- 2.Collection of Personal Data
- 3.Collection of Personal Data
- 4.Purpose of Personal Data Processing
- 5.To Whom Personal Data is Disclosed
- 6.Retention Period
- 7.Security Measures
- 8.Cross-Border Transfer
- 10.Security Camera (CCTV)
- 12.Collection of Personal Data before PDPA Becomes Fully Effective
- 13.Data Subjects' Rights
- 14.Exceptions to the Confidentiality of Personal Data
- 15.Amendment to the Privacy Notice
- 17.Contact Us
- Websites and Contact Details
Privacy Notice Siam Sindhorn Co., Ltd., and its group companies
Siam Sindhorn Co., Ltd. and its group companies including (without limitation) Sindhorn Kempin Co., Ltd., Sindhorn Maa-Lai Co., Ltd., Sindhorn Co., Ltd., Superior Cleaning Services Co., Ltd., Sindhorn Food Market Co., Ltd., Sindhorn Saneh Jaan Co., Ltd., Eiffel Cafe Co., Ltd., Sindhorn Management Co., Ltd., Sindhorn Residence Co., Ltd., Boriharnsubsin Co., Ltd., Siamsindhorn Land Co., Ltd., (collectively, "Company") recognize the importance of protecting the personal data. Therefore, Company has developed this "Privacy Notice" that covers how Company collects, uses, and discloses your personal data including how Company appropriately manages and secures the personal data. This Privacy Notice will apply to any persons who contact with the Company or those whose personal data is held by the Company which collected through both online and offline channels such as on-site visiting, browsing Company's websites, communicating on any applications, social media, or Company's employee. Company would like to thank you for your trust and please be assured that Company commits to treat all personal data with security and confidentiality in order to provide the best service for you.
"Personal Data" means any data relating to an individual which can identify such individual, directly or indirectly excluding the data of a deceased individual. There are 2 types of Personal Data which are:
- 1.1General Personal Data such as name, last name, address, email, and identification number.
- 1.2Sensitive Personal Data which are personal data that requires additional protection such as race, ethnicity, political opinions, health data, disability, labor union information, religion, genetic information, and facial recognition.
"Cookies" means small pieces of information or text issued from website to your computer or electronic device connected to the internet when you visit or use the website.
"Log" means a record of communication of any computer system; showing an origin, beginning, destination, routing, date, time, volume, period of time, type of services, or any other mean related to the use of computer, website, or application.
2. Type of Personal Data
- 2.1Company may, directly or indirectly, collect the Personal Data of you through the following:
- (a)Identity Data: such as name; last name; gender; age; date of birth; marital status; address; occupational; office address; zip code; email; details on government-issued identification card such as identification number; passport number; photo; credit card information/financial information; salary wages; vehicle and license plate data; and any other identity data that you provided to Company.
- (b)Contact Details: such as phone number; postal address; email address; Line ID; WhatsApp; WeChat; Facebook; and Instagram account or any other details with the similar nature; and other contact details.
- (c) Membership Data: such as gender; age; nationality; date of birth; marital status; interest; preference; interested products and services; hobby; social network preference; purchase and service history; and response.
- (d)Decision Making Details: such as reasons in choosing any products and services; budgeting; details of visiting any products and services.
- (e)Feedback Data Provided to Company by You: such as data provided through the questionnaire; data collected through conversations or surveys; data provided in order to join promotional campaigns; exhibitions or any other activities related to Company's business.
- (g)Sensitive Data: such as race; religion; dietary information; political opinions; biological information; fingerprint; facial recognition; person identity information (biometrics); eye recognition; health data; weight; height; allergy; medical records; and criminal records.
- (h)Financial Data: such as credit or debit card details; bank account details; source of fund; property records.
- (i)Employee Data: such as social security data; tax data; transcript record; employment record; salary rate; working performance; working time and leave.
- (j)Security Data: such as security camera (CCTV); vehicle and license plate data; and entry log.
- (k)Stakeholder Data: such as shareholding structure; details in power of attorney; share certificate details; debenture.
If you would like to use any services or product of Company, doing business with Company, or having any other business transactions with Company, Company will need the Customer' Personal Data in order to provide such services or products, enter into contract with the Customers, perform any obligations, or comply with any applicable laws. If you do not provide the Personal Data to Company, Company will not be able to provide such products or services, enter into contract with or perform any obligations with you and it might result to a breach of a contract with Company by you, or breach of applicable laws.
