Sertis | General Privacy Notice

General Privacy Notice

This General Privacy Notice was last updated on August 16, 2024.

Sertis Company Limited (“Sertis”, “we”, “us”, or “our”) values your privacy and recognizes the importance of Personal Data protection. Therefore, we have prepared this General Privacy Notice (“Notice”) to explain the ways we collect, use, or disclose your Personal Data in accordance with the Personal Data Protection Laws.

1. Scope of this Notice

This Notice applies to the following categories of Data Subjects.

a) Our business contacts, including all our customers, business partners, vendors, suppliers, and service providers, news agencies or media agencies, and educational institutions

b) Users of our websites and social media, such as Facebook, Instagram, TikTok, YouTube, LinkedIn, and Medium

c) Event participants, such as when we host or co-host an event or participate in a job fair, trade show, or exhibition

d) Research subjects, namely individuals having direct or indirect relationship with us whose Personal Data are collected for research purposes

e) Persons involved in disputes, including opposing parties, opposing counsels, and witnesses, in cases where there are any disputes

Where any of the above persons are juristic persons, this Notice applies to any individuals who represent such juristic persons.

In any event, please note that this Notice does not apply in the situation where we collect, use, or disclose Personal Data pursuant to the instructions given by or on behalf of our customers, such as through an API or other similar technologies. In that case, please refer to our customer’s privacy notice for further information.

2. Definitions

As used in this Notice, the following terms have the following meanings.

a) “Personal Data Protection Laws” means the Personal Data Protection Act B.E. 2562 (2019) and its amendments in the future, including all related sub-regulations.

b) “Personal Data” means any information relating to an individual which enables the identification of such individual, directly or indirectly, excluding the information of a deceased individual. The Personal Data includes Sensitive Personal Data.

c) “Sensitive Personal Data” means any Personal Data pertaining to racial, ethnic origin, political opinion, cult, religious or philosophical belief, sexual behavior, criminal record, health data, disability, trade union information, genetic data, biometric data, and any other Personal Data as prescribed and announced by the Personal Data Protection Committee.

d) “Data Subject” means an identified or identifiable individual to whom Personal Data relates.

3. Personal Data We Collect

3.1 Your Personal Data

During the term of your relationship with us, we may collect the following Personal Data about you, either directly from you or indirectly from other sources. However, the specific type of data collected may vary depending on your relationship with us.

a) Personal details, such as title, name, middle name, last name, preferred name, signature, photograph, video, position, company name, workplace, department, team, national ID number, tax identification number, passport number, and nationality

b) Contact details, such as address, mobile number, email, social media information (e.g., LINE ID), and communication platform information (e.g., Slack)

c) Financial information, such as account number, account type, payment type, payment history, amount payable, and amount withheld

d) Conversation details, such as requests, requirements, or subjects of the conversations

e) Responses voluntarily provided during interviews, such as experiences, impressions, feelings, and opinions

f) Personal data appearing in open source datasets, such as customer profiles, customer preferences, customer behaviors, financial transactions, and photographs and videos, to the extent that we can comply with the Personal Data Protection Laws

g) Personal data made publicly available by yourself, such as public profiles, comments, suggestions, or feedback, to the extent that we can comply with the Personal Data Protection Laws

h) Compliance details, such as facts regarding compliance or non-compliance with laws, regulations, policies, or agreements

i) Copies of personal documents, such as national ID card, house registration, and passbook

j) Other documents which may contain your personal details, such as quotation, agreements, invoice, receipt, company certificate, power of attorney, VAT registration certificate (P.P.20), withholding tax certificate, tax invoice, delivery note, and any other documents which may serve as evidence

k) Log files containing information about your operations, activities, and usage patterns on Sertis' websites, such as IP address, device ID, date and time, and cookie information

3.2 Your Sensitive Personal Data

Unless notified otherwise on a case-by-case basis, we have no intention of collecting your Sensitive Personal Data during the term of your relationship with us. Therefore, please refrain from providing any such information to us.

In addition, please note that certain copies of national ID cards may also contain Sensitive Personal Data, namely religious data, which we do not intend to collect either. Therefore, when collecting a copy of national ID card, we may redact or ask you to redact the religious data before sending to us.

