Hua Hin Asset Co., Ltd.
In order to be aware of the company’s privacy protection policy, therefore; the company announces the privacy protection policy as follows:
Means 1) Hua Hin Asset Company Limited, 2) other company in Hua Hin Asset Company Limited which holds shares in every ways, direct or indirect that not less than 30% of the paid-up capital of that company. (in case of other companies are the controllers of personal data) 3) Bluport Hua Hin Resort Mall Shopping Center.
“Company in Hua Hin Asset Group”
Means 1) A company in Hua Hin Asset Co., Ltd. holds shares, direct or indirect , not less than 30 percent of the paid-up capital of that company 2) Hua Hin Company. Asset Co., Ltd. In the case where other company in which Hua Hin Asset Co., Ltd. holds shares in all chains, direct or indirect, not less than 30 percent of the paid-up capital of that company is the controller of personal data.
Means a customer or purchaser who use of the Company’s services, including the use of the company’s website or application or other services, who are natural persons and include business partners and stakeholders which they are also a natural person This is not included employees.
Means a partner who does business or works with the company.
Means any information about an individual to assure that person to be identified either direct or indirect. According to the Personal Data Protection Act B.E. 2562
Means a website of Hua Hin Asset Co., Ltd. and/or companies in the Hua Hin Asset Group own or supply services.
“Personal Data Controller”
Means a company or company of Hua Hin Asset group which has powers to make a decision concerning to personal data.
So, a company reaches personal information from customers or supplies services to customers or has to perform contracts with customers
“Personal Data Protection Officer”
Means an officer appointed by the Personal Data Controller to act as a Personal Data Protection Officer. According to the Personal Data Protection Act B.E. 2562
“Personal Data Processor”
means a Personal Data Processor for a Personal Data Controller.
2. General Chapter
1) Shopping center service, real estate rental, space rental and providing commercial spaces, restaurants and other company services.
2) Registration for application service
3) Use of services or purchase products Access to and use of the content, features, technology or function displayed on this website, applications or the compan
4) Any services of the company, including other services of the company both existing and those that the company will develop in the future.
5) Providing services to all holders of the company, creditors, trading partners and stakeholders of the company, except employees.
3. Collection of personal information
The Company would like to inform the client that refuses to provide the information necessary to the company’s services. It may result in the company is unable to provide service for customers in part or in all. The company collects information in several ways. Including the use of technology such as cookies, which are small pieces of information stored on the customer’s device to empower the website or application to remember access to the website or application. When the customer uses the website or application per time (Additional information about cookies) The information related to the customer that the company collects them includes:
3.1. Information of direct customer.
For personal data that is required by law, the customer’s consent must be obtained prior to collection. The company will collect only what is necessary. With the consent of the customer Unless there are exceptions by law, the company may collect without obtaining the consent of the customer.
In some cases, to provide services or for any other operations of the company for the purpose of collecting personal information of customers. The company is compeled to collect, use or disclose sensitive personal data such as personal data relating to race, ethnicity, political opinion, ideology. Religion or philosophy, sexual behavior, disability, trade union information, genetic information, biological information, etc. Some case that the company will notify the customer and their consent. To collect, use, or disclose for sensitive information for each purpose. Unless it is the collection, use or disclosure of sensitive information that the company can legally do without the consent of the customer.
3.2 Information obtained from the use of the customer’s service
The Company will collect information about the services that the customer uses and how the customer uses them, such as audio-visual data, information about the devices the customer uses for accessing the website. or applications, computer traffic data (Log), communication data between customers and other users. and data from the usage log such as device identifiers, computer Internet Protocol Address (IP Address) number, device identifier, device type, mobile network information, connection information, geographic location information (Location), using location technology such as where IP address, Global Positioning System (GPS), type of computer program used to view the website (Browser), website access log information, website information that users access before and after (Referring Website), Website usage history log, login log, transaction log, customer behavior, reward redemption history or benefit usage, website traffic statistics , access time, information that customers search or visit, social media usage information (Social Media), use of various website functions and information that the company collects through cookies or other similar technologies. each other, etc.
