1. Collection of Personal Data
Dusit may collect personal data directly and indirectly from data subject, his/her representative or other related persons, through Dusit’s corporate website, business partners, other businesses in Dusit Group, Dusit’s phone services and digital services (including website and application) as well as other reliable sources (such as associations, governmental organizations, governmental bodies, private organizations) organized either by Dusit, governmental organizations or private sector including social media.
2. Types of Personal Data Collected
- Your personal data as the registered shareholder, including full name, email, contact number, nationality, occupation, current address, current office address, tax I.D. number, copy I.D., copy passport, number of shares being held and your bank account information;
- Your personal data as the interested investors who contacts Dusit via investor relations channel, e.g., full name, contact information, place of work, work address and work title;
- Your inquiries, correspondence or email subscription;
- Recordings when you call or have online meeting with us;
- Details of a person who is authorized to act on your behalf (if applicable).
- Record, store and use of any images, video and audio data during shareholder meeting, investor/analyst meeting, site visit or open house and press conference;
- Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
3. Retention Period
Dusit will retain your personal data as long as it is necessary for the purpose of data processing. After that, Dusit will erase and destroy your personal data, except as may be required by applicable laws or for protection of our interest. In general, your personal data will be kept for a maximum period of 10 years or otherwise longer if it is specifically provided by laws.
4. Purposes of Use and Disclosure
Dusit will use and disclose your personal data for the following purposes:
- Deliver meeting invitation and other notices to the shareholders, debenture holders, investors, analysts as may be required under the relevant laws, for instance, the invitation to the general annual shareholders’ meeting, investor/analysts meeting or the submission of the annual business report/ media releases, newsletters;
- Verify your identity and the rights of your proxy who is authorized to attend the shareholders’ meeting, verify your right for the share transfer;
- Allocate and pay dividend to the shareholder;
- Pay interest to the debenture holder;
- Conduct accounting and bookkeeping as required under the applicable laws;
- Manage and respond to your inquiries, feedback, complaints;
- Prepare the annual report which is required by laws to include your personal data as the shareholders and to deliver those reports to the relevant government authorities or the public pursuant to the terms and conditions prescribed under the applicable laws.
- Maintain network and data security; and
- Comply with the applicable laws that require Dusit to process certain personal data (if any).
In the case where Dusit appoints third party service provider(s) to process your personal data, Dusit will process your personal data for the purposes of performing Dusit’s contractual obligations, compliance with legal obligations, based on Dusit’s legitimate interests or based on your consent (if necessary). Dusit will not disclose or permit the disclosure or make available your personal data other than in accordance with the relevant ground, unless your prior written consent has been given to Dusit or PDPA allows Dusit to do so without obtaining your consent.
If you refuse to share your personal data which is necessary required for Dusit to process on the ground specified above, Dusit will not be able to perform its contractual obligations with such subject matter nor able to comply with legal obligations.
Dusit will process personal data in strict compliance with the applicable laws. In case where you have given a consent to any data processing activity, you may withdraw your consent at any time.
Dusit will not disclose your personal data without any legal basis. Your personal data may be disclosed or transferred to governmental organizations, governmental bodies or third parties including:
- Service Providers/ Vendors: Dusit may share your personal data to the third-party service providers, subcontractors and other associated organizations, such as Thailand Securities Depository Company Limited as the Company’s registrar for the purposes of carrying out a task in accordance with the obligations that Dusit may have with you. However, if Dusit shares your personal data with the third parties, Dusit will disclose only the personal data that is necessary to deliver the service and have a contract in place that requires them to keep your personal data secure and only for the duration it is required to carry out that specific task. Such third-parties may fall under the following categories; shareholder registrar, debenture representative, web developer, etc. In the cases that the third parties will be acting as a data controller of your personal data, Dusit recommend you to read the privacy notice of such third party. Such third-parties may fall under the following categories; tax consultants, financial advisors, etc.
- Government Authorities: Dusit may share personal data to relevant government authorities to fulfill its legal obligations and/or any legal requirements.
- Financial Institutions: Dusit may share personal data to any financial institutions to establish and support the payment of any financial transaction being requested. Personal data may also be disclosed to any person or persons that have a right under the applicable laws to gain access to such information, provided such persons are able to prove their authority to access such information.
