Personal Data Protection Notice
Home ❃ Personal Data Protection Notice
Personal Data Protection Notice
(Personal Data Protection Notice)
For customers, partners, job applicants, and employees of Protocol Advanced Services Co., Ltd.
Protocol Advanced Services Co., Ltd. (hereinafter referred to as “ Protocall “) is committed to conducting business ethically and respecting the privacy rights of its customers, partners, job applicants, and employees (collectively referred to as “ you “). Protocol therefore places great importance on protecting and maintaining the security of personal data of its customers, partners, job applicants, and employees. To ensure that your personal data received by Protocol is used in accordance with the stated purposes and the law, Protocol has established this Personal Data Protection Notice (“ Notice “) to inform you, as the data subject, of the purposes and details of the collection, use, and/or disclosure of your personal data, as well as your rights under the law.
1. To whom does this announcement apply?
1.1 Customer means any person who purchases or buys goods and/or receives services from Protocol, or any other person who contacts Protocol for information about its products and/or services, any person who learns about its products and/or services through various media, and any person who receives advertising or promotional material about Protocol’s products and/or services. This also includes natural persons related to or representing the legal entity that is the customer, such as executives, directors, employees, agents, representatives, or any other natural person, and individuals whose personal information appears in various documents related to transactions between Protocol and that legal entity, such as coordinators, purchasers, recipients of goods, check issuers, etc., as well as individuals for whom the legal entity has provided information to Protocol.
1.2 Trading Partner means any person who will sell or offer goods and/or services to Protocol, such as contracting parties, service providers, consultants, etc., and includes any natural person related to or acting as an agent of the legal entity that is a trading partner, such as executives, directors, employees, agents, representatives, or any other natural person, and any person whose personal information appears in various documents related to transactions between Protocol and that legal entity, such as coordinators, shippers, check issuers, etc., as well as any person for whom that legal entity has provided information to Protocol.
1.3 Applicants and employees of Protocol, including their family members, beneficiaries, emergency contacts, and references, acknowledge the purposes and details regarding the collection, use, and/or disclosure of their personal data, as well as their legal rights related to personal data that Protocol collects, uses, and/or discloses to achieve the purposes of their job application, internship, or employment.
2. What personal data does the protocol collect, use, and/or disclose?
2.1 Personal data means information that makes it possible to identify you, directly or indirectly (but excluding information of deceased persons), including:
2.1.1 Personal information that you provide directly to the protocol through various contact channels such as websites, email, telephone, meetings, social media, mail, information from job applications, interviews, internships, or employment.
2.1.2 Information on the Protocol website is obtained via cookies or any other similar technology (collectively referred to as “cookies”).
2.1.3 Personal information that the Protocol receives or accesses from sources other than directly from you, such as business partners, recruitment agencies, consultants, associations, and other public information sources.
2.1.4 Your personal information that Protocol collects, uses, and/or discloses, such as:
Types of data | Examples of data that a protocol collects, uses, and/or discloses. |
Identity data | For example, name, surname, national identification number, passport number, date of birth, gender, age, nationality, signature, photograph, etc. |
Contact Data | Examples include address, household registration certificate, phone number, fax number, email address, geolocation, emergency contact information, social media accounts, LINE ID, etc. |
Financial data | Examples include bank account numbers, salaries, wages, other compensation, salary increases, and annual bonuses. Information regarding provident funds, group insurance, other welfare benefits, tax information, etc. |
Information about educational and work history. | For example, educational history, qualifications, academic results, educational institutions, work history, training, expertise, and achievements, etc. |
Technical specifications, equipment, or tools. | Examples include computer identification numbers (IP addresses or MAC addresses), mobile phone identification numbers (IMEIs), cookie IDs, computer traffic data (audit logs), and website usage data. |
Other necessary information | Examples include marital status, marital status, family status, number of family members and number of children, relationship information (e.g., parents, beneficiaries of various welfare benefits, emergency contacts, references), etc. |
2.2 Sensitive Personal Data
Sensitive personal data refers to personal data specifically defined by law. Protocol has no intention of collecting sensitive personal data from you.
However, in some cases, the protocol may need to collect sensitive personal data from you for employment consideration, performance of existing contracts with you, or to comply with laws. Sensitive personal data collected by the protocol includes religion, criminal history (e.g., criminal background check results obtained from an authorized government agency), health information (e.g., health examination results, medical certificates, vaccination history), and biometric data (e.g., facial recognition photographs, fingerprints). The protocol will collect, use, and/or disclose sensitive personal data only with your explicit consent or where it is necessary as permitted by law, on a case-by-case basis as needed.
