Erawan Commercial Management Company Limited ("Erawan" "we," "us," or "our") recognize the importance of protecting your Personal Data. We want you to be familiar with how we collect, use, disclose, and engage in cross-border transfer of Personal Data from the employees, personnel, authorized persons, directors, shareholders and other contact persons (collectively, “you”, “your”, or “yours”) of our business partners (e.g., suppliers, vendors, service providers and outsourcers) (individually, “Business Partner” and collectively, “Business Partners”).
This Privacy Notice (“Privacy Notice”) applies to the Personal Data that we (and/or other authorized persons or entities, acting on our behalf) collect from both online and offline communication channels, whether face-to-face, our premises, events, by phone, call center, or online via emails or social media platforms (e.g. webpage, Facebook, Line), and other channels, such as in relation to any business (“Channels").้
1. The types of Personal Data we process
The term “Personal Data” in this Privacy Notice refers to any information which can be used to identify you as an individual, provided voluntarily when you connect with us by any means, whether oral, written or electronic.
"Sensitive Data" means Personal Data classified by law as sensitive data. We will only collect, use, disclose and/or cross-border transfer Sensitive Data if we have received your explicit consent or as permitted by law.
We may collect your Personal Data directly or indirectly from other publicly available sources. The context of your interaction and/or business relation between you and us will determine the kind of Personal Data we collect about you and/or other individuals.
The Personal Data we collect may include, but are not limited to, the following:
- Identification and contact information, such as your name-surname, title, gender, nationality, date of birth, marital status, address, telephone/mobile number, fax number, email address, social media account details (e.g., Facebook, LINE), government-issued identification numbers and cards (e.g., national identification card, driver’s license information, passport, tax identification), signature, work-related information (e.g., position, function, occupation, job title, company you work for, employed at or hold shares in), education history, name card, percentage of shares and record of securities;
- Payment information, such as bank account details, credit card details, and other payment methods) and transaction history;
- Business related information such as name of business; and details of company registration, company's affidavits, or lists of shareholders; and evidence/supplementary documents for payment and for anti-money laundering purposes (which may include information of directors and managers of the relevant company) and power of attorney;
- Other relevant information, as applicable, such as vehicle license plate number, company registration information, house registration information, police station reports.
- Data about family members, such as names and ages of spouse or children;
- CCTV images and footages. Images and video and audio data collected through the use of closed circuit television systems (CCTV) and internet systems on our premises;
- Sensitive Data as received from copies or your official identification documents, such as religion, race and ethnicity.
If you submit any Personal Data for another individual, please provide this Privacy Notice for their acknowledgement and/or obtaining consents where applicable for us.
We may also collect the Personal Data of other persons in the course of our business engagement with you. If you provide Personal Data of others to us, please ensure that you have the authority to do so by (i) informing such other person about this Privacy Notice and/or (ii) obtaining consents where applicable or necessary to permit us to use such Personal Data in accordance to this Privacy Notice.
2. Why we collect, use and/or disclose your Personal Data
Except in limited instances when we indicate that certain information is based on your consent, we collect use, and/or disclose your Personal Data on the legal basis of (1) contractual basis, for performance of activity in relation to the our business relationship; (2) legal obligation, for fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties, proportionate to your interest and fundamental rights and freedoms to the protection of your Personal Data; (4) vital interest, for the prevention or suppression of danger to a person's life, body, or health; (5) public interest, for the performance of task carried out in the public interest or for exercising of official authorities or duties; and/or (6) the reason for an establishment and defenses of legal claims in the future.
We may collect, use and disclose your Personal Data for the following purposes:
- Business partner selection: such as to verify your identity and Business Partner status; conduct due diligence or any other forms of background checks or risk identification on you and the Business Partner (including screening against publicly available government law enforcement agency and/or official sanctions lists); to evaluate suitability and qualifications of you and the Business Partner; to issue request for quotation and bidding; and to execute contract with you or the Business Partner;
- Business communication: such as to communicate with the Business Partners about our products, services and projects or of the Business Partners', e.g., by responding to inquiries or requests;
- Relationship management: such as to create a vendor code; to register in lists/directories of Business Partner; to provide support services and keep tracks and records; to grant you building access card and parking card; and to invite the Business Partner to participate in events/activities;
- Registration and authentication: such as to register, verify, identify, and authenticate you or your identity;
- Conducting our business operations: such as to conduct our business with our customers, business partners, and any third parties; comply with reasonable business requirements including but not limited to internal management, to comply with our internal policies and procedures for internal management relating to hotel operation training, service quality, business continuity , auditing, accounting, reporting, submissions or filings, data processing, control or risk management, statistical, trend analysis and planning or other related or similar activities;
- Security and fraud detection: such as to ensure security, risk prevention and solving conflicts; to record and handling on disputes; to proceed on crime or fraud prevention; to authenticate and verify your identity; to check the information provided; to carry out due diligence or other screening activities to comply with our legal or regulatory obligations or risk management procedures required by law or put in place by us; to detect, prevent and investigate fraud;
- Security and system monitoring, such as to authenticate and verify a person; to implement access controls and logs where applicable; to monitor system, devices and internet; and to ensure IT security;
- Compliance of legal obligation: such as to collect, use, and/or disclose your Personal Data in accordance to legal obligation, right or duty under the applicable laws, including laws outside your country of residence; to assess compliance with applicable laws, rule, regulations, and internal policies and procedures; to comply with investigational purposes, as requested by governmental officials;
- Business partner data management: such as to maintain and update lists/directories of Business Partners (including your Personal Data); to keep contracts and associated documents in which you may be referred to as evidence in the relevant databases;
- Business analysis and improvement: such as to conduct research, data analytics, assessments, surveys and reports on our products, services and your or the Business Partner's performance, development and improvement of marketing strategies and products and services;
- IT systems and support, such as to provide IT and helpdesk supports; to create and maintain code and profile for you; to manage your access to any systems to which we have granted you access; to remove inactive accounts; to implement business controls to enable our business to operate; to enable us to identify and resolve issues in our IT systems; to keep our systems secure; and to perform IT systems development, implementation, operation and maintenance;
- Dispute handling: such as to solve disputes; enforce our contracts; and establish, exercise or defend of legal claims;
- Marketing communication: such as to inform information relating to marketing communication, activities, sales, services, public relation, notices, news, promotions, special offers, product display, procurement and support, special activities;
- Transfer in the event of merger: such as, in sale, transfer, merger, reorganization or similar event we may transfer your Personal Data to one or more third parties, including companies, affiliates and subsidiaries under The Erawan Group, as part of that transaction;
- Life: such as, to prevent or suppress a danger to a person’s life, body, or health.