3.3 Personal Data of Third Parties

In addition to your own Personal Data, we may collect Personal Data of third parties from you as follows.

a) Information about potential customers, such as title, name, middle name, last name, position, company name, preferred name, mobile number, email address, and social media information (e.g., LINE ID)

b) Information about other contact persons of existing customers, vendors, suppliers, or service providers, such as title, name, middle name, last name, position, company name, preferred name, mobile number, email address, and social media information (e.g., LINE ID)

Before providing the above Personal Data of third parties to us, please ensure that you are authorized to provide such Personal Data to us and that you have provided this Notice to such third parties for their acknowledgement.

4. Purposes We Use Personal Data

4.1 Why We Use Personal Data

Depending on your relationship with us, we may use your Personal Data and/or Personal Data of third parties for the following purposes.

a) To conduct our business activities, such as to identify potential customers, to develop and maintain customer relationships, to understand customer interests or requirements, to pitch and present project proposals, to issue a quotation, to enter into agreements with customers, to enable or facilitate service provision, to plan and implement projects, to monitor and control project implementation, to deliver projects, to provide any services to customers, to explore the opportunities of business collaboration, and to collaborate with each other for solution development or service provision

b) To proceed with our purchasing and accounting procedures, such as to create purchase order, to inspect products or services purchased, to proceed with payment for products or services, to proceed with billing and collection, to proceed with tax-related procedures, and to conduct financial analysis and financial planning

c) For public relations & corporate communications, such as to promote Sertis' products or services, to provide more details regarding Sertis' products or services, to provide more details regarding Sertis' open positions, to publish news and information about Sertis’ businesses, to build and maintain organizational image and identity, to develop and execute Sertis' communications strategies, to coordinate for conferences, seminars, webinars, exhibitions, trade shows, and press interviews, and to operate and improve Sertis' website and social media

d) For research and development, such as to develop and improve Sertis' products or services, and to conduct and publish AI research to contribute to the advancement of the field

e) To proceed with corporate and legal affairs, such as to ensure compliance with company's regulations and policies, to review and enter into agreements with business contacts, and to resolve disputes

f) To comply and audit compliance with Sertis’ legal obligations, such as accounting obligations, filing, reporting, and disclosing obligations, registration or licensing requirements, and compliance with data subject rights requests

g) To conduct other day-to-day activities, such as to manage your requests, to proof and authenticate your identity, to establish, comply with, exercise, or defend rights or obligations, to ensure security and safety throughout our premises, to prevent and resolve fraud or crime, to ensure continuity of our businesses, and to communicate and liaise with you or third parties

4.2 Why We Use Sensitive Personal Data

In the event that we unintentionally collect any of your Sensitive Personal Data, including religious data from the copy of your national ID card, we will not use such data for any purposes.

5. Lawful Bases We Rely on When Using Your Personal Data

We use your Personal Data based on various lawful bases under the Personal Data Protection Laws. The following lawful bases may be applicable to our use of your Personal Data depending on your relationship with us.

a) Performance of the contracts between us, or in order to take steps at your request prior to entering into a contract

b) Fulfillment of our legal obligations

c) Legitimate interests of us or third parties

d) Prevention or suppression of a danger to a person’s life, body, or health

e) Achievement of the purpose relating to the preparation of historical documents or archives for public interest, or for the purpose relating to research or statistics

f) Establishment, compliance, exercise, or defense of legal claims

6. Where You Are Required to Provide Your Personal Data to Us

In certain circumstances, you may be required to provide your Personal Data to us to comply with your legal or contractual obligations, or to enter into contracts with us.

Failure to provide us with your Personal Data may result in us being unable to manage your requests or to facilitate the provision of our services or your services.

7. To Whom We May Disclose Your Personal Data

For the purposes as outlined above, we may disclose your Personal Data to the following third parties who engage in our business activities during your relationship with us.

Online service providers
Accounting firms, audit firms, and actuarial firms
Consulting firms
Law firms or law offices
Banks and other financial institutions
Outsourced developers
Vendors, suppliers, and service providers who provide products or services to us
Business partners cooperating with us
Customers who receive products or services we provide
News agencies or media agencies

In certain circumstances, we may be required to disclose your Personal Data to comply with our legal obligations, to comply with your own requests, or otherwise to establish or protect our rights or the rights of any third parties as necessary. This includes any disclosure to the following third parties.

