True Digital Park User Privacy Policy 1.0

1. Purpose and scope

True Digital Park Co., Ltd (“TDPK”) is committed to meet and uphold all obligations under the Personal Data Protection Act (2019), and this True Digital Park User Privacy Policy (“policy”) will provide a framework and elaborate upon the procedures users’ personal data will be stored and processed during and after the term of the contractual obligation in accordance to the purpose and scope of the company.

It applies to all processing of personal data of existing TDPK users, irrespective of whether the data is processed on non-TDPK equipment or by third parties. This should be read and comprehended by all related parties to ensure complete understanding of the procedures users’ personal data will be stored and processed.

For the cases of visitors and vendors, TDPK has separate sets of policy for these data subject.

• ‘Personal data’ means any information relating to an identifiable living individual who can be identified from that data or from that data and other data.

• ‘Processing’ means anything that is done with personal data, including collection, storage, use, disclosure and deletion.

• ‘User’ means all individuals who are staff of TDPK’s tenants or have received one of TDPK’s services

This policy may be revised at any given time as notified to users through appropriate channels.

2. Who have the right to process collected Personal Data?

TDPK acts as the data controller for all users, and therefore has the role and responsibility in processing and ensuring the security and privacy of all personal data in accordance to Personal Data Privacy Act (2019).

User data from registration and other sources will be used by employees of TDPK and other related third parties, as identified in Section 8, to carry out tasks as required by TDPK.

3. Which Personal Data are being collected and stored?

TDPK stores the following users’ personal data:

- Personal Details including but not limited to Name-Surname, Salutation, Contact Number, Email Address, Nationality, Date of Birth, Gender, Job Title, ID Card Number, ID Photo

- Emergency Contact Information

- Other personal data from TDPK’s registration page

- Membership and related product/service payment data

- Data log related to TDPK service usage

- Data log from TDPK’s infrastructure technological (IT) system, including but not limited to CCTV, access control

Apart from this, TDPK may also stores and processes sensitive data, including but not limited to:

- Racial or ethnic origin, political opinions, religious or philosophical beliefs

- Facial Recognition Data

4. How does TDPK store your Personal Data?

In general, TDPK will directly collect and store users’ personal data through the registration process. However, TDPK may collect additional data through third parties, including TDPK’s tenants and other related organizations in the public and private sector. TDPK will request for consent from users and inform detail regarding other data collection channels within 30 days of data collection.

5. How does TDPK use your Personal Data?

TDPK uses personal data to carry out tasks in accordance to TDPK’s scope and purpose, including, but not limited to:

- Providing services to users where personal data, or access to TDPK premise, is required for the provision of the selected service

- Providing additional services to users, including but not limited to, seminars, consultations

- Other processes to increase the convenience and accommodation to users, including but not limited to IT services, meeting rooms

- Improving the experience of services provided, through behavioral studies or customer satisfaction survey

- Ensuring the security of the premise, with the usage of technological devices such as CCTV

- Analyzing and profiling aggregated data to improve and understanding of users’ behavior and, as a result, improve TDPK’s service and customer relation

- Contacting users to relay questions and improve understanding of customer, to help uplift services further

- Supporting marketing and communication purposes, where TDPK may reach out to communicate news and promotional offers through emails and other social media, and review the effectiveness of such communication

TDPK has the following legal basis to store and process users’ personal data. Not all users’ personal data will be applicable to every legal bases stated below, and may be based upon one single or a combination of several legal bases.

(1) Contract

TDPK is obligated to process personal data to carry out the responsibilities committed in accordance to the contractual requirement. These required personal data make up most of the data stated in Section 3. Also, to carry out these responsibilities, users’ personal data must be processed by vendors and other third-party organizations to carry out the required tasks.

(2) Legal Obligation

TDPK is obligated to process the personal data in accordance to any legal requirement, including but not limited to the monitoring and verification of personal data by governmental bodies.

(3) Legitimate Interests

TDPK is obligated to process data in accordance to the rules and regulations of TDPK – with emphasis on data usage for security reasons.

(4) Consent

In some cases, TDPK will request the consent of TDPK users to process personal data, including, but not limited to, customer satisfaction survey.

TDPK will process users’ personal data in accordance to the stated legal bases, or related legal bases that do not contradict the scope and purpose of TDPK. If there came upon a case where personal data were to be processed using a legal basis that has not been stated above, TDPK will ask for a new consent for usage of personal data in this additional legal basis.

In the case where users refuse to provide personal data, TDPK will not be able to provide the contractual obligated services. In the cases where users are still able to receive services provided by TDPK, users may experience a limited scope of services as TDPK has not received the necessary consent to provide the full scope of the service. 

6. Sensitive Data

Sensitive data includes, but not limited to:

(1) Racial or ethnic origin, political opinions, religious or philosophical beliefs

TDPK will process users’ personal data related to racial or ethnic origin, political opinions, religious or philosophical beliefs only in the cases where explicit consent has been given, including the cases for the legal basis of legal obligation and legal claim. For the specified cases, TDPK will ensure that appropriate personal data policy is applied.

(2) Facial Recognition Data

TDPK will process users’ biometric data only in the cases where explicit consent has been given, including the cases for the legal basis of legal obligation and legal claim. For the specified cases, TDPK will ensure that appropriate personal data policy is applied.