Where we need to collect, use, and disclose your Personal Data as required by law, or for performance of a contract with you and you fail to provide that Personal Data to us, we may not be able to perform the contract we have or are trying to enter into with you.
Where consent is required for certain activities of collection, use or disclosure of your personal data, we will request and obtain your consent for such activities separately.
We do not intend to collect, use, and disclose Personal Data of individual who are considered minors, quasi-incompetent, or incompetent person.
3. Disclosures of your Personal Data
We may transfer or disclose your Personal Data to the following:
Other entities within Erawan Group. Your Personal Data may be accessible to or shared with other entities within the Erawan Group for the purposes set out in this Notice. Hotel franchisors and partners including their representatives, as are relevant for the above purposes and to facilitate the operation of our business; Our customers or any other third parties for our business operation. We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to our service providers or third-party suppliers including, but not limited to (1) infrastructure, internet, infrastructure technical, software, website developer and IT service providers; (2) data storage and cloud service providers; (3) telecommunications and communication service providers; (4) storage and logistics service providers; (5) payment service providers; (6) research agencies; (7) analytics service providers; (8) survey agencies; (9) auditors; (10) marketing, advertising media, and communications agencies; (11) call centers; (12) campaign and event organizers; (13) sale representative agencies; (14) travel agencies and reservations agencies; (15) insurance company; (16) banks, financial institutions, payment, payment system, and authentication service providers and agents; (17) outsourced administrative service providers; and/or (18) healthcare providers or hospitals. Professional advisors. This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims. Courts, government authorities and regulatory agencies (e.g., Immigration Bureau, Department Of Provincial Administration, police) in order to respond to subpoenas, court orders, or legal processes and to comply with existing requirements under law and regulation, or to exercise our legal rights when we find that your actions violate our terms and conditions, or our hotel policies for specific products and or services; Third parties as our assignee of rights and/or obligations, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction.
Some of the recipients we may share your Personal Data with may be located outside Thailand which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. In such case, we ensure appropriate safeguards in place, and oblige the recipients to protect your Personal Data in accordance with this Privacy Notice and as allowed by applicable law using appropriate security measures. We will request your consent where consent to cross-border transfer is required by law.
4. Retention and protection of Personal Data
Subject to applicable data laws, we will retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, and internal requirements. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.้
5. Your rights and a data subject
Subject to the applicable conditions under the Thai Personal Data Protection Act B.E. 2562, you have the right to:
- The right to access your Personal Data. This also enables you to receive a copy of the Personal Data we hold about you and to check on how we acquire certain Personal Data without your consent;
- The right to port your Personal Data to another party. This means to receive copies of your Personal Data in an electronic format and/or ask us to transfer it to another party;
- The right to object to the collection, use and disclosure of your Personal Data for certain cases;
- The right to delete, destroy or anonymize your Personal Data. This enables you to ask us to delete, destroy or anonymize Personal Data where there is no valid ground for us to continue the collection, use and disclosure of such Personal Data;
- The right to restrict the use of your Personal Data. This enables you to ask us to suspend the collection, use and disclosure of your Personal Data;
- The right to rectify the Personal Data we hold about you. This enables you to have any inaccurate, outdated, incomplete, and misleading Personal Data we hold about you rectified;
- The right to make a complaint to a competent authority under the applicable data protection law; and
- The right to withdraw your consent at any time where we collect, use and disclose your Personal Data based on your consent. This will not affect the lawfulness of the processing based on consent before the withdrawal.
6. Links to other sites
This website may contain links to unaffiliated third party websites. Except as set forth herein, we do not share your Personal Data with them, and are not responsible for their privacy practices. We suggest you read the privacy notices on all such third party websites.
7. Changes to this Notice
We may amend this Notice from time to time. Where applicable, we may notify you when material changes have been made to this Notice by means we deem appropriate. We recommend that you periodically revisit or keep track of this Notice to learn of any changes. To assist you, this Notice has an effective date set out at the end of this document.
8. Contact details for concerns / questions
Should you have any questions or concerns regarding this Privacy Notice, or if you would like to exercise your rights as a data subject, please feel free to contact us through the following details:
ERAWAN COMMERCIAL MANAGEMENT COMPANY LIMITED
6th Floor, Ploenchit Center, 2 Sukhumvit Road,
Kwang Klongtoey, Khet Klongtoey, Bangkok 10110 Thailand
Telephone: 66 (0) 2257 4588
Fax: 66 (0) 2257 4577
The contact detail of our data protection officer is as follows: email@example.com
4 January 2021