We, Capwise Co, LTD, Limited. (“Capwise”) has set out Personal Data Protection Policy (“Policy”) for the Company’s business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to the Company will be processed to meet your needs and in accordance with the laws.
1. Scope of this Policy
For Personal Data that has previously been collected by a Data Controller before the effective date of Personal Data Protection Act B.E.2562, the Data Controller shall be entitled to continue to collect and use such Personal Data for the original purposes. However, the Data Controller shall prepare and publicize a consent withdrawal method to facilitate the data
2. Definition of Personal Data
“Personal Data Protection Policy” means Policies that we notify Data Subjects of our data processing and its details as specified by the Personal Data Protection Act B.E. 2562
“Person” means a natural person.
“Personal Data” means any information relating to a Person who can be identified, directly or indirectly, but excluding specific information of a deceased, e.g., name, surname, nickname, address, telephone number, identification number, passport number, social security number, driving license number, taxpayer identification number, bank account number, credit card number, email address, vehicle license plate, land title deed, house registration, signature, voice recording, pictures, photographs, video recordings, video clips, identity verification information (KYC/e-KYC), immigration details, including arrival and departure dates, IP address, log file, LINE ID, Facebook ID, Google, Twitter ID and user accounts on other social media sites, etc.
However, the following information shall not be treated as personal data, namely information for business contact without any identified person, e.g., company name, company address, company registration number, office telephone number, office email address, group company email address like info@company.co.th , anonymous data or pseudonymous data, information of a deceased, etc.
“Sensitive Personal Data” means any information which is genuinely personal of a Person, but sensitive and likely exposed to unfair discrimination, e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, criminal records, data relating to health and disability, labor union data, genetic data, biometric data or any other data which affects the data subject in such manner as prescribed and announced by the Personal Data Protection Committee.
“Data Subject” means a Person who owns Personal Data, except where the Person holds the data ownership or creates or collects such data on his/her own, whereby this Data Subject refers to only a natural person and excludes a “juristic person” established by law, such as company, association, foundation, or any other organization.
“Sensitive Personal Data” means any information which is genuinely personal of a Person, but sensitive and likely exposed to unfair discrimination, e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, criminal records, data relating to health and disability, labor union data, genetic data, biometric data or any other data which affects the data subject in such manner as prescribed and announced by the Personal Data Protection Committee.
“Data Subject” means a Person who owns Personal Data, except where the Person holds the data ownership or creates or collects such data on his/her own, whereby this Data Subject refers to only a natural person and excludes a “juristic person” established by law, such as company, association, foundation, or any other organization.
In this regard, a Data Subject includes any of the following Persons:
“Data Controller” refers to a Person or a juristic person with the power and duties to make decisions regarding the collection, use or disclosure of Personal Data.
“Data Processor” refers to a Person or a juristic person who proceeds with the collection, use or disclosure of Personal Data under such orders given by or on behalf of a Data Controller, whereby the Person or juristic person who proceeds as such is not a Data Controller.
3. Sources of Personal Data
We shall not collect any Personal Data, except in the following events:
3.1 We have directly received Personal Data from a Data Subject, in which case, we shall collect such Personal Data from the service processes as follows:
(1) the use of services or the filing of any applications with us, e.g., subscription registration, filing in details to register for the exam, subscription for newsletters, job application;
(2) the collection of data voluntarily provided by a Data Subject, e.g., survey or correspondence via email address or other channels of communications between the company and the Data Subject;
(3) the collection of data from our website via browser’s cookies of a Data Subject and the use of electronic transaction services.
3.2 We have received Personal Data of a Data Subject from a third party, whereby we believes in good faith that such third party is entitled to collect and disclose the Data Subject’s Personal Data to u.
4. Objectives of Processing of Personal Data
4.1 We may collect, use or disclose Personal Data as follows:
(1) To create, improve, manage and deliver products and services, benefits and privileges.
