Privacy Policy

1. Principles and Objectives

AIRR LABS (THAILAND) Company Limited (hereinafter referred to as the “Company” or “we” or “us”) recognizes the importance of Personal Data Protection Act (PDPA). As a result, the Company has established Privacy Policy (“Policy”) in order to be in compliance with the regulations and international standards for personal data protection, including the creating the effective and appropriate guidelines and management of any infringement.

2. Enforcement of Privacy Policy

This Policy, according to Personal Data Protection Act B.E. 2562, is applied to all personal data collected, used and/or disclosed by the Company, which is entitled by the Data Subject to the Company to collect and use such personal data (if any), in accompany with any personal data, that is currently collected and/or will be further collected in the future, in order to use or disclose to other persons pursuing to the scope and objectives stated herein.

3. Definitions

“Privacy Policy” means policy that the Company established to inform Data Subject on how the Company collects, uses, and/or discloses personal data to comply with Personal Data Protection Act B.E. 2562;

“Personal Data”  means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular;

“Sensitive Data” means any person data may lead to unfair discrimination, in this policy wherein means, racial, religious beliefs, sexual behavior, criminal records, health data, disability, genetic data, biometric data, political view, or of any data classified by law as stated in the announcement by the Office of the Personal Data Protection Commission (PDPC);

“Data Processing” means any actions which act on the personal data, whether by automated method or not, such as collecting, recording, organizing, storage, use, disclosing, changing or any other actions causing an availability, compilation, or destruction of personal data.

“Data Subject” means a natural person who is a personnel, staff, employee, job applicant or any related person, customer, service user, website visitor, visitor of the Company’s mobile application, including executive of the Company and any person who has a legal relation with the Company, hereinafter referred to as a “Data Subject”;

“Data Controller” means the Company having the power or duties to make decision regarding the personal data, obtaining from Data Subject or service provider of Data Subject or performance of contractual obligation with Data Subject, whether directly or indirectly. 

“Data Processor” means a person or juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such person or juristic person is not the Data Controller;

“Cookies” means text files with small pieces of data which collect necessary personal data into the computer owner for convenience and speed of communication that will be effective only when using website.

4. The Collection of Personal Data

We may collect or obtain Personal Data such as personal information, information related to personal life or interests, financial information and Sensitive Data in which the source and the principle of Personal Data collection is as follows:

4.1 Source of Personal Data

The Company will collect Personal Data of the Data Subject directly when the consent given by the Data Subject, whether voluntarily or expressly, and by one of the following methods:

4.1.1 Service request form or the processing of a submitted request when exercising of rights via both online and offline.

4.1.2 Questionnaire survey or e-mail correspondence.

4.1.3 Via the Company’s Website or Mobile Application of the Company, if applicable

4.1.4 Other communication channels between the data subject and the Company as provided by the Company.

In case you have given any Personal Data of any other person to us for executing transactions with us or any other purposes, you shall notify such person of the details relating to the collection, use and disclosure of Personal Data and rights under this privacy notice. In addition, you shall obtain consent from such person (if necessary) or rely on another legal basis to provide Personal Data to us.

Our service does not address anyone under the age of 20 or incompetent persons. We do not knowingly collect personally identifiable information from anyone under the age of 20 or incompetent persons. If you are a parent or guardian and you are aware that your child or incompetent person has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 20 or an incompetent person without verification of parental consent, we take steps to remove that information from our records and/or servers. In some cases, this means we will be unable to provide certain functionality of the service to these users. If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.

4.2 The Company may collect or obtain Personal Data, such as first name, surname, address, date of birth, gender, educational background, phone number, E-mail, Line ID, Identification number or passport number, marital status, work certificate, job position, GPS, username and password for online application, IP address, Cookies, marketing statistic of data subject, religion, health record, criminal record, and any other information that may occur while using the service with the Company, etc.

