PDPA Policy

     Sanfinity company limited respects the privacy and confidentiality of our clients’ personal and believe that it is our responsibility to properly manage, protect, process and disclose your personal data., in compliance with the Thailand Personal Data Protection Act (PDPA) 2019.

     We have developed this Data Protection Policy to assist you in understanding how we collect, use, disclose, process and retain your personal data.

1. How We Collect Your Personal Data.
In general, Sanfinity collects personal data directly from you.
  - When you respond to a marketing call for new product or service
  - When you call in to request for information or inquiry
  - When you request for technical support
  - When you send in your job application form
  - When you indicate you wish to have a follow-up from the salesperson
  - When you leave your contact details
  - When you respond to a marketing call
  - When you agree to a site survey
2. Types of Personal Data We Collect About You.
- The types of personal data for job application we collect about you may include:
  • Academic History
  • Criminal Background/Past Offences
  • Education & Professional Qualifications
  • Employment Details & History
  • Family Background & Details
  • Medical Details/Health Information
  • Personal Contact Information
  • Personal Details
  • Photos & Video Footage
- The types of personal data for sale solution we collect about you may include:
  • Contact details for register license software
  • Contact detail for marketing call for new product or service
  • Customer Feedback
  • Site Survey Information
3. How We Use Your Personal Data
  We use the personal data we have collected about you for one or more of the following purposes:
  - Customer care and account management
  - Delivery of products and services
  - Employee communication
  - Sale Solution communication
  - Enhance customer experience
  - Fulfil legal requirements
  - Fulfil orders and services
  - Fulfil requests for products and services
  - Manage and improve our business and operations to serve you better
  - Obtain opinions, comments about products and services
  - Pass information about you to our agents and associates to carry out services
  - Payroll processing
  - Personnel management
  - Process and administer employment records
  - Process applications and registration
  - Process contract renewals and upgrades
  - Provide customer service and support
  - Provide information to subsidiaries or partners that perform services for the company
  - Receive personal data from 3rd party to support new contracts
  - Recruitment & selection
  - Respond to inquiries and provide customer services
  - Respond to queries and feedback
  - Sales commissions
  - Send information and updates
  - Staff Appraisals
  - Training & career development
  - Update records in our database
4. Who We Disclose Your Personal Data To
We disclose some of the personal data we have collected about you to the following parties or organizations outside ISS Facility Services Private Limited:
  - Accounting Firms
  - Delivery Services
  - Email Vendors
  - Employees / Staff
  - Mailing Houses, Freight and Courier Services
  - Insurance Companies (Group Insurance for Employees)
  - Legal Services
  - Other Contracted Service Providers
5. How We Manage the Collection, Use, and Disclosure of Your Personal Data
    We take our responsibilities under the PDPA seriously. We are committed to implementing policies, practices, and processes for data protection that comply closely with the PDPA obligations. The Act takes into account the following concepts:

    Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
    Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
    Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.

In projecting the three main concepts above, the Act contains nine main obligations which organisations are expected to comply with if they undertake activities related to the collection, use and/or disclosure of personal data:-
(1) The Consent Obligation
(2) The Purpose Limiting Obligation
(3) The Notification Obligation
(4) The Access and Correction Obligation
(5) The Accuracy Obligation
(6) The Protection Obligation
(7) The Retention Limitation Obligation
(8) The Transfer Limitation Obligation
(9) The Openness Obligation

6. Protection of Personal Data
    We have implemented an Information Security Policy that governs how personal data and confidential information are protected within our organization. We will take the necessary security arrangements to protect your personal data that is under our charge or control to prevent unauthorized access, collection, use, disclosure, or similar risks. All our employees will take reasonable and appropriate measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorized persons on a ‘need to know’ basis. External data intermediaries who process and maintain your personal data on our behalf will be bound by contractual data security arrangements we have with them.

    You can be rest assured that we are constantly mindful of them in our collection, use and disclosure of personal data. Contact details of Data Protection Officer: dpo@sanfinity.com