TH | EN

PRIVACY POLICY
Country Group Development Public Company Limited, and its group companies, including without limitation to Landmark Holdings Company Limited, Chao Phraya Estate Residences Company Limited, Waterfront Hotel Company Limited, Urban Resort Hotel Company Limited, BCEG Country Group Engineering Company Limited, Leading School Partnership Limited, CGUK1 Limited, and CGD Digital Partner Company Limited (collectively, “CGD Group”) respect and value the privacy of anyone interacting, communicating and providing Personal Data to CGD Group (“Data Subjects”), and CGD Group commits to treat all personal data with security and confidentiality.

This privacy policy (“Privacy Policy”) sets out CGD Group’s practices and security measures with respect to the Personal Data and applies to any individuals whom CGD Group engages with or otherwise whose Personal Data is in the possession of CGD Group.

Data Subjects may review this Privacy Policy together with other privacy statements which CGD Group may additionally provide on this website or on specific occasions when CGD Group collects the personal data of the Data Subjects, i.e. Privacy Statement for (i) Customers (ii) Employees and (iii) Stakeholders (“Privacy Statements”). This Privacy Policy supplements to other Privacy Statements and will not cancel, replace, or override any provision in the Privacy Statements. If there are any conflict between the two documents, the Privacy Statements shall prevail.

1. Key Summary of this Privacy Policy

CGD Group has engaged with the Data Subjects for several purposes, and therefore has numbers of the personal data under the collection. In this regard, CGD Group ensures that the personnel, business operations, and performances of CGD Group shall be complied with this Privacy Policy, the Privacy Statements (if applicable) and the Personal Data Protection Act B.E 2562 (“PDPA”) and other applicable laws, in order to protect the privacy and security of the Data Subjects, including to avoid unauthorized or unlawful acts, to prevent violation of laws, and to mitigate any potential risks from penalty imposed by the PDPA and applicable laws.

2. Types of Personal Data

Personal Data” means any data relating to an individual which can identify such individual, directly or indirectly excluding the data of a deceased individual.

CGD Group may collect the Personal Data in relation to the Data Subjects as follows:

  • Identity data such as name, title, gender, age, nationality, country of residence, marital status, date of birth, occupation, identification card, passport, other government-issued identification data, photo, and any other identity data with the similar nature.

  • Sensitive data such as religion, ethnicity, dietary, sexual preference, allergy data, health data, criminal records, and biometric data.

  • Contact details such as address, phone number, email, messaging application accounts, for example, Line, WhatsApp and other social media accounts, such as Facebook and Instagram.

  • Financial data such as credit/debit card information, bank account details, source of fund and assets list.

  • Employee data such as social security information, tax information, educational background, work experience, salary rate, work performance, working hours and leaves.

  • Preference and lifestyle information, such as interest, hobby, likes and dislikes.

  • Transactional data such as information of services or products sold or provided to the Data Subjects, correspondence information, enquiries, feedback and purchase history.

  • Technical information such as cookies, IP address, log files, location, mobile network data, hardware model, operation system.

  • Security & loss prevention data such as security camera footage and license plate data.

  • Stakeholder information such as shareholding details, information in proxy, bond, debenture, and B/E details.

  • Public data which is available on both online and offline channels such as social media data photos, posts, locations, friend list and liked pages.

If the Data Subjects would like to use any services or products of CGD Group, work with CGD Group or otherwise engage in any business arrangements with CGD Group, CGD Group needs the Data Subjects’ Personal Data in order to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder, meet any of the Data Subjects’ requests or comply with applicable laws. If the Data Subjects do not provide the Personal Data to CGD Group, CGD Group will not be able to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder and it might result to a breach of contract with CGD Group by the Data Subjects, breach of applicable laws, or the event that the Data Subjects’ requests are fully rejected.

If you provide the Personal Data about other persons to CGD Group, you affirm that this Privacy Policy and the Privacy Statements (if applicable) have been reviewed by such persons and that such persons have given their consents regarding the processing of their Personal Data (if required). The Data Subjects have to present the documents evidencing that the above actions have been carried out as may be requested by CGD Group.

