Privacy Policy

Patum Design Develop Company Limited (“company”) realizes that personal data protection is crucial because it is a part of the social responsibility and reliable social relation with business partners and customers. The company, therefore, has complied with The Personal Data Protection Act and other required regulations. The company will strictly apply the measures to secure and protect personal data so it cannot be accessed without the consent of the subject. The company will follow the intentions and consent of the data owner to collect or disclose the data as specified by law and comply with international standards.

This policy is set up to manage and secure personal data properly in order to protect the customer’s personal data which has been given to the company. The collection and disclosure of the data will comply with The Personal Data Protection Act and other required regulations.

1. Definition

• Company refers to Patum Design Develop Company Limited.
• PD House Group of companies refers to Patum Design Develop Company Limited and other companies. They are the PD House International Co., Ltd., PD Siam Supply Co., Ltd., and others.
• The owner of personal data refers to the owner of the data which the company has collected and used or disclosed including the customers, shareholders, service providers and stake holders of the company.
• Data refers to personal data, non-personal data, systematic data, location data and cookies.
• Personal data refers to the data of a person that can identify himself/herself directly or indirectly as specified in The Personal Data Protection Act B.E.2562 and other required regulations.
• Sensitive personal data refers to the personal data on race, political views, religious beliefs, sexual behaviour, criminal history, heath, disabilities, union labour, genetics or any other data which will affect the data owner in such a way.
• Biological data refers to a compound or information derived from living organisms and their products such as facial, retina or the fingerprint of a person which can be used to identify the difference between persons.
• Public data refers to the data which the owners have disclosed to the public via online platforms such as Facebook, Instagram, Twitter, Line and other forms of online platforms to connect or log into social account IDs, interests or likes and lists of friends. This personal data can be secured by the account provided by the platform.
• Personal data controller refers to the authorized staff to make a decision on collecting, using or disclosing personal data.
• Personal data processor refers to the persons who collects, uses or discloses personal data as directed or on behalf of the personal data controller.
• Personal data processing refers to the act of dealing with personal data or sets of personal data, automatically or not, such as recording, systemizing, changing or adjusting, transferring or publicizing or dealing with any other means to make the data ready to be used, mixed or deleted.
• Application refers to a computer program or a set of commands used to control computers and connecting devices to respond to the command of the users. Application applies to a User Interface or UI as a medium of usage.
• IP Address refers to a series of numbers that identifies any device on a network.
• Cookies refer to a piece of data that is stored within a web browser that the website can retrieve at a later date. Cookies are used to tell the server that users have returned to a particular website. When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content.
• A log refers to computer generated data that contains information about usage patterns, origin, destination, time, date, quantity, activities and operating system, application, server or other devices.
• Non-identifiable data refers to data which has never been labeled with individual identities.
• An office refers to The Board of Personal Data Protection office.

Data acquisition. The company acquires personal data from the following processes:

Other services not included in our website such as goods or services provided by the company and affiliate companies which are not clearly stated in this policy;

2.2 Data received from affiliate companies;

2.3 Personal data from third parties such as stores or companies providing services on data collecting, business partners and business alliances;

2.4 Personal data received from those who visited other websites connected or related to the website of the company;

2.5 Visiting behavior collecting from the log on the website of the company;

2.6 Personal data received from public records and non-public records which the company has a right to collect according to the law;

2.7 Personal data received from government offices which regulate or enforce the law.

3. Objectives of collecting and disclosing personal data.

The company intends to collect, use and disclose personal data as follows:

3.1 To serve and improve the services and products of the company including other services and products which will arise in the future;

3.2 To make any transactions concerning services or products of the company such as post-sales service;

3.3 To manage the relationship between the company and personal data owners;

3.4 To verify and/or identify the identity of a person accessing any channels of communication with the company;

3.5 To communicate, inform or receive the information from the company or any changes occurred in the company;

3.6 To carry out the intention informed to the company of personal data owners;

3.7 To offer benefits and/or other services of the company such as product offerings, service offerings, promotions in sales promoting activities and any transactions involved in accessing the services of the company;

3.8 To run the business of the company such as checking and developing new products, adjusting or changing services, analyzing services, sales promotion activities and business expansion of the company;

3.9 To do any proper and necessary activities in:

3.9.1 Checking and protecting any actions which may violate the law;

3.9.2 Enforcing regulations of services and policies concerned with personal data of the company;

3.9.3 Healing, protecting or limiting any damages that will occur.

3.10 To comply with the law, the investigations of the officers or regulators or terms and conditions imposed by the government.

