- Purpose
This Social+ Group Data Protection Policy (“Data Protection Policy”) stipulates the rules for personal data protection in Social Plus Holdings Ltd and its affiliated companies (“Social+” and the “Social+ Group”).
Our Data Protection Policy refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
This Data Protection Policy reflects the data privacy rules required by the GDPR and other applicable laws including but not limited to Thailand Personal Data Protection Act B.E. 2562 (“PDPA”).
Through the implementation of the Data Protection Policy across the companies within Social+ Group, the risks of, and arising from, breaching data protection will be minimised.
- Who is covered under the Data Protection Policy?
Employees of our Social+ Group and its subsidiaries must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
- Policy Elements
As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc.
Social+ collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.
Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorized or illegal access by internal or external parties
Our data will not be:
- Communicated informally
- Stored for more than a specified amount of time
- Transferred to organizations, states or countries that do not have adequate data protection policies
Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
4. Lawful Bases and Personal Data Processing Purposes
The personal data processing within Social+ Group will always be based on lawful bases, which include the consent to the personal data processing, compliance with a legal obligation, the performance of a contract and/or Social+ data processing agreement, the legitimate interest, the public interest or the protection of the interests of the data subject.
5. Personal Data Transfer
Social+ Group may only make personal data available to third parties (including a personal data transfer within the Social+ Group) under certain conditions. Personal data may only be available to a third party acting as a processor based on Social+ data processing agreement or any contract likewise. Personal data may also be available to another third-party acting as a controller or a joint-controller based on relevant contractual agreements.
In case there are requirements for rectification or erasure of the personal data or for processing restrictions, under certain circumstances, Social+ will notify the relevant third parties to which the personal data were made available, unless this is not feasible or requires an inadequate effort.
Social+ will inform a data subject on the third parties to which the concerned personal data were disclosed, only if required to do so by the data subject.
Under certain conditions, Social+ can also transfer personal data within Social+ Group or to any third countries outside the European Economic Area (EEA) or the European Union or Thailand or to international organisations to the extent that data processing needs to be performed and completed by Social+ Group.
6. Responsibilities of Social+ Group and its Employees
Social+ Group and its employees are obliged to process the personal data in compliance with the Social+ Group’ internal policies, the GDPR, the PDPA and other applicable data privacy laws and regulations.
****************