3. Collection of the Personal Data

CGD Group may collect the Personal Data provided by the Data Subjects from any engagements or interactions with the Data Subjects either via online or offline means, such as through the websites or applications owned or controlled by CGD Group (“CGD Group’s Websites & Applications”), phone call, email, messaging applications, including when the Data Subjects use CGD Group’s services or products, apply for a position at CGD Group, engage in any transactions or business arrangement with CGD Group, or invest in CGD Group.

CGD Group may also collect the Personal Data from other sources as well, such as from family members or related persons of the Data Subjects, referrers, marketing companies, recruitment agencies, corporate customers, vendors, or stakeholders and other publicly available sources in either online or offline database.

4. Retention Period

CGD Group will retain the Personal Data for no longer than 10 (ten) years after the last contact or termination of contractual relationship between CGD Groups and the Data Subjects. However, CGD Group may continue to retain the Personal Data as long as (a) it is permitted by the PDPA and/or any applicable laws, (b) CGD Group is under the certain contracts with the Data Subjects, (c) CGD Group is under legal obligation to retain the Personal Data, (d) the consent granted to CGD Group has not been revoked, and (e) it is deemed necessary to complete the objectives of this Privacy Policy and the Privacy Statements (if applicable).

5. Purpose of Personal Data Processing

The Personal Data shall be collected and used only for the purposes and the lawful basis stated below, including any purposes and the lawful basis stated in the Privacy Statements, any other purposes that the Data Subjects have given their consents to CGD Group from time to time, and any other purposes as permitted or required in the PDPA and/or any applicable laws.

Legal Obligation
  • To comply with legal requirements such as the PDPA, Civil and Commercial Code, Revenue Code, Public Limited Company Act B.E. 2535 (1992) and the Securities and Exchange Act B.E. 2535 (1992), Labor Protection Act B.E. 2541 (1998), Social Security Act B.E. 2533 (1990), Condominium Act B.E. 2522 (1979), Hotel Act B.E. 2547 (2004), Accounting Act B.E. 2543 (2000), Computer-Related Crime Act B.E. 2550 (2007)and Immigration Act B.E. 2522 (1979).

  • To comply with court orders and/or orders from governmental authorities.

  • To conduct financial audit of each company in CGD Group as required by law.

Contractual Basis
  • To review, evaluate and asses the Data Subjects for entering into contract with CGD Group, including to communicate with and interview them, e.g., employees and vendors.

  • To enter into any agreement and fulfil the obligations thereunder.

  • To provide the Data Subjects with related services and products.

  • To maintain and manage relationship and communicate with the Data Subjects.

  • To provide any personalized services, goods and products to the Data Subjects.

  • To make or process payment, refund, or issue invoices and receipts.

  • To response to the Data Subjects’ request about the residential projects which the Data Subjects are interested to acquire.

Legitimate Interest
  • To administer and protect CGD Group’s business security.

  • To authenticate and verify the Data Subjects in any relevant transactions.

  • To prevent any loss, crime, fraud or any unlawful acts.

  • To conduct an investigation of anti-money laundering and transaction failure.

  • To conduct internal audit of business.

  • To proceed with debt collections.

  • To administer and solve technical problem on the CGD Group’s Websites & Applications and to improve CGD Group’s business.

  • To connect data between CGD Group for ordinary business operation.

  • To allow advisors, service providers, vendors, suppliers, contractors, sub-contractors to provide and supply CGD Group with services and products.

  • To carry out, manage and improve the ordinary business operations and to establish a management for a good corporate governance.

  • To recruit and evaluate potential any of the directors, employees, vendors or others to work with CGD Group.

  • To manage the current and future recruitment for a vacant position.

  • To communicate with the Data Subjects’ reference, e.g. former employer for background check before entering into any agreement.

  • To contact your related person for any emergency case.

  • To enter into contract or communicate with corporate customers, vendors or stakeholders through their representative such as directors or employees.

