EVENT PARTICIPANT PRIVACY POLICY
EASY BUY PUBLIC COMPANY LIMITED
1. Purposes and Scope of the Privacy Policy
- This Privacy Policy applies to all participants (hereinafter referred to as "You") of Easy Buy Public Company Limited (hereinafter referred to as "Company"). In this regard, the company mainly acts as the data controller under the Personal Data Protection Act B.E.2562. Therefore, the company is committed to collect and process event participant’s personal data in accordance with the purposes and scope of the company as specified herein this Privacy Policy.
Data Controller contact details: |
Data Protection Officer (DPO) contact details: |
EASY BUY Public Company Limited Rasa Two Building, 8 - 11th Floor 1818 Phetchaburi Road, Makkasan, Ratchathewi, Bangkok 10400
Tel: 02-695-0000 Email: CPC.Facebook@easybuy.co.th |
Email: contactpdpa-dpo@easybuy.co.th |
- This Privacy Policy covers data subjects who are company’s customers and employees, and individual being involved with company’s event organization.
- As used in this Privacy Policy, the following terms shall have the meanings set forth below:
- “Processing” means anything done with vender’s personal data, including collection, storage, use, disclosure and deletion of personal data.
- “Legal Bases” means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of the Personal Data Protection Act B.E.2562.
- “Personal Data” means data relating to the person that can directly or indirectly identify person but not including data of deceased persons such as name-surname, telephone number, address, e-mail, Identification Number etc.
- “Sensitive Personal Data” means personal data that specially categorized by law such as nationality, political opinion, religious or philosophy belief, sexual behavior, criminal record, health information, disability, Union information, Genetic information, Biometric information or other similar data which prescribed by law that company must proceed with extra care.
- This Privacy Policy may be revised at any given time and the company may notify you through appropriate channels.
2. Personal Data Processed
- The Company collects the following categories of your personal data when you participate in the company’s any of events are organized by either the company or organizer, or events are co-organized by the company, or when you enter the such events area.
• Identity data including, but not limited to, title, full name, nickname, employee ID, signature, picture, video, voice record;
• Address/contact data including, but not limited to, address, office address, chat, social media, mobile phone number, email address;
• Profile data including, but not limited to, date of birth, weigh, high, gender, age;
• Important identity document including, but not limited to, copy of the ID card payment, payment information, financial transactions related to event organization;
• Information about opinions or survey responses
3. How the Company Collect Your Personal Data
- In general, the company will directly collect your personal data through these processes (or channels) including, but not limited to;
• Paper format and electronic file;
• Electronic file thought Facebook or ESA Application;
• Webform;
• Email; and
• Social Media
4. How the Company Process Your Personal Data
- The company will collect, use, and disclose your personal data based on the following, but not limited to, purposes.
4.1 To perform in accordance with contract which you are a party to the company (Contractual Basis), such as
- • To consider and select event organizers, event participants, award receivers, which shall mean to include the evaluation process and process of operation management in relation to the consideration and selection of organizer, participants, award receivers from the company.
4.2 To carry out operations necessary under the legitimate interests of the Company or of another person or entity without exceeding the scope that you can reasonably expect (Legitimate Interest) or for other purposes as permitted by law, such as
- • To collect personal data such as images or video or live broadcast for the company’s events publicization (including online event) when you participate in the company’s events are organized by either the ompany or organizer, or events are co-organized by the company, or when you enter the such events area. The company may publish such photos, videos or live broadcasts through the company’s channels both inside and outside such as online media channel or the company's social media accounts or newspapers or television, etc.
• To manage of rewards for employees, customers who participated in the activities.
• To create media for such event participants to study or to be retrospective, or to create as the company’s knowledge.
• To take pictures or to record videos for public relations of photo of events or the announcement of the name of winners for playing game) through online and offline media both the company’s and the outside’s such as internal email, Intranet, Facebook, Line CONNECT, YouTube Website, Mass media such as newspapers and TV, etc.
• To prepare of reports, to publicize, to communicate and to advertise the company’s events
- The following is the group of activities in which the company utilizes your personal data to carry out all activities in accordance with the aforementioned purposes:
Group of Activities |
Group of PIIs |
Legal Bases |
Promote Organization Activity
|
• Identity Data
• Address / Contact Data
|
• Contract • Legitimate Interest |
- The company will process your personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes, and it is unlikely to rely on stated purpose, through this policy, the Company will provide additional information about the processing's purpose and legal basis.
