PALM HILLS GOLF CLUB & RESIDENCE is a leading service business of golf clubs in Thailand that adheres to ethical business conduct and compliance with applicable legal framework Palm hills Golf Club is aware of your trust in Palm hills Golf Club products and services and recognises your need for security in financial transactions and the handling of your personal data.
For prioritising your privacy and safeguarding your personal data, Palm hills Golf Club, has set out policies, regulations and rules for the Palm hills Golf Club’s business providing strict measures in protecting your personal data, so that you can be assured that any personal data entrusted to Palm hills Golf Club will be processed to meet your needs and in accordance with the laws.
This Policy is to inform you, as a data subject, to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data.
"Company" means PALM HILLS GOLF CLUB & RESIDENCE
"Customer" means a customer, a buyer, or a client using the services of the Company, the use of the Website, products, or other services of the Company. This also apply to a business partner(s) and an interested person(s).
"Data Controller" means the Company that has the authority to make decisions about the Personal Data and to obtain the Personal Data from the Customer to provide services or to perform contract obligations with such persons.
"Data Processer" means a natural person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller.
"Data Protection Officer" means officer(s) appointed by the Data Controller to perform and act as the Data Protection Officer in accordance with the Personal Data Protection Act B.E. 2562.
"Website" means any website owned or provided by Palm hills Golf Club as the case may be.
"Personal Data" means any Personal Data which can be identified a natural person directly or indirectly according to Section 6 of the Personal Data Protection Act B.E. 2562.
"PDPA" means Personal Data Protection Act B.E. 2562, as amended, including relevant rules, regulations, and orders.
"Processing of Personal Data" means the collection, use, and/or disclosure of Personal Data in which you are the data subject.
2. General Provision
3. Personal Data
The Company will collect your Personal Data for the use of business operations and shall collects only to what necessary to fulfil the purposes of Personal Data processing and to comply with PDPA.
Personal information and contact information such as name and surname, national identification card number, passport number, photos, gender, date of birth, age, status, address, workplace information, telephone number, fax number, email address, etc.
Financial information such as bank account information or tax pay identification number.
Information necessary for references or for your transactions such as Personal Data as shown in the copy of identification card, copy of passport, copy of house registration, copy of driving license, copy of vehicle registration, vehicle registration number, copy of power of attorney, invoices, receipts, or payment vouchers, etc.
Technology Information such as log, IP address, location, browser, referring website, login log, transaction log, access time, searched information, social media, website function usage, cookies, or other technologies in the same manner, etc.
CCTV footage which records your stills and moving footages, voice records or other Personal Data which can identified a natural person.
4. Collection of Personal Data
The Company may collect Personal Data directly obtained from you, from using the Company’s services or from filling your Personal Data through Company’s Websites or though other available channels, or when you entered into a contract or transaction with the Company and submitted or make copy of any document relating you to the Company, or when you submitted your inquiries, feedback, or complaint to the Company, etc.
In conducting transactions, or contract and agreements, or complying with legal obligations, if you choose not to provided information or provide inaccurate or outdated information to the Company, you may subject to certain restriction. For example, you may be unable to conduct any transactions with the Company or may be unable to demand certain performance of a contract with the Company. All these restrictions may potentially cause damages and loss of opportunity to you and may potentially affect any legal obligation in which you or the Company, as the case may be, is under obligation to comply.
The Company shall collect and retain your Personal Data for as long as necessary for the purposes of collecting, use, and disclosure of Personal Data in this Policy. In case you terminate relationship or an agreement with the Company, or no longer using the services or the business transaction has been executed, or when your Personal Data is no longer necessary in relation to the specified purposes, the Company shall store your Personal Data for specified period or as specified by the law, or by prescription period or for exercise or defense of legal claims. After the expiration of the storage period of each type of Personal Data, the Company shall proceed to erase or destroy or make anonymize of such Personal Data.
5. Purposes of Processing of Personal Data
The Company processes your Personal Data for the purposes in accordance with lawful basis under PDPA as follows:
For account registration purpose and for the benefit in verifying or identifying the Customer’s authentication when accessing or using the services or entering into a contract with the Company, including for compliance with your requests or performance of a contract between you and the Company.
For services management purposes such as when the Company received purchase order and/or services from you, the Company shall proceed to prepare products and/or services, shipping products, billing products, and sending invoice or related documents to you or any other activities which is necessary to provide services efficiently;
For examination and maintenance of quality and standards of goods and Company’s services in the event that the Company or you find any goods or services do not meet minimum standards.
To process or analyze any other benefits which related to the Company's business operations in order to provide various services to meet the interests of Customer and improve quality of Company’s services such as for the benefit of setting up and managing your account, analyzing the user experiences in Website or the Company’s application, analyzing and tracking user behavior, for marketing purpose, preparing statistics, researching and developing surveys, and preparing marketing or advertising within the Company or for relevant goals including content delivery, advertising about activities and promotions as well as providing appropriate advice, etc.
To contact Customer through telephone, text (SMS), email or postal mail or through any other available channels to inquire or inform Customer, or to check and verify the Customer’s account information, or survey poll, or inform other information related to the services of the Company as necessary and appropriate.