  • To take a photo or video footages of the Data Subject at any events held by CGD Group and publish or advertise such photo or video footages on CGD Group’s Websites & Applications or other platforms, without being a targeted advertisement.

  • To share Personal Data of the Data Subject on a need-to-know basis for the purpose of merger and acquisition, business reorganization, insolvency, rehabilitation and similar proceedings of CGD Group.

  • To assess any potential risk of investment.

  • To collect Personal Data of witness to a contract as an evidence.

Consent
  • To maintain relationship between CGD Group and the Data Subjects such as to provide gifts or hold a birthday party according to the Data Subjects’ preferences.

  • To conduct targeted and/or direct marketing, i.e. to offer sales, updates and promotions of the products and services pursuant to the Data Subjects’ preference and lifestyle, including the events that the Data Subjects might be interested in attending.

  • To conduct data analytics and market research, in order to learn about the products and/or services that the Data Subjects might be interested in receiving.

  • To take a photo or video footages of the Data Subjects at sale galleries and publish or advertise such photo or video footages on CGD Group’s Websites & Applications or other platforms.

  • To provide meals and/or other facilities pursuant to the Data Subjects’ food allergy or religion.

  • To evaluate the suitability of the Data Subjects for entering into contract with CGD Group considering their sensitive data such as criminal records and health data.

  • To collect your sensitive Personal Data as necessary, e.g. to use your identification card (which contains your religion and/or blood type and/or for verification of your identity before continuing the transaction).

Other lawful basis

Apart from the lawful basis mentioned earlier, CGD Group may collect, use or disclose the Personal Data based on lawful basis below.
  • To prepare historical documents or archives for the public interest, or for purposes relating to research or statistics.

  • To prevent or suppress a danger to a person’s life, body or health.

  • To carry out a public task, or for exercising official authority.

6. To Whom Personal Data is Disclosed

CGD Group may be required to disclose the Personal Data in relation to the Data Subjects to the third parties, including without limitation to:
  • The companies within CGD Group

  • Governmental authorities such as the Revenue Department, Department of Business Development, Stock Exchange of Thailand, Securities and Exchange Commission Thailand Land Office and the Immigration Bureau, including courts and any other authorities as required by law.

  • Financial institutions, insurance companies and insurance brokers

  • Service providers, suppliers, business partners,

  • Stakeholders

  • Professional advisors such as accountants, lawyers, IT advisors, technicians, and auditors.

  • Third parties to whom CGD Group chooses to sell, transfer, merge, any portions of the business, assets, or shares. This includes the parties in relation to the events of business reorganization, insolvency, rehabilitation and similar proceedings.


In this regard, the disclosure shall be conducted for the purposes as stated in the Privacy Policy, the Privacy Statements and the consents given by the Data Subjects and/or other purposes as required or permitted by the PDPA and/or any applicable laws.

7. Cross-Border Transfer

Due to the nature of modern hospitality business, CGD Group may disclose or transfer the Personal Data in relation to the Data Subjects to the parties located overseas in which the destination countries may or may not have the equivalent level of protection for Personal Data protection standards. In any case, CGD Group takes steps and measures to ensure that the Personal Data is securely transferred, the receiving parties have in place an appropriate level of protection standards or other there are derogations as required or allowed by PDPA and other applicable laws.

In the event that the destination countries do not have the sufficient data protection standards, CGD Group will ensure that the transfer of your Personal Data will be in accordance with the PDPA or other applicable laws.

8. Cookies

Cookies are software which is stored in the CGD Group’s Websites & Applications and sent to the Data Subjects’ browser when using the CGD Group’s Websites Applications. The Cookies on the CGD Group’s Websites & Applications are used to identify and distinguish the users who have visited the CGD Group’s Websites & Applications and track their personal preference, which the data of the users shall be automatically collected by Cookies. These Cookies do not cause any harmful effects to the computer or transmit any viruses, Cookies otherwise help CGD Group to serve the users with personalized service or support, provided that its purposes of using are:
  • To allow the users to access or use services or functions in CGD Group’s Websites & Applications.

