PRIVACY POLICY | ||||||||||||||||||
Country Group Development Public Company Limited, and its group companies, including without limitation to Landmark Holdings Company Limited, Chao Phraya Estate Residences Company Limited, Waterfront Hotel Company Limited, Urban Resort Hotel Company Limited, BCEG Country Group Engineering Company Limited, Leading School Partnership Limited, CGUK1 Limited, and CGD Digital Partner Company Limited (collectively, “CGD Group”) respect and value the privacy of anyone interacting, communicating and providing Personal Data to CGD Group (“Data Subjects”), and CGD Group commits to treat all personal data with security and confidentiality.
This privacy policy (“Privacy Policy”) sets out CGD Group’s practices and security measures with respect to the Personal Data and applies to any individuals whom CGD Group engages with or otherwise whose Personal Data is in the possession of CGD Group. Data Subjects may review this Privacy Policy together with other privacy statements which CGD Group may additionally provide on this website or on specific occasions when CGD Group collects the personal data of the Data Subjects, i.e. Privacy Statement for (i) Customers (ii) Employees and (iii) Stakeholders (“Privacy Statements”). This Privacy Policy supplements to other Privacy Statements and will not cancel, replace, or override any provision in the Privacy Statements. If there are any conflict between the two documents, the Privacy Statements shall prevail. 1. Key Summary of this Privacy Policy CGD Group has engaged with the Data Subjects for several purposes, and therefore has numbers of the personal data under the collection. In this regard, CGD Group ensures that the personnel, business operations, and performances of CGD Group shall be complied with this Privacy Policy, the Privacy Statements (if applicable) and the Personal Data Protection Act B.E 2562 (“PDPA”) and other applicable laws, in order to protect the privacy and security of the Data Subjects, including to avoid unauthorized or unlawful acts, to prevent violation of laws, and to mitigate any potential risks from penalty imposed by the PDPA and applicable laws. 2. Types of Personal Data “Personal Data” means any data relating to an individual which can identify such individual, directly or indirectly excluding the data of a deceased individual. CGD Group may collect the Personal Data in relation to the Data Subjects as follows:
If the Data Subjects would like to use any services or products of CGD Group, work with CGD Group or otherwise engage in any business arrangements with CGD Group, CGD Group needs the Data Subjects’ Personal Data in order to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder, meet any of the Data Subjects’ requests or comply with applicable laws. If the Data Subjects do not provide the Personal Data to CGD Group, CGD Group will not be able to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder and it might result to a breach of contract with CGD Group by the Data Subjects, breach of applicable laws, or the event that the Data Subjects’ requests are fully rejected. If you provide the Personal Data about other persons to CGD Group, you affirm that this Privacy Policy and the Privacy Statements (if applicable) have been reviewed by such persons and that such persons have given their consents regarding the processing of their Personal Data (if required). The Data Subjects have to present the documents evidencing that the above actions have been carried out as may be requested by CGD Group. 3. Collection of the Personal Data CGD Group may collect the Personal Data provided by the Data Subjects from any engagements or interactions with the Data Subjects either via online or offline means, such as through the websites or applications owned or controlled by CGD Group (“CGD Group’s Websites & Applications”), phone call, email, messaging applications, including when the Data Subjects use CGD Group’s services or products, apply for a position at CGD Group, engage in any transactions or business arrangement with CGD Group, or invest in CGD Group. CGD Group may also collect the Personal Data from other sources as well, such as from family members or related persons of the Data Subjects, referrers, marketing companies, recruitment agencies, corporate customers, vendors, or stakeholders and other publicly available sources in either online or offline database. 4. Retention Period CGD Group will retain the Personal Data for no longer than 10 (ten) years after the last contact or termination of contractual relationship between CGD Groups and the Data Subjects. However, CGD Group may continue to retain the Personal Data as long as (a) it is permitted by the PDPA and/or any applicable laws, (b) CGD Group is under the certain contracts with the Data Subjects, (c) CGD Group is under legal obligation to retain the Personal Data, (d) the consent granted to CGD Group has not been revoked, and (e) it is deemed necessary to complete the objectives of this Privacy Policy and the Privacy Statements (if applicable). 5. Purpose of Personal Data Processing The Personal Data shall be collected and used only for the purposes and the lawful basis stated below, including any purposes and the lawful basis stated in the Privacy Statements, any other purposes that the Data Subjects have given their consents to CGD Group from time to time, and any other purposes as permitted or required in the PDPA and/or any applicable laws. Legal Obligation
Contractual Basis
Legitimate Interest
Consent
Other lawful basis Apart from the lawful basis mentioned earlier, CGD Group may collect, use or disclose the Personal Data based on lawful basis below.
