Privacy Policy

Our website, globaltopgroup.com, respects the privacy rights of all users who visit our site. We would like to inform you about how we use your personal data.

This privacy policy applies to the following individuals:

  • Service provider or website owner: Hereinafter referred to as globaltopgroup.com
  • Website visitor: Anyone who opens or reads information on any page of the globaltopgroup.com website.

globaltopgroup.com has established this personal data policy to enhance the security standards of personal data for visitors and users of the website, and to comply with the Personal Data Protection Act B.E. 2562 (2019).

Therefore, we recommend that you read this privacy policy to learn and understand the practices1 that globaltopgroup.com adheres to in handling your personal data.

Purpose of Personal Data Collection

The company will retain personal data for the period necessary to conduct business according to the objectives, or for as long as necessary to achieve the objectives, which may need to be retained further after that if required or permitted by law, such as storage according to the Anti-Money Laundering Act, storage for the purpose of verification in case of a dispute within the statute of limitations as prescribed by law for a period not exceeding 10 years.

The company will delete or destroy personal data, or make it unidentifiable when it is no longer necessary or at the end of such period.

Personal Data Collected by globaltopgroup.com

globaltopgroup.com collects your personal data through website usage and registration. The data we collect includes:

  • Full name of the website user
  • Email of the website user
  • Telephone number of the website user

The company will not collect personal data relating to race, ethnicity, political opinions, beliefs in cults, religion or philosophy, sexual behavior, criminal history, health information, disability, labor union information, genetic information, biometric2 information, or any3 other information that affects the data subject in the same manner, unless express consent is obtained from the data subject, or falls under the exceptions under the Personal Data Protection law where consent is not required. The company will collect and use such personal data with caution under appropriate security standards.

Use of Cookies on globaltopgroup.com

globaltopgroup.com uses cookies for website operation purposes. You can learn more about the cookie usage policy on globaltopgroup.com from our Cookie Policy.

Personal Data Collected by Third Parties

globaltopgroup.com uses software and services from third parties to enhance website performance. The services used by the website include:

  • Google Analytics
  • Facebook Pixel/Conversion API
  • Google Tag Manager
  • Google Maps Embedded
  • YouTube Embedded

In the case of linking with third-party platforms such as advertising networks, social media, and other external website service providers, some cookies and computer traffic data may be managed by third parties. Therefore, website visitors are advised to study and understand the cookie usage and privacy policies of such third parties.

Personal Data Breach

In the event of a personal data breach, the company will notify the Personal Data Protection Committee within 72 hours of becoming aware of the breach. If the breach poses a high risk to the rights and freedoms of the data subject, the company will promptly inform the data subject of the breach and the remedial measures taken.

 

Rights of the Data Subject

   The rights of the data subject are legal rights. The data subject may exercise various rights under the provisions of the law. The company will comply with data subject requests without delay. If the company needs to reject a request, the company will inform the data subject of the reason for the rejection.

 Right to Withdraw Consent: If the data subject has given consent to the company for the collection, use, and/or disclosure of personal data (whether consent was given before or after the effective date of the Personal Data Protection Act), the data subject has the right to withdraw consent at any time while the personal data is held by the company, unless such right is restricted by law or a beneficial contract. The company will inform the data subject of the potential consequences of withdrawing consent.

 Right to Access Personal Data: The data subject has the right to access or request a copy of their personal data under the responsibility of the company, including requesting the company to disclose how such personal data was obtained without the data subject’s consent. The company reserves the right to refuse the request if it is in accordance with the law or a court order, or if granting access or providing a copy would affect the rights and freedoms of others.

 Data Portability Right: The data subject has the right to receive personal data if the company has processed such data in a format readable or usable by automatic tools or devices, and if the personal data can be used or disclosed automatically. The data subject also has the right to request the company to send or transfer personal data in such a format to another data controller when technically feasible and has the right to directly receive personal data that the company sends or transfers to another data controller, unless technically impossible.

The aforementioned personal data must be data for which the data subject has consented to the company’s collection, use, and/or disclosure, or data that the company needs to collect, use, and/or disclose for contract performance, or other personal data as specified by law.

 Right to Object to the Collection, Use, and Disclosure of Personal Data: The data subject has the right to object to the collection, use, and/or disclosure of personal data at any time if such data was collected under an exemption from consent requirements, or for direct marketing purposes, or for scientific or statistical research purposes. The company may refuse the request if it is necessary for carrying out tasks in the public interest, or if the company demonstrates compelling legitimate grounds, or for the establishment, exercise, or defense of legal claims.

 Right to Erasure or Destruction of Data: The data subject has the right to request erasure or destruction of personal data, or anonymization of the data, if the data subject believes that the personal data was collected, used, and/or disclosed unlawfully, or if the company no longer needs to retain it for the purposes specified in this policy, or if the data subject has exercised their right to withdraw consent or object as stated above.

 Right to Restrict Processing: The data subject has the right to request a temporary restriction on the processing of personal data while the company is investigating a request for rectification or objection, or in other cases where the company does not need to retain the data and must erase or destroy it in accordance with the law.

 Right to Rectification: The data subject has the right to request rectification of personal data to ensure its accuracy, completeness, and non-misleading nature.

Security of Personal Data

1.The company will implement appropriate security measures for personal data, including technical measures (e.g., password setting, encryption (Secure Sockets Layer/SSL), network device security systems, etc.) and organizational measures (e.g., establishing information security policies, confidentiality, access rights, risk assessment and management, establishing rules and regulations). These measures are strictly enforced and reviewed regularly or when technology changes to ensure effective security, prevent personal data breaches, loss, unauthorized access, destruction, use, alteration, modification, misuse, or disclosure.

2.All employees and personnel of the company are obliged to comply with the Personal Data Protection Act, taking into account the security of personal data as a priority, not using the information obtained from work for other purposes or causing damage to the company.

3.Measures to prevent unauthorized or unlawful use or disclosure of personal data

The following measures are implemented:

3.1 Assessment before data transfer

(a) Verify the authority and legal basis used by the individual and/or other juristic person to request personal data.

(b) Inquire about the purpose of data usage to assess the level of detail to be copied (to determine the level of detail of the information needed).

3.2 Data transfer

(a) Prepare new data from raw data with a level of detail necessary for the purpose of use.

(b) Request data delivery and record the name of the requester, contact information, date of data provision, legal basis used to access personal data, and purpose of use.

(c) Inform the individual or juristic person that upon receiving the data, the data recipient must also perform the duties of the personal data controller for the requested data set, within the scope and purpose of use as notified.

3.3 After data transfer

(a) Monitor usage from time to time to record the latest status of data usage. If there is no need to use the data for the original purpose, the individual or juristic person should be notified to erase or destroy the data.

(b) Define methods to keep the data up-to-date for user usage, such as having a computer program to automatically connect and update the source and destination data to be synchronized at all times.

 

 

How to Contact globaltopgroup.com and the Data Protection Officer

If you have any suggestions or would like to inquire about details regarding the collection, use, and/or disclosure of your personal data, including requesting to exercise your rights under this policy, you can contact us through the following channels:

Telephone number: +66(0)92 250 8448

Email: compliance@chaithanin.com

Announced on December 1, 2022

 

Contact Form

GTG Website Registration
?