Privacy Policy

Privacy Policy

Siamfuture Development Public Company Limited and Subsidiary Companies (“Company”) suggest our Subscriber to understand this Privacy Policy (“Policy”) due to this policy is prescribed the process of data collect, store, use and disclose including other rights of Subscriber (“Data Subject”). Therefore, Company would like to announce the Policy as followings:

1. Personal Data

“Personal Data” means any information pertaining to a Data Subject, which enables the identification of Data Subject, whether direct or indirect.

2. Data collection and storage restriction

Data collection and storage under this Policy will be conducted within the purpose, scope and lawful methods as necessary for the scopes of service, or other services provided by electronic means within Company’s scope of service. Accordingly, Company will inform Data Subject to acknowledge and consent through electronic, Short Message Service (SMS) or other methods as specified by the Company.

Company may collect personal data relating to Data Subject preference or subscribed service in which consisting of racial, religious or philosophical beliefs, health information, biological information, disabilities, heredity information or other information. Therefore, Company shall request consent from Data Subject before collection except;

2.1. in compliance with a legal obligation such as Personal Data Protection Act., Electronic Transaction Act., Telecommunication Business Act., Anti-Money Laundering Act., Civil and Commercial Code, Criminal Code, Civil and Commercial Procedure Code, and Criminal Procedure Code;

2.2 for the purpose for investigation of the inquiry authorities or adjudication of a competent court;

2.3. for Data Subject’s benefit, and the consent cannot be made at that time;

2.4. for the necessity purpose of the legitimate interests pursued by the Company or personnel or other juristic person which is not related to the Company;

2.5. it is necessary to prevent or to avoid danger to a person’s life, body or health;

2.6. it is necessary for the performance of a contract to which the Data Subject is a party or in order to proceed as requested by the Data Subject prior to entering into a contract; or

2.7. for achieving the purposes in the making of history documents or annals for public interest or for study, research, statistical purposes under appropriate protection measures.

3. Measures to secure Personal Data

3.1. The Company recognizes the importance of maintaining the security of Data Subject personal data. Therefore, the Company has established measures to maintain the security of personal data appropriately and consistency, and make Data Subject’s personal data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of personal data without rights or unlawful in accordance with the AIS Cyber Security Policy.

3.2. Any personal data that the Company received from Data Subject such as name, residential address, contact number, identification number, financial information which is complete and up-to-date relating to an identified or identifiable of Data Subject will be used in accordance with the objectives of the Company. The Company will carry out appropriate measures to prevent personal data from being used without permission.

4. Purpose of Collecting, Storing and Use Personal Data

The Company shall collect, store, use of Subscriber’s Personal Data for the purpose or activity which Data Subject interesting in relating to lease, service of lease or other services in Shopping mall or Community mall, digital service, marketing research and survey, promotional activities, providing privilege based on Subscriber’s preferences or data analysis in order to offer goods or services of Company and/or a person who is a distributor, agent, or the person who related thereof, and/or other person, or legal obligations or regulation to which the Company is subject whether present or in the future, including consent to the Company to send, transfer and/or disclose personal data to Company business group, business alliance, any agency, organization or juristic person who has a contract or a legal relationship with the Company and/or Cloud Computing Service Provider by allowing the Company to send, transfer and/or disclose such information through domestically and internationally. The Company shall retain Subscribers’ Personal Data as long as necessary only for the above mentioned purposes, where the Data Receiver or Data processor is also obligated by law to retain Personal Data as well. If there is a later update in the purpose of collecting Personal Data, the Company will inform the Subscriber.