(2) To provide services to you including but not limited to processing any of your transactions.
(3) For the preparation of our database and service history through the service of any communication channel.
(4) To promote content that is information from us which we deliver to you including the preparation of promotional programs related to the content that is suitable for you.
(5) Analyzing, processing, marketing promotion activities, research, and sales, including product publicity and various services, whether our Affiliates, partners, business partners or of others via notification via mobile device screen, SMS or social media.
(6) To be used to improve the service Improving our website and applications to suit the needs of service users and effectively.
(7) As a contact channel for receiving comments, suggestions, to improve the content of our programs to meet your needs.
(8) To perform the contract Terms and Conditions made to you.
(9) To comply with laws and regulations of government agencies such as the Personal Data Protection Act, Electronic Transactions Act, Civil and Criminal Code, Civil and Criminal Procedure Code, etc.
(10) To send promotional advertisements, coupons, news and other promotional information. or special events directly to you on the website and/or application You may opt out of receiving certain types of advertising messages by following the instructions provided.
(11) To use for identity verification, authenticate and verify qualifications when you apply for our services.
4.2 We do not have the policy to collect Sensitive Personal Data from you. We will obtain your explicit consent prior to the collection of such data. Unless otherwise, there are legal grounds or lawful basis to collect such information without obtaining consent.
4.3 You agree not to deliver any information. that is inaccurate and/or misleading to us and you agree to notify us of any inaccuracies or alterations of such information. We reserve the right to request the delivery of any additional documentation to verify the information you have provided to us as we deem appropriate.
4.4 If you have provided us with third party’s personal data (such as a property owner beneficiary emergency contact referring person and referrals) such as name, surname, address, telephone number family income and personal information and other contact information to contact in an emergency Fill out an application or complete your transaction with us. You warrant that such information is lawful. Please inform them of this Personal Data Protection Policy. and/or seek their consent.
5. Processing of Personal Data
5.1 Collection of Personal Data
We shall limit the collection of any Personal Data to the extent necessary, depending on the categories of services used by the Data Subject or the Personal Data provided to us, e.g., registration for use of services, examination registration, FindPath testing, BMAT Testing, Admissions Testing, Guidance on further studies and Study Abroad both directly through us and via our information system, and such Personal Data shall be collected only to the extent necessary.
5.2 Use of Personal Data
We shall properly use the Personal Data according to the purposes for which such Personal Data is provided by the Data Subject to us and shall provide measures to ensure the security and safety of as well as to control access to such Personal Data.
5.3 Disclosure of Personal Data
Normally, we shall not disclose any Personal Data, except for the purposes for which such Personal Data is provided by the Data Subject to us, e.g., disclosure of Personal Data for the services requested by the Data Subject or in compliance with contractual obligations or as required by law. In any event, where NSTDA wishes to collect, use or disclose additional Personal Data or change the purposes of such collection, use or disclosure, NSTDA shall give notice thereof to the Data Subject prior to processing such Personal Data, unless required or permitted by law.
6. Transferring Personal Information to Overseas
We may need to transmit or transfer your personal data to other recipients located abroad. as part of our normal business operations, such as sending or transferring personal information to be stored on server/cloud in different countries or sending information to check eligibility for training courses, etc.
7. Period of Storage of Personal Data
We shall keep the Personal Data as long as it is necessary for processing not exceeding 10 years from the date data subject has given us the last time of the data processing, and upon the lapse of such period, we shall destroy such Personal Data.
8. Rights of Data Subject
Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulation set out by the Company. In case you are under 20 years old, or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf.
8.1 Right to withdraw consent: If you have given consent to the Company to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the period your Personal Data available to the Company, unless it is restricted by laws or you are still under beneficial contract.
Withdrawal of your consent may affect your use of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.
8.2 Right of access: You have the right to access your Personal Data that is under the Company’s responsibility; to request the Company to make a copy of such data for you; and to request the Company to reveal as to how to Company obtain your Personal Data.
