Privacy Policy

CLOUD ELEVEN Limited

CLOUD ELEVEN Limited, its subsidiaries, joint ventures, and all business units (the “Company”, “we”, “us”, or “our”) recognize the importance of protecting your personal data. This Privacy Policy sets out how we collect, use, disclose and manage (collectively referred to as “process” or “processing”) your personal data, whether the collection is taking place via our websites, applications, any other online platforms, or offline in-person.

This Policy applies to users who access to website/application, customers, any visitors of our offices, guests of our events (collectively referred to as “you”, or “Data Subject”). "Personal Data" means any data that identifies you as an individual or relates to an identifiable individual, including but not limited to your name, address, profile picture, email address, phone number, IP address, shopping habits, preferences and information about your lifestyle.

If you are supplier/vendors, business partners or job applicants, please read other relevant privacy policies.

Overview of the Privacy Policy

This Privacy Policy contains the following issues:

• What kind of personal data we collect
• Purpose of collection / use / disclosure of your personal data
• How we collect your personal data
• How we process your personal data
• Whom we share and disclose your personal data with
• How long we retain your personal data
• Your privacy rights and how you can exercise them
• Consent, Withdrawal, and Consequences
• How we protect your personal data
• Changes to this policy
• List of Controllers and Contact Detail
• How to contact us

What kind of personal data we collect

In the course of our business, we may collect and process various types of personal data depending on your relationship with us, including:

• Contact data (including names, postal addresses, email addresses, and numbers)
• Personal detail (including gender, age, National Registration Identity Card, images from closed-circuit television cameras or “CCTV”)
• User Account Information (including log-in details, email address, and other information provided through your account);
• Financial Information (including salary record, bank account information, credit card information);
• Transaction Information (including payment status, transaction history, receipt, invoice);
• Subscription Information (including consent record of the Company, its affiliates, or Business Partners;
• Behavior Information (including users' behavior on websites or any platforms, consumer behavior for product and service, your location when you have visited our projects, your preferences and opinions.
• Information collected by electronic systems and other similar technologies including Log file or IP Address, which these information will be collected while you are using the online platform.

In some cases, we may request your explicit consent to collect sensitive information, including religion, race, ethnicity - criminal records and biometrics data, unless allowed or required by the applicable laws.

If you have provided personal information of third parties to us, we assume that you have the authority to provide personal information of third parties and the third party have allowed us to use the personal information for the purposes set out in this policy.

Purpose of collection / use / disclosure of your personal data

• To provide the service which is requested by you, for example, in case you subscribe for information and promotion, the Company will only store and use basic information such as first name, last name, e-mail address and telephone number for any subsequent communication with you
• To improve website performance, create marketing plan, analyze data usage, evaluate the performance of service, improve and develop products and services of the Company.
• To communicate and provide information relating to products and services of the Company and/or its Affiliates, including relating privileges or promotion of the said products or services or any future change concerning the Privacy Policy for personal data protection.
• To comply with contracts to which you are a party or of which the Company uses services, such as to share your location information where the Company uses the location service of a third party.
• To manage risks that may arise from unlawful actions, which included but not limited to, by utilizing information for improving the security system relating to the Company’s security system of the information technology system and operation system, or security purposes such as image/video recordings of visitors through CCTV and exchange of identification documents before entering the Company’s building as well as for security within the our premises.
• To pursue any legal actions, such as to prevent or cease any loss of life or damage to body or health of a person, for educational study or statistics in order to provide an appropriate measure to protect your rights and freedom.
• To serve any other purposes which have been notified at the time of collection of your Personal Data or any other purposes in relation to any of the above purposes.

We will not use or disclose your personal data UNLESS it is necessary for the purposes set out above or disclosed to any person in the Company or the parties involved in the contract, as required by law, governmental authority, supervision organization or with your consent.

How we collect your personal data

When you enter the premises of the Company or when you are in contact with shops, offices of tenants within the Company's premises. We may collect your personal data directly from you or indirectly through a variety of sources including, but not limited to:

• Photographs and sound: we may record your photographs, sound and motion pictures of you participating in the event. Whether it be an activity organized by the company or someone hired by the company or is an activity that the Company participates in organizing the event (“Event”)
• Online platforms: we may collect your personal data when you register for an account, participate in a survey, contest, or promotional offer, subscribe to receive promotional communications or otherwise connect with us.
• Offline interaction: we may collect your personal data from offline, such as when you visit our offices, or the company's buildings or our projects. contact us via phone or attend our events or give us business cards.
• Our affiliates and business partners: in this case, we will consider and take appropriate measures to ensure that we are able to collect your personal data without violation of the applicable laws.
• Open-source material such as public website.
• Collecting still images and motion pictures from CCTV upon entering and leaving our premises. We do not collect any audio data with CCTV and signs will be posted indicating that a CCTV is operation in such area of the premises.

