This privacy policy, hereinafter referred to as the “Policy”, first came into effect on June 1, 2022, with the following details:

Article 1 Definitions

Within this policy:

(a) “Website” means the website named KTn develop located at https://www.ktndevelop.com
(b) “Data Controller” means the service provider or website owner under this policy, namely KTN Develop Company Limited, registration number 0125559003441, located at 49 Soi Tiwanon 13, Bang Krasor Sub-district, Muang Nonthaburi District, Nonthaburi Province 11000, contact: 02-950-4253, 092-393-9246, info@ktndevelop.com
(c) “Data Processor” means any third party who processes data for the benefit or on behalf of the Data Controller
(d) “Data” means anything that communicates meaning, facts, data, or information, whether such communication is possible by the nature of that thing itself or through any method, and whether it has been prepared in the form of documents, files, reports, books, charts, maps, drawings, photographs, films, visual or audio recordings, computer recordings, electronic methods, or any other methods that make the recorded information appear
(e) “Personal Data” means any information relating to a natural person which enables the identification of such person, whether directly or indirectly
(f) “Sensitive Personal Data” means personal data of users relating to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, genetic data, biometric data, facial recognition data, iris, fingerprints, trade union information, or any other data which the Personal Data Protection Committee under personal data protection law has declared to be sensitive personal data
(g) “User” means you, visitors, users, website members who are the owners of personal data under this policy
(h) “Data Protection Officer” means the officer appointed by the Data Controller to operate in accordance with personal data protection law

Article 2 User Consent

In accessing the website, users agree and consent to the collection, use, and disclosure of personal data as follows:

(a) Purpose of collecting, using, and disclosing personal data

Users acknowledge, agree, and consent to the Data Controller collecting, using, and disclosing personal data only for the following purposes:

To develop the website or conduct online marketing of products to match user groups

(b) Personal data collected, used, and disclosed

Users acknowledge, agree, and consent to the Data Controller collecting, using, and disclosing only the following personal data:

Name, surname, phone number

(c) Duration of data collection

Users acknowledge, agree, and consent to the Data Controller collecting, using, and disclosing personal data for a total period of 120 (one hundred and twenty) months from the date of consent to collect, use, and disclose personal data under this policy

(d) Disclosure of personal data to third parties

Users acknowledge, agree, and consent that the Data Controller may disclose personal data to third parties for the purposes of this policy and/or as required by law, including but not limited to disclosure to the following persons and/or entities:

Company employees

Article 3 Tracking User Website Behavior

Users acknowledge, consent, and agree that the Data Controller may use the following systems and/or technologies to track users’ website behavior:

Technologies: Cookies, Google Analytics, Google Search Console, Google Tag Manager, Facebook Pixels

This is only for the following purposes:

To develop the website or conduct online marketing of products to match user groups

Article 4 Withdrawal of User Consent

Users acknowledge that they have the right to withdraw any consent given to the Data Controller under this policy at any time by taking the following actions:

Submit written notice to info@ktndevelop.com

Users further acknowledge that upon withdrawal of consent, users will be affected as follows:

Users may receive incorrect and inefficient services

Users hereby agree to accept all consequences of such consent withdrawal

Article 5 User Rights

In accessing the website under this policy and providing any consent under this policy, users have been well informed of their rights as personal data owners under personal data protection law, including but not limited to the following rights:

(a) Users may withdraw consent given under this policy at any time by written notice to the Data Controller through the methods and channels specified in this policy
(b) Users have the right to access and obtain copies of their personal data or data related to them that the Data Controller has collected under this policy
(c) Users have the right to be informed by the Data Controller about the acquisition of their personal data or data related to them for which they have not given consent, if such case exists
(d) Users may request the Data Controller to send or transfer their personal data or data related to them to other data controllers, including receiving such sent or transferred data directly from the data controller who sent or transferred that data
(e) Users may object to the collection, use, or disclosure of their personal data or data related to them in the following cases:

(1) The Data Controller collects, uses, or discloses users’ personal data with necessity for legitimate interests of the Data Controller or other persons, where users can prove they have more legitimate rights than the Data Controller
(2) The Data Controller collects, uses, or discloses users’ personal data for compliance with law where users can prove they have more legitimate rights than the Data Controller
(3) The Data Controller collects, uses, or discloses such personal data for direct marketing purposes
(4) The Data Controller collects, uses, or discloses such personal data for scientific, historical, or statistical research purposes where such research is not necessary for public interest purposes

(f) Users may request the Data Controller to delete, destroy, or make personal data non-personally identifiable in the following cases:

