Personal Data Protection Policy (Privacy Policy)
Quality Houses Public Company Limited
07 October B.E. 2564
Introduction
Quality Houses Public Company Limited (“The Company”) sees the importance of privacy and personal data protection and comply with Thailand Personal Data Protection Act B.E. 2562 (“Thai PDPA”). The Company has created the personal data protection policy (“Policy”) to strengthen and support the personal data protection activity, especially for the benefit of all customers. Furthermore, The Company has defined the scope of the policy, in order not to conflict with the principles of the related to the personal data protection laws and regulations. Any personal data processing activities has either been consent by you or it is under a legally permissible basis.
If you have any questions or concerns regarding this Policy, including the enforcement scope of it, please contact The Company’s Data Protection Officer (DPO) for more information.
Objective of the Policy
This Policy is created to protect the personal data of customers, employees, and business partners that The Company has collected, stored, used, or disclosed in accordance with Thai PDPA. This Policy addresses the responsibility that The Company and its employees has towards the customers, as well as the customers’ rights as data subject.
Definition
| Personal Data | Data of a natural person which can be used either directly or indirectly to identify an individual. Personal data:
|
| Data Controller | Quality Houses Public Company Limited |
| Data Processor | A natural or juristic person excluding The Company’s employees which proceeds with the collection, use, or disclosure of personal data according to the order or on behalf of The Company |
| Data Subject | Any natural person who is the data subject |
| Data Protection Office | Personnel performing duties relating to the protection of personal data |
| Person | A natural person, excluding the deceased |
| Employee | Employee of Quality Houses Public Company Limited |
| Business Partner | A seller of goods, a service provider of The Company, or land seller |
Scope of the Policy
This Policy effects the collection, usage, and disclosure of personal data throughout all of The Company’s processing activities as the data controller. This Policy is also enforced on the data processors that The Company has disclose personal data to, for the objective of processing it.
Policy Updates and Revisions
This Policy will be reviewed and updated by the Company at least every twelve (12) months and the Data Protection Officer may from time to time issue additional guidelines or guidelines regarding this Policy, which will be reviewed by the Data Protection Officer; related policies and guideline shall be created to comply with Thai PDPA.
Governance Structure
The governance structure of The Company’s policies and guidelines to ensure compliance with the requirements of Thai PDPA.
- Appointment of Personal Data Protection Committee Personal Data Protection Committee acts as the leader regarding The Company’s personal data protection program and helps coordinate and provides advice to solve problems related to personal data protection throughout all departments of The Company as requested.
- Appointment of Data Protection Officer
- The Company is considering of appointing a appropriate personnel for Personal Data Protection Officer position.
- Duty, Roles, and Responsibility of Data Protection Officer
- Duty, roles, and responsibilities of the Data Protection Officer is as listed below;
- Advisory Duty
- Inform and advice regarding the personal data protection duty to data controller or data processor, as well as related employees.
- Provide advice regarding Data Protection Impact Assessment (DPIA)
- Coordinate and provide advice on personal data protection initiatives in The Company such as conduct training, create relating forms or documents.
- The Data Protection Officer can participate and make recommendations in assessing the effectiveness of security when there are changes in technology.
- Reviewing, Monitoring and Investigating Compliance Duties
- Monitor compliance of The Company and relevant personnel in relation to personal data protection, including in audits, awareness-raising activities as well as training of staff involved in processing operations.
- Co-ordinate and Co-operate Duties
- The Data Protection Officer acts as a contact person and coordinator to support regulators on issues relating to personal data processing activities.
- Answer questions and receive complaints, or requests if there are questions or concerns related to compliance and take any of The Company’s personal data related action.
- Take actions on the data subject requests when there is submission of request to exercise the data subjects’ rights
- Protect the data subjects’ rights such as responding to or reviewing requests to exercise the rights or filing a complaint.
- Confidentiality of Personal Data
- Ensure confidentiality of personal data under the control of the Data Protection Officer during the performance of the position’s duties.
