Proud Real Estate Public Company Limited and its affiliates (hereinafter referred to as the “Company”) have established this Personal Data Protection Policy, emphasizing the importance of protecting the personal data of data subjects to build trust with them. This policy reflects the Company’s commitment to safeguarding your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). As the data controller, the Company uses this document to explain how personal data is used.
1. Definitions
“Personal Data” means any information relating to an individual that enables the identification of that individual, whether directly or indirectly, but does not include information of deceased persons specifically.
“Sensitive Personal Data” means personal data relating to race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health information, disabilities, labor union information, genetic data, biometric data (e.g., facial recognition data, iris scan data, fingerprint data), or any other data that similarly affects the data subject as prescribed by the Personal Data Protection Committee.
“Processing” or “Process” means the collection, use, or disclosure of personal data.
“Data Controller” means an individual or legal entity with the authority to make decisions regarding the collection, use, or disclosure of personal data.
“Data Processor” means an individual or legal entity that collects, uses, or discloses personal data on behalf of or at the direction of the Data Controller. This entity or individual is not considered the Data Controller themselves.
“Company” means Proud Real Estate Public Company Limited and its affiliates.
“Products” means condominiums, townhomes, and/or single-family homes owned and/or managed by the Company, both current and future.
“Services” means services provided through various channels of the Company, such as project visits, websites, applications, social media, various platforms, and/or any other activities managed and/or operated by the Company, both current and future.
2. The Company’s Principles for Personal Data Protection
To comply with relevant laws, particularly the Personal Data Protection Act B.E. 2562 (2019), the Company upholds the following principles for the protection of your personal data:
- Lawfulness: The company uses personal data when consent is obtained from the data subject, or to fulfill a contract in which the data subject is a party, or to comply with the company's legal obligations, or to prevent or mitigate harm to a person’s life, body, or health, or when it is necessary for the company to use personal data for legitimate interests.
- Fairness: The company can explain the reasons for collecting personal data.
- Purpose limitation and data minimization: The company uses personal data only as necessary and ensures minimal data usage to achieve the purposes of the processing.
- Transparency: The company informs the data subjects about the purposes for which their personal data is used.
- Rights of data subjects: The company has procedures in place to enable data subjects to exercise their rights, such as the right to access personal data, the right to rectify and erase personal data, and the right to object to the processing of personal data.
- Storage limitation: The company sets a time frame for retaining personal data and only keeps it for a limited period.
- Integrity and confidentiality: The company ensures the security of personal data. If a third party is involved in processing personal data, the company checks that the third party has the capability to handle such processing. If personal data is transferred outside of Thailand, the company ensures that such transfers comply with the law. In the event of a personal data breach (loss, theft, or damage), if the breach poses a high risk to the rights and freedoms of individuals, the company will notify the regulatory authority and inform the data subjects.
If you have any questions regarding the Company’s Principles for Personal Data Protection, you can contact the Data Protection Officer as detailed under the section ”Your Rights”.
3. Personal Data and Types of Personal Data Collected by the Company
In its operations, the company collects the following personal data related to you:
Types of Personal Data
Details
1. Identification Data
Full name, address, email, phone number
2. Contact Information
Residential project of interest, budget range for purchasing a project, reasons for purchasing a residence
3. Technical Data
Computer IP Address, type of browser, time zone settings, location, operating system, platform, and technology of the device used to access the website
4. Usage Data
Web pages accessed before entering the platform, web pages visited, time spent viewing web pages, products or information searched for on the platform, date and time of website visits, clickstream data
5. Communication Data
Email, conversation records, and communication details
6. Contract-Related Data
National ID number, address, credit card number, date of birth, gender
The company will only collect a minor’s name, nationality, and date of birth provided by a parent or legal guardian. The parent or legal guardian must give consent each time a minor wishes to submit personal data beyond their name, nationality, and date of birth to the company. If personal data of a minor beyond their name, nationality, and date of birth is submitted without consent, you may contact the company’s Data Protection Officer to request the deletion of such personal data (please refer to the section “Your Rights”).