In addition, within the common area of the building, entrance and exit of the building and specific area CCTV is installed for security. The customer’s communication with the company Or the company’s team will have audio or video recordings. or record the details of communication with the Company by other means the details above are just a sample of the data.
The company will collect the customer’s personal information only the necessary information and collect it for as long as is necessary for each type of personal data and the purpose for which it was collected. At present, the Company defines the retention period of personal data for the longest period of 10 years from the date the customer cancels the service or terminates the contract with the company after the expiration of the storage period of each type of data The Company will destroy personal data collected by the Company in accordance with the purposes for collecting and using personal data as stated in Topic 4.
3.3 Personal data collected by the Company from sources other than the owner of the personal data
From the sources have the authority There are legitimate grounds or consent from the customer to disclose information to the Company, such as linking to a website, product or service, obtaining personal information from a government agency. including out of necessity to provide contractual services in which personal data may be exchanged with counterparties.
This also includes cases where the customer provides personal information of a third party to the company. The customer is responsible for informing the details under this policy or the announcement of the product or service, as the case may be, to such person. as well as obtaining consent from that person if it is a case where consent is required to disclose information to the company
4. Purpose of collecting personal data for use or disclosure
The Company collects and uses personal information to use or disclose for the following purposes:
4.1 To ensure orderly use of the service and in accordance with the law, rules and regulations related including for the performance of duties under the law and rules related to or applicable to the Company both currently in force and that will be amended or added in the future
4.2 For the purpose of confirming or identifying the Customer when accessing the Services, communicating, selecting, entering into a contract, performing the contract. and providing services to customers to ensure that the services The company’s said information is safe and confidential.
4.3 To check the customer’s use of the service according to the safety and security standards of the system in using the service Management and protection of information technology infrastructure
which the company may use personal information of customers Only to the extent necessary and may proceed with Encryption prior to use and/or arrange for a random check. Third party access testing for use in risk management, monitoring, detecting, preventing, or eliminating fraud or fraud, or other activities; that may be a violation of the law. Relevant usage regulations or the terms and conditions of use of the Company’s website or application and to improve and develop safety standards and system stability
4.4 To develop products, services and increase efficiency in providing services in various fields to more customers
4.5 To contact customers Via social media (Social Network), telephone, text message (SMS), email (E-mail) or post or through any other channels. To inquire or inform customers or verify and verify information about the customer’s account. or poll or notify any other information related to the service of the company as necessary
4.6 To process and analyze any other benefits related to the Company’s business operations, for example for the purpose of setting up and managing accounts, delivering marketing communications. and educational activities, research, statistical preparation, survey, research and development of procurement of goods and services, service development. Prepare and deliver marketing or advertising information of the Company and/or companies in the Hua Hin Asset Group or for related purposes. including content delivery public relations Activities and promotions as well as providing appropriate advice in order to provide various services to meet the interests of customers. Personalization of content, business information or user experience fraud prevention as well as to comply with the law and internal audit requirements.
4.7 To prevent or suppress harm to the life, body or health of the customer including customer assets or is necessary for the performance of duties in the public interest of the Company or performing duties in exercising state powers given to the company or its employees or its representatives or in compliance with the law
4.8 For joint marketing (Co-marketing) with companies in the Hua Hin Asset group, subject to the consent of the personal data subject first. for the purpose of 1) Communicate, provide information or recommend products or services. 2) Offer promotional programs. Marketing activities, discounts, promotions and benefits from the company and/or business partners, including 3) Processing and analyzing data (Data Analytics), customer behavior and interests (Customer Profiling) to provide a personalized experience. or appropriate or that customers may be interested in through the Loyalty/Reward Program system
4.9 For the preparation of databases and history of using the website, products or services of the Company. and companies in Hua Hin Asset Group
4.10 To provide any other benefits according to the customer’s consent
4.11 To meet the objectives of the procurement product quality inspection and evaluating the effectiveness of services, products, advertising and promotional activities, etc.
