Personal Data Protection Act – PDPA POLICY
As part of our services, Phuket-Go (hereinafter the “Company”, “we”, “us” or “our”) [www.phuket-go.com] collects and processes personal data relating to the User (Hereinafter “You” or “Your”). The organization is committed to being transparent about how it collects and uses that personal data of users and to meeting its data protection obligations. The provisions of the Personal Data Protection Act (PDPA) will apply to personal data from which any living individual is identified or identifiable (by anyone) whether directly or indirectly.
PLEASE READ THIS POLICY CAREFULLY BEFORE SUBMITTING YOUR PERSONAL DATA THROUGH OUR WEBSITE OR ACCESSING, BROWSING OR OTHERWISE USING OUR WEBSITE. IF YOU SUBMIT YOUR PERSONAL DATA ON OUR WEBSITE, YOUR DATA WILL BE PROCESSED AS PER TERMS OF THIS POLICY.
The need to retain data varies widely with the type of data. Some data can be immediately deleted and some must be retained until reasonable potential for future need no longer exists. Since this can be somewhat subjective, a retention policy is important to ensure that the Company’s guidelines on retention are consistently applied throughout the organization.
The purpose of this policy is to specify the Company’s guidelines for retaining different types of data. This policy sets out the obligations of company regarding data protection and the rights of User in respect of their personal data under the Personal Data Protection Act (the “Act”).
a) Personal Data: means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
b) Data Controller: means a Person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data;
c) “Data Processor” means a Person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such Person or juristic person is not the Data Controller;
d) Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing;
e) Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
This policy sets out the procedures that are to be followed when dealing with personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company. We are committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
The scope of this policy also covers all data stored on Company-owned, Company-leased, and otherwise Company-provided systems and media. Note that the need to retain certain information can be mandated by local, industry regulations and will comply with Personal Data Protection Act. Where this policy differs from applicable Act, the provisions specified in the Act will apply. Please take the time to read and understand this Policy so you can understand how we use your personal data.
5. THE DATA PROTECTION PRINCIPLES
This policy aims to ensure compliance with the Act. The Act sets out the following principles with which any party handling personal data must comply. The Data Controller shall have the following duties:
- process all data lawfully, fairly, and in a transparent manner in relation to the data subject; and
- provide appropriate security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of Personal Data, and such measures must be reviewed when it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety; and
- collected all data for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; and
- every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay; and
- data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the Act in order to safeguard the rights and freedoms of the data subject; and
- in the circumstance where the Personal Data is to be provided to other Persons or legal persons, apart from the Data Controller, the Data Controller shall take action to prevent such person from using or disclosing such Personal Data unlawfully or without authorization; and
- Put in place the examination system for erasure or destruction of the Personal Data when the retention period ends.
6. ACCURACY OF DATA
The Company shall ensure that all personal data collected and processed is kept accurate and up-to-date. The accuracy of data shall be checked when it is collected and at regular intervals thereafter. Where any inaccurate or out-of-date data is found, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.
7. USER TESTIMONIALS AND COMMENTS
We post user testimonials and comments on our website, which may contain Personal Information. You hereby give your consent for posting your name and testimonial/comments.
8. USE OF PERSONAL DATA
When you visit our website, you may be asked to enter your personal details including full name, email, and website for posting your comment. We collect information about you if you make use of any of the interactive features within our website that rely on a personalized response, or where you ask us to respond to a query you have. The information we collect is limited to the details we need to provide the specific service you have asked for. We do not collect sensitive information, such as your political or religious beliefs, ethnic background, sexual preference or any other sensitive information. The types of information we collect includes:
- Name, E-mail, Website URL; and
- Other personal information in content you provide to us, such as through emails you send us
A. Information that you voluntarily provide to us: You can visit our website without sharing your name and contact information. In certain places on this website, you may be asked to provide your name and contact information to post your comment on our website. However, if you do not provide details that are essential, it would be impossible to use all of the features and functions of the website and/or to benefit from our services.
B. Information collected automatically: When you visit our website, our information technology systems automatically collect information about the equipment you are using and about your use of our website and services. Examples of the information we collect and analyze include the Internet Protocol (IP) address used to connect your mobile/computer to the Internet and your mobile/computer and connection information (for example, browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform). We may also use browser data such as cookies for fraud prevention and other purposes. We may use software tools to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (for example scrolling, clicks, and mouse-over), and methods used to browse away from the page. We may also collect technical information to help us identify your device for fraud prevention and for dealing with diagnostic purposes relating to our website. We also use Google Analytics to help us understand how our customers use the Site.
We may use the information described above to:
- send you promotional materials, newsletters and other communications;
- Serve you relevant offers and ads;
- respond to your inquiries;
- perform data analyses (including market and consumer research, economic impact analyses, demographic analyses and aggregation of personal information);
- operate, evaluate and improve our business;
- protect against, identify and prevent fraud, copyright infringement, unauthorized use and distribution of protected content and other criminal activity; and
We also may use the information in other ways for which we provide specific notice at the time of collection.