(Hereinafter in this announcement, unless specifically stated otherwise, the personal data and sensitive personal data mentioned above will be collectively referred to as “ Personal Data ”)
2.3 Personal information of any other third party.
If you provide personal information of any other third parties, such as family members, beneficiaries of various welfare programs, emergency contacts, and references, please inform those individuals about the details as outlined in this notice and obtain their consent if necessary, or establish other legal basis to ensure that the protocol allows for the collection, use, and/or disclosure of this third-party personal information.
3. For what purposes does the protocol collect, use, and/or disclose your personal information?
The protocol will collect, use, and/or disclose your personal information only as necessary for the protocol’s legitimate purposes. The legal basis on which the protocol may rely on for the collection, use, or disclosure of your personal information are as follows: (1) contractual basis; (2) consent basis; (3) vital life interest basis; (4) legal obligation basis; (5) legitimate interest basis; and/or any other legal basis that the protocol may rely on under applicable law.
However, certain types of objectives may apply to you. Please consider the nature of the objective in relation to the protocol.
3.1 If you are a customer, the protocol may process your data for various purposes as follows:
Item number | objective | Legal basis |
(1) | This includes the approval process for purchasing goods and/or services, as well as identity verification, authority verification, delegation and acceptance of authority, risk assessment of related transactions, and the implementation of various internal protocol processes for contract making, contract execution, goods delivery, service provision, as well as communication, billing, and the submission of related documents, etc. | Fulfilling the promise (Contractual Basis) Necessity for legitimate interests. (Legitimate Interests) |
(2) | For the purpose of evaluating, improving, and developing Protocol’s products, services, and promotional programs, as well as to survey customer satisfaction with Protocol’s products and services in order to meet your needs and preferences. | Necessity for legitimate interests. (Legitimate Interests) |
(3) | For use as information and documentation in any operational activities with banks, financial institutions, the Department of Business Development, the Revenue Department, and other relevant external agencies. | Necessity for legitimate interests. (Legitimate Interests) |
3.2 If you are a business partner, Protocol may process your data for various purposes as follows:
Item number | Objective | Legal basis |
(1) | For the purpose of following procedures prior to entering into a contract, such as:
| Fulfilling the promise (Contractual Basis)
Necessity for legitimate interests. (Legitimate Interests) |
(2) | For the necessity of conducting transactions between trading partners and using protocols such as:
| Fulfilling the promise (Contractual Basis)
Necessity for legitimate interests. (Legitimate Interests) |
(3) | To comply with laws related to transactions between trading partners and protocols, such as tax laws. | Complying with the law. (Legal Obligation) |
3.3 If you are a job applicant or an employee of Protocol, Protocol may process your data for the following purposes:
Item number | Objective | Legal basis |
(1) | Collecting, using, and/or disclosing sensitive personal information for purposes on which the protocol cannot rely on any legal basis other than obtaining explicit consent. Such purposes include:
| Based on consent (Consent Basis) |
(2) | Selection and hiring processes , such as:
| Fulfilling the promise (Contractual Basis) |
(3) | Human resource management, such as creating employee databases and employee records .
| Fulfilling the promise (Contractual Basis) Vital interest |
(4) | Payment of wages or other compensation , such as:
| Fulfilling the promise (Contractual Basis) |
(5) | Skill and ability development, such as:
| Fulfilling the promise (Contractual Basis) |
(6) | Other operations of the protocol include:
| Fulfilling the promise (Contractual Basis) Necessity for legitimate interests. (Legitimate Interests) Complying with the law. (Legal Obligation) |
(7) | Complying with the orders of legally authorized persons and/or complying with the law, such as:
| Complying with the law. (Legal Obligation) |
If the Protocol has collected your personal data before the Personal Data Protection Act came into effect, the Protocol will process such data in accordance with the Personal Data Protection Act and will continue to collect and use such personal data for the original purposes you previously provided to the Protocol. If you do not wish for the Protocol to continue collecting and using such personal data, you can notify the Protocol at any time to withdraw your consent.
4. To whom may the protocol disclose your personal information?
The protocol may disclose your personal information to others with your consent or under the guidelines permitted by law. The recipient of such information will collect, use, and/or disclose your personal information to the extent of your consent or the scope specified in this notice. In some cases, you may also be subject to the data protection policies of those recipients. The recipients of your information may be located in Thailand or abroad.
