Privacy and Personal Data Protection Policy

Ayodia Co., Ltd. (the “company”) hereby advises the privacy policy for your understanding since this policy describes a procedure of the Company’s treatment to your personal data, such as collection, storage, usage, disclosure, and your rights, etc., for your awareness of the Company’s personal data protection policy. The Company realizes the significance of protection of the personal data of the Company’s customers, staff, and business partners. Therefore, the Company has established a strict measure for storing and preventing in accordance with the standards of the laws, requirements, and rules relating to personal data protection as follows

1. Definition

“Company”  refers to Ayodia Co., Ltd.
“Data owner” refers to the customer, staff, and business partner who are natural persons.
“System” refer to the GreenHR
“Personal data” refers to the data relating to a person identifiable either directly or indirectly, but particularly excluding the deceased’s data.
“Processing” refers to any processing of personal data, whether by automated means or not, such as collecting, recording, organizing, storing, modifying or modifying, retrieving, consulting, using, disclosing (by transmission, transfer publishing or making accessible or available by any means), arranging, combining Blocking or restricting, deleting, or destroying.
“Personal data controller” refers to a person or juristic person who has a decision authority relating to the collection, usage, and disclosure of personal data.
“Personal data processor” refers to a person or juristic person who executes regarding the collection, usage, or disclosure of the personal data based on the order or on behalf of the personal data controller. However, the said executing person or juristic person is not the personal information controller.
“Person” refers to a natural person.   

2. Objectives of personal data collection

The company shall store, collect, use, update, and disclose the personal data of the data provider pursuant to the objective, scope, and procedure prescribed by laws. The storage shall be performed to the extent that is essential for service provision. In addition, the Company shall be mainly operated for the benefit of the data owner and other undertakings in accordance with the following objectives.

In compliance with widely recognized international standards, processors of personal data are required to implement suitable security measures.  

2.1 For using in processing, managing, and considering the service provisions and operations relating to the company’s businesses which has been currently existent and may be existent in the future, as well as any undertakings for the data owner’s benefit; and applying in preparation of the accounting, financial statements, and accounting information of the company;
2.2 For delivering the personal data to the company, and National Credit Bureau Co., Ltd., to be used in request of credit approval, or to any other relevant government agencies for benefit in usage for considering the data provider’s credit;
2.3 For using in monitoring and collecting the installment payment pursuant to the hire-purchase contract, and any other debts (if any) from the data owner, under the legal right of the company;
2.4 For using in revision, cancellation, and/or renewal of the hire-purchase contract, employment contract, and any other contracts between the data owner and the company;
2.5 For using as an analytical and presenting data which are allowed to be used in marketing research, and/or sales promotion activity organizing, and/or for benefit in preparation of database and use of data for offering the privilege based on the data owner’s interest and/or improving the service provision, execution, or product of the company;
2.6 For observing the rules, announcements, regulations, and any other requirements under the duty of the Company in binding in the legal observance;
2.7 For presenting the data, monitoring, coordinating, providing after sales service, as well as preparing the electronics services;
2.8 For recording time attendance for the data owner.
2.9 For verifying and authenticating employee identity
2.10 For any other related executions to attain the aforesaid objective

3. Personal data collection

The storage and collection of personal data shall be performed under the objective and scope, using the lawful and fair procedure for data collection and storage. In addition, the limited personal data is stored to the extent that it is essential for providing services, or services by any other economic procedure under the Company’s objective only. However, the Company shall execute to ensure the data owner’s perception and consent via electronics as the Company deems fit. 

The company shall collect your data via two channels as follows.
A. Data presented and delivered to the company;
B. Data of the usability behavior collected via the third-party’s services

The company may store your personal data relating to the interests and service used by you. The said personal data may consist of your personal image, biometrics or face, race, religion or philosophy, health data, biological data, infirmity, disability, identity, or any other data which will be useful for service provision. However, according to the aforesaid execution, the company shall request for your consent prior to collection, unless the following events.

