คำสั่ง
ที่ คส.คกก. 004/2564
Privacy Policy
PRG Corporation Public Company
PRG Corporation Public Company Limited respects and attaches great importance to the right to privacy and protection of the personal data of our customers, vendors, business alliances, and stakeholders. We are committed to protecting customer data when collecting, using, disclosing, transmitting and/or transferring their personal data to other people, from data misuse and to maintaining the safety and security of such data according to international standards in order to gain customer trust and confidence in handling their personal data. Therefore, we have prepared this policy as follows:
-
1. Definitions
In this Privacy Policy, the following words or expressions shall have the meaning as follows:
"Customer" or "you" or "your" means an individual customer, buyer or user of the Company’s services, including the Company's website, application or other services. This shall include an individual vendor, business partner, and stakeholder except Company employees. "Company" or "we", "us" or "our" means PRG Corporation Public Company Limited "MBK Group Companies" means companies in which PRG Corporation Public Company Limited holds shares in every level, both directly and indirectly, representing not less than 20% of their paid-up capital. "Website" Means a Website owned or provided by PRG Corporation Public Company Limited, as the case may be. "Application" Means Applications provided by PRG Corporation Public Company Limited, and this Privacy Policy applies to Applications that have been modified, updated or added by the Company unless the said modified, updated, or supplemented Applications are subject to terms and conditions separate from this Privacy Policy. "Data Controller" means the Company that obtains personal data from or provides services to customers or has to act or perform under a contract with customers and has the power to make decisions regarding such particular personal data. "Data Protection Officer" means the officer appointed by the Data Controller to act as the Data Protection Officer in accordance with the Personal Data Protection Act B.E. 2562 "Data Processor" means the person who processes personal data for the Company. "Personal Data" means information about a person that is capable of directly or indirectly identifying that person in accordance with the Personal Data Protection Act B.E. 2562 "Business Alliance" means a business alliance of or who works in collaboration with the Company. -
2. General
This Privacy Policy is prepared to provide details and the procedures to protect and manage your Personal Data. The Company may from time to time update or revise this Privacy Policy either in whole or in part including those that are specifically set forth in any part of this Website or Application, to make it correspond with the changing service guidelines and regulations of the law. Therefore, you are advised to keep abreast of this Privacy Policy. The Company will publish changes to this Privacy Policy on this Web page or Application. If there is any significant change to our Privacy Policy, we will inform you without delay.
This Privacy Policy is intended to apply to
- 1) Granting of shopping center services, real estate rental, space rental, space services for commercial purposes, hotels, restaurants and services of the company.
- 2) Registration for use of the Application;
- 3) Use of our services or purchase of our products, access to and use of any content, features, technology or functionality featured on this Website or Application;
- 4) Other related services including the Company’s other services both currently existing and those to be developed or provided in the future; and
- 5) Services to holders of all types of securities of the Company, creditors, business alliances and stakeholders of the Company except Company employees.
-
3. Personal Data collection
We collect data in a number of ways, including using technologies, such as cookies, which are small pieces of information stored on your devices that enable the Website or Application to remember access to the Website or Application or how you use the Website or Application each time (additional information about cookies) The data about you that we collect includes:
-
3.1 Data that you directly provided to us We will collect only the Personal Data that is necessary for us to provide services to you, to undertake or perform under a contract or to comply with the law. We will collect the data that you sent to us, for example, the data that you enter when registering for or requesting our services, data used to apply for or request services and information on participating activities, survey data, user’s account, data that you have modified or updated in your user’s account, data obtained when you contact us or our team or data obtained from other accounts which we have a reason to believe that they are under your control, all kinds of information displayed on your user’s profile and subscription pages, such as title name, first and last names, ID card number, passport number (for foreigners), ID card code, date of birth, gender, nationality, income, contact address, contact mobile phone number, E-mail address, social network accounts: Line or Facebook account, photos, account information, interest, employment, signature, all comments that you have posted on the Website, etc
For Personal Data for which consent is required by law before collection, we will collect such data only as needed with your consent unless there is a statutory exception that allows us to collect the data without your consent.