The protocol may disclose your personal information to the following individuals or organizations:
Types of recipients of personal information. | details |
Protocol provider | Protocol may use other companies, partners, agents, subcontractors, or external service providers to perform tasks on its behalf or to help support Protocol’s operations. For this reason, Protocol may disclose your personal information to its service providers, including:
|
Protocol’s business partners. | The protocol may disclose your personal information.
|
Person as defined by law. | In some cases, protocols require the disclosure of your personal information to comply with orders of authorities or those with legal rights and/or to comply with laws, which include recipients of your personal information such as:
|
Consultant / Expert | For the purpose of operating the protocol, the protocol may disclose your personal information to…
|
Any other third party | The protocol may disclose your personal information to any other third party for the purposes stated in this notice or as requested by you. Other recipients of personal information may include, but are not limited to:
|
5. Does the protocol send or transfer your personal data internationally?
The protocol does not require the sending or transfer of your personal data to other data recipients abroad.
6. How long does the protocol retain your personal data?
The Protocol will retain your personal data while you are a Protocol employee or have a relationship with the Protocol, or for the period necessary to achieve the purposes related to this Notice. Upon termination of your relationship with the Protocol, the Protocol will continue to retain your personal data for the period necessary under the statute of limitations or as permitted by law, such as:
6.1 Customers/Partners : Protocol will retain your personal data while you have a relationship with Protocol, and upon termination of your relationship with Protocol, Protocol will continue to retain your personal data for the necessary period, as per the statute of limitations, or as permitted by law.
6.2 For job applicants who are not selected, the protocol will store your information for a period of 3 months.
6.3 Directors or employees of Protocol shall retain records in accordance with the Labor Protection Act and other relevant laws for the purpose of verification and investigation in case of potential disputes within the statute of limitations as prescribed by law, for a period not exceeding 10 years.
The protocol will take appropriate steps to delete or destroy your personal data, or anonymize it when it is no longer needed or when the specified period has expired.
7. How does the protocol protect your personal data?
The protocol will securely store your personal data using technical, administrative, and physical safeguards to maintain its confidentiality, accuracy, completeness, and availability. This is to prevent unauthorized or improper access, collection, alteration, modification, use, and/or disclosure of personal data, as required by applicable law.
The protocol has implemented appropriate measures to prevent the breach of personal data. It has established policies, regulations, and guidelines for the protection of personal data, such as measures to control access to personal data and the use of secure and appropriate equipment for storing and processing personal data, limiting access to personal data, defining user access rights, the right to authorize assigned employees to access data, and the responsibilities of users. These measures aim to prevent unauthorized access, disclosure, knowledge, copying of personal data, or the theft of equipment for storing or processing personal data. Furthermore, it provides measures for retrospective auditing of access, alteration, deletion, or transfer of personal data, ensuring compliance with the methods and tools used to collect, use, or disclose personal data. This includes audits to assess the effectiveness of compliance with the policies, regulations, and guidelines for the protection of personal data.
Furthermore, executives, employees, contractors, agents, consultants, and recipients of information from the protocol have a duty to maintain the confidentiality of personal data in accordance with the confidentiality measures established by the protocol.
8. What are your rights regarding personal data?
Your rights under this matter are legal rights that you should be aware of. You can exercise these rights under the provisions of current and future laws and policies, as well as established protocols.
8.1 Right to Withdraw Consent: If you have given consent for the Protocol to collect, use, and/or disclose your personal data (whether your consent was given before or after the Personal Data Protection Act came into effect), you have the right to withdraw your consent at any time for the duration your personal data is held by the Protocol, unless such right is limited by law or there is a contract that benefits you. Your withdrawal of consent will not affect the collection, use, and/or disclosure of your personal data that was carried out prior to the withdrawal.
Withdrawing your consent in relation to and necessary for various operations may result in the protocol being unable to fulfill its contract or provide you with benefits, or it may result in the suspension or temporary halt of other related activities, or it may have other negative impacts on you. For your benefit, you should study and inquire about the consequences before withdrawing your consent.
8.2 Right to Access Data: You have the right to request access to your personal data held by the protocol and to request a copy of such data from the protocol, as well as to request disclosure of how the protocol obtained your personal data.