5. Disclosure of personal information
To use personal information of customers for the benefit of improving service efficiency in various fields to more customers or to improve and develop the service and accessibility of content on the website, the security of the website or the applications and networks provided by the company. and companies in the Hua Hin Asset group or for the benefit of the Company’s operations and companies in the Hua Hin Asset group by disclosing personal information to such persons The Company will ensure that those individuals keep the customer’s personal information with safe and confidential measures. and will not be used for any purpose other than the scope specified by the Company.
In the case that the customer believes that the person who the Company discloses the customer’s personal information as above The customer’s personal information is used for purposes other than the scope specified by the company. The customer can notify the company to take further action in relation to it. The company recommends that customers check at the same time that Customers have used the website, product or the services of the Company’s business partners or others directly without connection with the services or operations of the Company? Because those service providers or other parties may collect personal data in connection with the use of the customer’s services from using the website, products or services of those service providers or others directly.
In which case the Company cannot be held responsible for the security or privacy of any personal data. of customers collected by the websites, products or services of those service providers or others. Customers should therefore exercise caution and review the privacy policies of the websites, products and services of those service providers or others.
In addition, the company will disclose personal information of customers under the rules prescribed by law, such as disclosure to government agencies, government agencies, agencies that are responsible for providing service supervision. or customer supervisory authority including in the event of a request to disclose information by virtue of law, such as a request for information for litigation or legal action or as a request from a private agency or other third parties in connection with legal process, including where it is reasonably necessary to enforce the Company’s terms and conditions of use; as well as disclosure of personal information in the event of organizational restructuring. mergers, acquisitions, or sales of certain assets
The Company may transfer all or part of the Customer’s personal data collected by the Company to the relevant companies. Customers can check the list of companies in the Hua Hin Asset group or business partners who work with other companies or people who have to work for the company or customers both domestically and internationally with whom the company discloses personal information of customers from the website
However, companies in the Hua Hin Asset group or business alliances working with other companies or people who have to work for the company or customers both domestically and internationally may increase or decrease. The Company will always keep a list of the persons to whom the Company will disclose personal information of its customers.
6. Accessing and updating personal information
6.1 In the case that the customer does not aim to receive information and press releases from the Company Please make your request at Bluport Contact Center: 032-905-111 or E-mail: [email protected].
6.2 Customers can fill out the form. “Request for personal information” and notify the company to consider taking action as requested by the customer through the contact channels specified in the Contacts section in the following cases
6.2.1 When the customer believes that the company collects the customer’s personal information and the customer aims to access or know details about the customer’s personal information that the company has collected or obtained a copy of personal data.
6.2.2 When the customer wishes to update the customer’s personal information to be accurate, complete and up-to-date
6.2.3 When the customer wishes the company to temporarily suspend the use of the customer’s personal data
6.2.4 When the customer wishes to object to the collection, use or disclosure of personal information about the customer including objection to the processing of personal data of customers
6.2.5 When the customer wishes the company to delete the customer’s personal data from the system or the company’s customer database
6.2.6 When the customer wishes to withdraw the consent previously given to the Company for the collection, use or disclosure of the customer’s personal information.
