- The Definition
To provide clarity in communication with those involved in business operations and to avoid any concerns about the interpretation of certain words in this document, the Company has therefore formulated the definitions as follows;
“Company” refers to Acute Realty Company Limited, and its affiliates, Acute Realty Hua Hin Company Limited, Acute Realty Eastern Company Limited, Acute Realty Company Limited, and Acute Realty Consultants Company Limited
“Personal Data” refers to information relating to an individual that enables an identifiable this individual, either directly or indirectly. “Sensitive Personal Data” refers to the personal information that identified in accordance with Section 26 of the Personal Data Protection Act B.E. 2019.
“Personal Data Controller” refers to an individual or legal entity that has the authority to make decisions about the collection, use or disclosure of personal information. “Personal Data Processor” refers to an individual or a legal entity that processes the collection, use or disclosure of personal information in accordance with the instructions from or on behalf of the Personal Data Controller. However, an individual or legal entity that doing so is not the Personal Data Controller.
“Customer/Partner” refers to an individual or legal entity including one or more persons who are authorized or entrusted to act on behalf of a legal entity to enter into a business contract with the Company whether as a customer or a partner, as a buyer or seller of a product, as a service provider or as a consignor or consignee.
- What sort of personal information does the Company collect, use and/or disclose?
2.1 Personal information that you directly provide to the Company or through the Company, including data provided in written, through digital channels, websites, assigned persons, phone calls or other channels.
2.2 Personal information that the Company has received or accessed from any sources that is not directly from you, such as information given from our business partners, public information from government organizations, media or other books based on your consent to disclose.
Your personal information that the Company collect, uses and/or discloses include:
- Personal information such as name, surname, age, date of birth, marital status, ID number / passport number.
- Contact information such as residence or workplace address, telephone number, email address, LINE ID.
- Device or equipment data such as IP address, MAC address, Cookie ID.
- Transaction and Financial information such as bank account, etc.
- Information that identifies personal property such as Title Deed, information of property that is for sale, rent or occupy.
- Other information such as website usage, sound, still image, animation and any other information that is considered personal information under the Personal Privacy Protection Law
2.3 Sensitive data is defined as personal information that the law deems to be specific to the individual. The Company will collect, use and/or disclose sensitive personal information only when the Company has obtained your explicit consent, or if necessary as permitted by law.
(Hereinafter in this Policy, if not specifically mentioned, private and personal information as well as your sensitive data, as in the above, shall be referred to as "Personal Information".)
- For what purpose does the Company collect, use and/or disclose your personal information?
The Company sets out the necessary objectives for collecting, using and disclosing your personal information for the benefit of products and/or services as well as to comply with any laws that you or the Company must follow, and for any other purposes as specified in this Policy, as follows:
3.1 Shareholder, Executive Director and Director who has the authority to act on behalf of the company
The Company will collect, use or disclose personal information as a Shareholder, Executive Director and Director who has the authority to act on behalf of the company for the signing of business contracts, general contracts, approval of various operations, authorizes business operations, laws, banking transactions, contacting government agencies, general actions in the meeting invitation, notify the result of the meeting, dividend management, report on the Company's performance according to regulations or as required by law including for donations or charitable activities.
3.2 Employees and family members
The Company will collect, use or disclose personal information of employees in the recruiting scope, employment contract, identity verification for work or access to internal information system, calculation and payment of wages, compensation, performance evaluation, wage adjustment, disciplinary conduct and penalty records, training and personnel management according to employment contract, criminal background check, job promotion, moving and relocating job positions, money disbursement according to work regulations, coordinating with management executives on the medical appointments, transportation reservation, visa application, accommodation and service reservation, health check-up both as required by law and provided by the company and including the provision of welfare benefits for employees and their families, sending information to external agencies in compliance with the laws related to the Revenue Department, Social Security, Labor Skill Development, the Legal Execution Department, and internal office administration coordination, expense reimbursement, property holding, premises administrative management, mail and post management, record entry-exit work area, audits from internal and external departments, including sending, transferring or disclosing information to the delivery service provider in order to contact customers. For the employee's family members, the Company will consider collecting, using or disclosing personal information as necessary for the usage of complying with the law or for any other action that is primarily for the benefit of employees or family members. The Company will arrange for family members to collect, use or disclose personal information to give consent to the company through the operation of the employees. However, in the case that the employees did not take appropriate actions in order for the Company to comply with the law, the employees may be affected whether they are unable to exercise their rights or benefits that can be obtained from the services provided by the company. In this case, the company reserves the right not to provide, give, and pay benefits or welfare if the employees or their family members have not complied with the provisions of the law.
