Country Group Development Public Company Limited, and its group companies, including without limitation to Landmark Holdings Company Limited, Chao Phraya Estate Residences Company Limited, Waterfront Hotel Company Limited, Urban Resort Hotel Company Limited, BCEG Country Group Engineering Company Limited, Leading School Partnership Limited, CGUK1 Limited, and CGD Digital Partner Company Limited (collectively, “CGD Group”) respect and value the privacy of anyone interacting, communicating and providing Personal Data to CGD Group (“Data Subjects”), and CGD Group commits to treat all personal data with security and confidentiality.
2. Types of Personal Data
“Personal Data” means any data relating to an individual which can identify such individual, directly or indirectly excluding the data of a deceased individual.
CGD Group may collect the Personal Data in relation to the Data Subjects as follows:
If the Data Subjects would like to use any services or products of CGD Group, work with CGD Group or otherwise engage in any business arrangements with CGD Group, CGD Group needs the Data Subjects’ Personal Data in order to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder, meet any of the Data Subjects’ requests or comply with applicable laws. If the Data Subjects do not provide the Personal Data to CGD Group, CGD Group will not be able to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder and it might result to a breach of contract with CGD Group by the Data Subjects, breach of applicable laws, or the event that the Data Subjects’ requests are fully rejected.
3. Collection of the Personal Data
CGD Group may collect the Personal Data provided by the Data Subjects from any engagements or interactions with the Data Subjects either via online or offline means, such as through the websites or applications owned or controlled by CGD Group (“CGD Group’s Websites & Applications”), phone call, email, messaging applications, including when the Data Subjects use CGD Group’s services or products, apply for a position at CGD Group, engage in any transactions or business arrangement with CGD Group, or invest in CGD Group.
CGD Group may also collect the Personal Data from other sources as well, such as from family members or related persons of the Data Subjects, referrers, marketing companies, recruitment agencies, corporate customers, vendors, or stakeholders and other publicly available sources in either online or offline database.
4. Retention Period
5. Purpose of Personal Data Processing
The Personal Data shall be collected and used only for the purposes and the lawful basis stated below, including any purposes and the lawful basis stated in the Privacy Statements, any other purposes that the Data Subjects have given their consents to CGD Group from time to time, and any other purposes as permitted or required in the PDPA and/or any applicable laws.
Other lawful basis
Apart from the lawful basis mentioned earlier, CGD Group may collect, use or disclose the Personal Data based on lawful basis below.
6. To Whom Personal Data is Disclosed
CGD Group may be required to disclose the Personal Data in relation to the Data Subjects to the third parties, including without limitation to:
7. Cross-Border Transfer
Due to the nature of modern hospitality business, CGD Group may disclose or transfer the Personal Data in relation to the Data Subjects to the parties located overseas in which the destination countries may or may not have the equivalent level of protection for Personal Data protection standards. In any case, CGD Group takes steps and measures to ensure that the Personal Data is securely transferred, the receiving parties have in place an appropriate level of protection standards or other there are derogations as required or allowed by PDPA and other applicable laws.
In the event that the destination countries do not have the sufficient data protection standards, CGD Group will ensure that the transfer of your Personal Data will be in accordance with the PDPA or other applicable laws.
Cookies are software which is stored in the CGD Group’s Websites & Applications and sent to the Data Subjects’ browser when using the CGD Group’s Websites Applications. The Cookies on the CGD Group’s Websites & Applications are used to identify and distinguish the users who have visited the CGD Group’s Websites & Applications and track their personal preference, which the data of the users shall be automatically collected by Cookies. These Cookies do not cause any harmful effects to the computer or transmit any viruses, Cookies otherwise help CGD Group to serve the users with personalized service or support, provided that its purposes of using are:
9. Log Files
CGD Group may record log files from the Data Subjects visiting CGD Group’s Websites & Applications. Log files include IP address, browser type, internet service provider name, entry and exit pages, platform type, date/time stamp, and number of clicks.
10. Surveillance camera
CGD Group uses surveillance cameras to capture footage of the visitors and the vehicles in and around the location of CGD Group for safety purposes including the prevention and detection of crimes. The surveillance cameras of CGD Group will detect the entrance, the lobby, the terrace, the parking lot outside of the buildings, the fence around the buildings and the area within the perimeter of CGD Group, which is accessible by the people throughout 24 hours. The surveillance system does not use sound recording. CGD Group ensures that live feeds and captures from the surveillance cameras will be observed by authorized person of CGD Group only.
The minor means any person under the age of 20 years. CGD Group may not know the age of the Data Subjects visiting CGD Group’s Websites & Applications. The parents of the minors providing the Personal Data through CGD Group’s Websites & Applications, may request CGD Group to delete the Personal Data of such minors (if applicable). If CGD Group is aware that the Data Subjects are minors and such minors cannot act alone according to the Civil and Commercial Code, CGD group will, and without delay, proceed to obtain consent from the parents, if required by the PDPA.
12. Personal Data Security Measure
CGD Group recognizes the importance of maintaining the security of the Data Subjects’ Personal Data. Therefore, CGD Group has implemented reasonable technical and organizational security measures to protect the Data Subjects’ Personal Data collected by CGD Group against unauthorized access, misuse, loss or destruction, which include control access, encrypted storage and storage with lock.
13. Personal Data Collected prior to PDPA’s Effectiveness
CGD Group is entitled to continue collecting and using your Personal Data which has been collected before PDPA’s effectiveness in accordance with the original purposes. If you do not wish CGD Group to continue collecting and using your personal data, you may withdraw your consent at any time by contacting CGD Group or the Data Protection Officer as detailed in Paragraph 18.
14. Data Subjects’ Rights
Where permitted by the PDPA or applicable laws and under the relevant criteria/requirements specified thereunder, the Data Subjects have the rights with respect to their Personal Data to:
The Data Subjects may exercise these rights by changing privacy preference, unsubscribing, or contacting CGD Group or the Data Protection Officer as detailed in Paragraph 18 below.
The Data Subjects’ request to delete or anonymize the Personal Data, or request to restrict or object to the processing of the Personal Data could mean that CGD Group is unable to perform its obligations under an existing contract and unable to provide the Data Subjects with the services and products and/or to acts on the Data Subjects’ request.
In the event that your withdrawal of consent will affect you in any manner, CGD Group or the Data Protection Officer will inform you of the consequences of such withdrawal of consent accordingly.
For the Data Subjects’ privacy and security, CGD Group may refuse to comply with the request if (a) the person submitting the request does not have evidence to verify that he/she is the data subject or does not has the authority to submit such request (b) the request is not reasonable, e.g., the person submitting the request does not have the rights under the PDPA or does not have Personal Data in CGD Group’s possession (c) the request is excessive or vexatious, e.g., the request unreasonably repeats a previous request from the same person (d) CGD Group has compelling legitimate grounds to reject such request as required or permitted by the PDPA and/or any applicable laws.
16. Amendment and Review
18. Contact Us: DPO
Data Protection Officer of CGD Group