- Advisory Duty
Processing of Personal Data
Purpose Limitation/ Data Minimization
The Company is able to collect, use, or disclose personal data that is related to the purposes which has been clearly addressed and shall not process it for other purposes which is not related to original objectives. However, such objectives must be appropriate to the circumstances in which personal data is collected, used, or disclosed by The Company. Furthermore, the data subject shall be notified regarding the objectives through Privacy via The Company's website. The Privacy Notice shall state all purposes in relation to collection, usage, or disclosure of personal data of The Company. The data subjects’ consent of the additional personal data is required for any other purposes other than those that is stated in the Privacy Notice.
The Company shall collect only necessary personal data for the stated objectives and for the purpose of contacting data subjects only. Nonetheless, The Company will not process any sensitive personal data.
Notification
The Company will notify data subject regarding the objectives of collecting, using, or disclosing personal data prior to or during the stages of collection, usage, or disclosure of such personal data. Except where the exceptions set forth in this Policy are met.
Nonetheless, in Privacy Notice, The Company shall notify the data subjects regarding the details as listed below:
- The Company’s legal compliance with Thai PDPA
- Objectives of personal data collection, usage, or disclosure
- Data subjects’ rights
Privacy Notice may be sent to the data subjects or is announced on The Company’s official website. The data subjects shall be notified regarding the objectives where the personal data is collected, used, or disclosed by The Company. The Company does not have to request consent for the processing of personal data that has been collected prior to 1st June 2021, if the processing of personal data is only for the purpose of compliance with the terms and conditions of sale of goods and/or services of The Company only. However, if The Company wishes to process that personal data for a different purpose, explicit consent of data subject is required. Otherwise, the processing activities shall be in accordance with the lawful basis specified in Thai PDPA or related laws, rules, and regulations. The Data Protection Officer is responsible for reviewing the effectiveness, content, and notification method of the Privacy Notice least every 12 months.
Consent
The Company will not collect, use, or disclose personal data for certain processing activities if the data subject did not consent to it, such as for direct marketing activities. Unless it is in the event that The Company is allowed to do as stated in Thai PDPA or relevant laws. In the event that The Company receives personal data form third party, the personal data can be processed if the third party received explicit consent (such as the data subject was informed that The Company will be the personal data receiver) from the data subjects. If the third party did not receive explicit consent, The Company shall notify and request consent from the data subjects within 30 days after The Company received personal data from the third party.
Lawful consent cannot be acquired via the following means:
- Consent is set as a condition of receiving products or services
- Providing false information or consent is acquired from misleading practices
Format of Consent
The request for consent will be in a clear, written form, such as making a check box for the data subject to press/write themselves. Format of consent request must be clear and specific. Whereby the data subject will be able to choose explicitly for what purpose to give consent to. The consent can be requested through channels such as email, SMS, website, or etc. For direct and personalized marketing purposes, The Company will need explicit consent of the data subject for the collection, usage, and disclosure of personal data.
Record of Consent
Recorded consent must be clear, unambiguous, and is saved in writing. The Company's system shall be able to record the obtaining the consent of the data subject, as well as the withdrawing of consent when the data subject requests to exercise their rights.
Data Subject Rights
Right to withdraw
Data subjects have the right to withdraw their consent on which the collection, usage, or disclosure of personal data is based on at any time. As a result, The Company shall stop the processing of such data as soon as possible. If The Company does not have any other lawful basis which allow further processing of personal data, the personal data shall be deleted.
Right to object the collection, use, or disclosure
The data subject has the right to object to the processing of his or her data at any time when the following conditions are met:
- In the event that personal data which was collected by The Company without consent only in the following cases
- For the performance of public tasks or performing duties that regulators has granted for the Company.
- It is necessary for the legitimate interests of The Company or of another person, unless such benefits are less important than the fundamental rights of the data subject.
- In the event that The Company processes personal data for purposes related to direct marketing, The Company will not be able to refuse the request to object to the processing of personal data and must cease such processing activities.
- In the event that the processing of personal data is for scientific, history, or statistics research purposes, The Company can reject a request if it is necessary to carry out public tasks.