4.3 The Company processes Personal Data under the following objectives and when required by law:

4.3.1 When customers, contractual parties and service users contact about the service or enter into a contract with the Company, it is necessary to request for the Personal Data of such persons to the Company for processing to provide a service, enter into a contract, communicate with such persons, follow up and notify about the performance of the contract.

4.3.2 Upon the recruitment with the Company or conducting a transaction related to the Company through any channels, personnel are required to provide their Personal Data to the Company in order to process regarding selection, approval of employment, calculation of entitlement under the employment contract, due date for a payment, salary, communication with personnel and notification of benefits and rights that have been changed, answering inquiries and other notification of changes.

4.3.3 Processing data on the consent basis, for example,

The Company may use the Personal Data of customers, contractual parties, and service users for processing in order to enter into a contract with such persons. The Company may require the processing of Sensitive Data appearing on the identity documents (e.g., religion) for the purpose of person identification, and assistance of the person in the event that such person is ill or needs emergency assistance, including, the facilitation of insurance on behalf of the personnel.

4.3.4 Processing data on the legitimate interest of data controller basis, for example, the Company processes the Personal Data of its customers, contractual parties and service users for business administration and relationship management, including but not limited to, issuance of an invoice in accordance with the internal records, internal management, audit, reporting, submission or filing requirements, data processing or other related to or similar activities. The Company may process Personal Data for management and internal reporting of the Company, maintenance of the work and service standards, tax and risk management, audit, submission or filing the information, data processing or other related or similar activities.

4.3.5 Processing data on the legal obligation basis, the Company may use Personal Data of customers, contractual parties and service users to process in compliance with the applicable laws or orders of legal authorities according to the obligations prescribed by law and/or internal processes, fraud detection, legal or other regulatory investigations. In addition, the Company may process the Personal Data of personnel in compliance with laws on employment and business operations, such as, Labor Protection Act B.E. 2540, Student Loan Fund Act B.E. 2560, Thai Provident Fund B.E. 2530 etc., as well as any other laws required for a disclosure of Personal Data.

The Company will not process such Personal Data without the consent of customers, contract parties, service users and personnel. Additionally, provided that customers, contractual parties, service users and personnel desire to withdraw their consent in data processing thereon, customers, contractual parties, service users and personnel may contact the Company to request for the withdrawal of consent. Company shall not process services or action without the consent of Data Subject.

4.4 Some of Personal Data collected by the Company may be Sensitive Data, where the Company will request for express consent, for example, racial, religious beliefs, health data, criminal records, labor union etc. The Company will collect these data when is necessary, in compliance with laws and regulations. In obtaining consent, the Company will request for a consent from the Data Subject, prior to or at the time of collection, use and disclosure of Personal Data; unless,

          4.4.1 For the achieving of education, research or statistics, to protect the right and freedom of Data Subject;

          4.4.2 For preventing or suppressing a danger to life, body or health of Data Subject or other persons;

          4.4.3 For the performance of a contract or in order to take steps at the request of the Data Subject prior to entering into a contract; 

          4.4.4 For the performance of a task carried out in the public interest or for the exercising of official authorities;

          4.4.5 For legitimate interests overriding all the Company’s operation; 

          4.4.6 For the compliance with the judgement adjudicated by the court or required by the law, such as Communicable Disease Act, Computer-related Crime Act, Cyber Security Act, Anti-money Laundering Act and so forth;

          4.4.7 It is regarded as a legally public information.

5. Use and Disclosure of Personal Data

The usage and disclosure of Personal Data of the Company shall be according to the purposes or as necessary for the direct benefits related to purpose of collection. The Company may disclose the Personal Data of data subject to any persons, agencies or to any third person, such as the Department of Labor Protection and Welfare or other Legal Execution Department, related companies, business allies, social media (i.e. Facebook, Line), banks, financial institutions or payment service providers etc., only when necessary and required by the law.     

