The Planned Parenthood Association of Thailand (hereinafter referred to as ‘PPAT’) would like to provide you with an understanding of this privacy policy. This policy explains how PPAT handles your personal data, including the collection, storage, usage, and disclosure of your information, as well as your rights concerning your data. This is to ensure that you are informed about the data protection policy of PPAT and that PPAT is aware of the importance of safeguarding the personal data of its customers, employees, and partners. To this end, PPAT has implemented measures to collect, store, and protect data in accordance with the relevant laws, regulations, and standards concerning personal data protection.

    1. 1. Definition
      “Personal Data” means any information relating to an individual which enables that person to be identified, whether directly or indirectly, but does not include information of the deceased in particular. “Data Controller” means a person or juristic person who has the authority and duties to make decisions regarding the collection, use, or disclosure of Personal Data. “Data Processor” means a person or juristic person who processes the collection, use, or disclosure of Personal Data in accordance with the order or on behalf of the Data Controller. The person or juristic person who does so is not the data controller. “Data subject” means customers, employees, business partners, who are natural persons. “Person” means a natural person.
    2. 2. Purpose of establishing personal data protection policy
      The Association has established a personal data protection policy to protect customers’ information. In conducting various transactions with the Association to ensure that it is secure, reliable, and for the data subject to be effectively protected and protected from unauthorized use of the personal data of the data subject. In addition, to provide remedies for the personal data subject in accordance with relevant laws.
    3. 3. Limited Collection of Personal Information
      The collection of personal data will be done with the purpose, scope and use of lawful and fair means in collecting and storing data, as well as collecting and storing personal data to the extent necessary for the provision of services or services by any other digital means under PPAT’s objectives only. PPAT will provide the data owner with electronic acknowledgement and consent in accordance with PPAT’s methodology.

PPAT collects your information through 2 channels:

1. Information you present and provide to PPAT
2. Information we collect through third-party services
PPAT may collect your personal data in connection with your interests and services used which can be consisted of your religion or philosophy, health information, biometric data, disability, identity or any other information that will be useful in providing the service. PPAT will ask for your consent before collecting the abovementioned data, except:
3.1. Comply with laws such as the Personal Data Protection Act., Electronic Transactions Act., Telecommunications Business Act., Anti-Money Laundering Act., Civil and Criminal Code, Code of Civil and Criminal Procedure, etc.
3.2. It is for the benefit of the investigation of the case officer or the judgment of the court.
3.3.
For your benefit and consent cannot be obtained at that time.
3.4. It is necessary for the legitimate interests of PPAT or of persons or juristic persons other than the association.
3.5. It is necessary to prevent or suppress the danger to life or a person’s health.
3.6. It is necessary for the performance of a contract to which the personal data’s owner is a contract partner, or to take steps at the request of the personal data’s owner before entering into such contract.
3.7. To achieve the objectives related to the preparation of historical documents or archives, for the public interest, or for study, research, and statistics in which appropriate preventive measures have been provided.
3.8 Usage behavior data through the following tools: Google Analytics, Google AdWords, Hotjar and Facebook Pixel to analyze the platform’s capabilities and plan future platform development.

