- Privacy Notice - Advanced Info Service Public Company Limited and Subsidiary Companies
- Advanced Info Service Public Company Limited and Subsidiary Companies, as listed here (“Company”), emphasize in personal data protection and prioritize the security of your personal data, and therefore issue this Privacy Notice (“Notice”) for such purpose. The Company suggest you to understand the details of this Notice since it prescribes the process of data collection, store, uses and/or disclosure including your other rights as a data subject as part of the Privacy Policy of Advanced Info Service Public Company Limited and Subsidiary Companies. This is to make sure that you are informed and acknowledged of the Company's personal information protection measures. Therefore, the Company hereby announce the Notice as followings:
- 1. Scope of Notice
- This Notice shall apply to the following:
- • natural person(s) who is customer / service user of the Company
- • natural person(s) who is entrepreneur, shop, business partner, service provider, or party in a contract with the Company
- • natural person(s) who involves with or related to juristic person who is customers / service users, entrepreneur, shop, business partner, or service provider of the Company e.g., shareholders, directors, attorneys, coordinators, communicators, employees, or any assignee.
- • natural person(s) who is not customer / service user of the Company, but it is necessary for the Company to collect, use, and/or disclose personal data e.g., person(s) viewing websites or applications of the Company, or use the services of the Company at branch offices.
- • natural person(s) who disclosed personal data to the Company, or in which the Company received personal data, whether directly or indirectly, by any means.
- 2. Personal Data to be collected
- “Personal Data” means any information pertaining to data subject, or enables the identification of data subject, whether directly or indirectly.
- Personal Data that the Company collects, uses and/or discloses may be vary in accordance with the scope of service that you use or your other interactions with the Company, shall include but not limited to the following Personal Data:
- • First name, last name, gender, date of birth, nationality, photos, picture and national identification number, and passport number;
- • Contact information: address, e-mail, and telephone numbers;
- • Usage information of services, network services, and other information related to the provision of services;
- • Financial information such as payment information, credit card numbers, and bank account numbers;
- • Information related to the security system;
- • Information to be used to improve the quality of services, or to resolve customer’s use of service issues;
- • Information necessary for complying with the laws, including information for investigation and use of any relevant actions in the event of any breaches of the terms of services or any unlawful acts.
- 3. Legal basis
- It is necessary for the Company to collect, use, or disclose the above-mentioned data on the legal basis to perform our contractual obligations with you, to comply with the requests of data subject prior to the effectiveness of such contractual obligations, to comply with applicable laws, or as necessary for lawful interests of the Company. If you do not provide personal data as required, the Company may not be able to provide services or proceed your requests.
- 4. Source of Personal Data
- Company may receive your Personal Data from the following sources:
- 4.1 Information that collected directly from you:
- • Information collected during the request submission, application, entering into the service agreements with the Company (e.g., registering for a new mobile number, applying for extra services, requesting for privilege or applying for internet subscription, etc.);
- • Information collected from your submitted survey, send-receive emails, or other communication channels between you and the Company;
- • Information collected from the use of service, network and other related to the services (e.g., your location data within the network or location data from GPS, etc.);
- • Information collected from the Company’s websites through cookies (e.g., Google Analytic following the Company’s Cookies Policy)
- • Information that you provided to the Company through online channels (e.g., mobile applications or Company’s website, etc.)
- • Information collected before or during your participation as business partner, partnership, or party to a contract with the Company.
- 4.2 The Company may receive your personal data from other sources not directly from you where such source has the right to disclose your personal data as permitted by laws such as government sectors, subsidiary companies, business partners and subcontractors that have been trusted by the Company to register and provide services to you.