6. Privacy Notice of Other Website

This Privacy Policy is applied only for the services of the company and use of the Company's website only. If customers, contractual parties, service users and personnel have clicked to other websites (even through the Company's website), this Policy and the terms and conditions of the Company shall not be binding to such customers, contractual parties, service users and personnel. In this regard, the customers, contractual parties, service users and personnel shall advise and abide by the Privacy Policy appearing on that website by themselves. The Company shall not be liable for the content or operation of such website due to not providing by the Company.

7. Maintenance of Personal Data

Personal data will be retained for a period as necessary for the purposes of data processing and in accordance with applicable law. After such a period expires or the Company has no right to retain the Personal Data, or the Company is unable to claim a lawful basic for data processing of Personal Data, the Company will destroy such Personal Data by appropriate and legal means.

8. Send or Transfer Personal Data to Other Countries

In the event that the Company sends or transfers Personal Data to other countries or retains the Personal Data to other databases located in other countries, the sufficient measures for Personal Data protection or equivalent to measures under this policy shall be provided, unless it is required by law or under the consent of Data subject.

9.  The Rights of Data Subject

The Company provides a channel and facilitates the Data Subject or the person having the authority to act on his/her behalf in exercising the rights of Data Subject in accordance with the law on Personal Data protection, which entitles the Data Subject to exercise his/her rights as following:

9.1 Right to withdraw consent, which can be done all the time that data is kept within the Company.

9.2 Right to access and request a copy of Personal Data, which is under the responsibility of the Company, as well as request for disclosing the acquisition of Personal Data that have not obtained the consent given by the Data Subject.

9.3 Right to rectification by requesting the Company to rectify the Personal Data to be complete, accurate, up-to-date and non-misleading. 

9.4 Right to erase, destroy or de-identify the Personal Data of Data Subject.

9.5 Right to restriction of Personal Data processing.

9.6 Right to data portability by requesting for the Personal Data which is collecting by the Company; provided that, supposing that such Personal Data is in readable form or common use by general or automatic equipment and can be also used or opened automatically, including the right to request for the Personal Data sent or transferred directly to another data controller, unless it is unable to do so due to a technical condition.

9.7 Right to object to collect, use or disclose the Personal Data.

Subject to the applicable laws, the Company may refuse such an exercising of Data Subject rights or his/her authorized person; provided that, it is not against the law.

10.  Securities for Personal Data

            For the benefit of confidentiality, integrity, and availability of Personal Data, the Company has established and implemented measures to maintain the security of Personal Data according to following:

            Providing the authentication measures, determining the rights (Authorization), and recording all activities (Accounting) concerning accessing, using, disclosing, and processing Personal Data in accordance with the Information Security Policy provided by the Company strictly.

            In the event that the Data Subject provides Personal Data of any third parties, i.e. spouse, family members, friend, other related company etc. to the Company, for example, may specify as an emergency address contact, the Data Subject shall certify and warrant that the Data Subject has consent to the collection, use and disclosure of such Personal Data as set forth in this Policy.

11. Improvement, Review or Amendment of this Policy

            The Company may update, review, or amend this Policy, whether in whole or in part or from time to time, to be consistent with the law, rules and regulations of authorized authorities, and the Company’s operations, at least on annual basis or in the event of any change which significantly affects this Policy.

12. Remark

An English version of Privacy Policy has been prepared from the Privacy Policy in Thai. If there is a conflict or a difference in interpretation between the two languages, the Thai language version shall prevail.

13. Contact Us

If there is reasonable reason to doubt or believe that there is any violation of Personal Data, complaint, or the exercise of Data Subject rights under this policy or the Personal Data Protection Act B.E. 2562, you can contact the Company by:

Address: AIRR LABS (THAILAND) CO., LTD. No. 55, 11th Fl., Unit 11.01, 11.06 Wave Place Building, Wireless Road, Lumpini, Pathumwan, Bangkok 10330

E-mail: dpo.th@airrlabs.com

Request for Data Subject Right Request Form CLICK