(1) When personal data is no longer necessary for the purposes of collection, use, or disclosure
(2) When users who are personal data owners have withdrawn consent for collection, use, or disclosure of personal data and the Data Controller has no other legal authority to collect, use, or disclose such personal data
(3) When users have legitimately objected to the collection, use, or disclosure of such data
(4) When personal data has been collected, used, or disclosed unlawfully under personal data protection laws, rules, and regulations

(g) Users may request the Data Controller to suspend the use of personal data while maintaining its storage in the following cases:

(1) The Data Controller is under investigation by expert committees under personal data protection law following user complaints
(2) Personal data has been collected, used, or disclosed unlawfully under personal data protection laws, rules, and regulations
(3) In cases where users need the Data Controller to retain their personal data for their own legal claims, including establishing legal claims, compliance with or exercise of legal claims, or defense against legal claims
(4) The Data Controller is in the process of verification or examination to reject the objection to collection, use, or disclosure of users’ personal data under personal data protection law which users have legitimately objected to

(h) When users find that their personal data is incorrect, outdated, unclear, users have the right to have the Data Controller correct such personal data to be accurate, current, complete, and not misleading
(i) Users may file complaints with expert committees under personal data protection law regarding actions that violate or fail to comply with laws, rules, regulations concerning personal data protection by the Data Controller

Article 6 Security Measures

In collecting, using, and disclosing personal data under this policy, the Data Controller will implement appropriate security measures to prevent loss, access, use, modification, correction, or unauthorized disclosure, using the following measures, standards, technologies and/or systems:

Define access rights (Access Right) for relevant personnel, use data encryption (Encryption) in data transmission, and security measures: Firewalls and Internet Protocol Security (IPsec)

Article 7 Personal Data Updates

The Data Controller will provide the following verification systems and measures:

(a) Update personal data to be accurate, current, complete, and not misleading
(b) Delete, destroy personal data that exceeds the collection period for which users have given consent, and
(c) Delete, destroy personal data not relevant to the use of such personal data as consented to by users

Article 8 Collection, Use and/or Disclosure of Personal Data under Personal Data Protection Law

Users acknowledge and agree that the Data Controller may collect, use, and/or disclose users’ data without prior consent from users, only as necessary and to the extent that it serves the purposes and in the following cases:

(a) For achieving purposes related to the preparation of historical documents or archives for public benefit, or related to research or statistics which have appropriate protection measures to protect the rights and freedoms of users’ personal data
(b) To prevent or suppress danger to life, body, or health of any person
(c) Necessary for the performance of a contract to which the user who is the personal data owner is a party or to take steps at the request of the user who is the personal data owner before entering into such contract
(d) Necessary for the performance of a task carried out in the public interest of the Data Controller or exercise of official authority vested in the Data Controller
(e) Necessary for legitimate interests of the Data Controller or any other person which are more important than the basic rights to personal data of users
(f) Compliance with law by the Data Controller

The Data Controller will record the collection, use, or disclosure of users’ personal data under the previous paragraph as important evidence

Article 9 Collection, Use and/or Disclosure of Sensitive Personal Data

Users acknowledge and agree that in addition to the collection, use and/or disclosure of personal data which users have explicitly consented to under this policy, the Data Controller may collect, use and/or disclose sensitive personal data of users without prior consent from users, only as necessary and to the extent that it serves the purposes and in the following cases:

(a) To prevent or suppress danger to life, body, or health of the user who is the personal data owner who is unable to give consent for whatever reason
(b) Information that is disclosed to the public with explicit consent of the user who is the personal data owner
(c) Necessary for the establishment, compliance with, exercise or defense of legal claims
(d) Necessary for compliance with law to achieve purposes relating to:

(1) Preventive or occupational medicine, assessment of working capacity of employees, medical diagnosis, provision of health or social care, medical treatment, management of health or social care systems and services
(2) Public interest in public health, such as protecting against dangerous communicable diseases or epidemics which may be transmitted or spread into the Kingdom, or controlling standards or quality of drugs, medical supplies or medical devices, which have appropriate and specific measures to protect the rights and freedoms of users who are personal data owners, particularly maintaining confidentiality of personal data according to duties or professional ethics
(3) Labor protection, social security, national health security, welfare regarding medical treatment of entitled persons under law, protection of car accident victims or social protection, where the collection of users’ personal data is necessary for compliance with rights or duties of the Data Controller or users who are data owners, with appropriate measures to protect fundamental rights and interests of users who are personal data owners
(4) Scientific, historical or statistical research or other public interests, with collection, use, and/or disclosure only as necessary and with appropriate measures to protect fundamental rights and interests of users who are personal data owners as announced by the Personal Data Protection Committee
(5) Substantial public interest, with appropriate measures to protect fundamental rights and interests of users who are personal data owners