8.3 Right to data portability: You have the right to obtain your Personal Data if the Company organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the Company to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by the Company directly to other data controller unless not technically feasible.
Your Personal Data above must be under your consent given to the Company to collect, use, and/or disclose; or those the Company deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with the Company; or to take steps at your requests before using products and/or services; or as legally required by competent authority.
8.4 Right to object: You have the right to object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the Company, corporation or individual which is within your reasonable expectation; or for carrying out public tasks. If you request to object, the Company will continue collecting, using and/or disclosing your Personal Data only when the Company can establish a legal basis that doing so is more important than your fundamental rights; or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis.
In addition, you have the right to object to collection, use and/or disclosure of your Personal Data carried out for purposes related to marketing, scientific, historical or statistical research.
8.5 Right to erasure: You have the right to request the Company to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; or retention of the data by the Company is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
8.6 Right to restriction of processing: You have the right to request the Company to suspend processing your Personal Data during the period where the Company examines your rectification or objection request; or when it is no longer necessary and the Company must erase or destroy your Personal Data pursuant to relevant laws but you instead request the Company to suspend the processing.
8.7 Right to rectification: You have the right to rectify your Personal Data to be updated, complete and not misleading.
8.8 Right to complaint: You have right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws.
The exercise of rights above may be restricted under relevant laws and it may be necessary for the Company to deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If the Company denies the request, the Company will inform you of the reason.
9. Security of Personal Data
We provide appropriate security measures to prevent any unauthorized or undue access to, use, change, rectification or disclosure of the Personal Data. Moreover, we have set out its internal practice for authorization of access to or use of the Data Subject’s Personal Data in order to keep such data confidential and safe. We shall review such measures from time to time as appropriate.
10. Use of Cookies
Cookies refers to a small-sized data created by a website that is stored with the Data Subject while visiting the website in order to enable the website to keep track of the Data Subject’s preferences, such as, the most preferred language, system user or other settings. On the Data Subject’s next visit to the website, the website will recognize him/her as a user previously using the services and apply such settings selected by the Data Subject until the Data Subject will delete or disable cookies, as the Data Subject may accept or refuse cookies, and if cookies are refused or deleted, the website may not be able to provide the services or may not display correctly
11. Link to websites, products and services of third parties
Provision of services of our company may link to websites, applications, products and services of third parties, which such third parties may collect certain information in relation to the use of such service. This Personal Data Protection Privacy is solely applied to the processing of Personal Data under the purpose specified by us. We could not be responsible for the security or privacy or any of your information collected by websites, applications, products and services of such third parties, even you click the link appeared on the service of our website. In this regard, you should be careful and verify the Privacy Notice or Privacy Policy of websites, applications, products and services of such third parties.
12. Update on the Personal Data Protection Policy
We may update or revise its Personal Data Protection Policy without advance notice to the Data Subject so as to be appropriate and efficient in the provision of services. Therefore, we hereby advise the Data Subject to read the Personal Data Protection Policy every time he/she visits or uses the services from our website.
13. Compliance with the Personal Data Protection Policy and Contact
In the event that the Data Subject has any questions or suggestions regarding the Personal Data Protection Policy or compliance with this Personal Data Protection Policy, we are willing to answer such questions and welcome all the suggestions in order to further improve our personal data protection and services. Please contact us via the following details;
CAPWISE Co., Ltd.
Location: No 201/5 2nd Floor, Soi Saenguthai, Sukhumvit 50 Rd., Prakanong, Khlong Toei, Bangkok, 10260
Telephone: 064-949-1490
E-mail: capwise.thailand@gmail.com
14. Governing Law
You acknowledge and agree to this Personal Data Protection Policy. It is subject to and construed in accordance with Thai law and the courts of Thailand are competent to consider any disputes that may arise.
Announced on 10 January 2022