- 5. Purpose of Collection, Storage, Usage and Disclosure of Personal Data
- • To fulfill the service under a contract to which you are a party or to process the request before entering into a contract;
- • To develop and improve the service network to be efficient;
- • To facilitate the notification or tracking, claim of products and service payments, fees such as sending service charge notices, product and service purchase orders, notification for product and service payment, issue receipts and tax invoices;
- • To perform data management for submission to any sectors that need to review, whether internal or external, to prevent fraud;
- • To perform data analysis for the services, marketing plans, marketing activities of the Company and partners, which the Company is a contracting party or having legal relations;
- • To inform and offer privileges, information, news, promotions, and other deals related to the application of, sell and purchase of products or services of the Company, including but not limited to any legal entities, partnership groups which the Company is a contracting party or having legal relations, through emails, short messages (SMS), applications, social media, mobile phones, etc.;
- • To apply or register for the services, products ordering, products selling, payment services and online transactions or other services of the Company, as well as, any legal entities, partnership groups which the Company is a contracting party or having legal relations;
- • To identify and verify the identity of the applicant for registration and access to the service;
- • To prevent or to avoid danger to a person’s life, body or health;
- • To comply with the law and/or other necessity purpose of the legitimate interests pursued by the Company;
- • To fulfill other purposes as permitted by law to collect, store, use and disclose personal data without obtaining a consent from the data subject;
- • To provide after-sale services or services requested by you and to support, inform, respond, and resolve any complaints;
- • To survey or evaluate your understanding, needs and satisfaction;
- • To report information to regulators and the public sector as authorized by law;
- • To secure the data security and service network of the Company;
- • To secure and prevent any crimes within the Company building and branches such as Closed-circuit television (CCTV).
- 6. Disclosure of Personal Data to other persons or entities
- The Company shall not disclose your Personal Data to other persons or entities who are not an affiliate of the Company (“third-party”) except for the fulfillment of purpose to collect, store, and process Personal Data as listed in this Notice, where the Company may disclose your Personal Data to the third-party as following:
- • Company’s authorized distributors such as TWZ Corporation Public Company Limited (Telewiz);
- • Logistic Service Providers such as Thailand Post Company Limited, DHL Supply Chain (Thailand) Limited, Flash Express Company Limited, etc.;
- • Financial and Transaction Service Providers such as Commercial Banks, Payment Service Providers, etc.;
- • Cloud Service Providers such as Google ONE, Amazon Web Services, Microsoft 356, etc.;
- • Personal Data Processors
- • Information Technology Service Provider, and Program or IT System Service Providers;
- • Professional Consultants;
- • Insurance Issuers that you are desire to use the service;
- • Any sectors that need to review the data management, whether internal or external, to prevent fraud;
- • Government sectors, Law enforcement Agencies, and Regulators;
- • Other sectors that processing the Personal Data for the purpose as permitted by law, such as an Agency that obeys a legal order, auditors or legal proceedings/litigations;
- • Any necessary third-parties to enable the Company to perform its business and provide service to you, including any performances in accordance with the purposes, to collects and processing Personal Data, as stated in the Privacy Policy.
- 7. Retention period of the Personal Data
- 7.1 The Company will retain your Personal Data for a period necessary to fulfill the purposes of providing services, or for as long as necessary in connection with the purposes set out in the contract or legal relation to be enforced between you and the Company. Unless it is required by applicable laws or regulations enforcing to the Company, to comply with internal practices of the Company, to comply with legal claims, or as requested by regulatory authorities, the Personal Data may be further retained for a period as reasonable and as necessary for each category of Personal Data.
- 7.2 The Company will erase or destroy or anonymize Personal Data to be an unidentifiable data by following the Company’s data destruction standards, when it exceeds the retention period or when the Company has no right or no other legal basis allows the Company to process your Personal Data.
- 8. Transferring Your Personal Data Overseas
- The Company may transfer your Personal Data to our affiliates or a group of partnerships that the Company is a contracting party or having legal relations, including Cloud Platform Service Provider in foreign countries. However, such transfer of Personal Data shall be for your benefits or benefits to the business as a whole. Such Personal Data shall be protected in accordance with the Personal Data protection standards.
