Privacy Policy
Company Privacy Policy
Giant Pumpkin Co., Ltd. (the “Company”) values and respects the privacy of the Personal Data you provide to the Company. To ensure that our collection, use, or disclosure of your Personal Data complies with the Personal Data Protection Act B.E. 2562, as well as any applicable subordinate legislation, collectively the “PDPA”, the Company have therefore prepared this Privacy Policy to set out the purposes and methods of collecting, using and disclosing Personal Data, the types of Personal Data to be collected, used and/or disclosed, the rights of data subjects and others. This Privacy Policy demonstrates the Company commitment to protecting the privacy of the Personal Data of all individuals and entities involved in our business activities. Following the standards established by the Personal Data Protection Act B.E. 2562, this Privacy Policy is intended to enable data subjects to be assured that their personal data is protected, used, and processed appropriately.
This privacy policy applies to all persons involved with the Company, such as our employees, staff members, representatives, shareholders, authorized representatives, directors, all persons whose personal data is disclosed to the Company by our corporate clients and others.
- DEFINITIONS.
“Personal Data” means any information that relates, directly or indirectly, to an identified or identifiable individual, except for information about any deceased individual. To enable the Company to provide the Company’ services to you, the Company may collect your Personal Data directly from you or indirectly from other sources, such as social media, third-party online platforms, the public domain, or through our affiliates, service providers, government agencies, or other third parties. The types of Personal Data to be collected depend on your relationship with the Company or the services or products you request from the Company.
“Sensitive Personal Data” means any personal data categorized by law as sensitive personal data. The Company may collect, use and/or disclose your Sensitive Personal Data only where the Company have obtained your express consent or where permitted by law.
- PERSONAL DATA COLLECTION.
The Personal Data about you that the Company may collect, and/or disclose includes, but is not limited to, the following:
- Personal Information, such as the title preceding your name, your first and last name, gender, age, date of birth, education, marital status, occupation, job title, salary, place of employment or information about your work, information about government-issued documents, your household record book, your signature, your photograph, your audio conversation recordings, your CCTV recordings, and other personally identifiable information;
- Contact information, such as your address, telephone number, cell phone number, fax number, email address, usernames on electronic communication platforms, etc.;
- Bank account and financial information, such as your salary certificate, bank account number, account type, financial status, etc.;
- Technical information, such as your I.P. address, device I.D., device type and model, mobile network, login data, access data, single sign-on (SSO) data, login logs, access time, page visit duration, cookies, login data search history, query data, browser type, and version, time zone settings and location, browser plug-in type and version, operating system and platform, information about other technologies on the device you use to access our forum, etc.
- PERSONAL DATA COLLECTING PROCEDURE.
The Company may also collect personal data from you when you contact the Company through our website, any document or system of record as our service or product provider, or any system that allows you to submit your information to the Company, including our website; or when you contact the Company orally, by telephone or video/virtual conference, or in writing, by email or other communication channels; and through mobile applications developed or made available by the Company, or by any of our affiliates.
The Company do not collect personal data from visitors to our website, except for information you voluntarily provide to the Company and technical data described in this Privacy Policy.
In some cases, the Company may obtain your personal data from third parties, who may or may not be related to you directly. For example, the Company may collect your Personal Data from:
- Recruitment agencies or websites;
- Any organization of which you are a member;
- Our employee, who referred you to the Company, by telephone, email, or another communication channel;
- Banks and other financial institutions;
- Your representatives or agents; and/or;
- The public domain, or public mailing lists developed by the private sector, professional associations, and/or government agencies, and social media, such as Facebook and LinkedIn, etc.
- COLLECTION PURPOSE.
