Privacy Notice : Royal Irrigation Department

We, Royal Irrigation Department, care about the privacy of our customers, thus, we provide this privacy notice to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individual (“you”) in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.

This privacy notice applies to: Our Users

Individual user: Our past and present user who are individual.

Corporate user: Directors, shareholders, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present corporate user and other individuals authorised to act on their behalf. Our corporate user shall ensure that the authorised persons and any of relevant individuals have acknowledged our privacy notice.

Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.

1. How we collect, use or disclose your personal data

We only collect, use or disclose your personal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. Reasons for collecting, using or disclosing are provided below:

1.1 Our legal obligation

We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to: 

a) compliance with the PDPA and any amendment thereof;

b) compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers). 

1.2 Contract made by you with us

We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:

a) process your request prior to entering into an agreement, consider for approval and provide products and/or services, deliver products and/or services to you, provide advice and deal with all matters relating to the products and/or services, including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;

b) carry out your instructions (e.g. processing your applications and/or your transactions, fulfilling a request for utilization of products and/or services,   responding to your enquiries or feedbacks, or resolving your complaints);

c) provide mobile applications and other online product platforms;

d) track or record your service;

e) produce reports (e.g. transaction reports requested by you or our internal reports);

f) notify you with some status change on request alerts;

g) enforce our legal or contractual rights; and/or

h) provide IT and helpdesk supports, create and maintain codes and user accounts for you, manage your access to any systems to which we have granted you access, and remove inactive accounts.

 1.3 Our legitimate interests

We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:

a) conduct our operation and the operation of companies in Royal Irrigation Department (e.g. to conduct compliance audit, to conduct risk managements, to conduct internal operation management, to monitor, prevent, terrorism, misconduct, or other crimes, including but not limited to carrying out the creditworthiness checks of any persons related to our corporate customer, which may not be required by any governmental or regulatory authorities, and authenticating your identity to prevent such crimes);

b) conduct our relationship managements (e.g. to serve user, to conduct user survey, to manage user segmentation, to handle complaints);

c) ensure security (e.g. to maintain CCTV records, to register, exchange identification card and/or take photo of visitors before entering into our building areas);

d) develop and improve our products, services and systems to enhance our services standard, use your personal data for conducting credit modelling, and/or for the greatest benefits in fulfilling your needs, including to conduct research, analyse data and offer products, services and benefits suitable to you by considering the fundamental rights in your personal data. If you do not wish to receive the offering of products, services and benefits from us, you can contact us, details as specified in No.10

e) record images and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities;

f) in case of our user, we will collect, use and disclose personal data of directors, authorized persons or attorneys;

g) ensure business continuity;

h) handle claims and disputes, file lawsuits and process the relevant legal proceedings;

i) contact you prior to your entering into a contract with us;

j) protect against security risks (e.g. monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity);

k) comply with applicable foreign laws;

l) carry out research, plan and conduct statistical analysis (e.g. data analytics, assessments, surveys and reports on our products and/or services and your behavior);

m) organize our promotional campaigns or events, conferences, seminars, and company visits;

n) receive advisory services from legal counsels, advisors appointed by you or us;

o) maintain and update lists or directories of the customers (including your personal data) and keep contracts and associated documents in which you may be referred to; and/or

p) comply with reasonable requirements (e.g. management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning or other related or similar activities, implementing controls to enable our to operate, and enabling us to identify and resolve issues in our IT systems to keep our systems secured, performing our IT systems development, implementation, operation and maintenance).

1.4 Your consent

In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximise your benefits and/or to enable us to provide services to fulfil your needs for the following purposes, which include but not limited to:

a) collect, use or disclose your sensitive personal data as necessary (e.g. to use face recognition and voice recognition, or your identification card photo (which contains your sensitive personal data, namely religion and/or blood type) for verification of your identity before continuing the transaction and for Know Your Customer (KYC) process);

b) collect and use your personal data and any other data to conduct research and analyze for the benefits in developing products and services to fulfil your needs and/or to contact you for offering products, services and benefits suitable to you;

c) contact you to provide advice and offer our products or services which may interest you (in case the consent is required under the PDPA);

d) send or transfer your personal data and sensitive personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed under other lawful basis or without obtaining consent);

e) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent); and/or

f) other activities which we may require your consent.

1.5 Other lawful basis

Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:

a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;

b) prevent or suppress a danger to a person’s life, body or health; and/or

c) necessary to carry out a public task, or for exercising official authority.

If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all of our products and services to you if you do not provide such personal data when requested.

2. What personal data we collect, use or disclose

The type of personal data, namely personal data and sensitive personal data, which we collect, use or disclose, varies on the scope of products and/or services that you may have used or had an interest in. The type of personal data shall include but not limited to:

Personal details

Title

Given name, middle name, surname, hidden name (if any)

Initial

Gender

Date of birth

Age

Educational background

Marital status

Nationality

Number of dependencies

Contact details

Mailing address

Address as shown in the identification card

E-mail address

Phone number

Mobile number

Facsimile number

Name of representatives or authorised persons acting on behalf of our customers

Social media accounts, including profile data, photo,  and other identifier for electronic communication

Business address

Business phone number

Contact details of reference person

Employment details

Occupation

Employer’s details and workplace

Position

Salary, income and remuneration

Data concerning security

Visual images

Personal appearance

Detection of any suspicious and unusual activity

User login, subscription data, and profile details

Login data for using our system and applications

Username, password and other verification code

Interests, preferences and activities

Usage details

Data relating to your usage of websites, platforms, products and services 

Data relating to your usage and interaction with our advertising (including content viewed, links clicked, and features used)

