Privacy Policy

Samart Digital Company Limited (“We” or “the Company”) values your privacy to personal data protection and we are strongly committed to your personal data under our possession. We, in addition, aim to manage your personal data in a safe, secure, and reliable manner. Hence, we establish this privacy policy (the “Policy”) to inform you of the rights, obligations, and other conditions regarding the collecting, using, and disclosing (“Process”) of your personal data as well as the objectives of such processing in accordance with the Protection of Personal Data Act B.E. 2562 (“PDPA”).

The Collection of Personal Data

We collect and receive your personal data in the following ways:

1. Personal Data you provide directly to us. We collect and receive your personal data that you provide directly to us, which may be in documents, electronic information, document or online platform that we may ask you to fill in, contracts, and exchanging of any documents containing your personal data.
2. Personal Data we collect automatically from you. We may collect your personal data automatically through, such as cookies or other similar technologies. For more details, please see the Cookie Policy.
3. Personal Data we receive from the third party. The Company may receive your personal data from a third party, and/or other persons that are data controllers or data processors. The Company, in good faith, believes that such person has the legal right to process and disclose your personal data to the Company. This includes but is not limited to the following:
   1. An online platform, social media, public information, or third party's online platform
   2. Government sector including any person acting on their behalf
   3. Information received via telephone communication and the Company's service application process

Types of personal data being collected

1. Personal data e.g. name, last name, age, date of birth, picture, occupation, national identification card, passport, position, etc.
2. Contact information e.g. address, contact place, telephone number, e-mail, etc.
3. Financial information e.g. payment, credit card, banking account, transaction, etc.
4. Account information username, password, log-in history, etc.
5. Technical information such e.g. IP address, cookie ID, activity log, usage information, setting, and browser connection device that you use in connection to obtain the Company's service, recordings, etc.
6. Information used in relation to service application process e.g. copy of national identification card, copy of company certificate, etc.
7. Sensitive data, which may be collected by the Company e.g. as health information, sexual orientation, genetic data, biometric data, and other sensitive data appeared in identification documents, which are religion and appearance, etc. In this case, we will only process your sensitive data only when we get express consent from you unless the laws provide otherwise.

Data Retention

We will retain your personal data in the document and electronic formats. For the electronic formats, we retain your personal data on the Company's server in Thailand.

The objective of the Process

We process your personal data for the following purposes:

1. To provide services, identity verification, payment verification, communication
2. To analyze your interest so that the Company can offer benefits or services that are related to your interest, and to build a better relationship between you and the Company
3. To provide other support like feedback inquiry, after-sale comments, or sending complaint
4. To comply with the laws and regulations such as executing withholding tax documents, and other actions required by laws

Disclosure

1. We, under the specified purpose or in compliance with your consent or the laws and regulations, may disclose your personal data to the following persons and organizations:
   1. Advisors, contractors, transport contractors, business partners, and outsource audits like Google Analytics
   2. Government sector with whom you exchange information with
   3. Computer system providers used by the Company like Google Cloud Platform
   4. Executives and employees who are related to the processing and have a need-to-know basis
   5. Service provider or data processor whom the Company assigns to manage or process the personal data for the Company. Including other persons acting on the company's behalf, or collaborating with the Company to perform any tasks related to the purpose mentioned above, and those having the necessity to obtain your personal data. For example, to provide information technology services, storage services, and other services that can benefit you or are related to the Company's business operation that are reasonably necessary to disclose your personal data in order to achieve the Company's business purposes.
   6. Any other persons or organizations to whom you give consent to disclose your personal data to
2. We will ensure that those receiving your personal data have appropriate security measures to safeguard your personal data, process your personal data on a necessary basis only, and ensure protection against unauthorized processing. We, moreover, guarantee to process your personal data in accordance with the purpose of this Policy and other purposes permitted by the laws only. In the case that the law requires consent from you in order to process, we will obtain your consent prior to such processing.

Cross-border transfer

In the event that we have to send or transfer your personal data to a foreign country, we will ensure that such foreign country, international organizations, or the receiving party in such foreign country have an adequate personal data protection measure, or ensure that such sending or transferring complies with the PDPA. In some situations, we may ask for your consent in sending or transferring your personal data to such a foreign country.