3.1. Being the legal observance, such as the personal data protection act, electronic transaction act, telecommunications business act, anti-money laundering act, civil and criminal code, and civil and criminal procedure, etc.;
3.2. Being taken place for the investigation benefit of the inquiry official, or the court’s trial and judgment;
3.3. For your benefit, and failure to request for consent at that time;
3.4. Being necessary for the lawful benefit of the company or of other person or juristic person which is not the company;
3.5. Being necessary for preventing or suppressing danger on the person’s life, body, or health;
3.6. Being necessary for complying with the contract of which the personal data owner is a contractual party or for using in execution as requested by the personal data owner prior to entry into the said contract;
3.7. For attaining the objective relating to preparation of the history papers or archives for the public benefit, or for the study, research, and statistical preparation, whereas a suitable preventive measure is established.
3.8 Usability behavioral data via the following tools: Google Analytics, Google AdWords, Google Data Studio (Looker Studio), Microsoft Clarity, Tiktok Pixel, and Facebook Pixel, for analyzing the platform capacity, and planning the platform development in the future, whereas the said data is usability data, and not related to any personal data at all.

4. Cookies

Cookies are small data files stored on your computer, phone, or other communication devices used to store details of your internet usage or browsing behavior on websites and/or applications. The company may use and store cookies on your devices as part of its service security process and to enhance your experience and satisfaction.

5. Limitation of personal data usage 

The company shall store personal data in accordance with the standards prescribed by law, and neither use nor disclose such data to the third party without the data owner’s consent, unless being an observance of the objective specified above, or in accordance with the law requirement for disclosure. The personal data shall be disclosed to the following relevant agencies or persons.  

5.1 The company’s group of businesses and business alliances, as well as the government agencies relating to provision of services, processing, management, and consideration on the provision of services and the operation of works, which are acquired by the data owner and may be acquired in the future
5.2 National Credit Bureau Co., Ltd. and the affiliated companies of the same enterprise or business, or other relevant agencies
5.3 The staff, authorized person, representative, person or juristic person who provide the vehicle registration service, and/or debt collection service, and/or auditor of the company, and/or services and operations in relation to the company’s business, which has been currently existent and may be existent in the future
5.4 The staff, authorized person, representative, person, juristic person, or any other agencies for observing the law requirement or establishment of the right in accordance with the company’s contract.
5.5 The company use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the limited use requirements. (https://developers.google.com/terms/api-services-user-data-policy)

6. Right of the personal data owner 

The company gives precedence to the right of the personal data owner, and therefore, defines a right of the data owner to store his/her/its own personal data, which is collected by the company for the sake of law consistency, as follows. 

6.1 Request to access and receive a copy of his/her/its relevant personal data under the company’s responsibility in accordance with the rules and procedures prescribed by the company; or request to disclose the acquisition of such personal data without his/her consent.
6.2 Request to receive his/her/its relevant personal data from the company in case the company makes that personal data to be in readable or general usable format by the automatic tool or device; and to be usable or disclosed by an automatic method.
6.3 Objection of, whenever, the collection, usage, and disclosure of his/her/its relevant personal data permitted by laws for storage without the data provider’s consent.
6.4 Request the company to delete or destroy personal data or make the personal data to be the data of which the personal data owner is unidentifiable in the case required by law.
6.5 Request the company to suspend the use of personal data in the case required by law.
6.6 Notify the company to execute so that the said personal data is correct, updated and complete, without cause of misunderstanding.
6.7 Complaint in the case where the personal data controller or the personal data processor, as well as the employee or contractor of the personal data controller or the personal data processor violates or breaches the personal data protection law.

7. Consent revocation 

The data owner can, whenever, revoke his/her/its consent given to the company for collecting, using, or disclosing the aforesaid personal data, by giving a notice of intention to the company for acknowledgement together with a reason of the said regard. The company shall execute as notified, unless in case of the limitation of legal right to revoke the consent or data owner utilization agreement.