TDPK uses sensitive data to carry out tasks in accordance to TDPK’s scope and purpose, including, but not limited to:

- Processes to increase the convenience and accommodation to users, including but not limited to IT services, meeting rooms

- Improving the experience of services provided, through behavioral studies or customer satisfaction survey

- Ensuring the security of the premise, with the usage of technological devices such as CCTV

- Analyzing and profiling aggregated data to improve and understanding of users’ behavior and, as a result, improve TDPK’s service and customer relation

7. Cookie Policy

TDPK uses cookie to help improve the experience users receive within our website and for all third parties to improve the advertorial material shown to users on our and others’ websites. For more information, please see TDPK’s Cookie Policy.  

8. Usage of Personal Data with Third-party Organization

TDPK may be required to pass on personal data to third-party organizations and for them to process personal data, in accordance with contract or the legal obligation of TDPK. This includes:

- Parent or sister companies which has a separate legal entity

- External companies providing services to TDPK

- External companies providing support and sponsorship to TDPK

- Employer or Agencies

- Governmental bodies

For the case where personal data is being passed on the third-party organizations, TDPK will ensure that minimum amount of personal data is being sent and consider anonymization and pseudonymization techniques for greater security. Nevertheless, third-party organizations who will process users’ personal data for TDPK will be required to have an appropriate privacy policy and TDPK does not permit these third-party organization to use the users’ personal data in a way that diverge from the agreed scope and purpose.

9. Transferring Personal Data to Foreign Countries

TDPK may be required to pass on personal data to foreign countries, including, but not limited to, the case of users being residents of foreign country or a related third-party organization in situated in a foreign country. For these cases, TDPK will pass on users’ personal data only when these requirements have been met. This includes:

- Receiving foreign country has a substantial personal data regulation in place

- Receiving organization has a substantial privacy policy in place and certified by the Personal Data Committee

- Receiving organization is obligated to follow a substantial privacy policy with a sufficient remedial measures in accordance to the procedures identified by the Personal Data Committee (including, but not limited to, standard contract, vendor process agreement)

- A necessary task to exercise a legal rights

- Consent has been received from appropriate individuals agreeing to the pass on of users’ personal data to a foreign country which does not have a substantial privacy policy

- A necessary task to carry out contractual agreements of the users

- A necessary task to carry out under contractual agreement between two entities for the benefit of the users

- To ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time

- A necessary task for the good of the public

10. Security Measures for Personal Data Protection

TDPK has implemented security measures to ensure the security of users’ personal data. Security measures implemented include:

- Limiting the access to our premise and access to TDPK’s internal system – only users who have been deemed appropriate are given the permission to access our system

- Utilizing technological services to increase security (e.g. firewall, password strength review)

- Reviewing security level of the internal system

- Implementing best practice procedures in ensuring the security and the upkeep of the system

- Limiting the access to each system to only users who critically require the knowledge of personal data for the functioning of their scope of work

- Ensuring that all third-party organizations must carry out the processing of personal data in accordance with TDPK’s policy and agrees to ensure the security of users’ personal data

11. Time Period of Personal Data Storage

TDPK will store users’ personal data throughout for the appropriate period in accordance to TDPK’s scope and purpose, or to the related laws and regulations. The period will stretch no more than required and usually does not extend beyond 1 year from the expiration of the contractual obligation.

12. Users’ Personal Data Rights

Your personal data rights include:

- Right to Withdraw Consent

o You have right to withdraw your consent at any point in time after the consent has been given, with the exception for the cases where there is a right limitation due to legal or contractual requirements

o You have the right to withdraw your consent to data processing activities throughout the period where your personal data is retained by TDPK

o When your consent has been withdrawn, TDPK will not be able to provide services at its full scope

- Right of Access – you have the right to request a copy of all your personal data and assess if the company is processing your personal data in accordance with the law or not

- Right to Data Portability – for the case where company has an automated platform allowing you to access to your personal data automatically:

o You have the right to ask for your personal data to be transferred automatically to other organizations

o You have the right to ask for your personal data to be directly transferred to other organization, with the exceptions cases where there is a technological limitation

- Right to Object – you have the right to object any data process activity of your personal data for the legal bases, including:

o Public Task or Legitimate Interest

o Direct Marketing Purposes

- Right to Erasure – you have the right to request data deletion or anonymization, in accordance to the following cases:

o Expiration of data processing required terms

o Consent has been withheld

o Objections raised on the data processing activity

o Processing activity is not in accordance to the law

- Right to restrict processing – you have the rights to restrict any data processing activities, in accordance to the following cases:

o During the process of personal data assessment as requested

o For cases related to personal data which has initially requested for deletion and erasure, but was followed by additional request of processing restriction instead

o For cases when the data processing terms have passed but you have requested for processing restriction due to legal reasons

o During the process of personal data processing objection verification

- Right to Rectification – You have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, the company may not edit this themselves.

- Right to Complain – You have the right to issue a complaint for specified cases

In the cases where TDPK may not be able to carry out and exercise your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the rights to retract your consent though email contact to all related parties. TDPK will be required to terminate all processes as soon as possible. However, the retraction only be carried out to all data processing after the retraction. Any data process activity carried out prior to the retraction will not be reversed.

Please be informed that TDPK does record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available at:

In the case where you have the intention to exercise your personal data protection rights, please contact (xxx). TDPK will process this request in a secure and timely manner.

13. Contact Us

If you have any queries or request regarding your personal data rights, please contact TDPK through one of the following channels:

Address: True Digital Park, 101 Sukhumvit Rd, Bang Chak, Phra Khanong, Bangkok 10260

Contact Information: https://www.truedigitalpark.com/contact_us

14. Policy Revision

This policy has been last revised on May 2020.

TDPK holds the rights to review and edit the policy as the company sees fit. Any revision made will be notified to all related parties regarding the changes in the procedure of data processing activity.