The Company may collect, use and/or disclose your Personal Data and Sensitive Personal Data for the following purposes:
- Collection, use, or disclosure of the following Sensitive Personal Data for the following purposes:
- Biometric Data, such as scans of your face and fingerprints: To access our premises, request our services, and verify your identity;
- Health data, such as your medical records: To facilitate the provision of our services;
- Disability Information: To enable the Company to contact you and provide services to you in an appropriate manner;
- Criminal records: To check for any anti-money laundering and/or anti-terrorism offenses; and
- Any sensitive personal data contained in your identity documents: To verify your identity.
- Transfer of your Personal Data to a foreign country where standards of protection may be inadequate, for which your consent is required by law if the basis for processing your Personal Data is consent. You may withdraw your consent at any time by contacting our Data Protection Officer or the Company, as detailed in clause 9. Please note that the withdrawal of your consent will not affect the lawfulness of the collection, use, and/or disclosure of your Personal Data or Sensitive Personal Data that is based on consent prior to its withdrawal.
- The Company may rely on the following legal bases to collect, use and/or disclose your Personal Data:
- Performance of a contract: to enter into, or perform, a contract with you;
- Legal Requirement: To comply with legal requirements;
- Legitimate interest of ours and/or a third party which must be balanced against your rights and freedoms concerning your Personal Data;
- Vital interest: To prevent or remove a danger to the life, physical integrity, or health of an individual; and
- Public interest: To perform tasks in the public interest or in the exercise of official authority vested in the Company.
The Company rely on the above five legal bases to collect, use and/or disclose your Personal Data for the following purposes:
- To enter into a contract or agreement with you;
- To respond to your requests;
- To prevent, detect, and investigate fraud, misconduct, or other illegal activities, whether requested by a government or regulatory agency;
- Comply with the law, regulations, rules, guidelines, directives, recommendations, or requests of government agencies, including tax, enforcement, or regulatory agencies (whether Thai or foreign);
- Conduct an internal investigation, conduct a business transaction, follow all policies and procedures required by applicable laws and regulations, including those relating to risk management, security, examinations, finance and accounting, systems, and business continuity;
- Handle and investigate complaints, claims, and disputes;
- Conduct research, planning, and statistical analysis;
- Enforce the law or our contract;
- To perform our contractual obligations, such as those outlined in contracts with our business partners, vendors, agents or asset management companies, or contracts in which the Company are an agent;
- To manage our customers’ information, including Personal Data, and to maintain contracts and other documents that contain references to you;
- Concerning information technology and support systems, to provide information technology and technical support services, to create and maintain your password and personal information, to manage access to any systems for which you have the authorization, to delete inactive accounts, to perform business controls to ensure business continuity, to detect and resolve problems with our computer systems, to ensure the security of our systems, to develop, operate and maintain our computer systems, etc.;
- To control system security, including verifying your identity, controlling and recording system access, monitoring systems, devices, and the Internet, ensuring computer security, preventing and dealing with crime, managing risk, preventing fraud, etc.
- To handle and settle disputes, enforce our contracts, establish or defend our legal claims, etc.;
- To conduct internal investigations and prevent problems that lead to complaints, crimes, and/or fraud, etc.;
- Comply with internal rules, as well as applicable laws, regulations, directives, regulatory guidelines, etc.;
- To respond to orders from authorities to ensure coordination and compliance with court orders, etc.;
- To conduct reasonable business activities, such as management, training, surveys, reporting, monitoring, risk management, statistical analysis, trend analysis, and planning.
You provide your personal data voluntarily, and you may choose not to provide the personal data the Company request. However, please note that this may prevent the Company from providing you with certain products, services, or benefits. If such Personal Data is necessary to perform a contract, the Company may not be able to enter that contract with you.
- PERSONAL DATA TRANSFER.
The Company may disclose and/or transfer your Personal Data to the following third parties, which include, but are not limited to, personnel and agents of third-party entities, whether located in Thailand, for their use and processing for the purposes described in this Privacy Policy. The Company encourage you to read the privacy policies of these third parties so that you are aware of their treatment of your Personal Data.