  • To increase effectiveness of the CGD Group’s Websites & Applications in operating online service or interactive applications;

  • To enhance the visitation to the CGD Group’s Websites & Applications, such as to recognize a name, account, password or previous interest, in order to serve those who repeatedly use the CGD Group’s Websites & Applications or services; and

  • To analyze the performance, including update and improve the operation of the CGD Group’s Websites & Applications.

  • If the users, as the Data Subjects, disagree to the use of Cookies in automatically collecting the data while browsing the CGD Group’s Websites & Applications, the users can choose not to accept Cookies by visiting https://www.cgd.co.th/en/cookie-policy.html.

9. Log Files

CGD Group may record log files from the Data Subjects visiting CGD Group’s Websites & Applications. Log files include IP address, browser type, internet service provider name, entry and exit pages, platform type, date/time stamp, and number of clicks.

10. Surveillance camera

CGD Group uses surveillance cameras to capture footage of the visitors and the vehicles in and around the location of CGD Group for safety purposes including the prevention and detection of crimes. The surveillance cameras of CGD Group will detect the entrance, the lobby, the terrace, the parking lot outside of the buildings, the fence around the buildings and the area within the perimeter of CGD Group, which is accessible by the people throughout 24 hours. The surveillance system does not use sound recording. CGD Group ensures that live feeds and captures from the surveillance cameras will be observed by authorized person of CGD Group only.

11. Minors

The minor means any person under the age of 20 years. CGD Group may not know the age of the Data Subjects visiting CGD Group’s Websites & Applications. The parents of the minors providing the Personal Data through CGD Group’s Websites & Applications, may request CGD Group to delete the Personal Data of such minors (if applicable). If CGD Group is aware that the Data Subjects are minors and such minors cannot act alone according to the Civil and Commercial Code, CGD group will, and without delay, proceed to obtain consent from the parents, if required by the PDPA.

12. Personal Data Security Measure

CGD Group recognizes the importance of maintaining the security of the Data Subjects’ Personal Data. Therefore, CGD Group has implemented reasonable technical and organizational security measures to protect the Data Subjects’ Personal Data collected by CGD Group against unauthorized access, misuse, loss or destruction, which include control access, encrypted storage and storage with lock.

13. Personal Data Collected prior to PDPA’s Effectiveness

CGD Group is entitled to continue collecting and using your Personal Data which has been collected before PDPA’s effectiveness in accordance with the original purposes. If you do not wish CGD Group to continue collecting and using your personal data, you may withdraw your consent at any time by contacting CGD Group or the Data Protection Officer as detailed in Paragraph 18.

14. Data Subjects’ Rights

Where permitted by the PDPA or applicable laws and under the relevant criteria/requirements specified thereunder, the Data Subjects have the rights with respect to their Personal Data to:
  • Access: The Data Subjects may have the right to access or request a copy of the Personal Data, which CGD Group is collecting, using or disclosing about the Data Subjects, including to disclose the acquisition of the Data Subjects’ Personal Data which CGD Group obtained without the Data Subjects’ consent. For the Data Subjects’ own privacy and security, CGD Group may require the Data Subjects to prove their identity before providing the requested Personal Data.

  • Data Portability: The Data Subjects may have the right to obtain Personal Data of them, which CGD Group holds, in a structured, electronic format, and to send or transfer such Personal Data to another data controller, where this is (a) Personal Data of the Data Subjects and (b) CGD Group is collecting, using or disclosing such Personal Data on the basis of the Data Subjects’ consent or to perform a contract with the Data Subjects.

  • Rectification: The Data Subjects may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data which CGD Group collects, uses or discloses about the Data Subjects rectified.

  • Withdraw Consent: For the purposes of consent, which the Data Subjects have given to CGD Group for the collecting, using or disclosing of the Data Subjects’ Personal Data, the Data Subjects have the right to withdraw such consent at any time.

  • File a complaint: The Data Subjects have the right to file a complaint with the Personal Data Protection Committee if the Data Subjects believe that there is any violation of the PDPA.

