Country Group Development Public Company Limited, and its group companies, including without limitation to Landmark Holdings Company Limited, Chao Phraya Estate Residences Company Limited, Waterfront Hotel Company Limited, Urban Resort Hotel Company Limited, BCEG Country Group Engineering Company Limited, Leading School Partnership Limited, CGUK1 Limited, and CGD Digital Partner Company Limited (collectively, "CGD Group") commit to treat all personal data with security and confidentiality and will only collect, record, hold, store, disclose, transfer and use the personal data in accordance with his privacy statement below ("Privacy Statement") which is in accordance with the Personal Data Protection Act B.E 2562 (2019) ("PDPA").
This Privacy Statement shall be used for personal data protection with respect to the following:
|
|
|
| |
(i) |
customers, buyers, residents, guests, members, either current or prospective, of CGD Group, |
| |
(ii) |
representatives of (i) which is a juristic person, and |
| |
(iii) |
related persons of (i) such as family members, representative or witness to the contract (collectively referred to as "Customers"). |
1. Types of Personal Data
"Personal Data" means any data relating to an individual which can identify such individual, directly or indirectly excluding the data of a deceased individual.
The Personal Data that CGD Group may collect from the Customers is consisted of:
|
|
|
|
| No. |
Types of Personal Data |
Details |
| 1. |
"Identity Data" |
- name
- last name
- title
- gender
- age
- nationality
- country of residence
- date of birth
- identification number
- work details
|
- photo
- passport number
- other government-issued identification data
- marital status
- family details
- vehicles and license plate data
|
| 2. |
"Sensitive Data" |
- ethnicity
- religion
- gender preference
|
- health data, such as disability, dietary, allergy, and disorder
|
| 3. |
"Transactional Data" |
- types of interested units and budget ranges
- unit details
- other details regarding any acquired service and product
|
- details in any contract/agreement
- purchase history
|
| 4. |
"Contact Details" |
- address
- phone number
- email address
|
- other contact details, such as Line, WeChat, Facebook, WhatsApp and Instagram
|
| 5. |
"Financial Data" |
- credit or debit card details
- bank account details
- fund remittance details
|
- source of fund
- supporting data for loan application required by banks.
|
| 6. |
"Membership Data" |
- membership details such as membership number, account, and points.
|
| 7. |
"Preference and Lifestyle Data" |
|
- lifestyle activities
- likes and dislikes
|
| 8. |
"Security & Loss Prevention Data" |
|
- vehicles and license plate data
|
| 9. |
"Technical Data" |
- cookies
- IP address
- log files
- device details
|
- location
- mobile network data
- hardware mode
- operation system
|
| 10. |
"Feedback Data" |
|
|
| 11. |
"Public Data" |
- data publicly available on both online and offline channels such as social media data, e.g. photos, posts, locations, friend list, liked pages
|
If the Customers would like to use any services or products of CGD Group, CGD Group will need the Customers’ Personal Data in order to provide such services or products, enter into a contract with the Customers, perform any obligations thereunder, or meet any of the Customers’ requests or comply with applicable laws. If the Customers do not provide the Personal Data to CGD Group, CGD Group will not be able to provide such services or products, enter into a contract with the Customers, perform any obligations thereunder and it might result to a breach of contract with CGD Group by the Customers, breach of applicable laws, or the event that the Customers’ requests are fully rejected.
If the Customers provide the Personal Data about other persons to CGD Group, the Customers affirm that this Privacy Statements have been reviewed by such persons and that such persons have given their consent regarding the processing of their Personal Data (if required). The Customers have to present the documents evidencing that the above actions have been carried out as may be requested by CGD Group.
2. Collection of Personal Data
CGD Group may, directly or indirectly, collect the Personal Data of the Customers through the following:
-
Website and Phone Application: This includes when the Customers interact or communicate with CGD Group through the websites or application owned or controlled by CGD Group ("CGD Group’s Websites & Applications") such as https://www.fourseasons.com, https://www.chaophrayaestate.com, https://cgd.co.th and Four Seasons Chat.
-
Phone Call, Email and Messaging Applications: This includes when the Customers interact or communicate with CGD Group over the phone, email, fax, postal service, or messaging applications, such as Line, WeChat, Facebook, WhatsApp and Instagram.
