At dtac, we have a dedicated data Privacy Officer responsible for internal requirements on processing of personal data. The company, as a data controller, is responsible for processing of personal data is the legal entity with which you have an agreement or a customer relation.
Our data Privacy Officers ensure that our companies and the employees have the necessary training in protection of personal data, provide guidance on all relevant matters and monitor proper processing of personal data.
To ensure that privacy polies are implemented properly within the company, we have a disciplined and systematic approach we conduct relevant reviews. Our evaluations are used to improve the effectiveness of the company’s risk management, control, reporting and governance processes, also regarding protection of personal data.
Personal Data Protection Act B.E.2562 (2019) known as PDPA was published in Thailand’s Royal Gazette on My 27, 2019 and came into effect in a move to protect rights of a data subject, the obligations of a data controller and the penalties for non-compliance. Thailand’s new privacy regulations are aimed at regulating the lawful collection, use or disclosure of personal data. It also provides a framework how to process personal data, which is in line with international standards.
The PDPA applies to the collection, usage and disclosure by a data controller or a data processor under conditions and agreements. For other purposes, data owners must give us a consent on a specific use with clear objectives. Data subjects can withdraw their consent at any time when the breach of data privacy is found. Additionally, we must alert the impact of the incidents without undue delay.
The rights of data subjects under PDPA include the following
You subject has the right to object the collection, usage and disclosure of the personal data. You can make a request to the data Privacy Officer at any time through the channel we provide as stated by law.
You have the right to access and copy your personal data generated from using our services. This includes the disclosure of data collection approach if your consent is given. The Right to Access must not violate other applicable laws or court rulings.
If your data is no longer necessary in relation to the purposes or your data is easily accessible. You have the right to obtain erasure or deletion of personal data. You can also request us to make your data anonymous in accordance with the laws. The company will be responsible for available technology and the cost of implementation.
The right to data portability allows individuals to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer your data in an easily readable form from one IT environment to another in a safe and secure way. The right only applies to information you provided to us and the request shall not be considered a breach of laws.
The regulation gives you the right to restrict the processing of your data in certain circumstances if it does not affect data involved with service agreement.