4. Sources of Personal Data
The collection of your personal data may occur during the following activities:
- Personal data collected directly from you includes:
- Registering by creating an account via the website or application
- Contacting the company to request information about a residential project of interest
- Scheduling an appointment to visit a residential project
- Providing information to the company during a visit to a residential project
- Participating in the company's promotional activities through electronic channels, social networks, or traditional methods
- Your personal data that the company receives from third parties who collect, use, or disclose personal data under the company's instructions or on its behalf. Your personal data will not be used beyond the purposes specified or directed by the company. The company requires third parties to maintain confidentiality and protect your personal data in accordance with the standards set by Thailand’s data protection laws.
5. Purposes of Collecting Personal Data and Legal Basis for the Collection, Use, and/or Disclosure of Personal Data
The table below describes the purposes for which the company processes personal data and the legal basis for processing personal data.
Purpose
Type of Data
Legal Basis for Processing Personal Data
1) To provide services to you, including providing information about the projects you are interested in.
- Identification Data
- Contact Information
- Communication Data
1) For the necessity of fulfilling service contracts
2) For the company's legitimate interest in providing information about the projects you are interested in
2) To manage the relationship with you as a customer (Customer Relations) by organizing various promotional activities.
- Identification Data
- Contact Information
- Communication Data
1) For the necessity of fulfilling contracts
2) For the company's legitimate interest in recommending projects that align with your needs and collecting and studying customer service usage patterns to improve the company's services
3) To manage the company's website, improve the company's services, and resolve technical issues that arise during website use.
- Contact Information
- Technical Data
For the company's legitimate interest in using your website usage data and statistics to plan business strategies and improve the company's services to provide more efficient customer service.
4) To analyze data for website development and to enhance the customer experience when receiving services from the company.
- Identification Data
- Technical Data
- Usage Data
For the company's legitimate interest in identifying target customers, understanding customer usage patterns, and improving the website to better meet customer needs.
5) To execute contracts related to real estate transactions.
- Identification Data
- Contact Information
- Contract-Related Data
For the necessity of fulfilling a contract
6) To communicate and share information with banks to facilitate the loan application process.
- Identification Data
- Contact Information
- Contract-Related Data
For the necessity of fulfilling a contract related to loan applications
7) To conduct direct marketing to offer projects or other services that you may be interested in (only if you have given consent).
- Identification Data
- Contact Information
The company will seek your consent to use your personal data for direct marketing purposes to offer residential projects or services that you may be interested in.
8) To manage legal entity services within residential projects for you after you have purchased a residential project from the company.
- Identification Data
- Contact Information
- Communication Data
For the necessity of fulfilling a contract for legal entity services in which you are a party with the company.
The company will not use your personal data for purposes other than those specified above, except when necessary as permitted by the Personal Data Protection Act B.E. 2562 (2019), such as for legal compliance, for the establishment of legal claims, or to prevent or mitigate harm to a person’s life, body, or health, among others.
6. Disclosure of Personal Data to External Parties/Entities
6.1 The company may disclose or share your personal data with external parties as follows:
- Service Providers: IT service providers, call center services, banks, credit card providers, legal advisors, delivery services, and printing service providers, among others.
- Business Partners: The company may enhance its services by sharing your personal data with business partners for verification, analysis, and linking of personal data to understand your needs and provide offers and promotions that align with your interests. You can inform the data processor if you do not wish for the company to process your personal data for this purpose.
- Relevant Authorities: The company may be required to submit personal data to relevant authorities to comply with the law or to follow lawful investigative procedures. The company will ensure that such data transfers comply with applicable legal requirements.
6.2 The company requires external parties to whom it discloses or shares your personal data as mentioned above to maintain confidentiality and protect your personal data in accordance with the standards set by Thailand’s personal data protection laws. These external parties are permitted to use your personal data only for the purposes specified or instructed by the company. They are not allowed to use your personal data for any other purposes.
6.3 Upon request, the company may disclose your personal data to relevant authorities to comply with the law, such as to prevent threats to life or physical safety, for law enforcement purposes, the establishment of legal claims, exercising legal rights, or to prevent fraud, among others.
7. Protection of Personal Data in the Case of Cross-Border Data Transfers
The company may need to transfer data to individuals/entities abroad that may have data protection measures that are not equivalent to those in Thailand. Therefore, to ensure effective personal data protection, the company implements appropriate measures for cross-border personal data transfers to individuals/entities located in other countries.