For any objectives which haven’t been stated above, personal data owners will be informed when the company needs to collect the data. However, the company will collect, use or disclose personal data under terms and conditions stated in section 3 only on the following conditions:

1. The owners have given the consent to the company as stated in the law;

2. It is needed as a counterparty or is required before signing the contract;

3. To protect or stop any harm to life, body or personal health;

4. It is necessary for the company to carry on the mission for the public benefit of the company or doing the duty assigned to the company by the government;

5. It is necessary for the legal benefit of the company or person or juristic person except if the benefit is less significant than the fundamental right of the personal data owners;

6. It is necessary to comply with the law.

4. Objectives of processing personal data

5. Personal data stored

The company will collect the data which the data owner provides to the company directly or the data the company receives from providing services or other channels of operation

• Personal data refers to the data which identifies a natural person. A natural person refers to a person that can be identified specifically directly or indirectly by any following indicators such as:
  • Name
  • E-mail
  • Address
  • Telephone number
  • National ID
  • Passport ID
  • Date of Birth
  • Nationality
  • Gender
  • IP Address
• Behavioral searching data refers to the data which is not related to natural persons that can be identified such as type of browser, domain or website visited, time of visiting and website address. The data will be a reference to support the customers. The log will be collected from visits to the application of the company.
• System data refers to the data collected by the company automatically when logging into the website of the company through cookies, the web beacon, the file logon script or other system data such as IP address, type of browser, domain, history of the website visited, time of visiting, address of the website related to the information searched or visited while using the company’s website and application usage behavior.
• Location data refers to the data received from GPS WiFi, compass, accelerating engine, IP address or public post which identifies the location.
• Cookies refer to the data stored in the computer’s web server. Cookies will keep or memorize the user’s data until the user turns off the browser or the user deletes or rejects the cookies. However, it is easy for the users to use the website via cookies because the data visited is stored

6. Time and place of personal information collection

The company will collect only necessary personal information by considering the objective and necessity which the company has to operate and comply with the required laws. The company will keep the data for a period of time provided you have given consent to the company. This will comply with the prescription specified in the required laws. The data will be kept securely for each type of personal data. In some cases, during the execution (or completion), the company will keep the personal data even though the prescription is ended. 

ทThe company will keep your personal information with appropriate protection measures. This means the data is kept confidentially, securely and ready to be used. To prevent any violation of personal data, the company will impose regulations and measures to protect personal information such as the security standard of information technology and measures to prevent those who receive the data from the company from using or disclosing the data deviate from the objective of collection or unauthorized or unlawful use.

Furthermore, the company has informed the personnel, representatives and those who receive the data from the company to keep all personal data confidential and secure as the measure imposed by the company, if any personal data is reviewed.

7. The disclosure and transferring of personal data

Disclosure of personal data

The company will disclose the personal data to a third party and/or outside organizations or offices only in the following situations

• PD House Group of companies and the alliance companies who provide construction materials and home appliances products and services.
• Contractors/counterparties: In case the company hires a contractor to do any jobs and the job requires a subject’s personal data such as statistical analysis or online activities, the company will restrict the use of the personal data to protect the privacy and will not allow the contractor to use the personal data for other purposes other than to support the activities of the company.
• Sales persons and brokers: In some cases, the company will share personal data to a sales person or licensed broker for intended purposes. 
• Government offices or other organizations to follow the law or command or request as specified by the law

Transferring and/or sending personal data to other countries

In case the company has to transfer and/or send personal data to other countries, the company will set a standard in the agreement and/or joint venture business with the organization that will receive the data to protect the personal data at the acceptable level and comply with the required law in order to be confident that the personal data is secured such as:

• In the case the company has to keep and/or transfer personal data for the purpose of storage.
• Cloud processing. The company will consider the organizations that have an international security standard to keep personal data by encoding or other methodologies that cannot identify the owner of the data.

8. The use of sensitive personal data

In some cases when the company presents the products or services or to carry out any activities, it is necessary for the company to collect defined, sensitive personal data such as race, religion or beliefs, sexual behaviour, disability, labour unions, genetics, biological and health data. The company will ask for consent from the subject to use aforesaid data for the purpose of the company.

9. The use of personal data for marketing purposes

Other than the purposes stated above and under the restriction of the law, the company will use the personal data for marketing purposes such as sending promotional documents by post or email or other means of communication including direct marketing for the benefit of the data owner as a customer of the company.

10. Securing for safety and confidentiality of personal data

For the confidence of the subject in the management of the company in securing the personal data from unlawful access, data leakage, data editing or loss, the company is cognizant of data security and will operate according to international standards of personal data security and as imposed by the law.

The company limits the right to access personal data only for the persons who need the data for presenting products and services of the company such as sales persons, representatives and advertising agencies. These persons have to strictly follow the data protection measures of the company both physically and electronically.

