Privacy Policy

     In order to act in a transparent manner in relation to the activities of collection, use, disclosure and/ or overseas transfer of personal data in compliance with PDPA, SW Tech and Media Company Limited (the “Company” or “we” or “us” or “our”) has provided the privacy policy to the customers as follows:

Categories of the data subject under this privacy policy are as follows;

• Individual customers of the Company include individuals who are using or have used products or services, persons who contact for inquiry, persons who receive information about products or services through various media, and persons who have been offered products or services or persuaded to use or receive products or services by the Company.
• Individuals who are associated with the Company’s corporate customers, such as representatives of legal entity, shareholders (individual), contact persons, authorized persons, employees, staffs, personnel, and other persons related to the Company’s corporate customers, including any other individuals whose personal data have been disclosed to the Company by the Company’s corporate customers for the purpose of conducting transactions with the Company (“Persons related to corporate customers”).
• The Company’s investors and shareholders of the Company, board of directors, executives, or advisors (“Persons having relationship with the Company”)
• Any other individuals that have any form of relationships with the Company or give personal data to the Company by any means (“Persons contacting the Company in other respects”) (collectively called “you” or “your”).

This Privacy Policy will apply to the collection, use, disclosure and/or overseas transfer of your personal data. The Company may collect such personal data through various channels, for example, websites, mobile applications, online social networks (e.g., LINE, Facebook, and Twitter), telephone, fax, online communication channels (e.g., email), one-to-one communication, letters, questionnaires, business cards, postcards, meetings, events, customer visits, or from other sources (e.g., online platforms or other public sources), or through affiliated companies, subsidiaries, selected business alliances, government agencies, third parties, and other places and/or other communication channels whereby the Company collects your personal data. Please read this Privacy Policy along with the terms and conditions of the services you use, which may have separate terms regarding the collection, use, disclosure, and/or overseas transfer of your personal data.

1. The Company’s procedures for the collection of personal data

   1. Personal data collected by the Company

      1. Personal data means any information related to you which can directly or indirectly identify you (excluding the deceased’s information) as specified in Clause
      2. Sensitive personal data means personal data which is classified as sensitive personal data according to the law. The Company may, only in case where strictly necessary and inevitable, collect sensitive personal data, including the followings:
         1. Biometric data (e.g., fingerprints, biometrics, face recognition data)
         2. Sensitive personal data as appeared on identification documents or supporting documents for transaction and/or juristic acts, contracts, or supporting documents for the use of products and/or services (e.g., religion, race, disability)
         3. Information related to health and/or disability
         4. Criminal records information In this respect, the Company will collect, use, disclose and/or transfer your sensitive personal data overseas only when the Company receives an express consent or when it is legally permissible.

   2. Categories of customers and personal data which are collected by the Company

      The Company may collect your personal data. The types of personal data collected by the Company depend on the relationship between the Company and you, the types of products or services that you want to receive from the Company, and the types of your personal data. The details are as follows:

      1. Individual customers, Persons having relationship with the Company.

         1. Personal information, e.g., title, first name, last name, gender, date of birth, age, weight, height, blood group, nationality, country of birth, signature, family status, marital status, number of children, information relating to documents issued by government agencies (e.g., ID card, passport, government employee ID card, taxpayer identification number, details of driver’s license, etc.), information on a change of name certificate or related documents, documents relating to foreigners, work permit, certificate of residence, land title deed, photograph, recordings of telephone conversation, recordings and data produced by the closed-circuit television cameras, political status, documents relating to visa, and other legal documents.
         2. Educational information, e.g., educational background, education degree.
         3. Work information, e.g., occupation, position, job description, type of business, type of organization, years of service, workplace, social security information, personal information appearing on other related documents, such as business documents, commercial registration, certificate of value added tax registration (Por.Por.20), company certificate, and corporate income tax payment certificate.
         4. Contact information, e.g., postal address as appeared on ID card or house registration certificate, present postal address, present office postal address, delivery details, telephone number, fax number, map, location information, email address, LINE ID, and Facebook account, and your other IDs on online social network websites.
         5. Information related to services provided to you, e.g., types of products or services you selected, details as specified in the application form for using products or services of the Company, information required for data created for the Company’s internal use, information about relationships with the company’s employees or with other companies, data access permission, and information in power of attorney, state welfare card number, any other information required in the application form for using products or services of the Company.
         6. Technical information, e.g., internet protocol address.
         7. Details of behavior, e.g., details of your behavior, ways of living, attitude, information relating to other interactions, and facts about your actions with products or services, your feedback and opinion towards the types of products or services you receive, details of your claims and complaints.
         8. Details of marketing and communication, e.g., your preferences for receiving marketing information from the Company, affiliated companies, subsidiary companies, third parties, selected business alliances, and communication preference.