If you provide the Personal Data about other persons to Company, you affirm that this Privacy Notice has been reviewed by such persons and that such persons have given their consent regarding the processing of their Personal Data (if required). You have to present the documents evidencing that the above actions have been carried out as may be requested by Company.
- 2.2Company will only collect your Personal Data as necessary or for the purpose of collection and in accordance with the laws.
- 2.3Company may collect your Personal Data by converting it to an anonymous data. In case, our websites are connected or linked to third-party advertisement, the Privacy Notice of the third-party websites will be applied, and Company is not affiliated in any way.
3. Collection of Personal Data
Company may collect the Personal Data through you, other sources, from Company's group companies, business partners, or communications both online and offline as follows:
- 3.1Company's channels such as documents (both hard copies and electronic form), phone call, direct communication, Company's event, Company's products and services, job applications, or any other transaction with Company.
- 3.2Website or online platform such as surveys, promotional survey, subscription for promotional campaign, or inquiry. Company may collect your browsing behavior log from its websites and/or applications.
- 3.3Third-party channel such as agent, supplier, other services provider, or business partner such as Facebook, WeChat, Google, Line, WhatsApp, Instagram.
Company may also collect your Personal Data from other sources such as your family member or relatives, reference person, marketing agencies, recruitment agencies, corporate customers, vendors or stakeholders and other sources publicly available in offline and online databases.
4. Purpose of Personal Data Processing
- 4.1To operate normal business of Company such as preparing a marketing plan, analyzing data and marketing, processing survey, research and development of products and services, evaluating business operation and expansion, or creating products and/or services that might interested you.
- 4.2To communicate and notify any information relating to Company's project, product and service and to present projects that might interested you, including offering special promotion and marketing campaign of projects, products and services. In case of an online booking, Company may collect and use Personal Data as necessity to issue reservation documents.
- 4.3To maintain relationship between Company and you such as providing a complimentary birthday gift or organizing a birthday party in accordance with your preference.
- 4.4To conduct targeted and/or direct marketing such as to offer sales, updates and promotions of products and services pursuant to your preference and lifestyle, including the events that you might be interested in attending.
- 4.5To take photos or video footages of you at sale galleries and publish or advertise such photos and/or video footages on Company's website and applications or other platforms.
- 4.6To provide meals and/or other facilities pursuant to your food allergy or religion.
- 4.7To evaluate the suitability of you for the position considering your Sensitive Data such as criminal record and health data.
- 4.8To collect your Sensitive Data as necessary such as your identification card (which contains your religion and/or blood type) for verification of your identity before continuing the transaction.
- 4.9To comply with legal requirements such as PDPA, Thai Civil and Commercial Code, Revenue Code, Labour Protection Act B.E. 2541, Public Limited Companies Act B.E. 2535, Securities and Exchange Act B.E. 2535, Social Security Act B.E. 2533, Hotel Act B.E. 2547, Accounting Act B.E. 2543, Computer-Related Crime Act B.E. 2550, and Immigration Act B.E. 2522.
- 4.10 To comply with court orders and/or order from governmental authorities.
- 4.11 To conduct financial audit of Company and its group companies as required by law.
- 4.12 To review, evaluate and asses you (as a candidate) for the positions with Company, including to communicate with and interview them such as employee and salesperson.
- 4.13 To enter into a contract and fulfil the obligations and requirements under such contract.
- 4.14 To offer products and services, improve and development of both existing and future projects and services of Company, including customer relationship after such sales and services.
- 4.15 To provide personalized products and services.
- 4.16 To process your payments, refund, and issue invoices and receipts.
- 4.17 To response your request regarding projects which you are interested to acquire.
- 4.18 To administer and protect Company's business security
- 4.19 To authenticate and verify in order to proceed your request including to proceed any transaction related to projects, or products and services.
- 4.20 To prevent any loss, crime, fraud, or any unlawful act.
- 4.21 To conduct an investigation of anti-money laundering and transaction failure.
- 4.22 To conduct internal audit of business.
- 4.23 To proceed with debt collections.
