Effective Date: 1 June 2021
This policy applies to all personal data collected, processed, and stored by the Chamber, whether electronically or in physical form, and covers all individuals, including members, employees, clients, suppliers, and any other individuals whose personal data we may process.
- Data Collection and Use
3.1 Types of Personal Data
We may collect and process the following types of personal data:
- Contact information (e.g., name, address, email address, phone number)
- Professional information (e.g., job title, company name)
- Financial information (e.g., bank account details)
- Communication preferences
- Any other personal data required to fulfill our contractual or legal obligations or provide requested services
- Technical data such as IP address, Cookie ID, Activity Log, etc.
- Other such as photos, videos, and other information that is considered personal data under the Personal Data Protection Laws.
3.2 Purpose of Data Processing
We collect and process personal data for the following purposes:
- To communicate with individuals regarding our services, events, and initiatives
- To administer memberships and provide member benefits
- To facilitate networking opportunities and business connections
- To organize and promote events, workshops, and conferences
- To maintain accurate records for internal administration
- To comply with legal obligations and regulations
- Data Retention
We retain personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and regulatory requirements. When personal data is no longer required, we will take reasonable steps to securely delete or anonymize it.
- Data Security
We are committed to protecting personal data from unauthorized access, disclosure, alteration, or destruction. We implement appropriate technical and organizational measures to safeguard personal data, including but not limited to:
- Regularly updating security software and systems
- Restricting access to personal data on a need-to-know basis
- Training employees on data protection and privacy obligations
- Conducting regular data protection assessments and audits
- Data Disclosure
We do not disclose personal data to third parties without the individual's explicit consent unless required by law or in situations where we are legally permitted to do so. We may share personal data with trusted service providers who assist us in delivering our services, subject to appropriate confidentiality and data protection agreements.
- Data Subject Rights
Individuals have the following rights regarding their personal data:
- The right to access and obtain a copy of their personal data held by us
- The right to rectify any inaccuracies in their personal data
- The right to request the erasure of their personal data, subject to legal obligations
- The right to object to the processing of their personal data for direct marketing purposes
- The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
Requests related to data subject rights should be submitted in writing to the contact details provided in Section 9.
- Data Transfers
If personal data is transferred to countries outside of Thailand, we will ensure appropriate safeguards are in place to protect the data in accordance with applicable data protection laws and regulations.
- Contact Information
- Updates to the Policy