Privacy and Personal Data Protection Policy

Gofive Co., Ltd. (the “Company”) hereby advises the privacy policy for your understanding since this policy describes about a procedure of the Company’s treatment to your personal data, such as collection, storage, usage, disclosure, and your rights, etc., for your awareness of the Company’s personal data protection policy. The Company realizes on the significance on protection of the personal data of the Company’s customers, staffs, and business partners. Therefore, the Company has established a strict measure for storing and preventing in accordance with the standards of the laws, requirements, and rules relating to the personal data protection as follows


1. Definition 

“Personal Data” refers to the data relating to a person identifiable either directly or indirectly, but particularly excluding the deceased’s data.
“Personal Data Controller” refers to a person or juristic person who has a decision authority relating to collection, usage, and disclosure of the personal data.
“Personal Data Processor” refers to a person or juristic person who executes regarding the collection, usage, or disclosure of the personal data based on the order or on behalf of the personal data controller. However, the said executing person or juristic person is not the personal information controller.
“Data Owner” refers to the customer, staff, and business partner who are natural persons.
“Person” refers to a natural person. 
  

2. Objective for Preparing the Personal Data Protection Policy 

The Company has established a personal data protection policy for protecting the data of the Company’s customers, staffs, and business partners, to ensure the safety and reliability in performing any transactions with the Company, the efficient data owner protection, and prevention from the unauthorized usage of the owner’s personal data, and remedy of the personal data owner according to the relevant laws. 

 3. Limited Personal Data Collection 

The storage and collection of personal data shall be performed under the objective and scope, using the lawful and fair procedure for data collection and storage. In addition, the limited personal data is stored to the extent that it is essential for providing services, or services by any other economic procedure under the Company’s objective only. However, the Company shall execute to ensure the data owner’s perception and consent via electronics as the Company deems fit. 

The Company shall collect your data via two channels as follows.
Data presented and delivered to the Company;
Data of the usability behavior collected via the third-party’s services

The Company may store your personal data relating to the interest and service used by you. The said personal data may consist of your personal image, race, religion or philosophy, health data, biological data, infirmity, disability, identity, or any other data which will be useful for service provision. However, according to the aforesaid execution, the Company shall request for your consent prior to collection, unless the following events.

3.1. Being the legal observance, such as the Personal Data Protection Act, Electronic Transaction Act, Telecommunications Business Act, Anti-Money Laundering Act, Civil and Criminal Code, and Civil and Criminal Procedure, etc.;
3.2. Being taken place for the investigation benefit of the inquiry official, or the court’s trial and judgment;
3.3. For your benefit, and failure to request for consent at that time;
3.4. Being necessary for the lawful benefit of the Company or of other person or juristic person which is not the Company;
3.5. Being necessary for preventing or suppressing danger on the person’s life, body, or health;
3.6. Being necessary for complying with the contract of which the personal data owner is a contractual party or for using in execution as requested by the personal data owner prior to entry into the said contract;
3.7. For attaining the objective relating to preparation of the history papers or archives for the public benefit, or for the study, research, and statistical preparation, whereas a suitable preventive measure is established.
3.8 Usability behavioral data via the following tools: Google Analytics, Google AdWords, Google Data Studio (Looker Studio), Microsoft Clarity, Tiktok Pixel and Facebook Pixel, for analyzing the platform capacity, and planning the platform development in the future, whereas the said data is the usability data, and not related to any personal data at all.

 4. Objective of the Personal Data Collection 

The Company shall store, collect, use, update, and disclose the personal data of the data provider pursuant to the objective, scope, and procedure prescribed by laws. The storage shall be performed to the extent that is essential for service provision. In addition, the Company shall be mainly operated for benefit of the data owner and other undertakings in accordance with the following objectives.

4.1) For using in processing, managing, and considering the service provisions and operations relating to the Company’s businesses which has been currently existent and may be existent in the future, as well as any undertakings for the data owner’s benefit; and applying in preparation of the accounting, financial statements, and accounting information of the Company; 
4.2) For delivering the personal data to the Company, and National Credit Bureau Co., Ltd., to be used in request of the credit approval, or to any other relevant government agencies for benefit in usage for considering the data provider’s credit;
4.3) For using in monitoring and collecting the installment payment pursuant to the hire-purchase contract, and any other debts (if any) from the data owner, under the legal right of the Company;
4.4) For using in revision, cancellation, and/or renewal of the hire-purchase contract, employment contract, and any other contracts between the data owner and the Company;
4.5) For using as an analytical and presenting data which are allowed to be used in marketing research, and/or sales promotion activity organizing, and/or for benefit in preparation of database and use of data for offering the privilege based on the data owner’s interest and/or improving the service provision, execution, or product of the Company;
4.6) For observing the rules, announcements, regulations, and any other requirements under the duty of the Company in binding in the legal observance;
4.7) For presenting the data, monitoring, coordinating, providing after sales service, as well as preparing the electronics services;

4.8) For recording time attendance for the data owner.
4.9) For any other related executions to attain the aforesaid objective

5. Limitations on the Use of Personal Data

The Company shall collect personal data in accordance with legal standards and shall not use or disclose such data to third parties without the consent of the data subject, except for the purposes stated above or as required by law. Personal data may be disclosed to the following relevant agencies or individuals:

5.1) The use of personal data shall be limited to the purposes previously stated. If there is a change in purpose, the Company shall notify and obtain consent from the data subject before proceeding.
5.2) The Company shall not disclose personal data to third parties without the consent of the data subject, except as required by law.
5.3) The collection, use, and disclosure of personal data shall be conducted only as necessary for legitimate purposes.
5.4) The Company shall implement appropriate security measures to prevent unauthorized or unlawful loss, access, use, alteration, correction, or disclosure of personal data.