The Data Controller will record the collection, use, or disclosure of users’ personal data under the previous paragraph as important evidence

Article 10 Website Usage by Persons Under Users’ Guardianship, Curatorship, or Protection

Users warrant that they are not and will not allow persons with the following characteristics to visit, use, or become members of the website:

(a) Incompetent persons under users’ guardianship
(b) Quasi-incompetent persons under users’ curatorship

In case users allow such persons to visit, use, or become members of the website, users agree that they have exercised their power of guardianship, curatorship, or protection of such persons, as the case may be, in agreeing to and giving consent under this policy in its entirety for and on behalf of such persons

Article 11 International Transfer of Personal Data

The Data Controller may send or transfer users’ personal data to foreign countries in the following cases:

(a) The destination country or international organization that receives such personal data has adequate personal data protection standards according to laws, rules, regulations concerning personal data protection
(b) Consent has been obtained from the personal data owner, where users who are personal data owners have been informed and acknowledged the inadequate personal data protection standards of the destination country or international organization receiving such data
(c) Compliance with law
(d) Necessary for the performance of a contract to which users who are personal data owners are parties or to take steps at the request of users who are personal data owners before entering into such contract
(e) Performance of a contract between the Data Controller and other persons for the benefit of users who are personal data owners
(f) To prevent or suppress danger to life, body, or health of users who are personal data owners or any person when users who are personal data owners are unable to give consent at that time
(g) Necessary for carrying out a mission for important public interest

Article 12 Personal Data Breach Notification

In case the Data Controller becomes aware of any personal data breach, regardless of who committed the breach, the Data Controller will take the following actions:

(a) In case of risks that may affect rights or freedoms of any person, the Data Controller will notify such personal data breach to the Personal Data Protection Committee Office without delay as soon as possible within 72 (seventy-two) hours of becoming aware of the incident
(b) In case of high risks that may affect rights or freedoms of any person, the Data Controller will notify such personal data breach and remedial guidelines to the Personal Data Protection Committee Office and to users who are personal data owners without delay as soon as possible within 72 (seventy-two) hours of becoming aware of the incident

Article 13 Complaints and Problem Reports Regarding Personal Data

Users may file complaints and report problems regarding personal data, including but not limited to requesting the Data Controller to update data to be current and/or accurate, objecting to data collection, or suspending data use, with the Data Protection Officer through the following channels:

info@ktndevelop.com

Article 14 Recording of Important Items

Unless personal data protection law provides otherwise for the rights of the Data Controller, the Data Controller will record important items regarding collection, use, or disclosure of data in writing or electronic system for verification by users who are data owners or government agencies, including but not limited to the following items:

(a) Personal data collected
(b) Purpose of collecting each type of personal data
(c) Information about the Data Controller
(d) Period of personal data retention
(e) Rights and methods of accessing personal data, including conditions regarding persons who have rights to access personal data and conditions for accessing such personal data
(f) Collection, use, or disclosure of personal data exempt from requiring consent from users who are data owners
(g) Rejection of requests and various objections
(h) Details about personal data security measures

Article 15 Policy Amendments

The Data Controller may amend and change the content in this policy at any time, whether in whole or in part. The Data Controller will notify users when there are changes each time for users to consider and proceed with acceptance by electronic methods or any other methods, and if users have proceeded to accept such changes, the amended policy shall be considered part of this policy

Users may access the most recently amended and changed privacy policy from sources that the Data Controller displays through the following channels:

Article 16 Relationship of Parties

Whereas both parties understand and acknowledge well that entering into this policy does not make the parties and their employees have a relationship as employees under labor law or as partners under partnership and company law

Article 17 Assignment

Unless explicitly stated otherwise in this policy, the parties agree not to assign rights, duties, and/or liabilities under this policy to any person without prior written consent from the other party

Article 18 Waiver

The Data Controller’s failure to exercise or delay in exercising any right in any matter or on any occasion shall not be deemed as a waiver of such right, and the Data Controller’s partial exercise of rights or waiver in any matter or on any occasion shall not be deemed as a waiver of rights in other matters or on other occasions

Article 19 Severability

If any provision or agreement in this policy becomes void, incomplete, or unenforceable for any reason, the parties agree that other provisions and agreements in this policy shall remain valid and binding upon the parties as if such void, incomplete, or unenforceable parts did not exist in this policy

Article 20 Governing Law

This policy shall be governed by the laws of Thailand

Article 21 Dispute Resolution

If any disputes or conflicts arise from this policy, if the parties cannot reach an agreement, the parties agree to bring such disputes to courts in Thailand