-
Offline Interactions: This includes when the Customers visit or stay at any property, which is owned, controlled or managed by CGD Group, such as sale gallery, residence, office, when the Customers discuss with CGD Group personnel, or when the Customers use any service of CGD Group, such as common areas/facilities.
-
Marketing Agencies:This includes any agents, agencies, ambassadors, marketing companies, market research companies, such as Heroleads (Thailand) Co., Ltd.
-
Service Providers:This includes event organizers, caterers, advisors in relation to legal, accounting and/or tax services, and other service providers, which CGD Group works with.
-
Group Companies:CGD Group may collect the Personal Data from any companies within CGD Group.
-
Property Management Company/Condominium Juristic Person:This includes any property management companies and/or condominium juristic persons, who manage properties owned or controlled by CGD Group, including their service providers.
-
Strategic Business Partners:This includes any business partners with whom CGD Group collaborates or co-organize events in order to provide and offer the Customers with services or products.
-
Other Sources:This includes any third parties that may provide the Personal Data of the Customers to CGD Group, such as referrer of residential projects, any family members and related persons of the Customers. This also includes any other publicly available sources, either online or offline, such as public website and social media.
3. Retention Period
CGD Group will retain the Personal Data of the Customers for no longer than necessary and within 10 years following the termination of contractual relationship between CGD Group and Customers. Nevertheless, CGD Group may continue to retain the Personal Data as long as (a) it is permitted by the PDPA and/or any applicable laws, (b) CGD Group is under certain contracts with the Customers, (c) CGD Group is under legal obligation to retain the Personal Data, (d) the consent granted to CGD Group has not been revoked, and (e) it is deemed necessary to complete the objectives of this Privacy Statement.
4. Purpose of Personal Data Processing
The Personal Data shall be collected and used only for the purposes stated below, including any purposes stated in the Privacy Policy, the consent given by the Customers, and any other purposes as permitted or required in the PDPA and/or any applicable laws.
|
|
|
|
| No. |
Purpose |
Personal Data |
Lawful Basis |
| 1. |
Contracts
- To enter into a contract with the Customers
- To fulfil the obligations under the contract with Customers.
- To provide the Customers with residential related services and products.
- To process the Customers’ payments, issue invoices and receipts, refund and/or guarantee reservation.
- To provide personalized services and/or products as requested by Customers.
- To response to the Customers’ request about the residential projects which the Customers are interested to acquire.
|
- Identity Data
- Transactional Data
- Contact Details
- Financial Data
- Preference and Lifestyle Data
|
Contract
|
| 2. |
Legal Requirement
- To comply with legal requirements such as Civil and Commercial Code, Revenue Code, Accounting Act B.E. 2543 (2000) Condominium Act B.E. 2522 (1979), and Computer-Related Crime Act B.E. 2550 (2007).
- To comply with court orders and/or orders from governmental authorities.
- To conduct financial audit of each company in CGD Group as required by law.
|
- Identity Data
- Transactional Data
- Contact Details
- Financial Data
- Membership Data
- Security & Loss Prevention Data
- Technical Data
|
Legal Obligation
|
| 3. |
Land Office Registration
To carry out the registration with the Land Office as required by applicable law, including to prepare the relevant application and supporting documents.
|
- Identity Data
- Transactional Data
- Contact Details
- Financial Data
|
- Legal Obligation
- Contract
|
|
|
|
| 4. |
Operation of Residence and Hospitality Business
- To manage the relationship between CGD Group and the Customers such as to handle complaint and feedbacks.
- To provide personalized services and/or products in order to meet the Customers’ expectations and preferred level of hospitality, to assist and to respond to Customers’ requests.
- To response to the Customers’ request about the residential projects which the Customers are interested to acquire according to Customers’ preferences.
|
- Identity Data
- Transactional Data
- Contact Details
- Financial Data
- Preference and Lifestyle Data
- Feedback Data
- Public Data
|
Legitimate Interest
|
- To maintain relationship between CGD Group and the Customers such as to provide gifts to Customers or hold a birthday party for Customers according to Customer’s preferences.
|
Consent
|
- To coordinate with the financial institutions providing financing for the acquisitions of the residential units.
|
- Legitimate Interest
- Consent
|
| 5. |
Sales and Marketing
- To conduct targeted and/or direct marketing, i.e. to offer sales, updates and promotions of the products and services pursuant to the Customers’ preference and lifestyle, including the events that the Customers might be interested in attending.