  • Objection: The Data Subjects may have the right to object the collection, use, and disclosure of the Personal Data in certain circumstances, including the case where Personal Data is being processed under the basis of public interest and legitimate interest or for the purposes of direct marketing and/or scientific, historical or statistic research.

  • Restriction: The Data Subjects may have the right to restrict the processing of the Personal Data in circumstances that (i) CGD Group is under pending examination process to check the accuracy of Personal Data or to verify basis with regard to the Data Subjects’ objection request for the collection, use and disclosure of the Personal Data, (ii) the Data Subjects request CGD Group to restrict the use of the Personal Data instead of deleting or destroying, and (iii) the Personal Data is no longer necessary for the purposes of collection, use and disclosure but the Data Subjects request CGD Group to retain such Personal Data to establish, comply, exercise or defend legal claims.

  • Deletion (‘right to be forgotten’): The Data Subjects may have the right to request that CGD Group delete or de-identify Personal Data which CGD Group collects, uses or discloses about the Data Subjects, unless CGD Group is not obligated to do so, or if CGD Group needs to retain such Personal Data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.

The Data Subjects may exercise these rights by changing privacy preference, unsubscribing, or contacting CGD Group or the Data Protection Officer as detailed in Paragraph 18 below.

The Data Subjects’ request to delete or anonymize the Personal Data, or request to restrict or object to the processing of the Personal Data could mean that CGD Group is unable to perform its obligations under an existing contract and unable to provide the Data Subjects with the services and products and/or to acts on the Data Subjects’ request.

In the event that your withdrawal of consent will affect you in any manner, CGD Group or the Data Protection Officer will inform you of the consequences of such withdrawal of consent accordingly.

For the Data Subjects’ privacy and security, CGD Group may refuse to comply with the request if (a) the person submitting the request does not have evidence to verify that he/she is the data subject or does not has the authority to submit such request (b) the request is not reasonable, e.g., the person submitting the request does not have the rights under the PDPA or does not have Personal Data in CGD Group’s possession (c) the request is excessive or vexatious, e.g., the request unreasonably repeats a previous request from the same person (d) CGD Group has compelling legitimate grounds to reject such request as required or permitted by the PDPA and/or any applicable laws.

15. Privacy Policy of other Websites

The CGD Group’s Websites & Applications contain address links to other websites. This Privacy Policy applies only to the CGD Group’s Websites & Applications and CGD Group shall be solely responsible subject to the scope of this Privacy Policy. CGD Group shall not be responsible for any collection, storage, process, or disclosure of Personal Data, or the use of Cookies conducted by other websites which the Data Subjects access from the CGD Group’s Websites & Applications. Therefore, CGD Group would kindly suggest the Data Subjects carefully review the privacy policies of other websites before submitting any Personal Data.

16. Amendment and Review

CGD Group may regularly review this Privacy Policy and the Privacy Statements from time to time to be in accordance with any amendments made to the PDPA and applicable laws. Amendments to this Privacy Policy and the Privacy Statements will be publicly announced on the CGD Group’s Websites & Applications or other available channels.

17. Miscellaneous

This Privacy Policy and the Privacy Statements are governed by and shall be construed in compliance with the PDPA and the laws of Thailand. This Privacy Policy and the Privacy Statements are written in English and Thai language. In the event of any inconsistency between the English versions and Thai versions, the English versions shall prevail.

18. Contact Us: DPO

Regarding all queries or awareness with respect to the Personal Data arising from this Privacy Policy, the Privacy Statements, or the activities of CGD Group, including the exercise of any rights as set out in Paragraph 14, please contact the Data Protection Officer of CGD Group at the below address:

Data Protection Officer of CGD Group

  To: Personal Data Protection Office
  Address No. 898 Ploenchit Tower, 20th Floor, Ploenchit Road, Lumpini Sub-district, Pathumwan District, Bangkok
  Tel: (66-2) 6587888
  Fax: (66-2) 6587880
  Email: dpo@cgd.co.th
  Website: www.cgd.co.th

This Privacy Policy is published on November 2021.