9. WHAT ARE COOKIES
We, as well as most sites on the Internet, uses “cookies” to enhance your experience on the web. We cannot use these cookies to personally identify you in any way. A cookie is a small piece of information that is sent to your browser from a World Wide Web server. This block of data can be anything, a unique user ID generated by the server, the current date and time, the IP Address of where the browser is logged onto the net or any other chunk of data that you want. After a browser receives a cookie it will then send that cookie to the server that set it whenever it is appropriate and required/requested. The browser will only send the cookie to the server that originally set it. This means that the server can’t tell if your browser has cookies that other sites have sent.
- Support the functioning of our websites;
- Enhance your experience on our websites by remembering your preferences (including recent searches);
- Understand how our websites are functioning and inform improvements to our websites and services; and
- Gather data that helps us to deliver information relevant to your interests.
11. HOW TO MANAGE COOKIES
You can manage cookies on your computer or device through your browser settings. Please refer to your browser’s “help” section for more information on how to delete saved cookies and allow or block cookies.
12. USE OF GOOGLE ANALYTICS
13. DATA WE SHARE
14. DATA PROCESS AND CONSENT
We need to process data to take steps at your request. We may also need to process your data to enter into an agreement with you. In some cases, we need to process data to ensure that we are complying with its legal obligations. Company has a legitimate interest in processing personal data during the service process and for keeping records of the process. Processing data allows us to manage the service process. We may also need to process data received from user to respond to and defend against legal claims.
Company may keep your personal data on its server for any specific purpose. We will ask for your consent before we keep your data for any specific purpose and you are free to withdraw your consent at any time.
We may use your Personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send.
16. DATA ACCESS
Your data may be shared internally. This includes employees involved in the service process and IT staff, if access to the data is necessary for the performance of their roles.
17. DATA PROTECTION
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees or partners in the proper performance of their duties. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
18. HOW SECURE IS DATA YOU GIVE US?
Our Website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our website as safe as possible. We use regular Malware Scanning. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the data confidential. We implement a variety of security measures when a user enters, submits, or accesses their data to maintain the safety of their personal data.
19. DATA RETENTION
The criteria used to determine the period of storage of personal data is the respective statutory retention period (i.e. 10 Years). At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.
20. DATA TRANSFERS
Sometimes, we transfer data to 3rd party contractors including persons in other location or country assisting us in operating our website. By giving us your personal data, you consent to such disclosures. Where we transfer data to persons in other Location or Country, we believe that the recipients of such data are subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the data that are similar in all material respects to international laws. We will protect that data as described in this Policy and will comply with applicable legal requirements providing adequate protection for the transfer of personal data to recipients in other location or countries other than the one in which you provided the information.
21. YOUR RIGHTS
As a data subject, you have a number of rights. If you would like to exercise any of these rights, please contact us. You have following rights:
- Right to Request Access to and Obtain Copy of the Personal Data – The Data Controller shall fulfill the request without delay. The request can be rejected only where it is permitted by law or pursuant to a court order and such access and obtaining a copy of the Personal Data would adversely affect the rights and freedoms of others. In the case where Data Controller rejects the requests, the Data Controller shall record its rejection together with supporting reasons;
- Right to Receive the Personal Data – The Data Controller shall arrange such Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means;
- Right to Object (the Collection, Use, or Disclosure of the Personal Data) – In the event that the data subject exercises his or her right to object, the Data Controller shall no longer be able to collect, use, or disclose such Personal Data, and the Data Controller shall immediately distinguish such personal data clearly from the other matters at the time when the data subject gives the notice of objection to the Data Controller;
- Right to Request – to the Data Controller to erase or destroy the Personal Data, or anonymize the Personal Data to become the anonymous data which cannot identify the data subject;
- Right to Request – the Data Controller to restrict the use of the Personal Data;
22. YOUR STATUTORY OBLIGATION
You are under no statutory or contractual obligation to provide data to us during the service process. However, if you do not provide the information, we may not be able to provide our services to you properly or at all.
23. CHILDREN’S PRIVACY
This Site is not intended for use by children under the age of 10. Minors (10 – 18 years of age) should handle their personal data under the supervision of their guardians. The Site does not knowingly collect or store personal data from children under the age of 10. If you have concerns about this Site or its services, if you believe that your child has gained access to our website without your permission, you may contact us.
24. LINKS TO OTHER WEBSITES
From time to time, our website may contain links to and from websites of our partner networks, advertisers, social media sites etc. If you follow a link to any of these websites, please note that these websites/apps may have their own privacy notices and that we do not accept any responsibility or liability for any such notices. Please check these notices, where available, before you submit any personal data to these websites/apps.
No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date. We may update this Policy from time to time by posting a new version online. You should check this page occasionally to review any changes in Data Protection Laws.
26. IDENTITY AND CONTACT DETAILS OF CONTROLLER & PROCESSOR
Controller & Processor: Controller and Processor for the purposes of the Personal Data Protection Act (PDPA) and other provisions related to data protection are:
73, 20, KO KAEO, MUEANG PHUKET DISTRICT,