      2. Persons related to the Company’s corporate customers and Person contacting the Company in other

         1. Personal information, e.g., title, first name, last name, date of birth, age, nationality, signature, marital status, information about documents issued by government agencies (e.g., ID card, passport, etc.), recordings and data produced by the closed-circuit television cameras.
         2. Work information, such as occupation, position, job description, type of business, type of organization, years of service, workplace, data access permission level, personal information appearing on other related documents, such as list of shareholders, power of attorney, certificate of the corporate’s authorized persons
         3. Contact information, e.g., postal address on ID card or house registration certificate, present postal address, present office postal address, telephone number, fax number, and email address

      3. Personal data of third party

         If you provide the Company with personal data, such as first name, last name, address, telephone number of emergency contact and debt collection, and income of a family member, of third parties, such as guarantors, executives, authorities, authorized persons, directors, shareholders, staff members, employees, settlors and trustees, representatives, persons in the control line or ownership, co-owners, and other persons who are not customers of the Company, and any other persons that you have relationship with respect to your relationship with the Company, please inform them of this Privacy Policy for acknowledgement and request consent if necessary or as required by law for disclosure of personal data of third parties to the Company.

      4. Personal data of minors, quasi-incompetent persons and incompetent persons

         The Company collects personal data relating to a minor, a quasi-incompetent person and an incompetent person only when the Company receives consent from a guardian or a curator. The Company has no intention of collecting personal data of a person aged under 20 years old without consent from a legal guardian, or of a quasi-incompetent and incompetent person without consent from the curator. If it is found that the Company has intentionally collect personal information of such persons without consent, the Company will immediately delete such personal data or will collect, use, disclose, and/or transfer the personal data overseas only on other lawful basis other than a consent or to extent permitted by law.

2. The purpose of collection, use, disclosure and/or overseas transfer of your personal data

   We may collect, use, disclose and/or transfer your personal data and sensitive personal data overseas for the following purposes:

   1. The purposes for which your consent is obtained

      We will collect, use, disclose, and/or transfer your personal data overseas by relying on the consent which you have given us via our service channels, e.g., mobile applications, in case where we could not rely on any other lawful bases listed in Clause 2.2, for the following purposes

      1. Offering of products and services: We may collect, use, disclose, and/or transfer your personal data (e.g., first name, last name, telephone number, and/or other data as necessary) overseas, so that you do not miss any benefits, news, product and service promotions, as well as marketing and communication activities, analytics for personalized marketing, marketing advertisement, sales, special offers, news, press releases, promotions and presentations of the products and services of the Company, and our selected business alliances only in case where we legally requires your consent. Please see more details on marketing communications in Clause 4.

      2. Statistical analysis, data analytics, research and development, and product or service improvement: We may collect, use, disclose, and/or transfer your personal data (e.g., first name, last name, telephone number, and/or other data) overseas only as necessary for our data analytics, research and development, product or service improvement, profiling, risk management and assessment, only in case where we legally requires your consent. Please see more details on data analytics in Clause 4.