When we provide services or perform any act for the purposes for which your Personal Data is collected, we sometimes needs to collect, use or disclose sensitive Personal Data, such as race, ethnicity, political opinions, creed, religious or philosophical beliefs, sexual behavior, disability, labour union information, genetic information, biometric data, in which case we will notify you and ask for your consent to collect, use or disclose that sensitive Personal Data for each respective purpose except for the collection, use or disclosure of sensitive Personal Data that is allowed by law without your consent.
-
3.2 Data obtained from the services you use The Company will collect data about the services you use and how you use them, such as audio and video data, devices you used to access the Website or Application, computer traffic data (log), communication between you and other users, use record data, for example, a device identifier, a computer's internet protocol address (IP Address) number, device identification code, device type, mobile network data, connection data, geographic location information (location) using positioning technology, such as IP address, global positioning system (GPS), web browser, log data, referring websites, log history, login log data, transaction log data, customer behavior, history of reward redemption or use of benefits, Website visit statistics, access time, search or visit data, information on the use of social media, various functions on the Website and the data we collect through cookies or other similar technologies, etc.
We also install CCTVs in the common area of the building and at the building entrance for security purposes. When you communicate with us or our team, audio or video is recorded, or details of communicating with us may be recorded by other means.
The above are just examples. We collect your Personal Data only as necessary depending on the type of Personal Data and the purpose for which it was collected. Currently, we have set the maximum data retention period at 10 years from the date you cancel the service or the contract with the Company ends. After the end of the retention period for each respective data, we will destroy the Personal Data we collected for the purposes of collection and use as specified in Clause 4.
-
-
4. Purposes of use or disclosure of collected Personal Data
The Company uses or discloses the collected Personal Data for the following purposes.
- 4.1 To ensure that the services are used in an orderly manner and in accordance with the applicable laws, rules and regulations including for compliance with legal obligations and rules relating or applicable to the Company both now in force and those to be amended or added in the future.
- 4.2 To verify your identity or identify you when accessing the services, entering into contracts, performing the contracts and providing services to you to ensure that the aforementioned services and all communications from the Company are secure and confidential.
- 4.3 To verify information on the services you use in accordance with the safety and security standards for the service system, management and protection of information technology infrastructures. We may use your Personal Data only as necessary and may encrypt the data before use and/or conduct random checks and testing against third-party access for risk management, detecting, preventing or eliminating fraud or other activities that may violate the law, related regulations or the terms and conditions of use of our Website or Application and to improve and develop safety standards and system security.
- 4.4 To develop products and services and increase efficiency in providing services to you.
- 4.5 To contact you via social media network, telephone, SMS, e-mail, postal mail, or through any other channel for inquiries or informing you of or checking and verifying your account information or feedback survey or informing you of information related to our services to the necessary extent.
- 4.6 To process and analyze any other benefits associated with the Company's business operations, such as for setting up and managing accounts, delivering marketing communications and educational activities, research, preparing statistics, surveying, researching and developing products and services, improving services, preparing and delivering marketing or advertising information within the Group or for relevant targets including content delivery, advertising and public relations, activities and promotions as well as providing appropriate advice in order to customize services to meet your interests, personalize business content, or user experiences, prevent fraud as well as complying with the law and internal audit requirements.
- 4.7 To prevent or avoid any danger to your life, body or health including your property or where it is necessary for us to perform our duties for the public interest or for exercising the power of the state given to us or our employees or representatives or to comply with the law.
- 4.8 To engage in co-marketing activities with the MBK Group, subject to the prior consent of the data subject for the purposes of 1) communicating, giving information or recommending products or services 2) offering promotional items, marketing activities, discounts, promotions and benefits from the Company and/or our Business Partners, and 3) data processing and analytics, customer profiling in order to offer a good or appropriate personalized experience, or that which may be of your interest through the Loyalty/Reward Program.