5. Restriction of Use and/or Disclose Personal Data

5.1 The Company will use or disclose Data Subject personal data in accordance with the consent of the Data Subject, and will be solely used for the Company’s purpose in order to provide services. The Company will supervise its employees, officers or operating staffs from using and/or disclosing Data Subject’s personal data in any way other than the purpose of service or to a third party except:

5.1.1. in compliance with a legal obligation such as Personal Data Protection Act., Electronic Transaction Act., Telecommunication Business Act., Anti-Money Laundering Act., Civil and Commercial Act., Criminal Act., Civil and Commercial Procedure Act., and Criminal Procedure Act.;

5.1.2. for the purpose for investigation of the inquiry authorities or adjudication of a competent court;

5.1.3. for Data Subject’s benefit, and the consent cannot be made at that time;

5.1.4. for the necessity purpose of the legitimate interests pursued by the Company or personnel or other juristic person which is not related to the Company;

5.1.5. it is necessary to prevent or to avoid danger to a person’s life, body or health;

5.1.6. it is necessary for the performance of a contract to which the Data Subject is a party or in order to proceed as requested by the Data Subject prior to entering into a contract; or

5.1.7. for achieving the purposes in the making of history documents or annals for public interest or for study, research, statistical purposes under appropriate protection measures.

5.2. The Company may use third party IT Service providers in order to retain personal data, which such Service provider must have security measures by prohibiting the collection, use or disclosure of personal data other than those specified by the Company.

6. Right of Data Subject.

Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulation set out by the Company. In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf.

6.1 Withdrawal of consent:
If you have given consent to the Company to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the period your Personal Data available to Company, unless it is restricted by laws or you are still under beneficial contract.

Withdrawal of your consent may affect your use of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.

6.2 Data Access:
You have the right to access your Personal Data that is under the Company’s responsibility; to request the Company to make a copy of such data for you; and to request the Company to reveal as to how to Company obtain your Personal Data

6.3 Data Portability:
You have the right to obtain your Personal Data if the Company organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the Company to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by the Company directly to other data controller unless not technically feasible

Your Personal Data above must be under your consent given to the Company to collect, use, and/or disclose; or those the Company deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with the Company; or to take steps at your requests before using products and/or services; or as legally required by competent authority.

6.4 Objection:
You have the right to object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the Company, corporation or individual which is within your reasonable expectation; or for carrying out public tasks. If you request to object, the Company will continue collecting, using and/or disclosing your Personal Data only when the Company can establish a legal basis that doing so is more important than your fundamental rights; or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis.

In addition, you have the right to object to collection, use and/or disclosure of your Personal Data carried out for purposes related to marketing, scientific, historical or statistical research.

6.5 Data Erasure or Destruction:
You have the right to request the Company to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; or retention of the data by the Company is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described.

6.6 Processing Suspension:
You have the right to request the Company to suspend processing your Personal Data during the period where the Company examines your rectification or objection request; or when it is no longer necessary and the Company must erase or destroy your Personal Data pursuant to relevant laws but you instead request the Company to suspend the processing.

6.7 Data Rectification:
You have the right to rectify your Personal Data to be updated, complete and not misleading.

6.8 Complaint Lodging:
You have right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws.

6.9 The exercise of rights above may be restricted under relevant laws and it may be necessary for the Company to deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If the Company denies the request, the Company will inform you of the reason.

7. Disclosure of Operations, Practices and Policies with respect to Personal Data.

The Company has complied with laws, including the Notification of the National Telecommunications Commission on Measures for Protection of Telecommunications Service Users’ Rights Related to Personal Information, Privacy Rights and Freedom to Communicate by Means of Telecommunications, and other applicable privacy laws, as well as, publish a NBTC Privacy Guideline on the Company's website.

8. Data Protection Officer

The Company has undertaken the Personal Data Protection Act. B.E. 2562 by appointing the Data Protection Officer (DPO) to monitor the operation of the Company with respect to the collect, use and disclose Personal Data in accordance with the Personal Data Protection Act B.E. 2562, including relevant personal data protection laws. In addition, the Company has rules and regulations to regulate the related parties to undertake their duties in accordance with the Privacy Policy and in line with the policy of the Personal Data Protection and Cyber Security Supervision Committee as specified by the Company.

9. Contact Information

Siamfuture Development Public Company Limited and subsidiary companies
99 Ratchadapisek Road, Dindang, Dindang, Bangkok 10400
Or Data Protection Office Unit
Email: DPOOFFICE@siamfuture.co.th