      3. Sensitive personal data: In certain cases where it is necessary and inevitable, we may use your sensitive personal data for the following purposes:

         1. Sensitive personal data as appeared on identification documents (e.g., religion, race, disability) are used only for the purpose of identity verification and proofing only. We have no purposes nor policy to collect, use, disclose, or transfer such sensitive personal data other than the purpose identity verification and proofing.
         2. Sensitive personal data as appeared on contracts or supporting documents for the use of products and/or services (e.g., religion, race, disabilities)

         In this respect, we may, without notifying you, cross out or mask your sensitive personal data (e.g., religion, race) which appear on identification documents contracts, or supporting documents for the use of products and/or services, or we may ask you to cross out or mask such sensitive personal data yourself.

         In case where we must obtain your consent for other activities relating to the collection, use, disclose, and/or transfer of personal data, we will request your consent for such activities on a case-by-case basis.

         If the lawful basis we rely on is consent, you have the right to withdraw your consent any time by contacting us via SW Tech and Media Telephone number 02 619 1150. The withdrawal of consent will not affect the collection, use, disclosure, and/or overseas transfer of your personal data and sensitive personal data that you had given your consent prior to such withdrawal.

   2. Other purpose and other lawful bases for collection, use, disclosure and/or overseas transfer of your personal data

      When collecting, using, disclosing, and/or transferring your personal data overseas for the purposes listed below, the Company will rely on lawful bases of legitimate interest, entering into and performing the contract, legal obligations, or other lawful bases permissible by PDPA, as the case may be, depending on the relationship between you and the Company and the Company’s services you use.

