ADDENDUM
Thailand
The following terms of this Addendum (“Addendum”) will apply to Policy with respect to Thailand. The purpose of this Policy is to inform you of how we manage Personal Data in accordance with the Personal Data Protection Act B.E. 2562 (2019) of Thailand (“Thai PDPA”) including sub-legislations and regulation issued by virtue thereof. This Addendum shall form an integral part of the Policy and in the event of any inconsistency between the provisions of the Policy and this Addendum, the provisions of this Addendum shall prevail.
1 Your Personal Data
1.1 The Thai PDPA defines Personal Data as any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons. 1.2 Certain types of data are considered “sensitive information” under Thai PDPA which include Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behaviour, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
2 Collection of Personal Data
2.3 If you provide us with Personal Data relating to a third party (e.g., spouse, children, parents, employees, or authorised representatives) for any purpose, you represent and warrant that you have obtained the necessary consent from the third party to Cortina Group collecting, using and/or disclosing such Personal Data for that particular purpose and ensure that such third party shall be informed of this Policy.
4 Cross Border Transfers of Personal Data
4.1 As Cortina Group is an international business, you acknowledge and agree that some information (including Personal Data) may be transferred to regions/countries outside of Thailand in the ordinary course of our business including to parties located in; 4.1.1 Malaysia 4.1.2 Singapore 4.1.3 Taiwan 4.1.4 Hong Kong (SAR) of China 4.1.5 Macau (SAR) of China 4.2 When Cortina Group discloses personal information outside of Thailand, we will comply with this Policy and the requirements of the Thai PDPA pertaining to the transfer of Personal Data outside of Thailand, including any sub-legislations issued by the Personal Data Protection Commission (“Thai PDPC”). We will not transfer Personal Data outside of Thailand unless it is for compliance with the law, for other purposes allowed by law or where your consent has been obtained. If we do so, we ensure the destination country or international organisation that receives such Personal Data shall have adequate data protection standard otherwise, we will inform you of the inadequate Personal Data protection standards of the destination country or international organisation. We have taken reasonable steps to ensure that your Personal Data so transferred will not be used or disclosed by the recipient for purposes other than as permitted under the Thai PDPA. Additionally, where it is necessary to do so, (i) as a group, we may have binding corporate rules regarding the sending or transferring of Personal Data within the same group reviewed and certified by the Office of Thai PDPC, (ii) Cortina Group shall enter into legally binding data sharing agreements with the recipients or (iii) we may provide other safeguard being applicable under the law. In this regard, you confirm that by continuing to have a relationship with or deal with Cortina Group, you have acknowledged to the disclosure by Cortina Group of your Personal Data to the aforesaid recipient(s).
5 Disclosure without Consent; Deemed Consent
5.2 Under certain circumstances, unless otherwise an explicit consent is required under the law, we may assume deemed consent from you when you voluntarily provide your Personal Data to us for the stated purpose(s). Prior to providing your Personal Data to us, you must acknowledge and agree that you have fully read and understood this Policy. The exceptions upon which Personal Data may be collected without consent are pursuant to Section 24 of the Thai PDPA.
8 Withdrawal, Access, Correction and Your Rights of Your Personal Data
8.1.4 You may request to access, obtain a copy, the disclosure of the acquisition of the Personal Data obtained without your consent or correct your Personal Data by submitting your request in writing or via email to our Data Protection Officer. To respond to your request, we may ask you to provide us with a proof of your identity. We will aim to provide access to your Personal Data within thirty (30) business days if the request cannot be completed within this timeframe, we will notify you of the within 30 days after receiving the request; 8.1.7 You may object to the collection, use, or disclosure of the Personal Data concerning yourself, at any time, in the following circumstances: (1) where the Personal Data is collected for the performance of a task carried out in the public interest by us, or for our legitimate interests; (2) the collection, use, or disclosure of such Personal Data is for the purpose of direct marketing; In addition, you may also request the suspension of the use of your Personal Data, the erasure or destruction of such data, or its anonymisation so that it can no longer be used to identify you, where there are applicable legal grounds to do so under the Thai Personal Data Protection Act (PDPA). We will respond to your request within thirty (30) business days. If the request cannot be completed within this timeframe, we will notify you of the within 30 days after receiving the request; We may reject your request if there is a compelling legitimate ground or the processing of Personal Data is carried out for the establishment, compliance or exercise of legal claims, or defence of legal claims.
14 Complaints
14.4 If you wish to submit a complaint or if you feel that our reply to your concerns is not to your satisfaction, you can contact and/or make a complaint to the competent authority.