- 9. Consent
- The Company may further ask for your consent to collect, use, or disclose Personal Data in the following cases:
- 9.1 Sensitive Data, only as necessary for the use or to provide certain services from the Company e.g., data of individual who has visual or hearing impairments, or for the purpose of identity authentication e.g., biometrics. In case that the Company may not apply other legal basis, the Company will ask for your explicit consent.
- 9.2 For the analysis, research, statistics, including the development of products or services of the Company or business partners. In case that the Company may not apply other legal basis, the Company will ask for your explicit consent.
- 9.3 For the operations of marketing, offering of products and services, news, beneficial advice, marketing strategy, or privileges from the Company or business partners. In case that the Company may not apply other legal basis, the Company will ask for your explicit consent.
- 9.4 In case that the Company acknowledge that the data subject is a juvenile, in which the Company require to have consent from parents or guardians, the Company will not collect, use, or disclose Personal Data of relevant juvenile until the consent from authorized guardians is given, unless there is a legal basis for the Company to proceed without consent.
- 10. Your Rights related to Personal Data
- You may exercise your rights as permitted by laws, current enforced policies or to be amended in the future, by contacting Company’s representative or exercise the rights by yourself, in the channel provided by the Company, to submit the request, in which the Company will further request an evidence to authenticate your identity as data subject.
- The Company may charge additional fees on case-by-case basis if it is found that your request is groundless, repetitive, or unnecessarily excessive, and the Company may refuse any untrustworthy, unreasonable, or impractical requests, or may reject your request in accordance with any regulations as defined by law.
- With regards to such requests, you have the rights to submit your claims to the Personal Data Protection Commission in accordance with the regulations as specified by the law.
- 10.1 Right to Withdrawal of consent
- When you consent to the Company for the specific purpose, you have the right to withdraw your consent at any time, except there are legal restriction or contractual obligations which are beneficial to you. Therefore, withdrawal of your consent may affect your benefits, you should therefore study, inquire about the impact before exercise your right. If your withdrawal causing the Company unable to deliver product or provide some service to you, the Company will inform you about the impact of such withdrawal. In this regard, the withdrawal of consent will not impact the collection, usage, or disclosure of your personal data prior to such withdrawal.
- 10.2 Right to Access and Make a copy of Personal Data
- You have the right to access, request a copy of Personal Data such as a copy of Call Detail Record (CDR), invoice or receipt in accordance with the requirements and methods set by the Company at AIS Service Center or via myAIS application at any time or request the Company to provide the acquisition of Personal Data. Therefore, the Company may refuse your request as required by law or by court order, or if your request may cause damage to rights and freedom of third party.
- 10.3 Right to Data Portability
- You have the right to obtain your Personal Data in case that the Company has converted your Personal Data in automatic machine-readable or usable format and can be used or disclosed by automatic means, and may request the Company to send or transfer your Personal Data to third party, or obtain the Personal Data that the Company sent or transferred to third party, except in case that the Company cannot execute such portability by automatic means, or it is technically impractical, or the Company have the right to reject your request in accordance with the law.
- 10.4 Right to Objection
- You have the right to object the collection, usage, or disclosure of Personal Data as follow, however such objection may cause the Company unable to provide you certain services:
- 1. Object to receive advertising short message (SMS) from the Company;
- 2. Object to receive advertising short message (SMS) from value-added service providers that are contracted parties with the Company;
- 3. Object to receive advertising short message (SMS) from business partners of the Company;
- 4. Object to receive service charge collection notice via short message (SMS);
- 5. Object to receive service charge collection notice via telephone;
- 6. Object to receive any offer of products, services, and promotional marketing via telephone;
- 7. Object to receive any direct marketing.
- However, in case that your objection to collect, use, and disclose of Personal Data and such Personal Data is necessary for the Company to perform its lawful operation or for public tasks, the Company may continue to collect, use, and disclose your Personal Data if the Company can lawfully demonstrate prevailing reason, or for the purpose of establishment of legal claims, compliance of legal claims, or defense against legal claims.
- In this regard, the Company may reject your request in accordance with the law, court order, or in case that your request may cause damage to rights and freedom of third party.