      1. For registration and personal identity verification, e.g., to register you for a product or service; to proof, identify, and verify the identity of you, your authorized person, or your representative; and to proof or verify your identity via a digital channel
      2. For the provision of products and services and customer relations management, e.g., for entering into any agreement or contract in connection with products or services and managing relationship related to you; for considering your qualifications; for approving the provision of products or services; for delivering the details of agreements or contracts, and products or services; for receiving or sending letters, parcels and important documents to you; for conducting reports informing the customers about information relating to products or services; for delivering updated news regarding products or services; for verifying documents; for evaluating conflicts of interest; for providing or operating after sales services; for managing and cancelling inactive activities (such as cancellation of services or your account)
      3. For creating a good impression with after sales services, e.g., for communicating with you in respect of products and services provided to you by the Company, affiliates, subsidiaries, or the Company’s selected business alliances; for processing and updating your information as the Company’s customer, for providing advice, suggestions and facilitating your products and services use; for dealing with inquiries related to customer service; for dealing with your complaints, requests, comments, and insurance claims; for dealing with technical problems; for notifying and proceeding with the solutions to your problems, for conducting Customer relationship management activities
      4. For communication, e.g., any communication in connection with entering into the agreement, such as request for additional information or documents, notice of expiration of agreement, and delivery of the agreements; giving additional information of the products or services you are interested in; understanding your needs and interests
      5. For identity proofing and verification
      6. For marketing, sales promotion, and communication purposes, e.g., for carrying out marketing and communication activities, research and data analytics for personalized marketing, marketing advertisement, sales, special offers, news, press releases, promotion and presentation of the Company’s products and services, and those of the Company’s affiliates, selected business alliances, and other legal entities as specified by you or the services that you have used, as well as information of products and services that are directly and indirectly close to your interest and history, for enabling you to participate in the sales offering, offers and privileges, campaigns, events, seminars, contests, sweepstakes, lucky draws, booths, and events with branches in order to meet with you, including other sales promotions and all relevant advertising services facilitating you to participate in the Company’s activities in cases where the Company is not required to rely on your consent. For example, if you are a customer who uses the Company’s products, you may receive the Company’s marketing communications offering the same products and services, or other products and services of the Company and selected business alliances. When you request any services or inquire the details of any services, we will send such details to you as per your request. You may receive communication via websites, social media, or any other channels specified by the Company. Please see more details on marketing communications in Clause 4.
      7. For products and services search and recommendation, e.g., for recommending products and services that you might find interesting, for learning about your need and adjusting products and services so that that they are suitable for you
      8. For improving business operations, products and services, e.g., for the evaluation, marketing research, analysis, statistical analysis, profiling, model simulation; for the development of services, products, distribution, systems, geographic structure, conducting business for you and the Company’s customers, the Company and the Company's selected business alliances; for designing and developing products and services, launching strategies and campaigns of the products of the Company and the Company's selected business alliances, to meet the needs of the customers; for setting the efficiency of sales promotional campaigns of the Company, for making overview reports, for conducting staffs training programs, for improving the efficiency of business and adjusting the content of the Company and the Company's selected business alliances, to reach the higher level of the customer satisfaction; for learning about and solving problems concerning existing products and services; and for assessing and managing risks within your expectation. The Company may connect your data on various platforms owned or related to the Company in order to provide services to you continuously and seamlessly. However, this is limited to the cases where the Company is not required to rely on your consent. For example, the Company may analyze your service usage data and the feedback you provide after using the Company’s various platforms for the purpose of developing and designing new products or services or improving existing products and services of the Company and the Company's selected business alliances to meet the market’s conditions and consumer’s needs, and the Company may analyze the data for the purpose of forecasting market trends, etc. Please see more details on data analytics in Clause 4.
      9. For learning about and responding to customer needs to improve customer satisfaction, e.g., for learning more information regarding the products and services you receive, as well as other products or services that you might find interesting; for processing your personal data, e.g., considering types of products and services you receive from the Company, your preferred method of contact, etc.; for getting the results of customer satisfaction survey for the Company’s services and customer credit assessment
      10. For managing websites, mobile applications, and platforms, e.g., for the administration, operation, monitoring, examination, maintenance, and management of websites, applications and the Company’s platforms to ensure that they are properly functional, efficient, and secure; for enhancing usability of the Company’s websites and platforms; for improving the layout and content of the Company’s websites and platform in order to provide the service to you
      11. For management of information technology, e.g., for the purpose of business operations of the Company, information technology operations, communication system management, information technology security, and information technology security monitoring, business management in compliance with internal regulations policies and procedures
      12. For compliance with laws, e.g., to comply with laws, legal procedures or orders of government agencies, including government agencies outside Thailand, and/or cooperating with courts, authorities, government authorities, and law enforcement agencies when the Company has a reason to believe that the laws enforce the Company and/or related agencies to do so; when it is necessary to disclose your personal data to comply with laws, procedures or government orders; to conduct crime investigation or crime prevention
      13. For protection of legitimate interests of the Company, e.g., for security and the integrity of the Company’s business or that of the Company’s affiliates; for exercising the Company’s right and protecting the interest of the Company’s or the Company’s affiliates when it is necessary and lawful, for instance, for investigation, protection, and response to complaints, intellectual property infringement complaints, or violation of laws; for managing and preventing the loss of assets; for ensuring the compliance with terms and conditions of the Company; for investigation and prevention of wrongdoing occurred at the Company’s premises, including operating the closed- circuit television (CCTV) to monitor situations in order to prevent and report criminal incidents or imminent crimes; for management, preparation of reports, internal policies according to the Company’s scope of operations
      14. For verification and prevention of the Company business risks, e.g., for verifying your identity; for monitoring the compliance with the law and other regulations (such as regulations regarding cyber treats, breach of contract, violation of law (such as wrongdoings to property, life, body, liberty, and reputation)), including conducting the monitor and internal record, property management, the Company’s business risk database, systems and controls of other businesses, and disclosure of personal data to enhance the Company’s operations or legal entities in the same business group with the Company in preventing, dealing with, reducing, or performing other similar activities in order to eliminate such risks
      15. For risks management, e.g., to manage risks, monitor efficiency, and evaluate risks in order to set risk index, making summary report for risks management in order to evaluate, predict, and find solutions to handle potential risks, to evaluate product risks and provide recommendations if changes are required or finds solutions to manage the risks
      16. For prevention or stop of dangers to lives, bodies or health of persons
      17. For conducting other duties of the Company in relation to your personal data, depending on the relationship between the Company and you, for example, you as the Company’s shareholder who the Company will organize the shareholders’ meeting for, you as a member of the Board of Directors, an executive, or an advisor appointed by the Company, and you as any status that the Company shall proceed with the obligations of the relevant agreements
      18. For other purposes which the Company will notify you when requesting your consent In this respect, not providing your personal data to the Company may have impact on you, for example, the Company may not proceed with your requests; you may experience some inconvenience or your agreements may not be fulfilled; and you may receive damage or lose opportunities. In addition, your refusal to provide personal data may affect the Company’s or your compliance with the laws and may result in penalties.

