Ao Po Grand Marina Co., Ltd. (the “Company”) is aware of the importance of and responsibility for the collection, use and disclosure (processing) of personal data. The Company has a policy of complying with the Personal Data Protection Act B.E. 2562 (A.D. 2019) so as to affirm the rights of persons to be granted protection with respect to the collection, use and disclosure (processing) of personal data.

This Statement on Personal Data Collection provides explanations on how to collect or acquire your personal data, on which personal data are to be collected, on the purposes of the collection, use, disclosure (processing) or transfer of your personal data, on persons to whom the Company may disclose or transfer your personal data, and on how to gain access, make alterations and exercise your right to take other actions relating to your personal data. You must read and try to understand this Statement before giving consent to the Company collecting, using and disclosing (processing) your personal data.

     1.  How to Collect and Acquire Personal Data

The Company gathers and collects your personal data by the following methods:

  • Use of services, a job application submitted to the Company, with an insertion of information via an application form, the website, an application(s), computer online services on a mobile device or telephone;
  • On your submission of a document on your personal data supporting the consideration before the initiation of an employee recruitment and employment process with the Company as well as the execution of services agreements with the Company;
  • On your submission of a request for a change to or an update on your data;  
  • On your delivery of personal data to the Company to participate in a draw(s) of lots, contest(s), event(s) or competition(s) organized by the Company;
  • On the Company requesting information about you from a third person(s), including but not limited to receipt of information following the verification of sources of public, personal, commercial or medical information, public health service facilities, hospitals, doctors, public health professionals (“Third Party Information Sources”); 
  • In addition, the Company may automatically collect information about you based on your usage, such as your computer IP address.

Providing the Company with any personal data relating to third persons (which third persons include persons you trust, members of your family, or beneficiaries), you must certify and guarantee the accuracy of such personal data and must warrant and guarantee that you have notified those persons completely of the collection, use, disclosure and transfer of their personal data by the Company for relevant purposes and that the consent of those persons has been obtained prior to the collection of their personal data, except insofar as such consent is not required by applicable laws and rules and regulations.  

       2.  Collection, Use or Disclosure of Personal Data

Personal data collected, used and disclosed by the Company (including such sensitive personal data as specified in the Personal Data Protection Act B.E. 2562 (A.D. 2019) and in such revisions as may be made thereto from time to time as well as in other applicable laws and rules and regulations) are as follows:

  • Personal data whereby you can be identified, such as your first name, family name, identification number, passport number, educational qualifications, car registration number(s), telephone number(s), e-mail address(es), house registration address, postal address and other contact details, date of birth, occupation, photographs, race, nationality, religion, marital status, information about your dependents, biometric data on, for example, duplicate images of your face, fingerprints, retinas etc.;  
  • Financial data, such as income, sources of income, tax-related data, bank account numbers, details about bank account activity, loan details, investment data, and details about other payments; 
  • Data relating to employment and employment records and records of your use of services;
  • Data relating to health and your medical records, such as medical treatment, medical examinations, medical investigations, a record of requests for advice, prescriptions, memorandums, treatments, details of medical services received, medical reports, and details of medical expenses;
  • Data relating to your records of civil or criminal proceedings, such as criminal records, records on either civil or other proceedings;
  • Data and details on insurance products, such as insurance policy numbers, beneficiaries, claims;
  • Technical data and data on personal activities / natures of usage when you are using a website(s), application(s) and online social media platform(s), such as your ID name(s) used on an online social media platforms, IP addresses, browser types and versions, time zone settings, types of browser plug-in, operating systems and platforms, user profiles, data relating to equipment (including data relating to mobile equipment, IMEI numbers, wireless network data and general network data); 
  • Such other personal data as stipulated by law whereby your consent must be sought before they are collected — the Company will inform you and request your consent before collecting such data or will do so during a period of time prescribed by law.

The provision of your personal data is a voluntary act. You may elect to provide no information to the Company, but doing so may produce effects on transactions of the Company with you or on responses to your requests.

     3.  Purposes of Collection, Use or Disclosure of Personal Data

The Company may collect personal data or personal data may be used, disclosed or transferred for the following purposes:

