Privacy Policy (PDPA)
1. Privacy Policy
Deepscope Investment Advisory Securities Company Limited the “Company” is aware of the importance of data privacy protection. Company respects the privacy and confidentiality of our clients’ personal data. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Thailand Personal Data Protection Act (PDPA) 2022. We have developed this Privacy Policy to assist you in understanding how we collect, use, disclose, process and retain your personal data.
“Personal Data” means information about a person. Which makes it possible to identify the person such as name, surname, address, date of birth, gender, education history, phone number, National Identification Number which makes it possible to identify that person either directly or indirectly.
2. Stored Personal Data
The Company may collect Personal Data from you and about you from a variety of sources. We strive to only collect Personal Data that is adequate, relevant, and limited to achieve the purpose(s) for which it was collected. Personal Data we collect includes online and offline data collection activities, including Personal Data that we collect through our various channels such as websites, apps, third party social networks, consumer engagement, building access and events (workshop, seminar).
The following are examples of how we would store your data:
- When you visit Company’s office or have business activities.
- When you visit and interact with the Company’s website and social media platforms.
- When you participate in marketing events, visit our booths, or attend any events, whether they are workshops or exhibitions or participate in questionnaires, competitions, or lucky draws.
- When you apply for a position/internship with the Company.
The Company may ask and/or record for your personal data depending on the activities such as first and last name, business association, job title or position, telephone number, email address.
The Company may collect data about the services that you employ and your usage behavior. Such data includes, but are not limited to, data about the device that you used to enter into website, log files, data about the communication between you and other users, and data from job logs such as device identification, IP addresses of computers, device identification code, type of device, mobile network information, connection data, geographic location information, browser information, website log data, referring websites, website usage history, login log, customer behavior, website access statistics, access time, search data, and usage of various functions on the website, as well as data that the Company has stored via cookies or other similar technology.
3. Purpose of Personal Data Usage
Depending on the nature of our relationship with you, we collect, use or disclose your Personal Data for the following purposes, on the legal basis of legitimate interests; entering into or performance of contract; legal compliance; public interest; consent; or any other basis as permitted by applicable laws, as the case may be:
- To answer your questions.
- To provide service as per users’ request in the application, which include:
- Issuing copies of documents that include personal data of users.
- Revising or changing personal data of users to be corrected and completed.
- Terminate usage or disclose personal data of users.
- Dispose or destroy personal data of users except for data storage as specified by laws.
- To send newsletter of product and service campaigns.
- To send invitation letters to join marketing activities as well as sending information to confirm or cancel the right of participation via email or SMS messages.
- To create, develop, and maintain a business relationship with users.
- To study and understand user needs and satisfaction towards the Company.
- The Company may upload photos from activities that include you in the photo or your comment on the website and social media platforms of the Company to promote activities and reinforce the Company’s brand.
- To grant access to restricted building(s)/area(s).
- To consider your job/internship application, job/internship interview, candidate selection and related activities.
In the business areas:
- Business communication: such as, proceed with transaction, communicating with the Business Partners about products, services and projects of us or Business Partners, e.g., by responding to inquiries or requests, informing you of updates, events and managed related aspects of our relationship;
- Business Partner selection: such as, verifying your identity and Business Partner status, conducting due diligence or any other form of background checks or risk identification on you and the Business Partner (including screening against publicly available government law enforcement agency and/or official sanctions lists), evaluating suitability and qualifications of you and the Business Partner, issuance of request for quotation and bidding, execution of contract with you or the Business Partner;
- Business Partner data management: such as, maintaining and updating lists/directories of Business Partners (including your Personal Data), keeping contracts and associated documents in which you may be referred to;
- Relationship management: such as, planning, performing, and managing the (contractual) relationship with the Business Partners, e.g., by performing transactions and orders of products or services, providing trainings, processing and handling payments, performing accounting, auditing, billing, guarantee and collection activities, arranging shipments and deliveries, providing support services and keeping tracks and records;
- Business analysis and improvement: such as, conducting research, data analytics, assessments, surveys and reports on our products, services and your or the Business Partner’s performance, development and improvement of marketing strategies and products and services;
- IT systems and support: such as providing IT and helpdesk supports, creating and maintaining and managing your access to any systems to which we have granted you access, removing inactive accounts, implementing business controls to enable our business to operate, and to enable us to identify and resolve issues in our IT systems, and to keep our systems secure, performing IT systems development, implementation, operation and maintenance;
- Security and system monitoring, such as authentication and access controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security, prevention and solving crimes, as well as risk management and fraud prevention, as well as our security related processes at our premises;
- Dispute handling: such as solving disputes, enforcing our contracts, establishing, exercising or defense of legal claims;
- Any investigation, complaints and/or crime or fraud prevention;
- Compliance with internal policies and applicable laws, regulations, directives and regulatory guidelines or in relation to any anticipated disputes for the purposes of obtaining advice from our professional advisors;
- Liaising and interacting with and responding to government authorities or courts or tribunals;
- Marketing purposes: such as informing you of news and publications which may be of interest, events, offering new services, conducting surveys;
- Complying with reasonable business requirements including but not limited to internal management, training, service quality, auditing, reporting, submissions or filings, data processing, control or risk management, statistical, trend analysis and planning or other related or similar activities; and
- Business administration including but not limited to our general organizational management and business record keeping, correspondence in relation to our relationship with you or administration and troubleshooting.
4. Duration of Data Storage / Data Retention Policy
We retain your Personal Data for as long as is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.
5. Data Owner Rights
- The Data Owner reserves the right to access and request for a copy of their own personal data, which is under the responsibility of the data Controller of personal data which collected under this privacy policy.
- The Data Owner may request the Data Controller of personal data to send or transfer personal data to him/her or data relevant to him/her to other Data Controllers. The Data Owner may also request to receive personal data that were sent or transferred directly from the Data Controller who sent or transferred the data.
- The Data Owner reserves the right to request the Data Controller to terminate the usage of personal data or to delete or destroy (disposal) or to disable the data from being able to identify the Data Owner as stipulated by law.
- When the Data Owner knows that the personal data about him/her is incorrect, outdated, or unclear, the Data Owner reserves the right to notify the Data Controller to make corrections, update, and avoid misunderstandings.
- The Data Owner may file a complaint and report problems to email [email protected]
-
Contacting the Company’s Data Controller via 2 channels
- ) Email: [email protected]
- ) Contact location: 2 K.C.C. Building, Office Room 404, Soi Silom 9, Silom Road, Silom, Bangrak, Bangkok, Thailand 10500
6. Security Measures
The Company attaches great importance to the security measures for personal data and systems. The Company’s Data Protection Officer (DPO) has been appointed to maintain the collection of personal data at all times. There are also contingency plans to respond to any scenarios. Penalties have been set for cases where employees/staff/related persons do not comply with the personal data policy of the Company.
7. What actions will we take in the event of a data breach?
We will notify affected users via email within 72 hours. We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data controllers and processors who fail to adhere to the law. This principle requires not only those individuals have enforceable rights against data processors, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
8. Governing Law
This Policy is governed by the laws of Thailand. You agree to submit to the exclusive jurisdiction of the Courts of Thailand in any dispute relating to this Privacy Policy.