   3. Management of sensitive personal data collected by the Company prior to the effective date of the PDPA

      If you are an existing customer of the Company prior to the effective date of the PDPA, the Company might have collected your sensitive personal data, such as (1) religion, (2) race, (3) disability, and (4) sensitive personal data for using the products and/or other services. This is for the collection of documentary evidence only; the Company will not use such sensitive personal data for other purposes.

3. Who does the Company disclose or transfer your personal data to?

   The Company recognizes the importance of your personal data’s security and intentions; therefore, the Company has measures in place to prevent other parties from misusing your personal data. Nevertheless, in the Company’s operation, it may be necessary for the Company to disclose your personal data to other parties under the name or instructions of other parties, or in the Company’s own name. The Company may disclose or transfer your personal data to the third parties listed below. The collection, use or disclosure and/or overseas transfer of personal data are for the purposes under this Privacy Policy. These third parties may be located in Thailand or abroad. You can read the privacy policies of such third parties in order to understand the details regarding how they collect, use, disclosure, and/or transfer your personal data overseas, since you are also their data subject under their privacy policies.

   1. Affiliates

      The Company may have to disclose your personal data for the purposes specified in Clause 2 herein, to the Company’s affiliates. The disclosure of your personal data to such affiliates will allow them to rely on your consent obtained by the Company.

   2. The Company’s Service providers

      The Company may outsource the Company’s services to companies, representatives, or contractors or have them assist the Company in operating the business, providing you with products and services, and performing any activities for your benefits. The Company may share your personal data to third-party service providers, service provider representatives, business facilitators, subcontractors, and service providers or suppliers that support the Company’s services, including but not limited to

      (1) internet service providers, software developers, website developers, digital media, information technology service providers and service providers of digital products, such as developers and operators of digital platforms and other technological services (Platform as a Service), applications, any other work systems, and identity proof and authentication services for the Company,(2) logistics and transportation service providers,(3) payment and payment system service providers,(4) research service providers,(5) analytics service providers,(6) survey service providers, (7) auditors, (8) customer contact centers, (9) marketing, advertising, design, creative and communication service providers, (10) event, campaign, marketing event, and customer relationship management service providers, (11) telecommunications service providers, (12) administrative service providers, (13) cloud storage service providers, (14) printing service providers, (15) lawyers, legal counsels for the Company’s benefits, including exercising legal claims and defending against legal claims, auditors and/or other professionals assisting in the Company’s business operations, and (16) document storage and/or disposal service providers.

      During the provision of such services, the service providers may have the right to access your personal data, however the Company will only provide to the service providers the personal data necessary for them to provide the services. The Company will also ensure that the service providers protect the security of your personal data in compliance with the law.

   3. The Company’s selected business alliances and other agencies

      The Company may transfer your personal data to the Company’s selected business alliances for the purposes of conducting business and providing services to the Company’s customers and potential customers. Such business alliances and agencies may include but not limited to data entry companies, payment service providers, data analytics service providers, market analysis service providers, financial transaction service providers, business alliances with whom the Company launch products (such as co-branding alliances), co-developer or co-service provider for any part of any platform, business alliances who allow the Company to connect to their databases and systems, and provide assistance to the platform’s users, and other supporters.

      If you are interested in privileges and offers of products or services provided by the Company’s selected business alliances via the Company’s channels, it is necessary for the Company to use and disclose your personal data on a need-to-know basis to the Company’s selected business alliances so that you can receive such offers or privileges. If required by any relevant laws, the Company will request your consent, and you may withdraw the consent you have given at any time by following the steps stated in this Privacy Policy.

