there may be a dispute within the statute of limitations prescribed by law for a period of not more than 10 years from the contract termination date.
Under the applicable laws and our rights management process, you may have the following rights:
If you wish to exercise any rights mentioned above, you can contact us using the details in "Contact Us". The request to exercise any of the rights may be limited by applicable laws. In some cases, we may legitimately and appropriately reject your request. For example, where we are required to comply with the law or a court order. We will notify you of the reason if we reject your request. If you believe that our collection, use, or disclosure of your Personal Data violates the applicable personal data protection law, you have the right to lodge a complaint to the competent authority. However, if you have any complaints, please contact us first before contacting the authorities to provide the chance for us to resolve any issues.
We maintain appropriate security measures for Personal Data, which covers administrative, technical, and physical safeguards in relation to access control to protect the confidentiality, integrity, and availability of Personal Data against any accidental, unlawful or unauthorized loss, access, use, alteration, correction or disclosure of Personal Data in compliance with the applicable laws. We implement access controls which are secured and suitable for collection, use and disclosure of Personal Data. We restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user access management to permit access to authorized personnel and user responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Personal Data or theft of device used to store and process Personal Data. This includes methods enabling re- examination in relation to access, alteration, erasure or transfer of Personal Data which are in accordance with methods and channels to collect, use or disclose Personal Data.
We may amend this Privacy Policy if there are any changes to our personal data protection guidelines due to reasons such as technological or regulatory changes. Any changes to this Privacy Policy will become effective when we publish the revised Privacy Policy on our website. However, if such changes substantially affect you as a data subject, the Company will notify you in advance, as we deem appropriate, before such changes become effective.
If you have any questions about our guidelines or activities regarding your Personal Data, please contact us using the details below. We will be ready to assist you in giving information and suggestions and resolving issues.
Gowabi (Thailand) Co., Ltd.
Major Tower Thonglor, 12th Floor, Soi Thong Lo 10, Khlong Tan Nuea, Watthana, Bangkok 10110
Data Protection Officer
Email: [email protected]
If you wish to exercise data protection rights, please fill in the Data Subject Access Request form
If you wish to report a complaint or if you feel that the company fails to respond to your concerns in a satisfactory manner. You can contact and/or make a complaint to the Office of the Personal Data Protection Commission as per the details below.
Office of National Digital Economy and Society Commission as Office of the Personal Data Protection Commission (PDPC)
Address: No. 120 Moo 3, 7th Floor, Ratthaprasasanabhakdi Building (Building B) Government Complex Commemorating His Majesty the King's 80th Birthday Anniversary 5 December 2007, Chaengwattana Road, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210
Email: [email protected]
Telephone: 02-141-6993, 02-142-1033