Data Privacy Policy

A. INTRODUCTION

The Club is committed to protecting the privacy of everyone with whom it engages, including Members, employees and contractors and suppliers. This Privacy Policy is drawn up in accordance with the Thai Personal Data Protection Act BE 2562 (2019) (PDPA), which includes guidelines for the protection of information provided to the Club.

This Privacy Policy is subject to change, and persons providing data to the Club should review this document from time to time on the Club website.

B. DEFINITIONS

At the Club the roles described in the PDPA are fulfilled as follows:

i) The Data Controller – the decision-making authority on collection, use and disclosure of collected personal data – is the Club itself
ii) The Data Processor – a party that collects uses or discloses personal data at the instruction of the Data Controller – is fulfilled by various outsourced data processing entities
iii) The Data Manager (equivalent of the Protection Officer specified in the PDPA)– the person designated by the Club to facilitate and ensure PDPA compliance – is the Club GM, or such person designated by him/her
iv) A Data Owner – is a Member, employee, or contractor whose information is held by the Club

C. COLLECTION OF PERSONAL DATA

C.1. Purpose of Collecting Personal Data

The Club collects Personal Data for a variety of reasons and purposes, include:

i)   To ensure satisfactory operations and administration of the Club
ii)  To ensure compliance with Thai laws and regulations
iii) To ensure the safety and wellbeing of Members and all those with whom the Club engages
iv) To report on and publicise Member activity and status.
v)   For statistical and analytical purposes

C.2. Categories of Personal Data Collected

The categories of Personal Data collected may include:

i,   Personal identifiers: including name, job title, home address, work address, home, work and mobile telephone numbers, email addresses, digital certificate numbers, IP addresses, passport or national ID card numbers and other information for identifying a person.

ii,  Identifiers of personal finance: including bank account numbers and names of financial institutions, credit and debit card numbers, membership charges and other personal financial information.

iii, Personal details: including age, gender, date and place of birth, nationality, marital status, etc.

iv, Details of family members: including details of spouses, children, other dependents and family members, cohabitants, drivers, nannies, etc.

v,  Occupational details: including position or profession, title, qualifications, credentials, etc.

vi, Club information: including date of membership, member category, monthly charges and payments records, participation in General Meetings, website access and other records pertaining to  interaction with the Club.

C.3. Consent

The Data Owner’s consent is required for the Club to acquire and retain Personal Data.

Your consent will typically be given by your signing an application form or other operational document or otherwise confirming your agreement with this Privacy Policy and its subordinate policies. Your agreement can be requested or communicated to the Club in writing or by electronic means permitted under the PDPA.

Specifically, such consent covers:

i)   certain pre-membership steps necessary to evaluate an application to join the Club (basic identification details to be posted on the notice board), and retention of basic data in the event the application is rejected,
ii)  use and disclosure of that information plus other financial information generated by the Club during the validity of membership, including the disclosures in D3 below, and
iii) retention of data accumulated during membership for statistical and other purposes after membership ends.

D. MANAGEMENT OF PERSONAL DATA

D.1. Use of Personal Data

The Club will use your Personal Data for one or more of the purposes stated under C.1. above.

D.2. Retention of Personal Data

The guiding principle is that Personal Data will be retained - subject to certain limitations whereby a Data Owner can exercise rights granted under the PDPA to access, edit or eliminate his Personal Data - for as long as the Club needs the data to fulfil its intended purpose,. This will typically mean data is retained for the period membership is in force, plus a period mandated by regulations for the retention of records for accounting and tax purposes, plus a further period, at the discretion of the Data Controller, for archival and analytical purposes.

D.3. Sharing Personal Data

The Club will not sell your Personal Data to a third party.

The Club may share your Personal Data with third parties if:

i.  The third party is assisting the Club in its operations and administration (e.g. IT service providers and Data Processors, etc.)
ii. The Club is under an obligation to disclose such information to comply with legal requirements, or to protect the Club’s rights and property.