   4. Third parties as specified by laws

      In the cases where the Company believes it is necessary to comply with the laws or to protect the Company’s rights, the rights of third parties or for the security of persons or for inspection, security, safety, including any other risks, the Company may have to disclose your personal data in order to comply with the laws as well as orders issued by laws and law enforcement agencies, courts, Legal Execution Department, authorities, government agencies, or other third parties.

   5. Associations and clubs

      In some cases, the Company may have to disclose your personal data to relevant institutions, associations or clubs, to protect the Company’s rights, the rights of third parties, and the safety of persons, or to investigate, prevent, security, safety, and any other risks.

   6. Assignees

      In case of a business reorganization, merger and acquisition, business transfer, whether in entirety or in part, sale, purchase, joint venture, grant, or transfer part or all of business, assets, shares, or other similar transactions, the Company will have to disclose your personal data to third parties who have been assigned or wish to be assignees of the Company. In this respect, the Company will ensure that such third parties will comply with this Privacy Policy at all times when there is a collection, use or disclosure and/or overseas transfer of your personal data.

   7. Third parties

      The Company may have to disclose your personal data under the lawful basis according to the purposes specified in this Privacy Policy to other third parties, such as representative companies, partner companies, other companies, other customers, other persons as legally referred to, members of digital identity verification system, and service providers of digital identity verification system, as the case may be.

4. Marketing communications and data analytics

   1. Marketing communications

      The Company may collect your personal data such as first name, last name, telephone number, and/or other data only as necessary, which may be obtained directly from you or from other sources (such as via affiliates, selected business alliances, government agencies, or third parties), to offer the products and services of the Company and the Company's selected business alliances via various channels such as websites, social media, etc.

      Generally, the Company conducts activities relating to marketing and communication, marketing advertisement, sales, special offers, news, press releases, promotions and presentations of products and services of the Company and selected business alliances, and other legal persons by mainly relying on the lawful basis of legitimate interests and/or entering into and performing the contract. Please note that the Company will recognize your privacy and benefits as priority. The Company will select marketing activities which is appropriate for you and your interests, so that you may receive benefits from the Company, in the event that you have made your interests in any products or services known, or you have previously purchased products or receive services from the Company, the Company’s affiliates, and the Company's selected business alliances. For example, if you are a customer who uses the Company’s financial products, you may receive the Company’s marketing communications offering the same products and services, or other products and services of the Company and the Company’s selected business alliances. When you request any services or inquire the details of any services, we will send such details to you as per your request, for instance, when you request the details of the Company’s other products via the Company’s website for the Company to contact you. You may receive communication via websites, social media, or any other channels specified by the Company. Please see the details of the usage and the purposes of the collection, use, disclosure, and/or overseas transfer of your personal data under the legal bases of performance of contract and/or legitimate interests under personal data protection laws in Clause 2.2 (6).

      In certain cases, the Company will request your consent prior to sending certain marketing communications and marketing materials where the Company could not rely on other lawful bases, such as for the marketing of products and services of third parties, which may be beyond your expectation. Please see the details of the usage and the purposes of the collection, use, and/or disclosure, of your personal data under the lawful basis of consent in Clause 2.1 (1).

      Therefore, the Company may rely on the lawful bases of contract, legitimate interests, and/or consent for the Company’s marketing activities, depending on each case. Nevertheless, you have the rights to object or withdraw your consent if you do not wish to receive marketing communications from the Company by following the steps stated in this Privacy Policy.

   2. Data analytics

      The Company may collect your personal data such as first name, last name, telephone number, and/or other data only as necessary, which may be obtained directly from you or from other sources (such as via affiliates, selected business alliances, government agencies, or third parties), for statistical analysis, data analytics, research and development, and improving the Company’s products or services.