  • For the implementation of requirements of applicable laws, agreements or policies stipulated by state regulatory agencies, agencies having the duty to enforce the laws including benefits of persons entitled thereto according to law, such as the Labour Protection Act B.E. 2541 (A.D. 1998), the Social Security Act B.E. 2533 (A.D. 1990), the Provident Fund Act B.E. 2530 (B.E. 1987), the Debt Collection Act B.E. 2558 (A.D. 2015); in this regard, appropriate measures have been made available to protect fundamental rights and interests of personal data owners;
  • For the initiation of a recruitment process, appraisal and test of your ability to work, as well as for a check of information about job applicants and for communication with job applicants of the Company;
  • For access to and exercise of any rights under terms of the employment contract and service agreements or policies you have entered into with the Company;
  • For actions regarding your finance and taxation;
  • For analyses of information, reporting or evaluations performed by the Company or by a regulatory agency related to the Company for the purpose of reorganization and organizational transactions;
  • For the monitoring of your conduct, such as conduct regarding the use of websites, applications or online social media platforms, analyses of your usage of websites, applications or online social media platforms under the Electronic Transactions Act B.E. 2544 (A.D. 2001) and the Computer-Related Crime Act B.E. 2550 (A.D. 2007);
  • For compliance with rules and regulations and for business audit of the Company (both internal and external);
  • For the provision of assistance pursuant to the objectives of law enforcement, for investigations by or on behalf of the Company, by police officers or by state or other regulatory agencies in any country or administrative region, and for the implementation of the duty of reporting and such requirements as stipulated by law or as agreed upon with state or other regulatory agencies in any country or administrative region;
  • For purposes in terms of quality and training for the development of human resources within the organization;
  • For the purpose of storing, recording, backing up or destroying personal data;
  • For action regarding general management relating to the purposes above, unless otherwise permitted by applicable laws and rules and regulations — the Company will request your consent if it desires to use your personal data for any other purposes than those specified in this Privacy Statement or than ones directly related to it.

The Company stores your personal data in documentary (hard copy) and electronic formats. Your personal data will be kept by the Company within a period of time insofar as it is necessary to achieve the purposes of the collection of such personal data or for a longer period of time, such as the prescription under the law relating to the relevant matter.  

     4.  Disclosure of Personal Data to Third Persons

The Company may disclose your personal data to a third person(s) insofar as it is necessary to do so in accordance with principal purposes or purposes relating to the processing of personal data. In this regard, the Company may provide such personal data to the following persons:

  • State agencies or agencies having the duty of law enforcement, agencies having the duty of dispute settlement, or any other persons in any country or administrative region, to whom the Company must disclose information in accordance with its legal obligations and/or with the duty of compliance with the rules and regulations in such country or administrative region;
  • Whoever permitted to act in the capacity of personnel or member in the Group of Companies;
  • Whoever entering into a contract(s) of services or for a variety of management with the Company, such as insurance companies, investment management companies, financial institutions, data analysis service, car rental service, telecommunications services, technological services, CLOUD service, meeting and seminar holding services, storage service, document-related undertakings, data recording service, postal receipt and delivery services, printing services, courier services;
  • Professional advisers of the Company, such as legal consultation companies, lawyers, audit companies, business consultation companies;
  • An association(s) or a federation(s) in the business sector; 
  • Any person or agency to whom/which you give consent to the disclosure of your personal data;
  • Any other persons or agencies granted permission under applicable law

5.  Transfer of Data to Other Country / Transfer of Data across the Country

The Company may be required to transmit or transfer your personal data to abroad, for example, to a company in the same group of business/enterprises located abroad, and to store such personal data on a database in any other system where the provider of the service of taking transfers of or storing data lives abroad, for instance, the transmission or transfer of personal data for storage on a server/cloud which may be located or may provide the service outside Thailand. Your personal data to be transferred to other places must have levels of personal data accuracy and security protection comparable to those in the country or administrative region or territory where you have provided the personal data.

     6.  Security and Storage of Personal Data

To ensure that the Company complies with applicable laws and rules and regulations, the Company has appropriate security measures to be used for the prevention of unauthorized access, processing, deletion, losses or use.

In an event after the expiry of the storage period, the Company will take appropriate steps to delete, destroy or render your personal data unidentifiable.

In the case where the Company enters into an agreement with a third person, it will formulate an appropriate measure to maintain security of personal data and protect confidential information to ensure security of your personal data.

     7.  Rights of Personal Data Owner and Channels of Contact

You have the right to take the following actions:

  • To have access to, request a copy of, request a transfer of, request a disclosure of the acquisition of and of how the Company has used or disclosed your personal data;
  • To request an alteration(s) to any incorrect personal data relating to you;
  • To request that the data be deleted or destroyed or rendered unidentifiable;
  • To request a suspension of the processing of your personal data;
  • To request a revocation of your consent or a change to the scope of your consent;
  • To object to the collection, use or disclosure of such personal data;
  • To complain to the Company or the Personal Data Protection Committee if in your opinion any of your rights has been infringed by the Company.

Any request for the exercise of your rights as mentioned above must be made in writing. The Company will comply with legal requirements relating to the rights of your good self as the personal data owner. And in the case where you request an exercise of such right(s), your request may result in a restriction(s) of the Company on the performance of transactions with or the provision of services to you.

     8.  Amendment of Personal Data Protection Policy

The Company will conduct such reviews of its personal data protection policy including its procedure and process as appropriate. And the Company reserves the right to amend this Statement on Personal Data Collection at its sole discretion. 

Any amendment shall become effective immediately on the announcement of an amended version. The Company will not inform you individually of such amendment. You can check, read and try to understand latest information at www.aopograndmarina.com.