In the event that the data subject has objected to the processing of the personal data and The Company has no reason for rejection as listed above, The Company shall assume that there is no exception for The Company and can no longer collect, use, or disclose that data. Thus, without exception to refuse the request to exercise the right to object the processing of personal data, The Company shall delete or destroy the personal data, or clearly segregated the related data from other data immediately when the data subject has submitted request of objection.
Right to deletion
The data subjects have the right to request deletion of their personal data. The Company has to delete the personal data if one of the following conditions are met.
- The personal data is no longer necessary for the objective of the collection or processing of personal data.
- Data subjects withdrew their consent for the personal data processing and The Company has no legal authority to process it any further.
- Data subjects object the processing activities related to direct marketing.
- Data subjects object the processing activities (other than the objection of processing activities for direct marketing purposes) and The Company does not have the legitimate interest lawful ground.
- The processing activity is unlawful.
If the events as listed above occurred, The Company must delete, destroy, or make the data non-identifiable without any delay. If The Company discloses personal data to the public, The Company shall notify other data controllers regarding the request to exercise the right of erasure by the data subject, so the data controller can delete that personal data as well.
Nonetheless, The Company can refuse the request, if it can be proven that such processing activities are necessary as follows.
- The Company can state the higher lawful ground.
- The personal data is necessary to establish legal claims, compliance, or to exercise or raise the defense of legal claims.
- It is for the purpose of exercising freedom of expression.
- To achieve objectives relating to the preparation of historical documents or archives for the public interest, or in connection with research studies or statistics with appropriate safeguards to protect the rights and freedoms of the data subject.
- The processing activities are necessary for carrying out public task or or performing duties that regulators has granted for the Company.
Right to Restriction of Processing
The data subject has the right to restrict the processing of personal data if the following conditions are met:
- When the data subject restricts the processing activities and the reason provided is more important that The Company’s legitimate interest.
- The processing activity is no longer necessary; however, the storage of personal data remains necessary for the objective of legal claims
- The processing activity is unlawful, but the data subject wishes to restrict the processing activities instead of personal data deletion or erasure.
Right to portability
The data subject has the right to request his or her personal data from The Company, including the right to request The Company to directly send or transfer the personal data to other data controllers.
Right to access
The data subject has the right to receive confirmation from data controller regarding whether what or how the personal data is being processed. The data subject also has the right to submit request to access the data and receive a copy of his or her own personal data under the possession of data controller as listed below:
- Testimonials that the data controller processes the personal data.
- A copy of personal data related to the data subject
- Purposes of personal data processing to which individuals have the right to know the legal basis for the processing of their personal data.
- Category of personal data
- The category of person or entity to whom personal data may be disclosed to, especially the recipients of personal data in foreign countries or international organizations. The data subject has the right to be informed regarding data security measures, showing whether it is sufficient and appropriate or not.
- The length of time the personal data is stored or the criterion in determining retention period.
- Existence of the data subject's legitimate rights, namely the right to correct their personal data, right to request erasure, right to restrict or object processing of personal data.
- The right to lodge a complaint with a supervisory authority.
- Sources of Personal Data (In the event that The Company receives it from another source).
- Details in relation to automated decision making and profiling, including rationale of the logic, and the expected results of such processing.
Right to correction
The data subject has the right to request data controller to correct his or her personal data to be accurate and current as listed below:
- In the event that the personal data is incomplete, is when the data controller has the correct data but it is incomplete; thus, it is insufficient to be processed for the intended purpose.
- In the event that the personal data is incorrect.
In both scenarios, The Company shall immediately take actions, as well as providing details for information correction (supplementary statements) as evidence of such incomplete or inaccurate personal data as requested by the data subject.
Nonetheless, during the remedial action, the data controller shall temporarily suspend the processing activities, to verify the correction of data before processing it again to prevent the effects of inaccurate data processing.