The Company will collect, use or disclose personal information of partners including suppliers, consignees, dealers, employers, contractors, manufacturers, exhibitors and those who have to carry out orders, partner assignment in the scope of opening accounts receivable, new accounts payable, bidding, negotiating, entering into contracts, organizing promotional activities, meetings, trainings, seminars both domestically and internationally, business certification, show, debut or product demonstrations, held both domestically and internationally, sales management, training, technical competency testing, advertising, media production and printing, sales rewards and seller registration, seller procurement, seller evaluation, hiring contracts for various services, delivery of documents or products, in case of being a speaker or invited to give a lecture to provide advice on the process of training, seminars, meetings as a personal profile, education, work experience, talent , photos during the activity. In the case of an auditor from outside agencies, the company will collect auditor's personal information only for identity verification, registration of Certified Public Accountant purpose.
Buy, Sell, Let, Rent
If you are selling or letting a property through us;
- We use your personal information for the purposes of fulfilling our obligations to you to let or sell your property or, if you are a buyer or tenant, for the purposes of arranging a contract for sale or a lease for you.
- If you are purchasing a property we are acting as agents for the sale of or selling a property through us we will share your personal information with your appointed solicitors and the solicitors acting for the other side of the deal as is necessary to facilitate the sale or purchase.
- In addition, if we are providing a service to you, or on your behalf, where we are required to do so by law, we will collect information relating to your identity, which will be at least one form of photographic identification (such as a passport, a driving licence or an identification card) and one form of documentation with proof of your place of residence (such as a recent utility bill).
- We will collect your bank account details to arrange onward payment of rent due to you and deposits or installments base on your request.
If you wish to rent a property we are listing;
- We will ask you for contact information. Such as phone number Email address And the postal address Line ID to contact you
- Various specifications so that we can find the right property for your needs.
If you wish to purchase a property we are listing for sale where you have specifically provided us with these, we will collect personal information relating to any specific access requirements you may have in relation to a property so that we can find a property that is suitable for your needs. We will also collect personal information required to source a property for you and, where required, negotiate the purchase of a property on your behalf and prepare relevant documents for you.
In addition, where you engage with Acute Realty as an individual buyer, we will collect information required to identify you to meet anti-money laundering and counter terrorist financing requirements. In case of an entity such as a company, trust or charity, we may need to collect personal information about the controllers and the beneficiaries of the entity. When certain criteria is met, this information will be passed to the Anti-Money Laundering Office.
- Where we engage with you to manage property on your behalf we will ask for additional emergency contact information in case we need to get in touch with you outside of working hours or in the event there is a matter requiring your urgent attention. Where you engage us for portfolio management services we will share your personal information with third party lenders as is necessary to allow us to fulfil our obligations to you and to properly manage and advise you on your property investments.
Your personal data may be used for marketing and advertising, we have mechanisms to protect your personal data as follows:
- For the Purpost of Sale Promotion
We may use your personal data, your technical and usage data and profile data to analyze and offer you suitable products or services; which include sending newsletters, offering various benefits privileges and promotions. You can choose not to receive marketing information through various channels, please see the details in “Opting Out” section below.
You can choose not to receive marketing news from us, via sending an email to DPO@lh.co. This cancellation will not affect our provision of products or services to you, or any other transaction you have with the Company.
- Data Retention
- Security and confidentiality of the personal information
We ensure access to personal information is restricted to Acute Realty employees and workers or other persons working within the Acute Realty Group on a need to know basis. Training is provided to any of those Acute Realty employees and workers who need access to personal information.
- Any act that is considered as an offence by the Law, as well as any other actions mentioned below which are prohibited by the organization. However, it does not mention all prohibitions, but it is written as a guide for users to be informed only.
Note: Some employees may be exempt from some of the prohibitions mentioned below if it is in accordance with the assigned duties (as long as it is not contrary to the law). For example, an administrator can suspend access to the network of any device if that access interferes with the operation of the information technology system.
- Providing confidential information about personal information of employees or customers, corporate secret and other confidential information to third parties.
- Violation of privacy rights, corporate copyright, corporate secrets, patents, intellectual property or any other laws.
- Use of corporate resources to obtain or transmit pornographic or illegal materials, documents, or images.
- Fraud using a User ID and password that the supervisor or the head of the department assigns for the sale of any goods or services
- Attempts to breach security or interfere with network operation. Examples of security breaches include unauthorized access to data or host computers. Examples of network disruptions include Sniffing, Pinged Floods, Pack Spoofing, Denial of Service, and Forged Routing Information with malicious intent, etc.
- Heavy bandwidth usage, especially P2P File Sharing.
- Port Scanning and Security Scanning, except for the performance of assigned duties.
- Eavesdropping or interception of information that employees are not allowed to know by any means, except in the performance of their assigned duties.
- Searching for system bugs to gain unauthorized access to information or systems
- Bypassing user authentication, computer or any network system security measures
- Using programs/scripts/commands or sending any messages with the intent to interfere, reduce service efficiency or suspend the use of the user both through the internal system and through various network systems
- All forms of intimidation through email, phone calls or messaging systems. Either by language, frequency or size of comment text or send any messages that are not related to work to a large number of people (Newsgroup Spam).
