At the Club the roles described in the PDPA are fulfilled as follows:
i) The Data Controller – the decision-making authority on collection, use and disclosure of collected personal data – is the Club itself
ii) The Data Processor – a party that collects uses or discloses personal data at the instruction of the Data Controller – is fulfilled by various outsourced data processing entities
iii) The Data Manager (equivalent of the Protection Officer specified in the PDPA)– the person designated by the Club to facilitate and ensure PDPA compliance – is the Club GM, or such person designated by him/her
iv) A Data Owner – is a Member, employee, or contractor whose information is held by the Club
C. COLLECTION OF PERSONAL DATA
C.1. Purpose of Collecting Personal Data
The Club collects Personal Data for a variety of reasons and purposes, include:
i) To ensure satisfactory operations and administration of the Club
ii) To ensure compliance with Thai laws and regulations
iii) To ensure the safety and wellbeing of Members and all those with whom the Club engages
iv) To report on and publicise Member activity and status.
v) For statistical and analytical purposes
C.2. Categories of Personal Data Collected
The categories of Personal Data collected may include:
i, Personal identifiers: including name, job title, home address, work address, home, work and mobile telephone numbers, email addresses, digital certificate numbers, IP addresses, passport or national ID card numbers and other information for identifying a person.
ii, Identifiers of personal finance: including bank account numbers and names of financial institutions, credit and debit card numbers, membership charges and other personal financial information.
iii, Personal details: including age, gender, date and place of birth, nationality, marital status, etc.
iv, Details of family members: including details of spouses, children, other dependents and family members, cohabitants, drivers, nannies, etc.
v, Occupational details: including position or profession, title, qualifications, credentials, etc.
vi, Club information: including date of membership, member category, monthly charges and payments records, participation in General Meetings, website access and other records pertaining to interaction with the Club.
The Data Owner’s consent is required for the Club to acquire and retain Personal Data.
Specifically, such consent covers:
i) certain pre-membership steps necessary to evaluate an application to join the Club (basic identification details to be posted on the notice board), and retention of basic data in the event the application is rejected,
ii) use and disclosure of that information plus other financial information generated by the Club during the validity of membership, including the disclosures in D3 below, and
iii) retention of data accumulated during membership for statistical and other purposes after membership ends.
D. MANAGEMENT OF PERSONAL DATA
D.1. Use of Personal Data
The Club will use your Personal Data for one or more of the purposes stated under C.1. above.
D.2. Retention of Personal Data
The guiding principle is that Personal Data will be retained - subject to certain limitations whereby a Data Owner can exercise rights granted under the PDPA to access, edit or eliminate his Personal Data - for as long as the Club needs the data to fulfil its intended purpose,. This will typically mean data is retained for the period membership is in force, plus a period mandated by regulations for the retention of records for accounting and tax purposes, plus a further period, at the discretion of the Data Controller, for archival and analytical purposes.
D.3. Sharing Personal Data
The Club will not sell your Personal Data to a third party.
The Club may share your Personal Data with third parties if:
i. The third party is assisting the Club in its operations and administration (e.g. IT service providers and Data Processors, etc.)
ii. The Club is under an obligation to disclose such information to comply with legal requirements, or to protect the Club’s rights and property.
Personal Data may also be disclosed in the various forms of communication of the Club. These include the following:
a. by posting on notice boards on the Club premises, in the form of Member applications and disciplinary actions, general Club, Section and Committee news, and announcements of events and health and safety measures.
b. by publication in “Outpost” magazine or on the Club’s website, relating to general Club news, announcements of events and health and safety measures.
c. by e-mail communications to Members, either individually, for Sections and for all Members, for weekly and other periodic news mailings, non-payment notices and health and safety announcements, and
d. by individual mailings to Members for monthly invoices and disciplinary actions.