How we process your personal data

Generally, we will only process only personal data that is necessary to fulfil and in a lawful manner, which the lawful basis can be classified, as follows:

1) The purpose of which we have obtained your consent

• Marketing and Communications

  When we cannot rely on other lawful basis, we will request your consent for the purpose of marketing and communication, including offering products or services of us, our affiliates, or business partners.

• Sending or Transferring your personal information overseas

  Unless allowed or required by applicable laws, when we have to transfer your personal data to a country without adequate personal data protection standards for a personal data, we will request your consent prior to such transfer.

• Collection of sensitive data

  When you voluntarily provide your sensitive data to us, it means that you have granted us the permission to use your sensitive data for the following purpose:

  1. Health Information, including congenital disease, blood group, food allergy, are collected for food preparing in the events.
  2. Religion is collected for the benefits of providing facilities to suit you;
  3. Race/Nationality may be collected when you provide the national registration identity card
  4. Criminal Record is collected for fraud prevention and security purpose
  5. Biometrics such as facial recognition, fingerprint, voice recognition and retina recognition are collected for verification or for security purposes when you contact us or enter our office or building or project

  Please note that your sensitive data in form of anonymized information may be used for statistical purpose to develop products or services that will be better and more suitable for you.

2) Contract

We may process your personal data where we need to perform under the contract that we are about to enter into or have entered into with you, whether verbal or written contract, which including the following circumstances:

1. Considering your eligibility and suitability before entering into a contract or providing a service to you.
2. Taking any action in connection with contractual obligations between the Company and you, inkling contacting you to fulfil your obligation, sending the relevant documents.
3. Verifying your identity when you prefer to exercise your rights under the contractual obligation between the Company and you.

3) Legitimate Interest

We may rely on our legitimate interests or third parties’ legitimate interest to process your personal data. In this case, necessity, data subject’s fundamental rights and interest will be considered. The following circumstances constitute a legitimate interest:

1. We may rely on our security purpose, including when we collect still images and video recordings from CCTV and collecting personal data of visitors to our offices or buildings or projects. By exchanging or taking a photo of the identification card or passport or other documents that can be used in place of such documents legally including copies of such documents.
2. We may rely on our internal management purpose, including when the company of DTGO companies enter into the event of merger or reorganization or similar event, we may transfer your personal data to third parties as part of such event on need to know basis.
3. We may process your personal data to enhance and improve products and services for you and all customers of DTGO Companies.
4. We may process your personal data for marketing and communications purposes which will not materially affect the fundamental rights and the data subjects has the right to opt-out at any time.
5. During the event, seminar, or any other sale events, whether online or physical event, the photograph/ video, or audio may be recorded as a part of event’s atmosphere.
6. Where we have a relationship with any juristic person, we may collect personal data of relevant individual, including copies of ID card and contact detail of authorized representatives.
7. We may collect sales activities including interaction history, number of sales, appointment or contact record for performance analysis and enhancement purposes.

4) Other legal basis for processing your personal data

In addition to legal grounds specified in 1. – 3., the Company may rely on other legal grounds to process your personal data, including include where processing is necessary for compliance with a legal obligation; where processing is necessary to protect the vital interests of a data subject or another person; where processing is necessary for performance of a task carried out in the public interest in the exercise of official authority vested in the controller. The other legal grounds are processing for various purposes, including:

1. to comply with the requirement on financial report required by auditors and/or government authorities and to cooperate with the law enforcement entities, government authorities, regulators and/or the court’s order regarding legal proceeding or investigation.
2. to comply with the Computer Crime Laws in Thailand, we may need to record Log file.

Notwithstanding the foregoing, we may use your anonymized data for any purpose without your consent.

Whom we share and disclose your personal data with

We may share or transfer your personal data to the following recipient to fulfil and in accordance with the purposes under this Policy. The recipients may be located or have server(s) located in Thailand or outside Thailand. The recipients can be categorized as follows: (for each type including representatives its employees and directors)

1. DTGO Companies

   As we are a part of the DTGO Companies, by the nature of the internal management, we may share or disclose your personal data to other entities within DTGO Companies to fulfill and in accordance with the purposes under this Policy. For the purpose of sharing and transferring, we will make sure that your personal information will be shared or transferred safely and having an appropriate standard for protection of personal data.