-
5. Disclosure of Personal Data
We will not disclose the Personal Data to third parties without your consent unless there are legal exceptions that allow us to collect, use or disclose the Personal Data without your consent. However, for the purposes of providing services to you and/or supporting our business operations and/or for any other purposes as described in this Privacy Policy, we will disclose your Personal Data including disclosure to the MBK Group Companies or Business Alliances who work in collaboration with us or other persons who have to work for us or Customers both in Thailand and abroad, for example, the persons hired by the Company to perform any operations involving your Personal Data so as to use your Personal Data to enhance services to you or to improve and develop service models and access to content on the Website, for the security of the Website or the Application and networks served by the Company or for the benefit of the Company's operations provided that we will ensure that the persons to whom the Personal Data is disclosed will implement measures to keep your Personal Data safe and confidential and not use it for any purpose other than those within the scope prescribed by the Company.
If you believe that the above persons to whom the Company discloses your Personal Data have used the data for purposes outside of the scope prescribed by the Company, you can notify us for further action. We recommend that you also examine along with the Company to find out whether or not you have directly accessed the websites, products or services of the Company's business partners or other persons, without involving the Company’s services or operations. This is because such service providers or other persons may have directly collected your Personal Data and information on the services that you use when you access their websites, products or services. If that’s the case, the Company cannot be held responsible for the security or privacy of any of your Personal Data collected by the websites, products or services of such other service providers or persons. You are therefore advised to exercise caution and review the privacy policies of the websites, products and services of those service providers or others. In addition, we will disclose your Personal Data under the regulations stipulated by law, such as disclosure to government agencies, government authorities, regulatory agencies responsible for services or customers. This also extends to a request for disclosure by virtue of law, such as requesting information for prosecution or legal action or a request from a private agency or other third parties involved in legal processes, the case where it is reasonably necessary to enforce the Company's terms and conditions of use and the disclosure of Personal Data. Also, in the event of an organizational restructuring, mergers and acquisitions, divestiture, sale of certain assets, we may transfer all or part of your Personal Data that we collected to related companies. You can check the Website for the list of the MBK Group Companies or Business Alliances who work in collaboration with other companies or individuals, both local and overseas, who have to work for companies or Customers to whom we disclose your Personal Data. The MBK Group Companies or Business Partners working with other companies or individuals who work for both domestic and international companies or clients may vary, therefore we will always keep the list updated.
-
6. Access and update of Personal Data
- 6.1 If you do not wish to receive any news or information from the Company, please inform MBK Contact Center at (66) 2853-9000 or send an E-mail to pdpa@prg.co.th
- 6.2 In the following circumstances, you can fill out the form, "Request for the exercise of rights in relation to Personal Data" and notify us to consider and act upon your request through the contact channels specified in Clause 12:
- 6.2.1 you believe that we have collected your Personal Data and you would like to access or be informed of the details or obtain a copy of the collected Personal Data;
- 6.2.2 you would like to us to update your Personal Data to make it accurate, complete and up to date.
- 6.2.3 you would like us to temporarily suspend the use of your Personal Data;
- 6.2.4 you wish to object to the collection, use or disclosure of the Personal Data relating to you including to object to the processing of your Personal Data.
- 6.2.5 When you would like us to erase your Personal Data from our system or our customer database;
- 6.2.6 you would like to withdraw the consent that has been given to us for the collection, use or disclosure of your Personal Data;
- 6.2.7 you would like to be informed of the existence, characteristics of your Personal Data and purposes for which we use your Personal Data;
- 6.2.8 you would like us to disclose the acquisition of the Personal Data that is related to you in the event that you have not consented to the collection; we will consider and notify you of the result of consideration of your request within 30 days from the date we receive your request. However, we may reject your request for the exercise of your rights under the conditions stipulated by law. If we do so, we will record the rejection with reasons.
