Personal Data Protection Policy for a Customer
Getlinks (Thailand) Company Limited (the “Company”) is strongly aware of an importance
of rights and privacy of a customer, including a natural person who performs on behalf of a juristic
person (the “Data Subject”). Therefore, the Company provides this personal data protection
policy for the purpose of informing the Data Subject regarding collection, usage and disclosure
(the “Processing”) under the personal data management of the Company.
- The Purpose of Personal Data Processing
For providing the service to the Data Subject in relation to recruitment and any
operation which allows the Data Subject to present the resume for accessing to
the suitable job position or selecting the job position which interested the Data
Subject, or assisting the Data Subject to be chosen in the suitable job position.
For an execution upon a request of the Data Subject prior to entering into an
agreement, or for complying with an agreement, provided that the Data Subject
is a party to the Company; for instance, for a purchase of goods and/or service
providing to the Data Subject; any performance in accordance with an
agreement which the Data Subject is a party; including, goods delivery; finance
and accounting management; and any performance which provides goods
and/or services as requested by the Data Subject;
For confirmation or authentication of the Data Subject for any operation or
communication with the Company; and
For marketing operation; informing any news and benefits; and information
For following up and answering any questions, inquiries or requests of the Data
- Personal Data for Personal Data Processing
Source of the Personal Data
Directly collect from the Data Subject; for instance, a collecting of the
personal data from filling in the Company’s form; or entering into the
Company’s website via cookies.
Indirectly collect from other sources which is not directly from the Data
Subject; for instance, asking for the data from a third party; or searching
the personal data through any website. The Company shall notify the
Data Subject and request a consent from the Data Subject, without delay,
within 30 days from the date which the Company collects the personal
data from such source.
Collecting the personal data from a minor, an incompetent person and a
quasi-incompetent person, the Company shall take into account of a
personal data protection at the highest level as required by laws.
Types of the Personal Data to be Processed
- Personal Data such as name, surname, identification number;
- Contact Data such as permanent address, current address, telephone
number, email and data on any social media platform; and
- Data of an Equipment or Instrumentsuch asIP address Cookie, ID IMEI
- Usage and Disclosure of the Personal Data
The Company may disclose the personal data if necessary, for the purpose of
complying with the informing Company’s objectives to a third party and/or any other
organizations or entities as follows:
Trading partners, business partners of the Company, subsidiary and/or other
service providers, including financial institution. Disclosing the personal data
to such third party and/or any other organizations or entities, the Company shall
manage those mentioned persons to keep the personal data in secret and not to
use it for any other purposes rather than the scope set forth by the Company.
Government sector which has a legal authority according to the laws; for the
purpose of complying with the laws, orders, petitions; in order to coordinate
with any sectors in relation to the legal compliance.
- Personal Data Collection Period
The Company shall collect the personal data of the Data Subject for a necessary
period for the purpose of the Company’s objective in accordance with a type of
the personal data; except, there is a permission by laws providing a period
extension for collection. In the event that the personal data collection period
cannot be precisely specified, the Company shall collect the personal data for a
foreseeable period in accordance with a collection standard. Once such
collection period is expired, the Company shall delete or destroy such personal
In the case that the Company uses the personal data of the Data Subject with his
consent, the Company shall process such personal data until the Data Subject
notifies to cancel such consent and the Company has completely cancellation
as requested. In this regard, the Company shall collect necessary part of the
personal data for recording a cancellation of such consent by the Data Subject.
- Transferring the Personal Data to a Foreign Country
The Company may deliver or transfer the personal data of the Data Subject to
an affiliated company or any other persons in a foreign country in a necessary
case to complete the Company’s objectives which have been informed to the
In the event of delivering the personal data of the Data Subject to a foreign
country, the Company shall comply with the Personal Data Protection Act and
use a suitable measure to ensure that the personal data of the Data Subject is
protected. The Company shall provide that a person who receivesthe data shall
have a suitable protection measure to protect the personal data of the Data
Subject and processes such personal data merely in a necessary manner
- The Rights of the Data Subject under the Laws
The Data Subject has the rights as follows:
Right to Withdraw a Consent
The Data Subject has the right to withdraw a consent of Processing the personal
data which has been given to the Company at all time. In this regard, the
withdrawal shall not affect a part of the personal data which has been Processing
with lawfully consent given by the Data Subject.
Right to Access and Request Receive a Copy of the Personal Data
The Data Subject can inform the Company to provide a copy of the personal
data and has the right to inform the Company to disclose an acquisition of the
personal data where such personal data has been given without the Data
Right to Request Receive to Send or Transfer the Personal Data
The Data Subject can request the Company to send the data to other persons
and request to receive the personal data which the Company has sent or
transferred to other persons.
Right to Object Collection, Usage or Disclosure of the Personal Data
The Data Subject can object collection, usage or disclosure of the personal data
upon there is no necessity to collect, use and disclose the personal data; or upon
a collection, usage or disclosure for a purpose of direct marketing.
Right to Request for Deleting or Destroying the Personal Data
The Data Subject can request the Company to delete or destroy the personal
data upon there is no further necessity of collection; or upon there is an unlawful
Processing of the personal data.
Right to Request for a Usage Suspension of the Personal Data
The Data Subject can inform the Company to suspend the personal data usage
during a personal data correctness inspection as requested by the Data Subject
for a correctness amending of such data; or as requested to suspend instead of
deleting the data.
Right to Request for an Alteration/Addition of the Personal Data
The Data Subject can request the Company to amend an incorrect, not-up-todate, misleading personal data and/or to add the incomplete data.
Right to Complain
The Data Subject has the right to complain in the event that the Company
violates or does not comply with the Personal Data Protection Act or with a
declaration issued in accordance with the Personal Data Protection Act.
The Data Subject can exercise the rights which provided by law by contacting the
Company or the Data Protection Officer in accordance with article 8 and 9 of this policy
(the rights can be exercised upon the Personal Data Protection Act has come to effect on
the data controller). The Company shall proceed with and consider the complaint in
accordance with the rights of the Data Subject within 30 days from the date that the
complaint has been received. In this regard, the Company shall reserve the rights to
refuse to proceed the Data Subject’s right under the conditions of the laws or under any
agreements with the Company.
- Security Measure
The Company has adopted the technical security standard and appropriate management
in order to protect the personal data from an unauthorized accessing usage or disclosure;
misusage; loss; destruction, by using the appropriate standard for security such as data
level security or access restriction of the personal data, in order to ensure that only an
authorized person can access to the personal data of the Data Subject. The Company has
provided an appropriate security measure to prevent loss; access; usage; alteration;
amendment; disclosure of the personal data from an unauthorized person or a person
who is not related to the personal data.
- The Information of the Data Controller (the Company)
Getlinks (Thailand) Company Limited
Address 193/36 Lake Rajada Office Complex, Unit 10B, 10th Floor, Ratchadaphisek Road, Klongtoey Sub-district, Klongtoey District, Bangkok
- The Information of the Data Protection Officer (DPO)
- Name : Ms.Jantima Uraiklang
Department : Human Resource
Position : Human Resource Manager
Contact : 061-9696495
Email : firstname.lastname@example.org
- Name : Ms. Nedsiri Hemrujruangkun
Department : Human Resource
Position : Human Resource Officer
Contact : 064-1652987
Email : email@example.com
- The Company reserves the right to make all additions, alterations, improvements to the
personal data protection measure to be appropriated in accordance with the Personal Data
Protection Act. In the event that there is any amendment, the Company shall inform the
Data Subject afterward.