However, the personal data owner’s consent revocation shall not affect the collection, usage, or disclosure of the personal data already given for a prior consent by the personal data owner.

8. Refusal and preparation of memo

In the case where the data owner requests the company to execute as specified in clause 6.1-6.7, or clause 7, the Company shall execute as requested within an appropriate period and in accordance with the operating procedure of the company. Unless in the following events, the company may refuse the said execution.

8.1 Natural impossibility to execute the foregoing;
8.2 Being a refusal according to law or order of the court, whereas an access and request for receiving a copy of the said personal data will have an impact which may cause damage to a person’s right and freedom;
8.3 Transmission or transfer of the said personal data is a function for the public benefit or a legal function; or exercise of the said right may violate the right or freedom of a person.
8.4 The personal data controller shall indicate a more important legitimate ground for the collection, usage, or disclosure of the said personal data.
8.5 The collection, usage, or disclosure of the said personal data shall be taken place for establishing a legal right of claim, observing or exercising a legal right of claim, or raising to defend a legal right of claim.

In the case where the company refuses not to execute as requested by the data owner for any execution pursuant to Clauses 6.1-6.7, or Clause 7, the company shall prepare a report of refusal memo and reason to refuse storage in the department, division, or any other work unit inside the company that declines the request of the data owner.

9. Data security and quality maintenance measures

Due to the company’s realization of the significance of your personal data’s security, therefore, the company, has established a measure of personal data security to be appropriate and consistent with personal data confidentiality to prevent loss, access, destruction, usage, modification, revision, or disclosure of the personal data without the right or illicitness and to prevent unauthorized usage of the personal data.

In addition, the Board of Directors has established the policy, practice, manual, guidelines, and training for providing knowledge in storage, usage, and disclosure of personal data to ensure conformity to the company’s standards and consistency with the relevant laws in storage, usage, and disclosure of personal data by the company’s staff at all levels. According to the Personal Data Protection Act B.E 2562 (2019), the company shall implement the following measures;

9.1 The company has employed methods to store the personal data of the data owners in both hard copy and electronic systems (soft copy), with effective security measures in place to prevent loss, unauthorized access, usage, modification, alteration, disclosure, retention, or processing of personal data without authority or consent.

9.2 If the personal data owner believes their privacy has been violated, please contact the company immediately. Furthermore, personal data owners should be aware that there is no completely secure method of transferring data over the internet or storing electronic data. While security cannot be guaranteed, the company makes significant efforts to safeguard the security of the data and regularly reviews and enhances data protection measures.

10. Storage and destruction period of personal data 

10.1 The company will securely store your personal data in the company’s system for as long as necessary to achieve the processing and storage purposes as specified in paragraph 2 “Purposes of Personal Data Collection” only.

10.2 To monitor and prevent inappropriate use or repeated misconduct within the company’s system, the company is required to retain certain of your personal data in the company’s system for a minimum of 10 years from the date of termination of the relationship or last contact with you. This is unless the law mandates or permits the company to retain your personal data for a different period.

11. Changes to the Personal Data Protection Policy

The company will review the Personal Data Protection Policy to ensure compliance with practices and relevant regulations of the Personal Data Protection Act B.E. 2562 (2019) or other related laws on an ongoing basis. The company reserves the right to amend, modify, or supplement any part or all of this policy from time to time as deemed appropriate, without prior notice or notification to you.

If there are any changes to the Personal Data Protection Policy, the company will notify you through various channels, including website publication, company application, announcements, emails, and other appropriate means, as soon as possible depending on the circumstances. However, the company kindly requests your cooperation to read this detailed Personal Data Protection Policy and regularly review any changes that the company has made.

12. Contact 

Ayodia Co., Ltd.
21, 11 Krung Thon Buri Road, Bang Lamphu Lang, Khlong San, Bangkok 10600, Thailand
Email: [email protected]