8.3 Right to Data Portability: You have the right to receive your personal data if the protocol has made it available in a format that can be read or used by automated tools or devices, and that the personal data can be used or disclosed automatically. You also have the right to request the protocol to send or transfer your personal data in such format to another data controller when this is possible automatically, and you have the right to receive the personal data that the protocol has sent or transferred in such format directly to another data controller, unless this is not possible due to technical reasons.
However, the personal information mentioned above must be personal information that you have consented to the protocol collecting, using, and/or disclosing, or personal information that the protocol needs to collect, use, and/or disclose to fulfill a contract with which you are a party, or to process your request/application prior to entering into a contract, or other personal information as required by the legal authority.
8.4 Right to Object: You have the right to object to the collection, use, and/or disclosure of your personal data at any time if the collection, use, and/or disclosure of your personal data is for the purpose of carrying out necessary operations in the legitimate interests of the protocol or of another person or entity, or to carry out a mission for the public interest. If you file an objection, the protocol will continue to collect, use, and/or disclose your personal data only where the protocol can legally demonstrate that such action is more important, or to establish a legal claim, comply with the law, or exercise or defend against a legal claim, as each case may be.
8.5 Right to request deletion or destruction of data: You have the right to request the deletion or destruction of your personal data, or to anonymize your personal data, if you believe that your personal data has been collected, used, and/or disclosed unlawfully under applicable laws, or if you believe that the protocol is no longer necessary for the purposes specified in this notice, or when you have exercised your right to withdraw consent or your right to object as stated above.
8.6 Right to request suspension of data usage: You have the right to request a temporary suspension of the use of your personal data in cases where the protocol is reviewing your request to correct your personal data or your objection, or in any other case where the protocol no longer needs or must delete or destroy your personal data in accordance with applicable law, but you request the protocol to suspend its use instead.
8.7 Right to request correction of information: You have the right to request corrections to your personal information to ensure it is accurate, up-to-date, complete, and does not cause misunderstandings.
8.8 Right to Complain: You have the right to file a complaint with the relevant legal authority if you believe that the collection, use, and/or disclosure of your personal data is in violation of or non-compliance with applicable laws.
The exercise of your rights as mentioned above may be restricted by applicable laws, and there may be instances where the protocol may refuse or be unable to process your request to exercise these rights, such as due to compliance with laws or court orders, for the public interest, or because the exercise of these rights might infringe upon the rights or freedoms of others. If the protocol refuses your request, you will be informed of the reasons for the refusal.
rights | Processing time* |
Right to withdraw consent. | 7 business days |
Right to request access to information. | 30 days |
Right to request data transfer. | |
Right to object | |
The right to request the deletion or destruction of data. | |
Right to request suspension of data usage. | |
Right to request correction of information. | immediately |
9. Penalties for non-compliance with the personal data protection policy.
Failure to comply with this policy may result in offenses and disciplinary action in accordance with applicable laws and regulations (for protocol personnel) or the data processing agreement (for data processors), depending on the circumstances and the relationship of the data subject to the protocol. Penalties may also be imposed as prescribed by the Personal Data Protection Act B.E. 2562 (2019), as well as related rules, regulations, and orders.
10. Filing a complaint with the relevant regulatory authority.
In the event that a data subject discovers that Protocol has not complied with the Personal Data Protection Act, the data subject has the right to file a complaint with the Personal Data Protection Commission or any other competent supervisory body appointed by the Personal Data Protection Commission or as prescribed by law. Prior to filing such a complaint, Protocol requests that data subjects contact Protocol at the earliest opportunity to ascertain the facts, clarify any issues, and address any concerns raised by the data subject.
11. Will the protocol amend, improve, or change this announcement?
Protocol may review, amend, improve, or change this Notice from time to time as appropriate and to the extent permitted by law. In the event of any amendments, improvements, or changes to this Notice, Protocol will publish the current Notice to you via https://protollcall.com/.
12. How can I contact the protocol call center and the data protection officer?
If you have any suggestions or require further information regarding the collection, use, and/or disclosure of your personal data, including exercising your rights under this notice, you can contact the protocol and/or data protection officer through the following channels.
Contact channels
Data Protection Officer
Contact Information: Protocol Advanced Service Co., Ltd., Unit B600, 6th Floor, Promphan 2 Building , 1 Ladprao 3 Soi, Ladprao Rd., Chompol Subdistrict, Chatuchak District, Bangkok 10900, Thailand.