Dusit will disclose your personal data to the recipient outside of Thailand only where it is necessary to perform any obligations that Dusit may have with you and only when it is permitted by PDPA or other applicable laws.
In the event where Dusit is required to disclose your personal data to a third party, Dusit will follow appropriate procedures to ensure that the third party will properly handle your personal data in order to prevent data loss, unauthorized access, improper use, modification, disclosure or processing.
6. Data Security Measure
Dusit adopts the high-standard security system in both technology and procedures to prevent any possible data theft. Dusit implements various measures to protect its computer system (such as Network Firewall, Intrusion Detection, Threat Prevention, URL Filtering, Application Control, Email Security, Server and Endpoint Protection, Secure Socket Layer, Cookies), through substantial investments, effort and human resources as to ensure that Dusit achieves high-standard measures and your personal data remains safe.
Although Dusit makes its best efforts to protect the personal data with our technical mechanism along with the management by our personnel to control access and keep personal data against unauthorized access, Dusit cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threat and unauthorized access. You should regularly keep up with technology news, install personal firewall software to prevent your computer from threat or data theft.
7. Right of Data Subject
In exercising any right under this Clause , you shall comply with criteria and procedures specified in this Clause 8. However, the rights specified in this Clause are subject to change as the relevant laws may be amended from time to time by the government. If there is any changes about the laws, Dusit will inform you accordingly.
7.1 Right to be notified: If Dusit wishes to collect, store, use or disclose your personal data in any manner beyond the intended purposes or you given consent, Dusit will notify and/or seek your prior consent with respect to such additional scope.
7.2 Right to Access to your Personal Data: You may request for a copy of your personal data and request to disclose about the source of collection of your personal data.
7.3 Rectification of the Personal Data: To ensure that your the personal data is accurate, up-to-date, complete and not misleading, you may file a request to Dusit to rectify any of your personal data by following the procedures specified in this Clause.
7.4 Right to data portability: In case where it is technically available, you may request to receive your personal data in a commonly used or readable by the automatic device or to automatically transfer.
7.5 Right to erasure of your Personal Data: You may request to erase or make your personal data pseudonymised under any of the following circumstances: (a) your personal data is no longer needed to be collected, stored, used or disclosed for the intended purposes, (b) you withdraw your consent for your personal data to be collected, stored, used or disclosed and Dusit no longer has any legal right to process your personal data for the intended purposes, (c) you object to Dusit’s processing of your personal data, or (d) your personal data was processed in contravention of the PDPA.
7.6 Request to suspend the use of your Personal Data: You may request Dusit to suspend its use of your personal data in any of the following events:
- when Dusit is in the process of verifying certain information for the purpose of rectifying, updating, completing or avoiding any misleading about your personal data upon your request;
- when your personal data is to be erased under Clause 7.5 but you instead request to suspend its use;
- when it is no longer necessary to store your personal data, but you request Dusit to continue the storage of your personal data for establishing legal claims, legal compliance, exercise of legal rights or defenses; or
- when Dusit is in the process of verifying its legitimate rights in its data collection or processing for purposes specified by law.
7.7 Right to object the processing of Personal Data: You may object to the collection, storage, use or disclosure of your personal data in any of the following events:
- In case where your personal data was previously collected by Dusit for the purpose of (a) Dusit’s compliance with a governmental order or (b) any legitimate interest of Dusit or other legal entity;
- In case where Dusit has processed your personal data for the purpose of direct marketing; and
- In case where Dusit has processed your personal data for any research purposes as specified in relevant laws, including for statistical purpose.
7.8 Right to withdraw consent: You may withdraw your consent at any time. Your withdrawal will not have any effect on Dusit’s previous data processing. If your withdrawal will affect any part of your personal data, Dusit will notify you of such effect at the time you make such withdrawal.
However, Dusit may deny your request to withdraw consent if the processing is for the purpose of, or for complying with, applicable law or court order, the withdrawal may adversely affect and harm the rights and freedom of you or other people, the processing is for research purposes that has appropriate protection for personal data, or the processing is for establishing legal claims, legal compliance, exercise of legal rights or defenses.
8. Criteria and Procedures for Exercise of Your Rights
- The procedures above will take no more than 30 (thirty) days following the receipt of your request and all supporting documents that verify your identity.
- Dusit’s process will not incur any costs to you. But if there is any cost, Dusit will notify you prior to taking any action.