Law enforcement agencies, such as courts, public prosecutors, and police

Public authorities involved in our business operations, such as Board of Investment of Thailand (BOI), Department of Business Development (DBD), Ministry of Digital Economy and Society (MDES), Immigration Bureau, Department of Employment, and Revenue Department

Other third parties as requested by you or otherwise entitled to request or obtain your personal data

To the extent that we can rely on an appropriate lawful basis, we may also disclose certain categories of your Personal Data to the general public from time to time, such as by posting on our websites and social media.

In the above circumstances, please note that the relevant third party’s privacy notice may also apply.

8. Cross-border Transfer

From time to time, we may need to transfer your Personal Data to our customers or service providers located in foreign countries. In certain cases, the Personal Data protection standards of the destination country may not be equivalent to that of Thailand. In such circumstances, we will implement any necessary suitable protection measures and/or obtain your consent to ensure that such transfer would be in full compliance with the Personal Data Protection Laws.

9. Retention Period

Sertis will retain your Personal Data for the period necessary to meet the purposes for which they were collected, unless the law requires longer retention periods. For instance, we may keep your Personal Data throughout the term of your relationship with us, and for an appropriate period after that to comply with our legal obligations.

In any event, in cases where there are disputes regarding your relationship with Sertis, we reserve the right to retain your Personal Data so long as such disputes are resolved.

10. Security Measures

To ensure that your Personal Data is safe with us, Sertis has implemented appropriate security measures, including technical, organizational, and physical measures, to prevent any unauthorized or unlawful loss, access to, use, alteration, correction, or disclosure of Personal Data, in accordance with the minimum standard under the Personal Data Protection Laws. We will review the above measures when necessary or when the technology changes to ensure effective security.

11. Your Rights

In accordance with the Personal Data Protection Laws and subject to certain exceptions, you, as a Data Subject, may have the following rights.

a) Right of access: you have the right to request access to and obtain a copy of your Personal Data, or to request the disclosure of the acquisition of your Personal Data.

b) Right to data portability: in cases where we have your Personal Data in the format which is readable or commonly used by ways of automatic tools or equipment, you have the right to (i) request that we send or transfer your Personal Data in such formats to other data controllers if doable by automated means; or (ii) request to directly obtain the Personal Data in such formats that we send or transfer to other data controllers, unless infeasible due to technical circumstances.

c) Right to object: in certain circumstances, you may have the right to object to the collection, use, or disclosure of your Personal Data.

d) Right to restrict processing: in certain circumstances, you may have the right to restrict the use of your Personal Data.

e) Right of rectification: you have the right to request that we ensure that your Personal Data remains accurate, up-to-date, complete, and not misleading.

f) Right to erasure: in certain circumstances, you may have the right to request that we erase, destroy, or de-identify your Personal Data.

g) Right to withdraw consent: you have the right to withdraw your consent at any time in cases where we rely on your consent.

h) Right to lodge a complaint: you have the right to lodge a complaint with the Office of the Personal Data Protection Committee in case where you believe that our practices violate or are not in compliance with the Personal Data Protection Laws.

In order to exercise any of the above rights, please contact us using the contact information provided in Section 13 below.

12. Changes to this Notice

We may make changes to this Notice from time to time to reflect any changes to our collection, use, or disclosure of your Personal Data and to comply with any changes to the Personal Data Protection Laws. In this regard, we will notify you of any significant changes to this Notice through any means we deem appropriate.

We encourage you to revisit this Notice periodically.

13. Contact Information

If you have any queries, recommendations, or concerns regarding this Notice, or if you wish to exercise any of your rights as a Data Subject, please feel free to contact us and our Data Protection Officer as per the following details.

Attn: Data Protection Officer

Sertis Company Limited

Address: Room No. 302, 3rd Floor, No. 597/5, Sukhumvit Road, Klong Tan Nuea Sub-district, Wattana District,

Bangkok, 10110, Thailand

Tel: 02 001 1893

Email: dpo@sertiscorp.com

PD-SER-001 General Privacy Notice Revision No. 01