Sensitive personal data

Religion as shown in the identification card

Blood type as shown in the identification card

Biometric data (e.g. face recognition and voice recognition)

Other data

Records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and social media communications

Data relating to social security (e.g. status of insured person, social security hospital where you registered, history of submitting the social security contributions, employer’s details, history of claiming social security)

Data that you provide to us through any channels

Data from mobile phone as per consent given by you

Data relating to mobile network

GPS location

Calendar

Contact list data

Data relating to files and photos

SMS data and message

Usage history of mobile phone, application and internet

Identification and authentication details

Photo

Identification card photo

Identification number, laser number (back of identification card)  

Channels you use and ways you interact with us

Data relating to your transactions

Geographic information, information about your device and your software, and technical details

IP address

Technical specifications and uniquely identifying data (e.g. location, web beacon, log, device ID and type, network, connection details, access details, access date and times, duration of usage, cookies, search history, browsing details, IMEI (International Mobile Equipment Identity) of mobile phone or other unique device identifier, details relating to mobile phone, and technology on devices you use)

Investigation data

Data for due diligence checks (e.g. data relating to Know Your

Customer (KYC) or Customer Due Diligence (CDD))

Terrorism (AML/CFT) checks

Spouse details

Title

Given name, middle name, surname, hidden name (if any)

Marital status

Number of persons in responsible

Nationality

Identification number

Date of birth

Income

Market research, marketing and sales information

Customer survey

Inferences about you based on your interactions with us

Communication preferences and details or content of your communications with us

3. Sources of your personal data

Normally, we will collect your personal data directly from you, but sometimes we may get it from other sources, in such case we will ensure the compliance with the PDPA.

Personal data we collect from other sources may include but not limited to:

a) Data obtained by us from companies in Royal Irrigation Department, and/or any other persons who we have relationship with;

b) Data obtained by us from persons related to you (e.g. your family, friends, referees);

c) Data obtained by us from corporate customers as you are director, authorised person, attorney, representative or contact person; and/or

d) Data obtained by us from governmental authorities, regulatory authorities or third-party service providers.

In case you have given any personal data of any other person to us for executing transactions with us or any purposes, you shall notify such person of the details relating to the collection, use and disclosure of personal data and rights under this privacy notice. In addition, you shall obtain consent from such person (if necessary) or relied on another legal basis to provide personal data to us.

 4. Your rights

The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA, details as specified below, through the channels prescribed by us:

4.1 Right to access and obtain copy

You have the right to access and obtain copy of your personal data holding by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals.

4.2 Right to rectification

You have the right to rectify your inaccurate personal data and to update your incomplete personal data.

4.3 Right to erasure

You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.

4.4 Right to restrict

You have the right to request us to restrict the use of your personal data under certain circumstances (e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary as you have necessity to retain it for the purposes of establishment, compliance, exercise or defense of legal claims).

4.5 Right to object

You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request (e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests)..

4.6 Right to data portability

You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.

 4.7 Right to withdraw consent

You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us through channels as specified in No. 10, unless the nature of consent does not allow such withdrawal. The withdrawal of consent will not affect the lawfulness of the collection, use, or disclosure of your personal data based on your consent before it was withdrawn.

4.8 Right to lodge a complaint

You have the right to make a complaint with the Personal Data Protection Committee or their office in the event that we do not comply with the PDPA.

5. How we share your personal data

We may disclose your personal data to the following parties under the provisions of the PDPA:

a) Royal Irrigation Department, partners and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;

b) governmental authorities and/or supervisory or regulatory authorities.

c) suppliers, agents and other entities (e.g. professional associations to which we are member, external auditors, document warehouses) where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures;

d) third parties providing services to us (e.g. IT service providers, cloud computing service providers, agents, subcontractors acting on our behalf);

e) social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services. Third-party advertisers may also use data relating to your previous online activities to tailor adverts to you;

f) third-party security providers;

g) other persons that provide you with benefits or services associated with our products or services; and/or

h) your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.

6. Retention period of personal data

We will maintain and keep your personal data while you are our user and once you has ended the relationship with us (e.g. you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.

7. Use of Cookies

We may collect and use cookies and similar technologies when you use our products and/or services. This includes when you use our websites and applications.

The collection of such cookies and similar technologies helps us recognize you, remember your preferences and customise how we provide our products and/or services to you. We may use cookies for a number of purposes (e.g. enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you, particularly, to ensure that online adverts displayed to you will be more relevant to you and of your interests), for details please see Cookie Notice.

8. Use of personal data for original purposes

We are entitled to continue collecting and using your personal data, which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes. If you do not wish us to continue collecting and using your personal data, you may notify us to withdraw your consent at any time.

9. Security

We endeavour to ensure the security of your personal data through our internal security measures and strict policy enforcement. The measures extend from data encryption to access control restriction. We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.

10. How to contact us

If you have any questions or would like more details about our privacy notice, please contact us through the following channels:

Royal Irrigation Department

our head office located at 811 Samsen Nakornchaisri Dusit Bangkok 10300

our Data Protection Officer by writing to E-mail: DPO@scbabacus.com or our address as specified above.

 If you would like to exercise your rights in accordance with PDPA, please contact us through E-mail: apecthai2022@gmail.com

11.Application Information:

Application Name: RID Listening

Developer Name: RID Listening

Google Play Store Link: https://play.google.com/store/apps/details?id=com.celestial.rid