The company has measures to protect personal data of a person by limiting the right to access the data for those who use the data, such as sales persons or advertising agencies, to present the products and the services of the company. These persons will strictly follow the data protection measures imposed by the company. They must keep the data confidential. The measures to protect personal data, physically and electronically, of the company are in accordance with the standard imposed and enforced by the law.

11. Data Subject Rights

The rights of personal data are a legal right. In which the subject should know. The subject can use the rights as it is currently imposed by the law or will be imposed in the future or as specified by the company.

The right to withdraw the consent.

The subject has the right to withdraw the consent given to the company at any time throughout the period the personal data is available to the company, unless it is restricted by laws or the subject is still under beneficial contract.

The right to transfer the data.

The subject has the right to obtain the data if the company organizes the data via automation; readable or usable formats and can be processed or disclosed by automated means; to request the company to send or transfer the personal data in such formats directly to other data controllers if doable by automated means; to obtain the personal data in such format sent or transferred by the company directly to other data controllers unless not technically feasible.

The right to object.

The subject has the right to object the collection, use or disclosure of the personal data at any time if such matters are conducted for legitimate interests of the company or other individual or for carrying out public tasks. If there are objections, the company can collect, use and disclose the personal data only in the cases which the company can explain legally that the operation is more crucial than the legal basic right of the subject or to confirm the operation stated by law or as evidence used in court respectively.

The right to erase or destroy the data.

The subject has the right to request the company to erase, destroy or anonymize the personal data if the subject believes that the personal data collected, used and disclosed is against relevant laws, or the data is no longer necessary in connection with related purposes under this policy; or when the subject requests to withdraw the consent or to object to the processing as described earlier.

The right to suspend the use of personal data.

The subject has the right to request the company to suspend the processing of personal data during the period the company examines the rectification or objection request.

The right to rectify the data.

The subject has the right to request the company to rectify the data to be updated, completed and not misleading.

The right to complain.

The subject has the right to complain to competent authorities if the subject believes that the collection, use and disclosure of the data is not pursuant or violates the relevant laws. Please see item 15 for more information to contact the office of The Board of Personal Data Protection. Please see item 15 for more information to contact the office of The Board of Personal Data Protection.

The subject can exercise the rights stated above by filling out the form and submitting to the responsible authority. However, the exercise of the right may be limited by the relevant laws. In case the company cannot do as requested due to the order of the court, the public benefit or the request violates the rights and liberties of another individual, the company will notify the subject the reason for not being able to follow the request for each type of right in a period of time as detailed below:

• 7 days for the right to withdraw the consent;
• 30 days for the right to access the data;<
• 30 days for the right to transfer the data;
• 30 days for the right to object;
• 39 days for the right to erase or destroy the data;
• 30 days for the right to suspend the use of the data;
• 7 days for the right to rectify the data.

12. Connection with other websites

The website of the company will connect with other third-party websites which have a contrasting policy on personal data protection. The subject has to consider the personal data protection of those websites in order to disclose the personal data. The company will not take any responsibility on content or damages created by third party websites.

13. Inquiries on personal data protection policy

Should the subject have any questions about this policy or wishes to exercise their rights, please contact a data protection officer by using the following details:

Patum  Design Develop   Company Limited

473 Rungsit-Nakhon Nayok Road, Prachathipat sub-district, Thanyaburi district, Pathumthanu 12130

https://www.pd.co.th

Telephone 02-006-0940

14. Contact information

The Subject’s Inquiries on personal data protection policy Should the subject have any questions about this policy or wishes to exercise their rights, please contact a data protection officer by using the following details:

Patum  Design Develop   Company Limited

473 Rungsit-Nakhon Nayok Road, Prachathipat sub-district, Thanyaburi district, Pathumthanu 12130

https://www.pd.co.th

Telephone 02-006-0940

15. Appropriate Authority

Should the subject have any complaints or feels unsatisfactory with the explanation from the company, the subject can contact the office of The Personal Data Protection Committee as detailed below.

Telephone 02-141-1033

Email [email protected]

Or send a letter to:

120 Moo 3, Ratthaprasartsanapjukdi Building (Building B), Government Center, Chaengwattana, Office of Personal Data Protection Committee Office of the Permanent Secretary, Ministry of Digital for Economy and Society, Chaengwattana Road, Thungsinghong sub-district, Laksi district, Bangkok 10210.

16. Changes of this Personal Data Protection Policy

The company reserves the right to change or edit the personal data protection policy in the future under the compulsory laws. The company will notify the changes via our website: https://www.pd.co.th