In addition, the data controller shall notify whom such personal data has been disclosed regarding the correction of such personal data
Lawful Basis
The Company can collect, use, or disclose personal data when the processing activities is based on legal basis. The personal data will be disclosed to individuals or entities outside The Company under the legal basis permitted by law as listed below:
- Contractual basis
- Legal basis
- Legitimate interest basis
The processing activities on legitimate interest basis is the processing when there are reasons or business or commercial purposes for which The Company has necessary to collect, use, or disclose personal data as listed below:- The processing activity is for internal management, including the disclosure of personal data within the same group companies to raise the standard of operation. The disclosure of such data will be in accordance with the Personal Data Protection Policy.
- It is for security reason and to prevent illegal activities which may including photography and CCTV surveillance within the project area, or office building.
- It is necessary to maintain relationship with customers such as handling complaints and offering benefits without marketing objectives.
In conclusion, The Company will not collect, use, or disclose personal data without consent of the data subject unless there is other legal bases that support and allow it.
The table below shows an example of processing activities and the legal bases used.
| Purpose | Legal Basis |
| Provision of Products and Services | |
|
|
|
|
|
|
|
|
|
|
|
|
| Customer Support | |
|
|
|
|
|
|
| Marketing Activities | |
|
|
|
|
|
|
|
|
|
|
|
|
| Sharing Data Subjects' Personal Data to Third Parties for Their Marketing | |
|
|
| Business Improvement | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Fulfillment of Our Legal Obligations | |
|
|
|
|
| Security and Risk Management | |
|
|
Accuracy
The Company must have adequate measures to ensure that personal data that is collected, used, or disclosed on behalf of The Company is accurate and complete. If personal data is likely to be used in decision-making involving the data subject by The Company or by another organization, prior to doing so The Company shall consider the following:
- Characteristics of personal data and the importance of it to the data subject
- Purposes of personal data collection, usage, or disclosure
- Credibility of personal data
- Current of personal data
- Possible consequences if personal data is inaccurate or incomplete
To review the accuracy and completeness of personal data, The Company must have the following measures or guidelines:
- Accurately record the personal data being collected (either from direct or indirect collection)
- Collect all relevant parts of personal data for completeness
- Consider and verify that the personal data being collected, used, or disclosed is accurate and complete
- Consider the necessity measures to keep personal data that was collected, used, or disclosed up to date.
Storage and Retention
Company will cease the storage of documents containing personal data whether it is in paper or electronics format immediately if one of the following scenarios is applicable:
- Quality House's business relationship with the data subject ends and the purpose of personal data processing is accomplished
- Retention of such personal data is no longer necessary for legal or business purposes
The Company has a record of personal data storage and erasure methods and has set a clear retention period. The retention period is subject to relevant laws and regulations, or it is retained as necessary for legal or business purposes.
The end of retention period can take the form of:
- Documents disposal
- Anonymization of personally identifiable information
All employees of The Company have duties and responsibilities to check the orderliness and use appropriate methods to dispose of documents containing personal data. Employees can find more information in the Retention and Deletion policy
Confidentiality and Integrity
Security Measures of Personal Data
The Company has appropriate security measures, including organizational and technological measures to prevent message spoofing, including unauthorized collection, use, access or alteration. The Company has established procedures for dealing with incidents of personal data breach and shall notify data subject in accordance with the legal requirements.
Complaint Management Handling
Complaints or allegations of personal data breach can be done through DPO@qh.co.th
All complaints must be forwarded to the Data Protection Officer to investigate and advise on corrective action or appropriate response. Complaints that the Data Protection Officer receives from any channel must be investigated and referred to the relevant departments. All complaints must be resolved within a reasonable time unless the Data Protection Officer is obliged to extend a period.
Complaints that is not involve with personal data breach incident that have been notified via the Data Protection Officer’s email, The Data Protection Officer must keep records of all complaints or personal data breach incidents and report to the Personal Data Protection Committee.
If the Data Protection Officer determines that there is a personal data breach incident that may affect reputation or finances, the Data Protection Officer shall report such incident to the Personal Data Protection Committee to assess and decide on the reporting process to the regulator or continue to notify the data subject.