For the transfer of personal data to countries with data protection measures that are not equivalent to those in Thailand, the company will put in place sufficient measures, such as establishing adequate data protection standards and preparing standard contractual clauses in accordance with the Personal Data Protection Act B.E. 2562 (2019).
8. Personal Data Security Measures
The company implements technical and organizational measures in accordance with relevant laws (particularly Section 37 of the Personal Data Protection Act B.E. 2562 (2019)) to protect personal data and prevent intentional or negligent destruction, alteration, data loss, misuse, unauthorized access, modification, or disclosure. To prevent these issues, the company has implemented technical measures (such as firewalls) and organizational measures (such as encryption systems or other physical protection methods) to maintain data confidentiality and secure service systems. For credit card information transmission for payment purposes, the company uses security protocols (Secure Sockets Layer: SSL) and encryption technology to protect and secure personal data.
9. Duration of Personal Data Collection, Use, and/or Disclosure
- The company must establish a specific timeframe for the collection, use, and disclosure of personal data to fulfill the purposes of its services and in accordance with the timelines specified by accounting standards, legal standards, and other relevant regulations.
- In determining the data retention period, the company will consider the volume, nature of use, service purposes, sensitivity of personal data, and potential risks of unauthorized use of personal data, as well as the timeframe specified by applicable laws.
- Your personal data obtained from cookies during your use of the company’s website will be retained for the period specified by relevant laws.
10. Cookies
The company uses cookies and other tracking technologies on its website. You can learn about the company's use of cookies and manage your cookie settings through the pop-up window that appears when you access the website, which provides instructions on how to configure your cookie preferences. The company uses cookies in the following cases:
- Functionality Cookies: The company uses this type of cookie to help remember your device or browser so that it can tailor content to better match your personal interests more quickly. This helps make the services and platform more convenient and beneficial for you. To disable these cookies, you can configure your device settings by referring to the help section of your browser or device.
- Analytic Cookies: The company uses analytic cookies provided by third parties to collect data on how visitors use the company's website. The company anonymizes all visitor data and transmits it to the third parties who may use or disclose this data to others for data processing as permitted by law. These third parties will not combine your data obtained from the company's website with data they already possess. You can choose to disable these cookies on the company’s website.
11. Your Personal Data Rights
As the owner of personal data, you have the right to request the company to perform actions related to your personal data within the scope permitted by the Personal Data Protection Act B.E. 2562 (2019), as follows:
1. Right to withdraw consent: You have the right to withdraw your consent to the processing of your personal data that you have previously provided to the company at any time while the company retains your personal data.
2. Right of access: You have the right to access your personal data and request a copy of such data, as well as request the company to disclose the source of any personal data collected without your consent.
3. Right to rectification: You have the right to request the company to correct any inaccurate data or complete any incomplete data.
4. Right to erasure: You have the right to request the company to delete your personal data for certain reasons.
5. Right to restriction of processing: You have the right to request the company to suspend the use of your personal data for certain reasons.
6. Right to data portability: You have the right to transfer your personal data provided to the company to another data controller or yourself for certain reasons.
7. Right to object: You have the right to object to the processing of your personal data for certain reasons.
If you wish to exercise your rights as mentioned above, you may contact the Data Protection Officer directly via email at: dpo@proudrealestate.co.th
For the purpose of maintaining the confidentiality and security of your personal data, the company needs to verify your identity in order to respond to your request. If the company has any doubts regarding your identity, you may be asked to attach a copy of an identity document, such as an ID card or passport, along with your request. The company will process your request and inform you of the outcome as soon as possible.
You have the right to file a complaint with the Office of the Personal Data Protection Committee of Thailand
12. Policy Amendments
The company may update or amend this Personal Data Processing Notice to ensure it remains current and effective. The company recommends that you review this document regularly, especially when you wish to receive services from the company.
13. Contacting the Company/Data Protection Officer
If you have any questions related to the Privacy Policy, you can contact the Data Protection Officer at:
Proud Real Estate Public Company Limited
Email: dpo@proudrealestate.co.th
Phone: 020350999
Contact Address: Proud Real Estate Public Company Limited, 548 One City Center Building, 19th Floor, Room No. 1902-1903, Ploenchit Road, Lumpini Subdistrict, Pathumwan District, Bangkok 10330