      Generally, the Company conducts activities relating to marketing research, analysis, statistical analysis, profiling, model simulation and a development of services, products, distribution, systems, geographic structure, and conducting business by mainly relying on the lawful basis of your legitimate interests. The Company will be designing and developing products and services, launching strategies and campaigns of the products of the Company to meet your needs, improving the efficiency of business and adjusting the content of the Company to better match your preferences. The Company will also assess and manage risks within your expectation. The Company may connect your data on various platforms owned or related to the Company in order to provide services to you continuously and seamlessly. For example, the Company may analyze your service usage data and the feedback you provide after using the Company’s various platforms for the purpose of developing and designing new products or services or improving existing products and services of the Company to better meet the market’s conditions and consumer’s needs, and the Company may analyze the data for the purpose of forecasting market trends, etc. Please see the details of the usage and the purposes of the collection, use, disclosure, and/or overseas transfer of your personal data under the legal bases of contract and/or legitimate interests under personal data protection laws in Clause 2.2 (8).

      In certain cases, the Company will request your consent prior to conducting certain data analytics where the Company could not rely on other lawful bases, such as the analytics for developing and designing the Company’s new products or services, by collecting data from other sources which is beyond your expectation. Please see the details of the usage and the purposes of the collection, use, and/or disclosure of your personal data under the lawful basis of consent in Clause 2.1 (2). Therefore, the Company may rely on the lawful bases of legitimate interests and/or consent for statistical analysis, data analytics, research and development, and improving the Company’s products or services, depending on each case. Nevertheless, you have the rights to object or withdraw your consent if you do not want the Company to conduct data analytics on your personal data by following the steps stated in this Privacy Policy.

5. Overseas transfer of your personal data

   The Company may transfer your personal data from Thailand to other countries which may have a different standard of personal data protection than that of Thailand, for example, when the Company stores your personal data on cloud platforms or servers outside Thailand for information technology support, as the case may be.

   When it is necessary for the Company to transfer your personal data to other countries which have a lower standard of personal data protection than that of Thailand, the Company will ensure that the personal data transferred will be sufficiently protected, that relevant personal data protection laws allow such personal data transfers, and that the transfers of your personal data to other countries comply with conditions and criteria set out by the personal data protection laws. For example, the Company may have to obtain a confirmation according to the contract from third parties who have access to such personal data that your personal data will be protected under the personal data protection standard equivalent to that of Thailand.

6. Duration of personal data storage period

   The Company will retain your personal data for the duration necessary for the purposes which the Company has obtained the data for. For instance, the Company will retain your personal data for the period where the Company must perform its obligations under a contract with you. However, in order to comply with the law, in some cases, the Company may have to retain your personal data for a longer period of time as required by law, for example, the law may require the data the be retained for a specific duration (such as prescription period or period set out by the Civil and Commercial Code, etc.)

7. Your rights as the Data Subject

   The rights stated in this section mean legal rights relating to your personal data. You may submit a request to exercise these rights to the persons specified by law, as long as it is within the conditions stipulated by law and the Company’s rights management process. Such rights include the following rights:

   1. Right of access: You may have the right to access or request a copy of the personal data related to you that the Company collected, used, disclosed and/or transferred overseas. For your privacy and security, the Company may request you to verify your identity before providing you with the personal data you have requested.
   2. Right to rectification: You may have the right to rectify your personal data that the Company collected, used, disclosed and/or transferred overseas if such personal data is incomplete, incorrect, misleading, or not up-to-date.
   3. Right to data portability: You may request the Company to provide you with the structured personal data related to you in an electronic format. You may request the Company to transfer such personal data to other data controllers providing that (a) the data is your personal data that you have provided to the Company, (b) the Company collected, used, disclosed and/or transferred the personal data overseas with your consent or in order to perform the contract between the Company and you.
   4. Right to object: You may have the right to object to some types of collection, use, disclosure and/or overseas transfer of your personal data, for example, you may object to the use of your personal data for direct marketing purpose.
   5. Right to restriction: You may have the right to restrict the use of your personal data in some cases.
   6. Right to withdraw consent: You may have the right to withdraw your consent for the purposes that you gave your consent to the Company to collect, use, disclose and/ or transfer your personal data overseas at any time.
   7. Right to erasure: you may have the right to request the Company to erase or anonymize your personal data. However, there is an exemption for the Company not to take such actions if the Company must retain such personal data in order to comply with the laws, to lawfully establish legal claims, to lawfully exercise legal claims, or to lawfully defend against legal claims.
   8. Right to lodge a complaint, you may have the right to lodge a complaint with the relevant authorities if you believe that the collection, use, disclosure, and/or overseas transfer of your personal data is unlawful or violates personal data protection laws.