- Reporting Security Weaknesses
- The security-related vulnerabilities of the organization that are observed or suspected must be recorded and reported in the system or service being used.
- Management and remediation of security-related incidents.
Objective: To provide a consistent and effective method for managing incidents related to security for the organization's information
Responsibilities and Procedures
- Must define responsibilities and procedures for dealing with security-related incidents of the agency. Such procedures must be fast, effective and well organized.
Learning from Security Incidents
- Security breaches must be recorded, at least considering the type of incident, the resulting quantity and expenses incurred from the damage in order to learn from the events that have already happened and prepare the necessary protection in advance.
Collection of Evidence
- Evidence must be collected and stored in accordance with the rules or guidelines for the preservation of reference evidence in relevant judicial proceedings when it is found that the incident is related to civil or criminal proceedings.
- Utilization of sensitive data
To sell the products or services of the company or to collect the personal data in some cases, the company has the necessity to collect the sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, disability, criminal records, data concerning health, trade union membership, the processing of genetic data, biometric data or health data etc. In such cases, the company shall inform and request for the data owner’s consent to use the sensitive data as per the company’s purpose.
- Transferring, assigning and/or sending the personal data overseas
In the event, the company has to transfer, assign and/or send the data oversea, the company will determine the standard of covenants and/or joint venture with agency or organization which will receive the data to have an acceptable standard for data protection and to coordinate with the law. This is to ensure that the personal data will be secured i.e.
- In the event, the company has the necessity to store and/or transfer, assign the personal data for storing
- Processing of data in the Cloud; The company shall consider the organization which has international standard for security and shall store the data by entering the password or by any other means which will not identify the personal data.
- Third-Party Links
This Privacy Notice coverage will expire when you click a link to another website, as it is considered that you have ended your visit on our website. In the event that other websites collect, use, or disclose your personal data, we encourage you to read the privacy notice of all the websites you visit for the benefit of your privacy.
- Rights of the data owner
You have the rights in accordance with the laws. You may utilize your rights as per the law and the policy determined herein or which will be determined in the future and the company’s rules.
Withdrawal of consent
If a consent is given to the company to collect, use and disclose your information (consent prior or after the enforcement of the data protection laws), you have the right to withdraw the consent at any time when the data is with the company except that your rights have been limited by law or agreement which is for your benefit.
Right to access the data
You may request to access your information which is with the company and may request for a copy of the data and may request the company to disclose the way the data was collected without the consent.
Rights to transfer the data
You may request your personal information which the company has altered so it can be easily be read or used via the automatic equipment or tools and may use the or disclose the data automatically. You also have the right to directly send or transfer the personal data in the automatic form to the data controller except there are any technical errors.
Right to object
You have the right to object at all times if the data which is collected, used and disclosed is for the benefit of the company or third party or for the public interest. In the case of objection, the company shall collect, use and disclose the personal information only for the part where the company can provide lawful reasons that is supersedes your basic rights or which is in accordance with the law or used to fight a case, as the case maybe.
Right to request removal of data
Right to restrict the data processing
You have the right to restrict the data temporarily when the company is under the process of considering the amendment of personal data or request to object or any other events where the company no longer needs to store the information and shall delete the personal information but you have requested to restrict instead.
Right to amend the data
You have the right to amend your personal information to be correct, present and compete which will not cause misunderstanding.
Right to complaint
You have the right to complain the authorized agency if it is believed that the data collected, used and is disclosed in such a way which violates or breaches the law.
10.1 The length of time the company collects personal data of the personal data subject, unless specifically stated as required by law, the Company will keep the personal data of those involved in the business as it is still required and/or for not less than 10 years as required by law or counting from the person involved in such a legal relationship with the company, except in the case of necessity in relation to the use or countering of claims under Execution Law, placing of property, or as specifically stipulated by law.
10.2 Inspection system for deletion, destroy personal data that has expired. The company has prepared an audit system to delete or destroy the personal information of the involved parties after the expiration of the storage period or is not relevant or beyond the necessity for the purpose or as requested by the data subject or request to withdraw consent except in the case where the company has to keep in the objectives for exercising freedom of expression or in accordance with the exceptions of specific laws including the use of rights legal claim or in order to comply with the exercise of legal claims or raising the defense of legal claims or in order to compliance with the law
- Data Protection Officer
12.Complaints and Contact Details
If you have any complaints about the way we use your personal information please contact Data Protection Officer(DPO) at firstname.lastname@example.org or Fill out the request form to exercise rights under the Personal Data Protection Act at
Thai version https://forms.gle/a3QpbQq6gB59GERp6 or
English version https://forms.gle/rjfuKSZXB3xcYPe49
If you have any questions, comments or requests regarding any aspect of this Privacy notice, please do not hesitate to contact us by sending an email to email@example.com Tel.02-541-4999 or writing to Acute Realty Co.,Ltd , 484, 524 Ratchadaphisek Road, Samsen Nok, Huai Khwang, Bkk 10310 Thailand
Last Update:May, 2022