- 4.24 To administer and solve technical problem on the Company's websites and applications and to improve Company's business.
- 4.25 To connect data between Company and its group companies for ordinary business operation.
- 4.26 To allow advisors, service providers, vendors, suppliers, contractors, sub-contractors to provide and supply Company with services and products.
- 4.27 To conduct, manage, and improve business operation and provide a good corporate governance.
- 4.28 To search and evaluate performance of director, employee, salesperson or any other person joining with Company.
- 4.29 To offer existing and future job positions.
- 4.30 To communicate with reference person which you have provided to Company such as former employer for background check before entering into employment agreement.
- 4.31 To contact your related person for any emergency case.
- 4.32 To enter into contract or communicate with corporate clients, supplier or any stakeholders by communicating through director or employee.
- 4.33 To take photos or video footages of you at any events launching by Company and publish or advertise such photos or video footages on Company's website and applications or other platforms.
- 4.34 To share your Personal Data for the purpose of merger and acquisition, business reorganization, insolvency, rehabilitation and similar proceedings of Company.
- 4.35 To evaluate any risks arising from an investment.
- 4.36 To collect Personal Data of the witness in agreements.
- 4.37 To prepare documents relating to historical or archive for public interest or statistic research.
- 4.38 To prevent or suspend a danger to life, body, or health of a person.
- 4.39 To proceed public work or as a result of the exercise of official authority.
5. To Whom Personal Data is Disclosed
- 5.1Within group companies.
- 5.2Company and its group companies' employee.
- 5.3Stakeholder of the Company.
- 5.4Agents, agencies, contractor, service providers who provide any services to Company and required to use necessary Personal Data, advisors such as lawyer, auditors, or business advisor.
- 5.5Financial Institution, third-party credit facilities institution.
- 5.6Governmental authority or administrative agency or any person which Company has to disclose Personal Data under any laws, regulations, or order related to the Company or under any agreements that the Company has made with government agencies or any other persons.
6. Retention Period
7. Security Measures
Company recognizes the importance of security of your Personal Data. Thus, Company has prepared a data storage system, policies, and security measures of your Personal Data that are appropriate and standardized.
8. Cross-Border Transfer
Because of the nature of the hospitality business, the Company may disclose or transfer Personal Data to Company's counterparties located overseas, in which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. The Company takes steps and measures to ensure that the Personal Data is securely transferred and that the receiving parties have in place an appropriate level of protection standards or omissions as allowed or required by PDPA and other applicable laws.
In case where the destination countries do not have the appropriate level of protection for Personal Data, the Company will ensure that such transfer is made with an appropriate level of protection as required by PDPA and other applicable laws.
Collection of cookies and similar technologies help Company's websites to remember you, such as remembering your name, account, password, or previous preferences. Cookies also help Company's websites remember your preferences and improve how Company's websites present the projects and/or services to you as well as helping Company to provide the best experiences through online channels or direct communications.
10. Security Camera (CCTV)
Company uses security camera (CCTV) to record photos or video footages of visitors and vehicles inside and around Company and other Company's properties for the purpose of security, prevention, and detection of crime. The CCTVs detect entrances, lobbies, balconies, indoor and outdoor carpark, fences, and areas within Company's properties which anyone can access 24 hours a day. The CCTVs may contain sound recordings. Nevertheless, Company ensures that recorded photos or video footages shall be accessible by an authorized person only.
Minor means all individuals aged under 20 years old. Since Company is unable to identify age of the Data Subject who is browsing websites or applications of Company, Parent of a minor; who provide minor's Personal Data to our websites or applications, may request Company to delete such minor's Personal Data (if any). When Company has acknowledged that such Data Subject is a minor and is not competent to act on his/her behalf according to Thai Civil and Commercial Code; if required by PDPA, Company may obtain parental consent for minor as soon as possible.
12. Collection of Personal Data before PDPA Becomes Fully Effective
Company shall have right to continue collecting and using your Personal Data; which have been collected before PDPA becomes fully effective, within the scope of the original purposes. If you do not wish the Company to continue using your Personal Data, you may withdraw your consent at any time by contacting Company or Data Protection Officer as detailed in Clause 17 below.