- 10.5 Right to Processing Suspension
- You have the right to temporarily suspend processing Personal Data in the event that the Company is in the process of reviewing your request to rectify your Personal Data or objection request or any other cases that the Personal Data is no longer necessary for the Company and needs to erase or destroy such Personal Data in accordance with applicable law, but you instead exercise the right to suspend
- 10.6 Right to erase or destroy
- You have the right to request the Company to erase or destroy your Personal Data or anonymize your Personal data except it is necessary for the Company to perform its obligations under the contract in order to provide a service or there are any legal rights to refuse your request.
- 10.7 Right to Data Rectification
- You have the right to rectify or change your Personal Data that is not correct or inaccurate in order to keep such data up-to-date. However, it is depending on the requirements of other applicable laws.
- 10.8 Right to Complain
- You have the right to complain regarding Personal Data via the communication channel of the Company in order to receive explanation or provisional solution from the Company, or submit your complaint to the supervising authority in accordance with the Personal Data Protection Act.
- 11. Security measure and Quality of Personal Data
- 11.1 The Company recognizes the importance of maintaining the security of your Personal Data. Therefore, the Company has established measures to maintain the security of Personal Data appropriately and consistency, and make your Personal Data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of Personal Data without rights or unlawful in accordance with the AIS Group’s Cyber Security Policy.
- 11.2 Any Personal Data that the Company received from you such as name, residential address, contact number, identification number, financial information which is completed and up-to-dated relating to an identified or identifiable of your identity will be used in accordance with the objectives of the Company. The Company will carry out appropriate measures to protect your Personal Data.
- 12. Marketing Activities and Promotions
- During the use of service, the Company may send information related to marketing activities and promotions of product and service of Company, affiliates and business partners which you may interested, while you can withdraw your consent to receive the information via the channel as specified by the Company.
- 13. Privacy Policy of Third Party Websites
- This Notice is only applying to the Company's services and website. If you are accessing to other websites, whether from Company’s website or not, you will have to study and comply with the privacy policies of any third party websites, separate from the Company’s website
- 14. If You Refuse to Disclose or Use Your Personal Data
- The Company may necessary collect your Personal Data in accordance with the law or to enter into a contract with you. If you refuse to disclose your Personal Data to the Company, it may cause the Company unable to provide a service to you.
- In case that the Company use your Personal Data to perform its obligations under the contract or as required by law, if you refuse to allow the Company to use your Personal Data, you may continue to use the service of the Company, however, it may be causing you to receive less convenience from the use of service due to the Company does not obtain a consent to effectively use your Personal Data for the purpose.
- 15. Operations, Practices and Policies with respect to Personal Data
- The Company has complied with laws, including the Notification of the National Telecommunications Commission on Measures for Protection of Telecommunications Service Users’ Rights Related to Personal Information, Privacy Rights and Freedom to Communicate by Means of Telecommunications, and other applicable privacy laws, as well as, publish a NBTC Privacy Guideline on the Company's website.
- 16. Data Protection Officer
- The Company has undertaken the Personal Data Protection Act. B.E. 2562 by appointing the Data Protection Officer (DPO) to monitor the operation of the Company with respect to the collect, use and disclose Personal Data in accordance with the Personal Data Protection Act B.E. 2562, including relevant personal data protection laws. In addition, the Company has rules and regulations to regulate the related parties to undertake their duties in accordance with the Privacy Policy and in line with the policy of the Personal Data Protection and Cyber Security Supervision Committee as specified by the Company.
- 17. Contact Information regarding Personal Data
- Customer and Service Management Business Unit
- Advanced Info Service Company Public Limited and subsidiary companies
- 414 Phaholyothin Road, Samsen-Nai, Phayathai, Bangkok 10400
- Or Data Protection Office Unit
- DPOOFFICE@ais.co.th
- From time to time, The Company may amend this Notice as the Company deemed reasonable or necessary. In case of amendment, the Company will announce the updated Notice on website of the Company.