   Any intra-group sharing shall be based on the necessity of each business as shown in the Table.

2. Third Party Service Providers

   We may share your personal data to third party service providers in the event that we hire or appoint the third party service providers to process your personal data for/ on behalf of the Company for the purposes specified in this Policy, including for website administrative management, delivery of products/services, marketing, data storage, IT solution, payment system.

3. Business partners

   We may share your personal data to our business partners when they jointly offer products or services jointly with us; when we offer their products/services to you.

4. Third parties required by law

   In order to comply with the applicable laws or regulations, we may be required to disclose or share your personal information to competent authorities, courts, or any other persons, which their right is specific defined by laws or if or there is reason to believe that such disclosure is necessary to protect the rights of the Company or third parties.

Where we disclose or transfer personal data to any third parties, other than DTGO Companies, we will enter into an agreement with the third party setting out the purposes of processing and the respective obligations of each party in place to protect data against unauthorized or accidental use, access, disclosure, damage, loss, or destruction.

Where your personal data is transferred to a third party or servers located outside Thailand, we will take any necessary measures to ensure that personal data is transferred safely with appropriate privacy protection measures.

How long we retain your personal data

We will only retain the personal data for as long as necessary to fulfill the purposes for which we collected it, and to the extent permitted by the Personal Data Protection Act B.E. 2562 or other applicable laws.

For collection of personal data when you contact us or enter our offices or buildings or projects. We will collect your personal data in our storage systems with appropriate personal data protection measures and access control system to prevent unauthorized access. We will retain your personal data for a period of 90 days from the date that you contact us or enter our offices or buildings or projects. After the specified retention period or we no longer have the right or inability to claim the basis for processing your personal data, we will take steps to erase your personal data by deletion or anonymization within 30 days from the end of the retention and processing period.

We have prepared schedules to specify the appropriate retention periods to ensure that when we no longer need to use your personal data we will remove it from our systems and records and/or take steps to anonymize it so that you can no longer be identified from it.

Your privacy rights and how you can exercise them

Under the Personal Data Act B.E. 2562, you have the following rights that you may exercise in relation to your Personal Data processed by us as follows:

1. The right to receive a copy of your personal data processed by us and to obtain other information about how we collect/process your personal data and why we process your personal data. Your personal data will generally be provided to you in electronic form.
2. The right to rectify inaccurate, incomplete, or misleading personal data relating to you.
3. The right to request the erasure, destruction, anonymization of your personal data.
4. The right to request to restrict the processing of your personal data.
5. The right to ask that we transfer the personal data to another data controller (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
6. The right to object to any processing which is based on our legitimate purpose or other legal ground.
7. The right to withdraw your consent, at any time, where we process personal data based on consent at any time. However, we may continue processing your personal data based on another legal basis.

If you would like to exercise your rights, ask questions, or complain about unlawful processing, you may send your request at email [email protected]. We will require you to identify yourself before meeting your request. Normally, we will respond to you in writing via email, as soon as practicable, within 30 days upon receiving your request with clear information.

We are entitled to reject your request if your rights are conditional as prescribed by laws. In addition, normally, there is no charge to make a request, however we reserve the right to charge a reasonable fee if the request is unreasonable or complex.

You also have the right to lodge a complaint to the Data Protection Committee if your request is rejected and you are dissatisfied with our reasons or the response is not provided to you within the period.

Consent, Withdrawal and Consequences

You are entitled to withdraw your consent at any time but such withdrawal will not affect the validity of the processing made prior to the withdrawal of consent.

Your withdrawal of consent or refusal to provide certain information may result in us being unable to fulfill some or all of the objectives stated in this privacy notice.

If we need to obtain consent from a person other than you (such as your parent), you represent that have the power to act on their behalf to acknowledge this privacy notice and consent to us on their behalf to process their personal data in accordance with this privacy notice.

How we protect your personal data

We have implemented (has required third parties to implement) appropriate technical and physical measures to safeguard and protect personal data from unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data.

Change to this privacy policy

We reserve the right to update this policy for any reason, including but not limited to complying with relevant law of Thailand, Thailand government policy, regulatory and other obligations of a similar nature. Any updates will appear on our website at www.cloud11bangkok.com/privacy-policy Any changes to this Privacy Policy will become effective upon publishing the Privacy Policy.

How to contact us

If you have any question or would like to exercise your rights, you may contact us at the following address:

Attn: Personal Data Protection Office
Address: CLOUD ELEVEN Limited
695 Soi Sukhumvit 50, Phra Khanong, Klong Toei, Bangkok, 10260
Email: [email protected]
Phone: 02-742-9141