Personal Data Breach Notification
The Company must announce a personal data breach incident without delay and no later than 72 hours after being notified. Unless the personal data breach incident does not risk affecting the rights and freedoms of a natural persons.
If it is possible for personal data breach incident to result in a risk or affecting the rights and liberties of natural persons, The Company must report a personal data breach incident and remedy recover plan to the related data subjects without delay. However, the notification method must be in accordance with the standards and methods announced by the Personal Data Protection Committee.
Privacy Notice
1. About Us
Quality Houses Public Company Limited (The Company) conduct business in real estate development which are recognized by both domestic and international customers.
2. Personal Data the Company Collects From You
Personal data is information relating to an individual that makes it possible to directly or indirectly identify the data subject; however, it does not include the data of the deceased and anonymous data.
The Company will collect, use or disclose your personal data received from you, or from other reliable sources such as government agencies, business partner, affiliated companies. The personal data being collected is listed as follows;
- Identity Data refers to data that can identify you either directly or indirectly; such as name, surname, date/month/year of birth, gender, national identity card number, driver's license number, passport number, marital status, and etc.
- Contact Data such as address, email, and phone number.
- Sensitive Data such as race, beliefs, religion, health information, biometric data, criminal history, and etc. However, the Company will not process any types of sensitive data.
- Financial and Transaction Data such as bank account number, credit card and debit card number, monthly income data, payment information, and etc.
- Technical and Usage Data such as IP address, website browsing data from Cookie ID, device type, settings, and other platforms and technologies used to access our website.
- Profile Data such as username and password for online repair notification, sale of land, job application, interests, preferences, budget, reasons of purchase, and opinions from survey responses.
- Marketing and Communication Data such as your preferences in receiving marketing information from the Company and third parties; including contact information such as a tape recorder in the event that you contacted the Company via Call Center or through other social media channels, and etc.
Furthermore, the Company collect, use and disclose aggregated data, such as statistical data that cannot be used to identify a specific individual, such as data to calculate the rate of people who access our website, or to create statistical data. If the data is then able to be used to identify a specific individual, it will be considered as personal data and will be treated in accordance with this Privacy Notice.
Third-Party Links
This Privacy Notice coverage will end when you click a link to another website, as it is considered that you have ended your visit on our website. In the event that other websites collect, use or disclose your personal data, we encourage you to read the privacy notice of all the websites you visit for the benefit of your privacy.
3. Lawful Basis of Personal Data Processing
The Company will process your personal in accordance with the law as follows;
Consent
The company will process your personal data for the purposes stated and with your explicit consent.
Contract
The Company will collect, use, and process your personal data when it is necessary for the performance of a contract to which you are a party of, or to response to your request prior to enter into a contract, such as providing a service, proceeding with our internal processes to achieve contract performance objectives, and etc.
Legal Obligation
The Company processes data on a reasonable basis in order to comply with the law, such as preventing and detecting anomalies of transactions that may lead to illegal activities, reporting personal data to government agencies as required by law.
Public Interest
In some cases, it may be necessary for the Company to process personal data for the public benefit, or perform duties as assigned by a government agency.
Legitimate Interest
- The Company processes personal data for legitimate interests, such as for internal management which include the disclosure of data within the same business group to raise the standard of work of the Company; such disclosure will be in accordance with the Company's Privacy Policy and this Privacy Notice.
- To prevent and reduce the risk of illegal activities, including security camera recording in the project area or other areas, to uphold the security of residents.
- To maintain customer relations, such as complaints handling, offering benefits without a marketing objective, and etc.
Purposes of Personal Data Collection, Store, Use or Disclosure
The company collects, uses and discloses your personal data for the following objectives;
- To make the transaction as you have requested, the Company will collect your personal data such as your name, surname, email address, telephone number, opinions or inquiries, that you provided when you register through the Company's website or via other channels such as filling out questionnaires when you visit the project, when you contact the Company and request for further information
- To improve and develop services
- To perform a contract with a contractor that the Company hires or uses
- To comply with all relevant laws and regulations, and/or for any other benefits that you have given your consent to
In the event that you are an external service provider (Supplier/Outsource/Service Provider), the Company collect, use or disclose your personal data for the purpose of entering into a contract, procurement, check the quality of the products or services, or to evaluate the performance of the service provider.