6.2.7 When the customer wishes to request acknowledgment of the availability, nature of personal data and the purpose of the use of the customer’s personal information by the Company
6.2.8 When the customer wishes to request the company to disclose the acquisition of personal data about the customer in the event that the customer has not consented to the collection
However, when the company has received the request The Company will consider and notify the result of the customer’s request within 30 days from the date the Company receives such request. However, the Company can refuse to exercise the customer’s rights under the conditions specified by law. The company will keep a record of the refusal of the request with reasons
6.3. In the case that the customer does not consent to the company collecting, using or disclosing certain types of personal information or let the company take action to delete the customer’s personal information from the company’s system or withdrawing the consent previously given by the customer may result in the Company being unable to process the customer’s request or serve the customer. or may limit the service that the customer receives from the company or not as effective as it should be
6.4 The company will use its best efforts according to the capabilities of the relevant systems to facilitate and implement the customer’s request. unless it appears that Processing the request risks violating the privacy policies of other users. or is against the law or system security policy or in the event that it is impossible in practice upon request
6.5 In the case that the customer is of the opinion that the Company collects, uses and discloses the customer’s personal information and customers wish to exercise their rights or have questions about their rights according to the Personal Data Protection Act B.E. 2562 as the following;
6.5.1 Right to be informed
6.5.2 Right to Withdraw Consent
6.5.3 Right of Access
6.5.4 Right to Rectification
6.5.5 Right to Erasure
6.5.6 Right to Restrict Processing
6.5.7 Right to Data Portability
6.5.8 Right to Object
Please contact or submit a request to the Company through the means specified in the Contact Section.
7. Security measures in keeping personal information
The company strictly attaches great importance to the security of the customer’s personal information and the company has security measured Including a system for collecting, using or disclosing personal information that is safe and appropriate To prevent the customer’s personal information from being lost, used, accessed, changed or disclosed without permission.
The company restricts access to the customer’s personal data to employees, agents, contractors and third parties who have a need to obtain it, and they will only process the Customer’s personal data under the conditions established by the company. In addition, the company will keep personal data for the purposes that have been notified to the customers who own personal data and in accordance with the law.
and in the case that the company will employ a third party company to process personal data of customers The company will select companies with standard data protection systems and make agreements related to the retention of personal data in accordance with the same policy.
According to breach of the customer’s personal information. The company would notify the Office of the Personal Data Protection Commission without delay within 72 hours from the time of acknowledgment of the cause as far as practicable. Unless such breach does not risk affecting the rights and freedom of the customer. In term of the violation has a high risk of affecting the rights and freedom of the customer. The company will notify the customer of the breach, along with the remedy without delay.
8. Links to Third Party Websites, Applications, Products and Services
The company’s website may contain links to third party websites, products and services. Such third parties may collect certain information about the use of the Customer’s service. The company cannot be held responsible for the security or privacy of any information. of customers collected by such third party websites, products or services.
Customers should exercise caution and review the privacy policies of those third party websites, products and services.
9. Application of the Personal Data Protection Policy
11. Policy Review
Following to good governance and social responsibility. The Company and the relevant authorities will review this policy. at least once a year.
12. Governing Law and Jurisdiction
– Send a letter to Hua Hin Asset Co., Ltd. No. 8/89 Soi Nong Kae Village, Nong Kae Subdistrict, Hua Hin District, Prachuap Khiri Khan Province
– Bluport Huahin Resort Mall Contact Center: 032-905-111
– E-mail: [email protected]
The Company has assigned and appointed Mr. Nataphan Itthilawiwong to Be a Personal Data Protection Officer by having the powers and duties as a Personal Data Protection Officer According to the Personal Data Protection Act B.E. 2562 (2019) and is a coordinator on the protection of personal information of the Company They can be contacted at Hua Hin Asset Company Limited at 8/89 Soi Mu Ban Nong Kae, Nong Kae Sub-district, Hua Hin District, Prachuap Khiri Khan Province. Telephone number 032-905-111 and E-mail : [email protected]
In the case of complaints about the company Employees or employees of the Company violate or fail to comply with the law. Owners of personal data can complain to regulatory authorities. according to the details as follows
Office of the Personal Data Protection Commission Contact location: 7th floor, Ratthaprasasanabhakdi Building Government Complex for the 80th Birthday Anniversary, Chaeng Watthana Road, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210
However, the data subject is obliged to file complaints within the time limit prescribed by law.
Announced on 1 June 2022
Mr. Nattaphan Itthilawiwong