   If you want to exercise any right specified in this section, you can do so by contacting the Company through the following channels:

   For SW Tech and Media Contact (Tel. 02 619 1150), you can exercise all aforementioned rights from (1) to (7).

   A request for the exercise of any of the abovementioned rights may be restricted by the relevant laws. In some cases, the Company can appropriately and rightfully reject your request, for example, when the Company must comply with the laws or court orders.

   You can exercise the right to withdraw consent under (6) (or make changes to the consent you have previously given) through SW Tech and Media Contact (Tel: 02-619-1150) or other channels as specified by the Company. In the event that the Company has received your request, the Company will consider your request in accordance with the obligations and conditions prescribed by laws. The processing period is 30 (thirty) days upon the day the Company received your request along with the complete supporting documents which are sufficient for the Company to consider the request of the data subject.

   If you believe that the collection, use, disclosure and/or overseas transfer of your personal data by the Company violates personal data protection laws, you have the right to lodge a complaint with the personal data protection authorities. However, you may first inform the Company of your concern so that the Company can consider solving your concern by contacting the Company through SW Tech and Media by letter at 408/72 17th Floor Phaholyothin Place Building, Samsen Nai Subdistrict, Phayathai District Bangkok 10400, Thailand or contacting the Company via SW Tech and Media Telephone number: 02 619 1150

8. Actions to be taken regarding to corporate customers

   If you, as the Company’s corporate customers, disclose personal data of Persons related to corporate customers, you have a duty to take the following actions to enable the Company to provide services or products to you:

   1. You have verified the accuracy and completeness of other persons’ personal data which are disclosed to the Company and will notify the Company of there is any change in such data (if any)
   2. You have obtained consent, or you can rely on other lawful bases to collect, use, disclose and/or transfer the personal data of such persons in accordance with the applicable laws.
   3. You have informed such persons of this Privacy Policy.
   4. You will proceed to enable the Company to collect, use, disclose and/or transfer personal data for the purposes specified in this Privacy Policy.

9. Security Measures

   The Company has in place the appropriate security measures for personal data protection. They include management, technical, and physical protective measures for access or control of personal data, to preserve the confidentiality, integrity, and availability of personal data; to prevent loss as well as unauthorized and unlawful access, use, changes, alterations, and disclosure of personal data. These measures are in accordance with applicable laws. Moreover, the Company has in place the control measures for accessing personal data and using personal data storage and processing equipment. The measures are safe and appropriate for the collection, use, disclosure, and/or overseas transfer of your personal data. The Company also has in place measures to limit access to personal data, and the use of personal data storage and processing equipment by setting user permission for accessing the data and for authorizing designated officers to access the data, prescribing the responsibilities of the users to prevent any unauthorized access to, disclosure, acknowledgement, or copying of personal data, or the theft of personal data storage and processing equipment. In addition, the Company has in place the measures for audit trails in order to review any access to, alteration, erasure, or transfer of personal data, which are appropriate for the methods and mediums used in the collection, use, disclosure, and/or overseas transfer of your personal data.

10. Changes to Privacy Policy

    The Company may make changes to this Privacy Policy from time to time if there is any change to the Company's practice guidelines on personal data protection due to various possible reasons, e.g., technological or legal changes. The changes to this Privacy Policy shall be effective when the Company publishes them on https://www.swtech.co.th. However, if the changes significantly affect you as a data subject, the Company will notify you of such changes in advance before the changes come into effect.

11. Contact the Company

    If you have any inquiries regarding this Privacy Policy, please contact the Company as detailed below:

    SW Tech and Media Company Limited

    • 408/72 17th Floor Phaholyothin Place Building, Samsen Nai Subdistrict, Phayathai District Bangkok 10400, Thailand
    • SW Tech and Media Telephone number: 02-619-1150
    • https://www.swtech.co.th