|
- Identity Data
- Transactional Data
- Contact Details
- Membership Data
- Preference and Lifestyle Data
- Technical Data
- Public Data
|
Consent
|
- To conduct data analytics and market research, in order to learn about the products and/or services that the Customers might be interested in receiving.
|
- To take a photo or video footages of the Customers at sale galleries and publish or advertise such photo or video footages on CGD Group’s Websites & Applications or other platforms.
|
- To take a photo or video footages of the Customers at any events held by CGD Group and publish or advertise such photo or video footages on CGD Group’s Websites & Applications or other platforms.
|
Legitimate interest
|
| 6. |
Sensitive Personal Data
- To provide meals and/or other facilities pursuant to the Customers’ food allergy or religion.
- To provide personalized services and/or products.
- To response to the Customers’ request about the residential projects which the Customers are interested to acquire.
- To maintain relationship between CGD Group and the Customers.
- To conduct targeted and/or direct marketing.
- To conduct data analytics and market research.
|
|
Consent
|
| 7. |
Membership Program
- To process and administer the Customers’ membership accounts and points and to provide gift vouchers or gift cards as requested by customers.
|
- Identity Data
- Transactional Data
- Contact Details
- Financial Data
- Membership Data
|
Contract
|
| 8. |
Security and Ordinary Business Operation
- To administer and protect CGD Group’s business security.
- To authenticate and verify the Customers in any relevant transactions.
- To prevent any loss, crime, fraud or any unlawful act.
- To conduct an investigation of anti-money laundering and transaction failure.
- To conduct internal audit of business.
- To proceed with debt collections.
- To administer and solve technical problem on the CGD Group’s Websites & Applications and to improve CGD Group’s business.
- To connect data between CGD Group for ordinary business operation.
- To allow advisors, service providers, vendors, suppliers, contractors, sub-contractors to provide and supply CGD Group with services and products.
- To improve business operations, products, and services of CGD Group and to learn more about the Customers, the products and services, which the Customers receive or may be interested in receiving.
- To collect Personal Data of witness to a contract as an evidence.
- To share Personal Data of the Customers on a need-to-know basis for the purpose of merger and acquisition, business reorganization, insolvency, rehabilitation and similar proceedings of CGD Group.
- To enter into contract or communicate with corporate customers or vendors through their representatives such as directors or employees.
|
- All Collected Personal Data
|
Legitimate interest
|
| 9. |
To collect your sensitive Personal Data as necessary, e.g. to use your identification card (which contains your religion and/or blood type) for verification of your identity before continuing the transaction)
|
|
Consent
|
5. To Whom Personal Data is Disclosed
Pursuant to the purposes stated in the Privacy Statement, the Privacy Policy, the consent given by the Customers, and any other purposes as permitted or required in the PDPA and/or any applicable laws, the Personal Data of the Customers may be disclosed, or transferred to the third parties and/or governmental authorities as follows:
- Any companies within CGD Group.
- Governmental authorities such as the Department of Business Development, the Revenue Department, the Land Office and the Immigration Bureau.
- Financial institutions such as banks providing financing arrangement to the Customers for the acquisitions of the residential units of CGD Group
- Property management companies or condominium juristic persons who manages properties owned or controlled by CGD Group, including their service providers.
- Service providers, vendors, suppliers, contractors, sub-contractors who work with CGD Group to provide and supply CGD Group with services and products, such as website hosting, marketing service, data analysis, market research, payment processing, order fulfillment, data technology and related infrastructure provision, customer service, email delivery, auditing, security service, event organizer, caterer, and other services or products.
- Agents, agencies, ambassadors, marketing companies, market research companies, which CGD Group works with.
- Strategic business partners with whom CGD Group collaborates or co-organize an event in order to provide and offer the Customers with services or products.
- Professional advisors such as accountants, lawyers, IT advisors, technicians, and auditors.
- Third parties to whom CGD Group chooses to sell, transfer, merge, any portions of the business, assets, or shares. This includes the parties in relation to the events of business reorganization, insolvency, rehabilitation and similar proceedings.