For the purpose of handling Customer’s complaints, feedback or suggestions. The Company will use the information received from you to improve and develop the quality of service in identified areas to be more efficient.
To provide service in compliance with PDPA and related rules and regulations both currently enforceable or to be amended in the future, and to comply with legal obligations.
For the establishment, compliance, exercise, or defense of legal claims. For initiating litigation, as well as proceeding for legal enforcement such as investigation and/or examination by government officials, for case preparation, and/or defense of legal claims in court, etc.
For surveillance and protection of your security and Company’s assets, including security in building or in premises of the Company. The Company may record your information and video footages and/or voice in buildings, offices, or surrounding areas under CCTV surveillance.
To prevent or suppress a danger to life, body, or health of the Customer where the Customer is incapable of giving consent by whatever reasons, including necessity for the public interest, or to perform duties in exercising of official authority vested in the Company, the employees or designated person(s), or to comply with a law to which the Company is subjected.
For any other purposes that are related to your interests as our Customer. Nevertheless, for any Processing of Personal Data activities which required your consent, the Company will seek your consent prior to Processing of your Personal Data.
6. Disclosure of Personal Data
The Company shall disclose your Personal Data in compliance with the notified purposes to the following persons:
Government agencies, authorized official authorities under the law such as Revenue Department, Office of the Personal Data Protection Committee, Royal Thai Police, Courts Official, Police Officers, Bank of Thailand, hospitals, etc;
Business Partners of the Company such as freight forwarders, event organizers, other related vendors, contractors, contractual parties which related to the business operation and providing services to you, etc;
Company’s consultants for providing advice on business operations such as accounting auditors, external auditors, experts, legal consultants, attorneys, etc; or
Other person(s) or business sector(s) in which you had given consent to disclose your Personal Data to such person(s) or business sector(s).
7. Your rights as the Data Subject
You have the rights to be informed or obtain a copy of your personal data being processed by the Company or requests the Company to inform what sources the Personal Data originated that you have not given consent.
You have the rights to request the Company to correct and complete your Personal Data In the event that you see that your Personal Data is inaccurate, not up to date, or incomplete which may cause misunderstanding.
You have the rights to withdraw consent once given to the Company for Processing your Personal Data at any reasonable time unless there is a restriction of the withdrawal of consent by law, or there is contractual obligation that benefits you. For example, you are still bound by employment contract with the Company, or you have contractual obligations or legal obligation with the Company. Nevertheless, if you choose to withdraw consent, you may not be able to receive services from or conduct transaction with the Company, or the Company’s ability to provide services to you may be limited.
You have the rights to receive the Personal Data concerning yourself from the Company. In which the Company shall arrange such Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means.
You have the rights to object Processing of your Personal Data at any reasonable time in one of the following circumstances: collection, use, and disclosure of Personal Data is necessary for the performance of a task carried out in the public interest by the Company or necessary for the legitimate interest of the Company, for the purpose of direct marketing; or for the purpose relating to scientific or historical research or statistics, unless it is necessary for the performance of a task carried out in the public interest by the Company.
You have the rights to request the Company to erase or destroy or anonymize Personal Data to become anonymous data where legitimate ground applies.
You have the rights to request the Company to restrict the use of Personal Data, where the following applies: pending examination process in accordance with your request to ensure that the Personal Data remains accurate, up-to-date, complete, and not misleading, the Personal Data which shall be erased or destroyed because it has been unlawfully collected, used, or disclosed, but you request for restriction of the use instead, no longer necessary to retain such Personal Data for the purposes of such collection, but you have necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims or the Company is pending verification to demonstrated that there is a compelling legitimate ground or pending examination for the establishment, compliance or exercise of legal claims, or defense of legal claims to reject the objection request made by you.
You have the rights to complain to expert committee in accordance with PDPA in cases the Company or the Data Controller including employees or Data Processor(s) does not take action or does not comply with PDPA.
8. Security Measures for Storing Personal Data
The Company is committed to protecting your Personal Data. Hence, the Company shall provide security measures including a safe and appropriate system for collecting, using, or disclosing Personal Data to prevent your Personal Data from accidental loss, unauthorized access of data, destroy of data, misuse of data, unauthorized change or disclosing of data in accordance with the Company’s information technology security policies and/or procedures. The Company shall provide security measures of Personal Data which include operational safeguards, technical protection measures and physical safeguards regarding access or control of the Personal Data usage which at least consists of the following actions:
Control of access to Personal Data and storage devices and Processing of Personal Data considering the usage and security;
Determine permission to access Personal Data;
Users access management to Personal Data for designated person(s) only;
Determine roles and responsibilities of users to prevent unauthorized access, disclosure, cybercrime, copy of Personal Data, or to prevent theft of storage devices or data; and
Provide method for tracing back in access, alteration, disposal, or transmission of Personal Data in accordance with the methods and storage media used for processing of Personal Data.
9. Link to Third Party Website Disclaime
11. Policy Review
The Company and related business unit shall review this Policy at least once a year. Updated versions are to be adopted by the Board of Directors of the Company where deemed necessary or appropriate.
12. Governing Law and Jurisdiction
13. Contact Information