- Our service providers:
The Company may use agents or contractors to perform services on our behalf or to assist the Company in providing products and services to you. For example, the Company may disclose your Personal Data to the following service providers:
- T. service providers;
- Research agents;
- Analytical service providers; Investigative agents; Researchers;
- Investigative agents;
- Marketing, advertising, and communication agents;
- Payment processors; and
- Administrative and operational service providers.
In providing these services, our service providers may access your Personal Data. However, the Company will only provide your Personal Data to these service providers on a need-to-know basis, and they may only use your Personal Data for the purposes described herein. The Company will take steps to ensure that all of our service providers maintain the confidentiality of your Personal Data.
- Other authorized third parties: In certain circumstances, the Company may need to disclose your Personal Data to third parties to carry out our legal obligations, including those imposed by law enforcement authorities, courts, regulators, government agencies, or other third parties, if the Company believe that such disclosure or transfer of your Personal Data is necessary to carry out our legal obligations, to protect our rights or the rights of others, to ensure the safety of any person, or to investigate, prevent or deal with fraud, or security or safety issues.
- Professional advisors: The Company may disclose and/or transfer your Personal Data to our professional advisors, who provide audit, legal, accounting, or tax services to facilitate our business operations or defend or administer legal claims.
- Persons involved in business transfers: The Company may disclose and/or transfer your Personal Data to our business partners, investors, principal shareholders, assignees or potential assignees, or potential assignees, if the Company undergo a rehabilitation, restructuring, merger, acquisition, sale or purchase of a joint venture, transfer of business, liquidation, or another similar process, which involves a transfer or assignment of our business, assets or stock, whether in whole or in part. The Company will ensure that the recipient complies with this Privacy Policy when processing your Personal Data.
- Transfer of your Personal Data to a foreign country: The Company may disclose and/or transfer your Personal Data to a third party or server located in a foreign country. Such destination country may, or may not, have sufficient personal data protection standards as required in Thailand. In such a case, the Company will implement procedures and measures to ensure that your personal data transfer is secure and that the recipient has appropriate data protection standards. Such transfer is lawful, considering any exemption provided by law.
- Retention periods: The Company will retain your Personal Data for one year up to a maximum of ten years from the end of your relationship with the Company, or for such period as is reasonably necessary, depending on the type of document or Personal Data, as detailed in our Retention Period Policy, which is available on the tables attached to this announcement, to fulfill the original purpose for which the relevant Personal Data was obtained, as described in this Privacy Policy, or to carry out our legal obligations. However, the Company may retain your Personal Data for a longer period if necessary to comply with applicable law.
- Personal Data important information.
- Personal Data of persons related to you: When you provide Personal Data of third parties, such as your parents, spouse, children, assigns, or emergency contacts, including their names, email addresses, or telephone numbers, you must ensure that such data is accurate.
If you choose to provide the Company with Personal Information about yourself or your emergency contacts, whether names, email addresses, or telephone numbers, you must be certain that you are authorized to provide the Personal Information to such third parties, and you allow the Company to use such Personal Information following this Privacy Policy. It is also your responsibility to inform such third parties of this Privacy Policy and to obtain their consent if any, unless another legal basis can be invoked.
- Log Files: the Company may keep web or application log files to automatically record login and logout data, including I.P. addresses, errors, activity, date and time of user visits, and URLs. This data may be associated with personally identifiable information, and it will be retained for a period as required by law.
- CCTV: the Company use CCTV cameras to record images of people and vehicles in and around our premises for public safety and crime prevention or detection. Our video surveillance cameras, including the owner’s cameras, to which the Company have access, provide 24-hour images of our entrance, lobby, balconies, outdoor parking areas, areas along our fence, and other accessible areas. CCTV footage is recorded continuously and retained for 90 days before being overwritten, except for CCTV footage from cameras that may retain footage for longer than 90 days, in which case the data is overwritten after more than 90 days. However, in no case will video surveillance footage be retained for more than 120 days. Camera locations have been chosen to avoid footage unrelated to the purpose of inspection and surveillance. The Company do not retain audio recordings.