6. Data Subjects’ Rights
Where permitted by the PDPA or applicable laws and under the relevant criteria/requirements specified thereunder, the Customers have the rights with respect to their Personal Data to:
- Access: The Customers may have the right to access or request a copy of the Personal Data, which CGD Group is collecting, using or disclosing about the Customers, including to disclose the acquisition of the Customers’ Personal Data which CGD Group obtained without the Customers’ consent. For the Customers’ own privacy and security, CGD Group may require the Customers to prove their identity before providing the requested Personal Data.
- Data Portability: The Customers may have the right to obtain Personal Data of them, which CGD Group holds, in a structured, electronic format, and to send or transfer such Personal Data to another data controller, where this is (a) Personal Data of the Customers and (b) CGD Group is collecting, using or disclosing such Personal Data on the basis of the Customers’ consent or to perform a contract with the Customers.
- Rectification: The Customers may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data which CGD Group collects, uses or discloses about the Customers rectified.
- Withdraw Consent: For the purposes of consent, which the Customers have given to CGD Group for the collecting, using or disclosing of the Customers’ Personal Data, the Customers have the right to withdraw such consent at any time.
- File a complaint: The Customers have the right to file a complaint with the Personal Data Protection Committee if the Customers believe that there is violation of the PDPA.
- Objection: The Customers may have the right to object the collection, use, and disclosure of the Personal Data in certain circumstances, including the case where Personal Data is being processed under the basis of public interest and legitimate interest or for the purpose of direct marketing and/or scientific, historical or statistic research.
- Restriction: The Customers may have the right to restrict the processing of the Personal Data in circumstances where the Customers have contested the accuracy of the Personal Data, for the period enabling CGD Group to verify its accuracy.
- Deletion (‘right to be forgotten’): The Customers may have the right to request that CGD Group delete or de-identify Personal Data which CGD Group collects, uses or discloses about the Customers, unless CGD Group is not obligated to do so, or if CGD Group needs to retain such Personal Data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
The Customers may exercise these rights by changing privacy preference, unsubscribing, or contacting CGD Group or the Data Protection Officer as detailed in Paragraph 6 below.
The Customers’ request to delete or anonymize the Personal Data, or request to restrict or object to the processing of the Personal Data could mean that CGD Group is unable to perform its obligations under an existing contract and unable to provide the Customers with the services and products and/or to acts on the Customers’ request.
In the event that your withdrawal of consent will affect you in any manner, CGD Group or the Data Protection Officer will inform you of the consequences of such withdrawal of consent accordingly.
For the Customers’ privacy and security, CGD Group may refuse to comply with the request if (a) there are legal restrictions, (b) the request is not reasonable, e.g., the person submitting the request does not have the rights under the PDPA or does not have Personal Data in CGD Group’s possession (c) the request is excessive or vexatious, e.g., the request unreasonably repeats a previous request from the same person (d) CGD Group has compelling legitimate grounds for the processing of the Personal Data as required or permitted by the PDPA and/or any applicable laws.
7. Privacy Policy
CGD Group has published the Privacy Policy (“Privacy Policy”) setting forth general information regarding the collection, use and disclosure of Personal Data of all types of data subjects and shall also supplement to this Privacy Statement and will not cancel, replace, or override any provision in this Privacy Statement. If there are any conflict between the two documents, the Privacy Statements shall prevail. If the Customers wish to learn more details regarding Personal Data protection such as security measure, cross-border transfer, cookies and minors, please access the Privacy Policy at https://cgd.co.th/policy.html
8. Contact Us: DPO
Regarding all queries or awareness with respect to the Personal Data arising from this Privacy Statement, or the activities of CGD Group, including to the exercise of any right as set out in this Privacy Statement, please contact the Data Protection Officer of CGD Group at the below address:
| |
To: |
Personal Data Protection Office |
| |
Address: |
No. 898 Ploenchit Tower, 20th Floor, Ploenchit Road, Lumpini Sub-district, Pathumwan District, Bangkok |
| |
Tel: |
(66-2) 6587888 |
| |
Fax: |
(66-2) 6587880 |
| |
Email: |
dpo@cgd.co.th |
| |
Website: |
www.cgd.co.th |
If you wish to exercise your rights, you may complete the Application for Exercise of Data Subjects Rights at [Link] and send it to the Data Protection Officer of CGD Group as detailed above.
This Privacy Statement is published on November 2021.
|