The Company will collect, use, or disclose personal data on lawful basis which may varies depending on the purposes for which the data was processed for.
Marketing
Your personal data may be used for marketing and advertising, we have mechanisms to protect your personal data as follows:
Promotion Offer
We may use your identity data, contact data, technical and usage data and profile data to analyze and offer you suitable products or services; which include sending newsletter, offering various benefits and promotions.
You can choose not to receive marketing information through various channels, please see the details in “Opting Out” section below.
Opting Out
You can choose not to receive marketing news from us, via sending an email to DPO@qh.co.th. This cancellation will not affect our provision of products or services to you, or any other transaction you have with the Company.
Cookies
Our website stores cookies, for the purpose of improving the website service, and to create profile data about of your visit to our website without accessing your hard drive.
You can manage the cookies function in your browser's settings; for example you can choose to turn off certain types of cookies according to your preference. If you would like to know how to manage cookies functions, please access to the help menu in your browser. Turning off the cookie function may affect your ability to make certain transaction, use functions, and access to some content on our website.
Disclosure of Personal Data
In order to improve the quality of service and/or to use as a channel to offer products or services, inform news and various benefits, send event invitation, share marketing information and/or promotional programs of products or services, the Company may disclose your personal data to affiliate companies
Other than the detail specified in the first paragraph, the Company has no policy to sell your personal data to third parties. Your personal data will be kept confidential and we will not disclose your personal data unless necessary to achieve the objectives as notified to you as detailed above, or unless we received your consent; we may disclose your personal data to the following individuals or entities:
- External service provider (Supplier/Outsource/Service Provider) such as agents, partners, contractors, financial institutions, cloud computing service providers, marketing activities contractors, information technology development company; which may be both domestic and international. Other individuals or entities to which we disclose personal data to can only be collected and used for the purposes stated in the agreement.
- Government agencies or regulators, to comply with the law or in accordance with the orders of the authorities.
4. Security Measures for Personal Data
We have strict measures for the security of your personal data, with respect to your privacy which include taking action according to the law as follows;
- Categorize your personal data as confidential.
- Establish organizational and technical measures to prevent wiretapping, forgeries, unauthorized access or usage, such as information security, customer confidentiality policy, and etc.
- Our employees, employees and third-party service providers (Supplier/Outsource/Service Provider) are obliged to maintain the confidentiality of the customer's personal data in non-disclosure agreement that is signed with us.
- Establish procedures to handle any data breach incident, and will notify you if your personal data has been breached. The actions will be in accordance with the law.
However, the transmission of data via the internet still has limitations in the maintenance of security, despite our strict information security measures. Therefore, the Company cannot guarantee the security of the personal data you disclose through online channels. Thus, we are not responsible for any damage or loss incurred either directly or indirectly from unauthorized access to the personal data that you provide on our websites, unless we are proven of negligence.
5. Personal Data Retention
The Company will retain your personal data for as long as necessary to achieve the purposes for which we have collected it for. If you have ended your business relationship with us, we will retain your personal data in accordance with the Company's Privacy Policy, for a period of at least 10 years, or as required by law, in order to ensure the provision of products or services to you, and for legal purposes. However, at the end of the said period, the Company will destroy your personal data.
6. Data Subject Rights
You have rights under the Personal Data Protection law that you should be aware of. You can make a request by using the contact channel provided in the section “7. Contact Us.” We will process your request as soon as possible, which may take up to 30 days or more, depending on the volume and complexity of the request.
Right to Withdraw Consent
You have the right to withdraw your consent granted to us for the collection, use, or disclosure of your personal data. The Company will stop the processing of your personal data as soon as possible and may delete your personal data unless the Company is required to take further action that is required by law.