- 6.3 If you do not consent us to collecting, using or disclosing certain types of Personal Data or would like us to erase your Personal Data from our system or if you withdraw the consent that you have previously provided, we may not be able to process your request or provide the services to you or the services we provide you may be limited or may not be as effective as expected.
- 6.4 We will exercise our best efforts in the capacity of the relevant work systems to facilitate and fulfill your requests unless it appears that the processing of your request risks violating the privacy policies of other users or, the law, or the system security policy or it is impossible to perform according to the request.
- 6.5 If you believe that we have collected, used and disclosed your Personal Data, you can, if wishing or if having any questions, exercise the following rights under the Personal Data Protection Act, B.E. 2562 (2019).
- 6.5.1 Right to be informed
- 6.5.2 Right to withdraw consent
- 6.5.3 Right of access
- 6.5.4 Right to rectification
- 6.5.5 Right to erasure
- 6.5.6 Right to restrict processing
- 6.5.7 Right to data portability
- 6.5.8 Right to object
- Please contact us or submit a request to us via the contact channels provided in Clause 12.
-
7. Security measures for the storage of Personal Data
The Company takes the security of your Personal Data very seriously. We use a range of security measures including a safe and appropriate system to collect, use or disclose Personal Data, to protect your Personal Data against loss, unauthorized use, access, modification or disclosure. Also, we limit access to your Personal Data to our employees, agents, contractors and third parties who have a need to obtain the data and oblige them to only process your Personal Data under the conditions set forth by the Company.
In addition, we will keep the Personal Data for the purposes of which we have notified you, as the data subject, and in accordance with the law. If we hire a third party to process your Personal Data, we will select a company whose data protection system meets the required standard and enter into an agreement with them regarding the storage of Personal Data in accordance with the Company privacy policy as well.
If a breach of your Personal Data occurs, we will notify the Office of the Personal Data Protection Commission without delay and within 72 hours of the knowledge of the cause as far as possible unless the breach poses no risk, affecting your rights and freedoms. Where the breach carries a high risk, affecting your rights and freedoms, we will notify you of the breach with remedial guidelines without delay.
-
8. Linking to third-party websites, applications, products and services
The Company's Website may contain links to third-party websites, products and services. Those third parties may collect certain information about the services that you use. The Company cannot be held responsible for the security or privacy of any of your personal data collected by such third party websites, products or services. Therefore, you should exercise caution and review the privacy policies of those third party websites, products and services.
-
9. Application of Personal Data Protection Policy
This Privacy Policy applies to all Personal Data collected, used and disclosed by the Company. You agree and acknowledge that the Company has the right to collect the Personal Data and use or disclose the collected Personal Data (if any) as well as your Personal Data currently collected by the Company and that to be collected in the future, to other parties within the scope of this Privacy Policy.
- 10. Policy review
With good governance and social responsibility, the Company and relevant departments will review this Privacy Policy at least once a year.
- 11. Governing law and jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of Thailand and the Thai court shall have the jurisdiction to decide any disputes that may arise.
- 12. Contact channels
If you have any queries or questions about the Privacy Policy, you can contact us through the following channels:
Contact address: MBK : PRG Corporation Public Company Limited 88 Moo 2, Tiwanon Road, Tumbol Bangkadee, Amphur Mueng Pathumtani 12000 or PRG Contact Center: (66) 2501-2175 or E-mail: pdpa@prg.co.th
The Company has assigned and appointed Mr.Apichart Supadej to act as the Data Protection Officer to have the power and duties of the Data Protection Officer as stipulated by the Personal Data Protection Act, B.E. 2562 and to act as the Company’s Data Protection Coordinator.
Office of the Personal Data Protection Committee
Contact address: 7th Floor, Rattaprasasan Phakdi Buildi g, 80th Anniversary Government Center, Chaengwattana Road,Thung Song Hong Sub-District, Lak Si District, Bangkok 10210The resolution of the Board of Directors announced on August 8, 2021
Mr.Somkiat Makcayathorn
CEO & Managing Director