5.5) For data analysis tools, as per the section on limited personal data collection, the Company shall comply with the Google API Services User Data Policy for managing data in a user-friendly format (https://developers.google.com/terms/api-services-user-data-policy)
5.6) In cases where the emconnect Club feature is activated, the Company may share certain employee data with emconnect Club, proceeding as follows:
 - Notify employees of the data sharing and obtain consent before proceeding.
 - Limit the scope of shared data to only that which is necessary for the use of emconnect Club.
5.7) In the event that an employee resigns and applies for a position with a new company that also uses emconnect Club services:
 - Some work history data may be shared with the new company through the emconnect Club system.
 - Employees have the right to request deletion or restriction of such data sharing.
 - The Company shall inform employees of their rights and methods for managing their personal data in the emconnect Club system.
5.8) The Company shall not retain personal data for longer than necessary for the purposes for which it was collected.

 6. Right of the Personal Data Owner 

The Company gives precedence to a right of the personal data owner, and therefore, defines a right of the data owner to store his/her/its own personal data which is collected by the Company for the law consistency as follows. 

6.1) Request to access and receive a copy of his/her/its relevant personal data under the Company’s responsibility in accordance with the rules and procedures prescribed by the Company; or request to disclose the acquisition of such personal data without his/her consent.
6.2) Request to receive his/her/its relevant personal data from the Company in case where the Company makes that personal data to be in readable or general usable format by the automatic tool or device; and to be usable or disclosed by an automatic method.
6.3) Objection of, whenever, the collection, usage, and disclosure of his/her/its relevant personal data permitted by laws for storage without the data provider’s consent.
6.4) Request the Company to delete or destruct personal data or make the personal data to be the data of which the personal data owner is unidentifiable in the case required by law.
6.5) Request the Company to suspend the use of personal data in the case required by law.
6.6) Notify the Company to execute so that the said personal data is correct, updated and complete, without cause of misunderstanding.
6.7) Complain in the case where the personal data controller or the personal data processor, as well as the employee or the contractor of the personal data controller or the personal data processor violates or breaches the personal data protection law.

 7. Consent Revocation 

The data owner can, whenever, revoke his/her/its consent given to the Company for collecting, using, or disclosing the aforesaid personal data, by giving a notice of intention to the Company for acknowledgement together with a reason of the said regard. The Company shall execute as notified, unless in case of the limitation of legal right to revoke the consent or data owner utilization agreement.

However, the personal data owner’s consent revocation shall not affect the collection, usage, or disclosure of the personal data already given for a prior consent by the personal data owner. 

 8. Refusal and Preparation of Memo 

In the case where the data owner requests the Company to execute as specified in Clause 6.1-6.7, or Clause 7, the Company shall execute as requested within an appropriate period and in accordance with the operating procedure of the Company. Unless in the following events, the company may refuse the said execution.

8.1) Natural impossibility to execute the foregoing;
8.2) Being a refusal according to law or order of the court, whereas an access and request for receiving a copy of the said personal data will have an impact which may cause damage to a person’s right and freedom;
8.3) Transmission or transfer of the said personal data is a function for the public benefit or a legal function; or exercise of the said right may violate the right or freedom of a person.
8.4) The personal data controller shall indicate a more important legitimate ground in collection, usage, or disclosure of the said personal data.
8.5) The collection, usage, or disclosure of the said personal data shall be taken place for establishing a legal right of claim, observing or exercising a legal right of claim, or raising to defend a legal right of claim.

In the case where the Company refuses not to execute as requested by the data owner for any execution pursuant to Clause 7.1-7.8, or Clause 8, the Company shall prepare the report of refusal memo and reason to refuse the storage in the department, division, or any other work unit inside the Company that declines the request of the data owner.

 9. Data Security and Quality Maintenance Measure  

Due to the Company’s realization on the significance of your personal data’s security, therefore, the Company, has established a measure of the personal data security to be appropriate and consistent with the personal data confidentiality to prevent loss, access, destruction, usage, modification, revision, or disclosure of the personal data without the right or illicitness; and to prevent an unauthorized usage of the personal data.

In addition, the Board of Directors has established the policy, practice, manual, guideline, and training for providing knowledge in storage, usage, and disclosure of the personal data to ensure the conformity to the Company’s standards and consistency with the relevant laws in storage, usage, and disclosure of the personal data by the Company’s staffs at all levels. 

 10. Personal Data Protection Officer 

The Company executes in accordance with the Personal Data Protection Act B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to audit the Company’s execution in relation to the collection, usage, and disclosure of the personal data to be consistent with the Personal Data Protection Act B.E. 2562 (2019), including the relevant laws of the personal data protection. In addition, the Company has established the regulations and orders for the related party’s execution as required to ensure the orderliness of the operation in accordance with the guideline of the personal data protection policy, and the policy of the Personal Data and Cyber Security Management Governance Committee prescribed by the Company.

11Storage and Destruction Period of Personal Data 

The Company shall store data acquired form the data owner in the essential period for execution pursuant to the aforesaid objective only, unless in the case where it is particularly required by law for longer storage. Currently, this period extends to at least 10 years after the company ends its relationship with a client or it is necessary for establishing a legal right of claim, observing or exercising a legal right of claim, or raising to defend a legal right of claim, or executing the contract of which the Company has the legal right.  

 12. Contact 

Gofive Co.ltd 
2525 FYI Center, Building 2, Room No. 1203-1205, 12th Floor, Rama 4 Road, Klong Toei, Klong Toei, Bangkok 10110, Thailand
Data Protection Office Unit 
Email[email protected] 

 Last Update 10 January 2024