Our authorized person may review live images from our video surveillance cameras only under necessary circumstances. You can be assured that our authorized employees are viewed only by live feeds and visual recordings, who are directly responsible for accessing this information. The Company respect your privacy, and the Company do not have CCTV cameras in areas where privacy may be expected, such as restrooms.
- PERSONAL DATA RIGHTS. The PDPA grants the rights provided in this Privacy Policy. You may exercise your rights under the conditions, existing or future, provided by law, as well as by this Privacy Policy. If you are under 20 years of age, or if your capacity to enter a legal act is otherwise limited, you may ask your parent or legal guardian to act on your behalf.
- Right of Access: You have the right to request access to and obtain a copy of your Personal Data collected, used, or disclosed by the Company, or to disclose the acquisition of your Personal Data that has been collected without your consent;
- Right to Data Portability: You have the right to request your Personal Data held by the Company in a structured, machine-readable format. This right includes the following:
- The right to request that the Company transfer your Personal Data held by the Company, in a structured, machine-readable format, to another data controller, where such transfer can be done automatically; and
- The right to obtain a copy of your Personal Data that the Company have transferred in a structured, machine-readable format to another person unless this is not technically possible.
- Right to object: You have the right to object to our processing of your Personal Data in certain circumstances as described in this Privacy Policy;
- Right to request erasure or destruction of Personal Data: You have the right to request that the Company erase, destroy or anonymize your Personal Data that the Company hold the Company no longer require that
- Right to restrict processing: You have the right to ask the Company to restrict the processing of your Personal Data if you believe that your Personal Data is incorrect, or that the processing of such Personal Data is unlawful, or where your Personal Data no longer needs to be held by the Company for any purpose;
- Right of rectification: You have the right to request that the Company correct your Personal Data that is incorrect, misleading, or not up to date;
- Right to withdraw your consent: You may withdraw your consent at any time unless otherwise specified by law or by a contract under which you benefit; and
- Right to complain: You have the right to complain to a competent authority in cases where you believe that our processing of your Personal Data is unlawful or contrary to the applicable DPA.
- PRIVACY POLICY REVISION. The Company may revise or update this Privacy Policy from time to time. The Company encourage you to read this Privacy Policy carefully and regularly visit the website to review any updates. The Company will notify you and/or obtain your consent again if the Company make material changes to this Privacy Policy or are required by law to make material changes to this Privacy Policy.
- CONTACTING US. If you wish to exercise any of your rights regarding your Personal Data, or if you have any questions or complaints regarding your Personal Data under this Privacy Policy, please contact our Data Protection Officer or the Company at the following address:
Giant Pumpkin Co., Ltd.
Amarin Tower, Unit A, 5th Floor
496-502 Phloen Chit Rd, Lumphini, Pathum Wan District
Bangkok 10330 – TH
- PERSONAL DATA SECURITY. The Company have developed and/or adopted systems for the storage of Personal Data that feature appropriate mechanisms and technologies, including limited access by our employees, staff members, officers, representatives, shareholders, authorized persons, directors, contact persons, and agents so that they can access Personal Data on a need-to-know basis, to prevent unauthorized use, disclosure, deletion or access to your Personal Data.
- PRIVACY POLICY APPLICABILITY.
You acknowledge and agree that this Privacy Policy applies to all Personal Data the Company collects. You also agree that the Company may retain and use or disclose your Personal Information that has been, is being, or will be collected by us following this Privacy Policy.
- GOVERNING LAW. This Privacy Policy shall be governed by and construed following the laws of Thailand, and the courts of Thailand shall have jurisdiction over any dispute relating to this Privacy Policy.
This Privacy Policy is effective as of January 01st, 2021.