6. To Whom Personal Data is Disclosed CGD Group may be required to disclose the Personal Data in relation to the Data Subjects to the third parties, including without limitation to:
In this regard, the disclosure shall be conducted for the purposes as stated in the Privacy Policy, the Privacy Statements and the consents given by the Data Subjects and/or other purposes as required or permitted by the PDPA and/or any applicable laws. 7. Cross-Border Transfer Due to the nature of modern hospitality business, CGD Group may disclose or transfer the Personal Data in relation to the Data Subjects to the parties located overseas in which the destination countries may or may not have the equivalent level of protection for Personal Data protection standards. In any case, CGD Group takes steps and measures to ensure that the Personal Data is securely transferred, the receiving parties have in place an appropriate level of protection standards or other there are derogations as required or allowed by PDPA and other applicable laws. In the event that the destination countries do not have the sufficient data protection standards, CGD Group will ensure that the transfer of your Personal Data will be in accordance with the PDPA or other applicable laws. 8. Cookies Cookies are software which is stored in the CGD Group’s Websites & Applications and sent to the Data Subjects’ browser when using the CGD Group’s Websites Applications. The Cookies on the CGD Group’s Websites & Applications are used to identify and distinguish the users who have visited the CGD Group’s Websites & Applications and track their personal preference, which the data of the users shall be automatically collected by Cookies. These Cookies do not cause any harmful effects to the computer or transmit any viruses, Cookies otherwise help CGD Group to serve the users with personalized service or support, provided that its purposes of using are:
If the users, as the Data Subjects, disagree to the use of Cookies in automatically collecting the data while browsing the CGD Group’s Websites & Applications, the users can choose not to accept Cookies by visiting https://www.cgd.co.th/en/cookie-policy.html. 9. Log Files CGD Group may record log files from the Data Subjects visiting CGD Group’s Websites & Applications. Log files include IP address, browser type, internet service provider name, entry and exit pages, platform type, date/time stamp, and number of clicks. 10. Surveillance camera CGD Group uses surveillance cameras to capture footage of the visitors and the vehicles in and around the location of CGD Group for safety purposes including the prevention and detection of crimes. The surveillance cameras of CGD Group will detect the entrance, the lobby, the terrace, the parking lot outside of the buildings, the fence around the buildings and the area within the perimeter of CGD Group, which is accessible by the people throughout 24 hours. The surveillance system does not use sound recording. CGD Group ensures that live feeds and captures from the surveillance cameras will be observed by authorized person of CGD Group only. 11. Minors The minor means any person under the age of 20 years. CGD Group may not know the age of the Data Subjects visiting CGD Group’s Websites & Applications. The parents of the minors providing the Personal Data through CGD Group’s Websites & Applications, may request CGD Group to delete the Personal Data of such minors (if applicable). If CGD Group is aware that the Data Subjects are minors and such minors cannot act alone according to the Civil and Commercial Code, CGD group will, and without delay, proceed to obtain consent from the parents, if required by the PDPA. 12. Personal Data Security Measure CGD Group recognizes the importance of maintaining the security of the Data Subjects’ Personal Data. Therefore, CGD Group has implemented reasonable technical and organizational security measures to protect the Data Subjects’ Personal Data collected by CGD Group against unauthorized access, misuse, loss or destruction, which include control access, encrypted storage and storage with lock. 13. Personal Data Collected prior to PDPA’s Effectiveness CGD Group is entitled to continue collecting and using your Personal Data which has been collected before PDPA’s effectiveness in accordance with the original purposes. If you do not wish CGD Group to continue collecting and using your personal data, you may withdraw your consent at any time by contacting CGD Group or the Data Protection Officer as detailed in Paragraph 18. 14. Data Subjects’ Rights Where permitted by the PDPA or applicable laws and under the relevant criteria/requirements specified thereunder, the Data Subjects have the rights with respect to their Personal Data to:
The Data Subjects may exercise these rights by changing privacy preference, unsubscribing, or contacting CGD Group or the Data Protection Officer as detailed in Paragraph 18 below. The Data Subjects’ request to delete or anonymize the Personal Data, or request to restrict or object to the processing of the Personal Data could mean that CGD Group is unable to perform its obligations under an existing contract and unable to provide the Data Subjects with the services and products and/or to acts on the Data Subjects’ request. In the event that your withdrawal of consent will affect you in any manner, CGD Group or the Data Protection Officer will inform you of the consequences of such withdrawal of consent accordingly. For the Data Subjects’ privacy and security, CGD Group may refuse to comply with the request if (a) the person submitting the request does not have evidence to verify that he/she is the data subject or does not has the authority to submit such request (b) the request is not reasonable, e.g., the person submitting the request does not have the rights under the PDPA or does not have Personal Data in CGD Group’s possession (c) the request is excessive or vexatious, e.g., the request unreasonably repeats a previous request from the same person (d) CGD Group has compelling legitimate grounds to reject such request as required or permitted by the PDPA and/or any applicable laws. 15. Privacy Policy of other Websites The CGD Group’s Websites & Applications contain address links to other websites. This Privacy Policy applies only to the CGD Group’s Websites & Applications and CGD Group shall be solely responsible subject to the scope of this Privacy Policy. CGD Group shall not be responsible for any collection, storage, process, or disclosure of Personal Data, or the use of Cookies conducted by other websites which the Data Subjects access from the CGD Group’s Websites & Applications. Therefore, CGD Group would kindly suggest the Data Subjects carefully review the privacy policies of other websites before submitting any Personal Data. 16. Amendment and Review CGD Group may regularly review this Privacy Policy and the Privacy Statements from time to time to be in accordance with any amendments made to the PDPA and applicable laws. Amendments to this Privacy Policy and the Privacy Statements will be publicly announced on the CGD Group’s Websites & Applications or other available channels. 17. Miscellaneous This Privacy Policy and the Privacy Statements are governed by and shall be construed in compliance with the PDPA and the laws of Thailand. This Privacy Policy and the Privacy Statements are written in English and Thai language. In the event of any inconsistency between the English versions and Thai versions, the English versions shall prevail. 18. Contact Us: DPO Regarding all queries or awareness with respect to the Personal Data arising from this Privacy Policy, the Privacy Statements, or the activities of CGD Group, including the exercise of any rights as set out in Paragraph 14, please contact the Data Protection Officer of CGD Group at the below address: Data Protection Officer of CGD Group
This Privacy Policy is published on November 2021. |