    1. Purpose of collecting personal data
      PPAT will collect, use, update and disclose the personal data of the data provider in accordance with the purpose, scope and methodology that are approved by laws. It will be collected only to the extent necessary for the provision of services and operations of PPAT mainly for the benefit of the data owner and other legal purposes for the following purposes:
      4.1) To be used for processing, managing, considering, providing services and operating business of PPAT that currently exists and may occur in the future, including any occurrence, for the benefit of the data owner, as well as used for the preparation of accounting, financial statements and accounting information of PPAT.
      4.2) To submit personal data to the National Credit Information Association Co., Ltd. for use in applying for loan approval or any other relevant government agencies for the benefit of credit consideration to the data provider.
      4.3 To be used for monitoring and collecting installments under the hire-purchase agreement and any other liabilities (if any) from the data owner, which PPAT has legal rights to.
      4.4) To amend, cancel and/or renew hire-purchase agreements, employment contracts and any other contracts between the data owner and PPAT.
      4.5) To be used as information for analysis, propose, use for market research and/or promotional activities and/or for the benefit of creating databases and using the information to offer benefits according to the interests of data owner and/or improvement of PPAT’s service provision, implementation and products.
      4.6) To comply with regulations, announcements, statutes, including any other requirements to which PPAT is obliged to comply with the law.
      4.7) To disseminate information, monitor, coordinate and provide after-sale service as well as conduct service through electronics platform.
      4.8) To take any other relevant actions to achieve the aforementioned objectives.
    2. 5. Restrictions on Personal Information Usage
      PPAT will collect personal information in accordance with the standards required by law and will not use or disclose such data to third parties without the consent of the data owner, except for the purposes stated above or as required by law to disclose the personal data to relevant agencies or persons as follows:
      5.1) Business groups, business alliances of PPAT, including relevant government agencies to provide services for processing, managing, considering, providing services and operating any means that the data owner receives and may receive in the future.
      5.2) PPAT, National Credit Bureau Co., Ltd. including associations of the same business or business group or other related agencies
      5.3) Employees, attorneys, representatives, individuals or juristic persons who provide debt collection services and/or auditors of PPAT and/or services and operations in connection with PPAT’s business that exists and may arise in the future.
      5.4) Employees, attorneys, representatives, individuals, juristic persons or any other entities to comply with legal requirements or establish contractual rights of the association.
    3. 6. Rights of the Data Owner
      PPAT recognizes the importance of the rights of the personal data’s owner, and therefore has determined the rights of the data owner to process their personal data collected by PPAT in accordance with the law, as follows;
      6.1) Request access to and obtain a copy of personal data relating to data owner which is under the responsibility of PPAT in accordance with the rules and procedures prescribed by PPAT, or request disclosure of the acquisition of such personal data without his/her consent.
      6.2) Obtain personal data about yourself from PPAT in the event that PPAT has made the personal data in a format that can be read or generally used by automated tools or devices and can be used or disclosed by automated means.
      6.3) Object to the collection, use, or disclosure of personal data about oneself that is permitted by law to be collected without the consent of the data provider at any time.
      6.4) Request the Association to erase, destroy or anonymize the personal data to which the personal data belongs In cases as required by law.
      6.5) Request PPAT to suspend the use of personal data as required by law.
      6.6) Inform PPAT to ensure that the personal data is accurate, current, complete and not misleading.
      6.7) Complaint in the event that the Data Controller or Data Processor, including employees or contractors of the Data Controller or Data Processor, violates or fails to comply with the Personal Data Protection Law.
    4. 7. Withdrawal of consent
      The data owner can withdraw the consent given to the association for the collection, usage or disclose the aforementioned personal data at any time by informing PPAT with the reasons. PPAT will act as notified unless there is a restriction on the right to withdraw consent by law or a contract that benefits data owner. The withdrawal of consent of the personal data owner will not affect the collection, usage, or disclosure of personal data that the personal data owner has given consent to before.
    5. 8. Refusal and recording
      In the event that the data owner requests PPAT to take the action specified in Clauses 6.1 – 6.7 or Article 7, PPAT will act as requested within a reasonable time and in accordance with PPAT’s procedures, except in the following cases that PPAT may refuse to act upon:
      8.1) It is not possible to act upon under the certain circumstances.
      It is a legal refusal or court order and access to and obtain a copy of such personal data will have a negative impact on the rights and freedoms of other persons.
      8.3) The transmission or transfer of personal data is in the public interest or legal obligation, or the exercise of such rights may violate the rights or freedoms of other persons.
      8.4) The collection, usage, or disclosure of personal data has demonstrated to more important legitimate grounds by the data controller.
      8.5) The collection, usage or disclosure of personal data is for the establishment of legal claims, compliance or exercise of legal claims, or the defense of legal claims, in the event that PPAT refuses to comply with the request of the data subject to take any action in accordance with clauses 6.1 – 6.8 or 7, PPAT will prepare a report recording the refusal together with the reasons for refusal to be kept in the department, division or any other agencies within the association that rejects the request of the data owner.
    6. 9. Data Security and Quality Measures
      PPAT recognizes the importance of maintaining the security of your personal data, so the association has established appropriate measures to maintain the security of personal data in accordance with the confidentiality of personal data to prevent data from losing, being hacked, destroying, using, converting, correcting or disclosing personal data unrightfully or unlawfully, as well as preventing unauthorized use of personal data. In addition, PPAT council has prepared a policy, procedure, manual, guideline and training for knowledge in storing, using and disclosing personal data for employees at all levels of the association to maintain, use and disclose personal data in accordance with the standards of PPAT and in accordance with relevant laws.
    7. 10. Data Protection Officer
      PPAT has complied with the Personal Data Protection Act B.E. 2562 (2019) by appointing a Data Protection Officer (DPO) to monitor PPAT’s actions related to the collection, usage, and disclose personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) and laws related to personal data protection. In addition, the association has established regulations and instruct relevant parties to take the prescribed actions in order to ensure the smooth implementation of the policy on personal data protection. It is also in accordance with the policies of the Personal Information Management and Cybersecurity Supervisory Committee of the association.
    8. 11. Retention and Destruction Period of Personal Data
      The Association will retain the data as received from the data subject only for as long as necessary to carry out the purposes mentioned above. Except in cases specifically required by law, it shall be kept for a longer period or it is necessary for the establishment of legal claims. Compliance or exercise of legal claims, or defense of legal claims, or for the performance of contracts to which the Association is legally entitled.
    9. Contact Channels
      Planned Parenthood Association of Thailand
      8 Soi Vibhavadi-Rangsit 44, Vibhavadi-Rangsit Road, Chatuchak District, Bangkok
      Telephone : 0-2941-2320
      Email : info@ppat.or.th