Right to Access
You have the right to request and obtain a copy of your personal data, or request the Company to disclose the obtained personal data. The Company will process your request within 30 days from the date we received the request.
Right to Rectification
You have the right to request us to make corrective action to ensure that your personal data is accurate, current, complete, and not misleading.
Right to Data Portability
You have the right to receive your personal data and request the Company to send or transfer your personal data to another data controller, or to obtain information that we have transmitted or transferred directly to another data controller.
Right to Erasure
You have the right to request the Company to delete, destroy, or turn your personal data into non-personally identifiable information in the following events:
- When such personal data is no longer necessary for the purpose of the data is being collected or processed for.
- You withdraw your consent to process personal data and the Company has no lawful basis to process it.
- You have objected to the processing activity such as direct marketing purposes.
- The personal data is unlawfully processed.
- Data subject object the processing activities (other than objection of processing activities for direct marketing purposes) and we cannot further process based on legitimate interest.
If such event occurred, the Company shall delete, dispose, or anonymize the personal data without delay. If the Company disclose personal data to the public, the Company shall notify other data controller regarding data subject request to exercise right to erasure for them to delete such personal data.
Nonetheless, the Company can reject the request of data subject, if it is proven that such processing activities have the following necessities;
- The Company can demonstrates higher legitimate ground.
- The personal data is involved in establishing legal claims, legal compliance, exercise of legal rights, or defense of legal claims.
- The personal data is processed to exercise freedom of expression.
- The personal data is processed to achieve the objectives related to the preparation of historical documents, research, or statistics for the public interest; and the personal data is secured with appropriate safeguards to protect the rights and freedoms of data subjects.
- The personal data is processed for public tasks or comply with authorized government agencies’ orders.
Right to Restriction of Processing
You have the right to restrict the processing of your personal data when the following conditions are met;
- When there is no longer a need for processing activities, but the retention of personal data is necessary for legal claims.
- When there is an unlawful processing activities of personal data. However, the data subject would like to prohibit the processing instead of erasing or deleting their personal data.
- When the personal data being verified for accuracy as you have requested.
- When the personal data is in the process of proving reasons of higher legitimate grounds.
Right to Object
You have the right to object the collection, use, or disclosure of personal data in the following events;
- In the event that personal data is collected, used, or disclosed for the purpose of direct marketing.
- In the event that the processing of personal data is for the purposes of scientific, historical, or statistical research; unless it is necessary for the performance of public interest.
- In the event that the personal data is collected for public interest or for a legitimate interest; unless the Company can prove higher legitimate ground.
Right to Lodge a Complaint
You have the right to lodge a complaint to relevant government agencies, in the event that the Company, the employee, or the contractor of the Company violates or fails to comply with Thai Personal Data Protection Act.
7. Contact Us
You can request to exercise your rights as data subject, and if you have any question or complaint, you can contact the Company via the following channels;
- Quality Houses Public Company Limited
- Location: Q House Lumpini Building, 7th Floor, 1, South Satorn Road, Kwaeng Thung Maha Mek, Khet Sathon, Bangkok
- Email: DPO@qh.co.th
Cookies Policy
Our website stores cookies, for the purpose of improving the website service, and to create profile data about of your visit to our website without accessing your hard drive.
You can manage the cookies function in your browser's settings; for example you can choose to turn off certain types of cookies according to your preference. If you would like to know how to manage cookies functions, please access to the help menu in your browser. Turning off the cookie function may affect your ability to make certain transaction, use functions, and access to some content on our website.
Data Subject Right Requests
Dear Our Valued Customers, Quality Houses Public Company Limited, We would like to inform you that we will continue to collect and use your personal data in accordance with the original purpose, that have been collected before the effective date of this Law.In order to comply with Section 95 of the Personal Data Protection Act B.E. 2562 (2019), And In the event that you do not want us to continue processing your personal data, You can submit a request to withdraw your consent via the following channels; Email: DPO@qh.co.th
Contact Information If you have any questions regarding this privacy policy or if you wish to exercise the right to processing your personal data, you can contact: Data Protection Officer: DPO