5. Usage of Personal Data with Third-Party Organizations
- The Company may be required to disclose and/or transfer your personal data to third-party organizations, in order for such organizations to process personal data in accordance with agreements and/or legal obligations with the company. These organizations may include;
- • Media Production Contractor;
• Public Relations Contractor;
• Event Organizer; and
• Co-Organizer with the company
For the cases where personal data are being disclosed and/or transferred to third-party organizations, the company will ensure that the minimum amount of personal data are being disclosed and/or transferred, and consider anonymization and pseudonymization techniques for greater security. Nevertheless, the third-party organizations who will process your personal data for the company will be required to have in place appropriate privacy policy. Further, the company does not permit these third-party organizations to use the vender personal data in a way that diverge from the agreed scope and purposes.
6. Transferring of Personal Data to Foreign Countries
- The Company will transfer your personal data cross-border only when any of these requirements has been met. The requirements include;
• The receiving foreign country has a comprehensive personal data regulation in place;
• The receiving organization has a comprehensive privacy policy in place and certified by the Office of the Personal Data Protection Commission;
• If the destination country has insufficient standards of Personal Data protection, we shall ensure that Personal Data will be sent or transferred in accordance with law and shall set standards of Personal Data protection as deemed necessary, and appropriate for and consistent with the confidentiality standards. For instance, an agreement must be entered into with the data recipient in that country to ensure that your Personal Data will be protected under the Personal Data protection standards equivalent to that in Thailand
• A pre-requisite to the exercise of legal rights;
• Consent has been obtained from the data subject who is well-aware of the inadequate personal data protection standards of the receiving countries or international organizations;
• Requirement for the execution of an agreement to which you are a party of, or the fulfillment of a request you made prior to entering into the agreement;
• A necessary task to carry out under a contractual agreement between the company and other persons or entities for the benefits of the data subject;
• To ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time; and
• A necessary task for the good of the public
7. Security Measures for Personal Data Protection
- The Company has implemented certain security measures to ensure the security of your personal data. In this connection, third-party organizations are required to carry out the processing of personal data in accordance with the company’s security policy, and to ensure the security of your personal data.
8. Time Period of Personal Data Storage
- The Company collects your personal data only if necessary for the internal purpose of the company or for purposes permitted by law.
Upon expiration of the necessity or the storage period of such personal data, the company will delete, destroy or anonymize the data so that it cannot be identified.
9. Your Rights
- Your personal data rights include:
- - Right to revoke consent – for the case where the company has obtained your consent in order to process your personal data;
- Right of access – you have the right to request a copy of all your personal data and assess if the company is processing your personal data in accordance with relevant laws;
- Right to data portability – for the case where the company has in place an automated platform allowing you to access your personal data automatically:
- o you have the right to ask for your personal data to be transferred automatically to other organizations and
- o you have the right to request for your personal data in such format that the company has transferred personal data to other organizations, except for the case where there is a technological limitation;
- - Right to object – you have the right to object to any data processing activity of your personal data which has been relied on certain legal bases and processing purposes, including:
- o public task or legitimate interest
- o direct marketing purposes and
- o scientific, historical or statistic research purposes, unless the processing is necessary for public task;
- - Right to erasure – you have the right to request for data deletion or anonymization, in accordance to the following cases:
- o where processing required terms become expired
- o where consent has been withheld, and we cannot rely on other legal based to process your personal data
- o where there is objection raised against processing activity and
- o where processing activity is not in accordance with relevant laws.
- - Right to restrict processing – you have the right to restrict any data processing activity in accordance with the following cases:
o during pending examination process
o for cases related to personal data which initially shall be deleted and/or destroyed, but was followed by an additional request of processing restriction instead
o for cases where the data processing terms have passed, but you have requested for processing restriction due to legal reasons and
o during the process of data processing objection verification; and
- Right to rectification – you have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, the company has no right to edit it by our own.
- - Right to complain – you have the right to file a complaint with the Presonal Data Protection Committee or the Office of the Presonal Data Protection Committee if the company violates or does not comply with Presonal Data Protection Act.
Kindly be informed that the company may not be able to carry out and support the exercise of your rights in particular circumstances, including but not limited to those involving legal proceedings or contractual obligation. Please be aware that the company keeps track of all inquiries to guarantee that all concerns are resolved.
In the case where you have the intention to exercise your personal data protection rights, or to file complaint against your personal data processing, please contact company’s DPO (contact details have been provided above).
The Company will advise and process this request in a secure and timely
manner.
10. Policy Revision
- This Privacy Policy was last updated on September 1st, 2024. and it applies to all of the company's event participants. The Company holds the rights to review and edit this Privacy Policy as we see appropriate.