13. Data Subjects' Rights
- 13.1Access: You may have the right to access or request a copy of the Personal Data, which Company is collecting, using, or disclosing about yourself, including to disclose the acquisition of the data subjects' Personal Data which Company obtained without consent. For your own privacy and security, Company may require you to prove your identity before proceeding with your request.
- 13.2Data Portability: You may have the right to obtain your Personal Data, which Company holds, in a structured, electronic format, and to send or transfer such Personal Data to another data controller, where this is (a) your Personal Data, and (b) if Company is collecting, using or disclosing such Personal Data on the basis of your consent or to perform a contract with you.
- 13.3Rectification: You may have the right to rectify incomplete, inaccurate, misleading, or not up-to-date Personal Data which Company collects, uses, or discloses.
- 13.4Withdraw Consent: For the purposes of consent, which you have given to Company for the collecting, using or disclosing of your Personal Data, you have the right to withdraw such consent at any time.
- 13.5Objection: You may have the right to object the collection, use, and disclosure of the Personal Data in certain circumstances, including the case where Personal Data is being processed under the basis of public interest and legitimate interest or for the purposes of direct marketing and/or scientific, historical or statistic research.
- 13.6Restriction: You may have the right to restrict the processing of the Personal Data in circumstances where you have contested the accuracy of the Personal Data, for the period enabling Company to verify its accuracy.
- 13.7Deletion ('right to be forgotten'): You may have the right to request that Company delete, destroy or de-identify Personal Data which Company collects, uses or discloses about you, unless Company is not obligated to do so, or if Company needs to retain such Personal Data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
- 13.8File a complaint: You have the right to file a complaint with the Personal Data Protection Committee, if you believe that there is violation of the PDPA.
You may exercise these rights by change your privacy preference, unsubscribe, or contact Company or Data Protection Officer as detailed in Clause 17 below.
Your request to delete or anonymize the Personal Data, or request to restrict or objection to the processing of the Personal Data could mean that Company is unable to perform its obligations under an existing contract with you, unable to offer you products or services and/or acts on your request.
In the event that your withdrawal of consent will affect you in any manner, Company or the Data Protection Officer will inform you, as a case maybe, of the consequences of such withdrawal of consent accordingly.
For your privacy and security, Company may refuse to comply with the request if: (a) the person submitting the request does not have evidence to verify that he/she is the data subject or does not have the authority to submit such request; (b) the request is not reasonable such as the person submitting the request does not have the rights under the PDPA or does not have Personal Data in Company’s possession; (c) the request is excessive or vexatious such as the request unreasonably repeats a previous request from the same person; or (d) Company has compelling legitimate grounds to reject such request as required or permitted by the PDPA and/or any applicable laws.
14. Exceptions to the Confidentiality of Personal Data
Any of the following cases shall not be deemed an offense to the Privacy Notice
- 14.1The Personal Data that has been disclosed to the public at the time you disclose such Personal Data to the Company or that is publicly disclosed which is not the fault of the Company or its group companies;
- 14.2The Personal Data has been disclosed in accordance with your consent or permission by any other means; or
- 14.3The Personal Data has been disclosed as it is necessary or required by laws, order, rules, regulations, court orders, or governmental agency, or other necessities.
15. Amendment to the Privacy Notice
Company reserves the right to review and amend this Privacy Notice; either whole or in part, without prior notice. In this regards, any amendment will be applied when Company has published amended Privacy Notice on our website https://siamsindhorn.com/privacy
17. Contact Us
Regarding all queries or awareness with respect to the Personal Data arising from this Privacy Notice, or the activities of Company, including to the exercise of any right as set out in this Privacy Notice, please contact Data Protection Officer of Company at the below address
- AttentionData Protection Officer
- AddressSiam Sindhorn Co., Ltd. 130-132 Sindhorn Building Tower 1, 4th Floor, Wireless Road, Lumpini, Pathumwan, Bangkok 10330
- Last edited on 29 June 2022
Annex 1. Websites and Contact Details
Websites owned or controlled by Siam Sindhorn Co., Ltd.
LINE Official Account
- 1.Sindhorn Village
- 2.Sindhorn Food court
- 3.Sindhorn Building
- 4.Velaa Langsuan
- 5.The Old Siam BC
- 6.The Old Siam Plaza
- 7.Cafe Eiffel
- 8.Polo Football Park