Personal Data may also be disclosed in the various forms of communication of the Club. These include the following:

a. by posting on notice boards on the Club premises, in the form of Member applications and disciplinary actions, general Club, Section and Committee news, and announcements of events and health and safety measures.

b. by publication in “Outpost” magazine or on the Club’s website, relating to general Club news, announcements of events and health and safety measures.

c. by e-mail communications to Members, either individually, for Sections and for all Members, for weekly and other periodic news mailings, non-payment notices and health and safety announcements, and

d. by individual mailings to Members for monthly invoices and disciplinary actions.

Otherwise, disclosure to a third party of any of your Personal Data will only be made after the Club receives your consent.

D.4. Security of Personal Data

The Club, as Data Controller, is responsible for the establishment and maintenance of reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification and disposal of Personal Data or similar risks. The Club will limit access to Personal Data to parties needing to use such data for Club purposes only.

Transmission of information via the internet is, however, not completely secure. While the Club will take reasonable measures to protect Personal Data provided to the Club through the internet, the Club cannot guarantee the security of Personal Data submitted to the Club in this way.

E. RIGHTS OF DATA OWNER

Having consented to the collection and retention of Personal Data in accordance with this Privacy Policy, the Data Owner retains rights to review the data held and ensure its accuracy and compliance with the requirements of the PDPA. This section outlines those rights and the procedure for handling requests for changes to the data held.

E.1. Right of Access

Individuals who have provided Personal Data to the Club have a right to confirm what data is being held on them, how it is being used and the purpose for which it is being used. Requests should be directed to the Data Manager, and the Club will respond within one month to all such requests, while retaining the right to decline requests it may consider inappropriate.

E.2 Right to Correct

An individual may request removal of Personal Data from the Club’s records if he/she considers that the purpose for which the data was originally collected is no longer valid, if they withdraw their consent previously given to the processing of the Personal Data or for similar reasons, or due to a legal obligation.

E.3 Right to Cease Collection, Handling or Use

An individual may request that the Club discontinue the collection, processing or use of his/her data.

E.4. Right to Restrict Processing

An individual may request the blocking or suppression of the processing of his/her data (while allowing the Club to retain it) if he/she contests the accuracy of the data, or if he/she alleges that the stated purpose for which the data is being held and used is incorrect.

E.5. Right to Data Portability

Individuals can request that their Personal Data held by the Club be transferred to another organization. Such requests will be considered on an individual basis, as they constitute an exception to the Club’s stated policy on not sharing data with third parties.

E.6. General

All requests arising from the Data Owners’ rights should be directed to the Data Manager at the Club, at the address below, where they will be acknowledged promptly with a response as soon as practicable but no later than one month from their receipt.

E.7. Complaints and Dispute Resolution

If an individual is dissatisfied with the handling of his Personal Data by the Club, the complaint should initially be directed to the Data Manager, who shall consider and respond to the complaint within 15 days. If the Data Owner is dissatisfied with the response, the Data Owner may appeal in writing to the Club’s General Manager, who shall refer the matter to the General Committee. The General Committee shall consider the matter, which may include the Data Owner’s explanation of the basis of his/her position. The General Committee shall render its decision on the matter promptly, but in any event within 60 days of the General Manager’s receipt of the appeal. The decision of the General Committee shall be final, subject to the right of the Data Owner to refer the matter to the appropriate authority under the PDPA.

F. OTHER

F.1. Use of 'Cookies'

A 'cookie' is data sent by a web server and stored on a web browser. That data is to indicate preferences of the individual user. Many websites use cookies to provide services to their customers. You can configure your browser to not accept cookies. However, this will limit participation in certain activities. The Club uses cookies on its website, but they do not hold personal information.

To learn more about cookies, visit: www.cookiesandyou.com

F.2. Collection of IP Addresses

An Internet Protocol (IP) address is a numerical label assigned to each device that uses the IP for communication. The Club does collect IP addresses.

F.3. Collection of E-mail Addresses

The Club will use the e-mail addresses obtained from you to deliver information that you have agreed to receive, including events and services, etc. Club e-mails contain electronic images known as “web beacons” that allow it to know whether its e-mails are opened and to verify any click through to links within e-mails.

Please direct all questions or comments to the Club’s Data Manager.