At the Club the roles described in the PDPA are fulfilled as follows:
i) The Data Controller – the decision-making authority on collection, use and disclosure of collected personal data – is the Club itself
ii) The Data Processor – a party that collects uses or discloses personal data at the instruction of the Data Controller – is fulfilled by various outsourced data processing entities
iii) The Data Manager (equivalent of the Protection Officer specified in the PDPA)– the person designated by the Club to facilitate and ensure PDPA compliance – is the Club GM, or such person designated by him/her
iv) A Data Owner – is a Member, employee, or contractor whose information is held by the Club
C. COLLECTION OF PERSONAL DATA
C.1. Purpose of Collecting Personal Data
The Club collects Personal Data for a variety of reasons and purposes, include:
i) To ensure satisfactory operations and administration of the Club
ii) To ensure compliance with Thai laws and regulations
iii) To ensure the safety and wellbeing of Members and all those with whom the Club engages
iv) To report on and publicise Member activity and status.
v) For statistical and analytical purposes
C.2. Categories of Personal Data Collected
The categories of Personal Data collected may include:
i, Personal identifiers: including name, job title, home address, work address, home, work and mobile telephone numbers, email addresses, digital certificate numbers, IP addresses, passport or national ID card numbers and other information for identifying a person.
ii, Identifiers of personal finance: including bank account numbers and names of financial institutions, credit and debit card numbers, membership charges and other personal financial information.
iii, Personal details: including age, gender, date and place of birth, nationality, marital status, etc.
iv, Details of family members: including details of spouses, children, other dependents and family members, cohabitants, drivers, nannies, etc.
v, Occupational details: including position or profession, title, qualifications, credentials, etc.
vi, Club information: including date of membership, member category, monthly charges and payments records, participation in General Meetings, website access and other records pertaining to interaction with the Club.
The Data Owner’s consent is required for the Club to acquire and retain Personal Data.
Specifically, such consent covers:
i) certain pre-membership steps necessary to evaluate an application to join the Club (basic identification details to be posted on the notice board), and retention of basic data in the event the application is rejected,
ii) use and disclosure of that information plus other financial information generated by the Club during the validity of membership, including the disclosures in D3 below, and
iii) retention of data accumulated during membership for statistical and other purposes after membership ends.
D. MANAGEMENT OF PERSONAL DATA
D.1. Use of Personal Data
The Club will use your Personal Data for one or more of the purposes stated under C.1. above.
D.2. Retention of Personal Data
The guiding principle is that Personal Data will be retained - subject to certain limitations whereby a Data Owner can exercise rights granted under the PDPA to access, edit or eliminate his Personal Data - for as long as the Club needs the data to fulfil its intended purpose,. This will typically mean data is retained for the period membership is in force, plus a period mandated by regulations for the retention of records for accounting and tax purposes, plus a further period, at the discretion of the Data Controller, for archival and analytical purposes.
D.3. Sharing Personal Data
The Club will not sell your Personal Data to a third party.
The Club may share your Personal Data with third parties if:
i. The third party is assisting the Club in its operations and administration (e.g. IT service providers and Data Processors, etc.)
ii. The Club is under an obligation to disclose such information to comply with legal requirements, or to protect the Club’s rights and property.
Personal Data may also be disclosed in the various forms of communication of the Club. These include the following:
a. by posting on notice boards on the Club premises, in the form of Member applications and disciplinary actions, general Club, Section and Committee news, and announcements of events and health and safety measures.
b. by publication in “Outpost” magazine or on the Club’s website, relating to general Club news, announcements of events and health and safety measures.
c. by e-mail communications to Members, either individually, for Sections and for all Members, for weekly and other periodic news mailings, non-payment notices and health and safety announcements, and
d. by individual mailings to Members for monthly invoices and disciplinary actions.
Otherwise, disclosure to a third party of any of your Personal Data will only be made after the Club receives your consent.
D.4. Security of Personal Data
The Club, as Data Controller, is responsible for the establishment and maintenance of reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification and disposal of Personal Data or similar risks. The Club will limit access to Personal Data to parties needing to use such data for Club purposes only.
Transmission of information via the internet is, however, not completely secure. While the Club will take reasonable measures to protect Personal Data provided to the Club through the internet, the Club cannot guarantee the security of Personal Data submitted to the Club in this way.
E. RIGHTS OF DATA OWNER
E.1. Right of Access
Individuals who have provided Personal Data to the Club have a right to confirm what data is being held on them, how it is being used and the purpose for which it is being used. Requests should be directed to the Data Manager, and the Club will respond within one month to all such requests, while retaining the right to decline requests it may consider inappropriate.
E.2 Right to Correct
An individual may request removal of Personal Data from the Club’s records if he/she considers that the purpose for which the data was originally collected is no longer valid, if they withdraw their consent previously given to the processing of the Personal Data or for similar reasons, or due to a legal obligation.
E.3 Right to Cease Collection, Handling or Use
An individual may request that the Club discontinue the collection, processing or use of his/her data.
E.4. Right to Restrict Processing
An individual may request the blocking or suppression of the processing of his/her data (while allowing the Club to retain it) if he/she contests the accuracy of the data, or if he/she alleges that the stated purpose for which the data is being held and used is incorrect.
E.5. Right to Data Portability
Individuals can request that their Personal Data held by the Club be transferred to another organization. Such requests will be considered on an individual basis, as they constitute an exception to the Club’s stated policy on not sharing data with third parties.
All requests arising from the Data Owners’ rights should be directed to the Data Manager at the Club, at the address below, where they will be acknowledged promptly with a response as soon as practicable but no later than one month from their receipt.
The General Manager
The British Club Bangkok
189 Suriwongse Road