Period of Data Retention

We will retain your personal data for as long as necessary in accordance with the period that you are the customer of the Company, have a business relationship with the Company, or as long as necessary in achieving the purpose of this Policy, which we may have to retain your personal data for a longer period. If the law requires us to delete, destroy, or anonymize your personal, we will be doing so once there is no more necessity in retaining your personal data or the retention period is over.

Rights of Data Subject

Under the PDPA, you have the following rights:

• Right to withdraw consent. Once you give consent, we will process your personal data in accordance with such consent, whether we receive it prior to or after PDPA enforces. In this case, you can withdraw your consent at any time.
• Right to access. You have the right to access your personal data that is under the company's responsibility and to request the company to make a copy of such personal data. You, also, have the right to require us to declare how we acquire your personal data.
• Right to data portability. You have the right to obtain your personal data if we organize your personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means. As well as the right to request the company to send or transfer your personal data in such format directly to other data controllers, unless it is unable to process due to technical problems.
• Right to object. You have the right to object to the processing of your personal data at any time, if you find that such processing is undertaken for necessary operations within the legitimate interest of the Company, or a person or any juristic person, or for undertaking operations for a public interest, without exceeding that scope that you can reasonably expect.
• Right to erasure / destruction. You have the right to request the Company to erase, destruct or anonymize your personal data when you believe that your personal data is unlawfully collected, used, or disclosed, or believe that we no longer need such personal data, or when you exercised your right to withdraw consent or object.
• Right to restriction of the processing. You have the right to restrict the Company from using your personal data, when the Company is under investigation of your right to rectification or objection, or when you prefer the Company to restrict the processing instead of erasing or destructing.
• Right to rectification. You have the right to rectify your personal data to be updated, completed, and not misleading.
• Right to lodge a complaint. You have the right to complain to the competent authority if you believe that the collection, use, or disclosure of your personal data is violating or against the relevant laws. If you are in the European Economic Area (EEA), apart from the abovementioned rights, you will be able to complain to the personal data protection authority of your country if you believe that we are not complying with the personal data protection laws.

You can exercise your data subject rights by contacting the Company's Data Protection Officer (DPO) as mentioned below. In such a case, we will notify you of the results within 30 days from the date we receive your request to exercise your rights. In the event that we decline your request, we will inform you via various ways; for instance, SMS, e-mail, telephone or letter.

Advertising and Marketing

To enable you to receive benefits from using our products or services, we use your personal data to analyze, personalize and enhance our products or services, and marketing efforts through, such as Google, Facebook, and Pixel Tracking Code. We use such information to provide you with customized and personalized recommendations for products or services we think will be of interest to you.

Our website may show advertisements from third parties in order to facilitate our services like Google, AdSense, and BuySellAds. Such third party will only access your personal data for advertising and marketing purposes only, and will not disclose or use your personal data for other purposes.

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

We may send certain information or a newsletter for the purpose of utilizing your preference via your email. If you no longer want to receive the communications from us, you can click the “unsubscribe” link in the email or contact us through our email.

Cookies Policy

We use cookies or related technology to improve your experience, to provide you with better access to our products and services, appropriate advertising, and track your browsing. If you do not want to have cookie operates on your computer, you can set up your browser to decline cookies prior to using our website.

Security

We will protect your personal data in accordance with the principle of confidentiality, integrity, and availability to prevent loss, unauthorized access, alteration, and disclosure. We, furthermore, implement other security measures to protect your personal data, which cover administrative safeguard, technical safeguard, physical safeguard, and access control.

Data Breach Notification

We will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to your rights and freedoms of you. If the personal data breach is likely to result in a high risk to your rights and freedoms of you, we will also notify the personal data breach and the remedial measures to you without delay through our website, SMS, email address, telephone, or registered mail.

Change to the Privacy Policy

We may change or update this Policy from time to time and we will inform the updated Policy on our website. This Policy was last updated and effective on May 30, 2022.

Links to Other Sites

The purpose of this Policy is to offer products or services and use our website. Any websites from other domains found on our site are subject to their privacy policy, which is not related to us.

Contact Information