Privacy Notice
Last Updated: October 2021
Kudun and Partners Company Limited (“KAP”, “we”, “us” or “our”) is committed to meet and uphold all obligations under the Personal Data Protection Act, B.E. 2562 (2019) (the “PDPA”). This Privacy Notice (“Privacy Notice”) will help you understand our guidelines on protecting your personal data (as defined below), to describe our grounds and means to collect, use, disclose, make cross-border transfer and/or otherwise process (collectively will be referred to as to “process”) your personal data, and to explain your rights in connection with such personal data as well as your options to protect such personal data.
This Privacy Notice applies to all processing of personal data, irrespective of whether the personal data is processed by us or any third parties. This should be read and comprehended and periodically revisited by all related parties to ensure a complete understanding of the procedures that personal data will be processed.
For the purpose of this Privacy Notice, “personal data” means any information relating to an identifiable living individual who can be identified from that data or from that data and other data.
This Privacy Notice shall apply to data subjects who (i) visit our website at www.kap.co.th, our social media, or other online presences; (ii) contact us through channels, such as email, telephone, post, website, social media or other presences; (iii) engage our legal and related services; and (iv) provide goods or services to us, which from now on shall be collectively referred to as “you” or “your”.
If you have any question or suggestion regarding our guidelines on protecting your personal data or if you wish to exercise your rights in accordance with the PDPA, please contact us through the following channel:
Kudun and Partners Company Limited
23rd Floor, Units C and F, Gaysorn Tower, 127 Ratchadamri Road, Lumpini, Pathumwan, Bangkok 10330, Thailand
email: pdpa@kap.co.th
Since we have the role and responsibility in determining the purposes and means of processing your personal data in accordance with the PDPA, we shall act as the data controller for your personal data. In this case, your personal data will be processed by our employees.
We will collect the following categories and types of personal data about you, which including but not limited to:
a) basic data, such as full name, nickname, signature, title, position, job responsibilities, photograph, date of birth, place of birth, age, marital status, gender and nationality, including all personal data in a copy of ID card, passport, driving license, or similar identifiers;
b) contact data, such as postal address, telephone number, email, or ID used for various messenger services;
c) social media data, such as posts, likes, shares, or other interactions with our social media presences;
d) public sources data, such as LinkedIn and similar professional networks, directories or internet publications;
e) billing and financial data, such as billing address, bank account, credit card or other payment information;
f) marketing and communication data, such as communication preferences, or marketing opt-ins;
g) event data, such as attendance at and provision of feedback forms in relation to our events;
h) usage data, such as your usage data on website navigation or most visited parts of our website, or your use of our networking facilities, WiFi, or similar electronic services;
i) supplier data, such as contact details and other data about your company’s or organization’s personnel where you provide services to KAP;
j) audio and video recording data, such as closed-circuit television (CCTV) recordings, audio recordings, online meeting, webinar, or other information obtained through electronic means; and
k) other data, such as any other data as necessary, or relevant to the provision of our legal and related services
In general, we will directly collect your personal data through the following processes, including but not limited to:
a) where you or your representative directly provide it to us, such as by corresponding with us via email, telephone, website, post, in person, CCTV footage when you visit our office, or other direct interactions with us;
b) where we monitor use of, or interactions with, our website, our articles on other websites, any marketing messages we may send to you, or other email communications sent from or received by us; and
c) publicly available sources, such as social media where you have set as public, Department of Business Development (DBD), or any other government agencies or courts which we use (i) for providing legal services (ii) to help us keep the contact details we already hold for an accurate and up to date or (iii) for professional networking purposes.
However, we may indirectly collect your personal data through the following third parties, including but not limited to our clients, reference persons, outsourcing persons, service providers, advisors, business partners, agencies, and domestic and international government agencies.
We use your personal data to carry out tasks per our scope and purpose of providing groups of activities, including but not limited to:
a) providing you with our legal services and other relevant services;
b) conducting conflict background and conflict check;
c) interacting with governmental or regulatory agencies or other authorities on your behalf;
d) notifying you about our new campaigns, promotions, newsletters, updates and invitations to seminars, webinars, training and other relevant services;
e) encouraging and developing business and service development;
f) developing our marketing strategy; and
g) managing and collecting payments, fees and charges.
We rely on the following legal bases to process your personal data. Not all of your personal data will apply to every legal basis stated below, and may be based upon one single or a combination of several legal bases.
(1) Contractual Basis
We are obligated to process your personal data to carry out the responsibilities committed according to the mandate letter, engagement letter, or proposal. These required personal data make up most of the data stated in Clause 3. In the case where you withhold any of your personal data for us to process it in respect to the purposes prescribed in this Privacy Notice, we may not be able to fulfill some or our obligations under the mandate letter, engagement letter, or proposal with you.
(2) Legitimate Interests
In specific situations, we require your personal data to achieve our legitimate interest of running our business, provided your interests and fundamental rights and freedoms are not overridden.
(3) Legal Obligation
We are obligated to process your personal data according to any legal requirements, including but not limited to providing your personal data to the Department of Business Development (DBD), or the Revenue Department.
We shall request consent from the clients, reference persons, outsourcing, service providers, advisors, business partners, agencies, or domestic and international government agencies in order for us to make contact and learn more about you.
In order to perform our contractual and other legal responsibilities or purposes, we may be required to pass on your personal data to external third-party organisations. These organisations may include:
a) our business partners;
b) social media platforms;
c) outsourcing service providers, such as marketing, advertising media and communication agencies, or cloud service providers;
d) counterparties, or their lawyers or persons;
e) online publishing and ranking companies;
f) external auditors;
g) governmental agencies, such as courts of Thailand, Department of Business Developmet (DBD), police station, or the Revenue Department; and
h) financial institutions, such as banks providing payment services.
For the case where personal data is being passed on to the external third-party organisations, we will ensure that the minimum amount of personal data is being sent and ensure the protection of your personal data, such as confidentiality arrangement, appropriate security measures to the extent as required by law.
For the purposes mentioned above in this Privacy Notice, we may disclose or transfer your personal data to third parties or servers located overseas which the destination countries may or may not have the same data protection standards as Thailand. In addition, we have taken steps and measures to ensure that your personal data is securely transferred, that the data recipients have suitable data protection standards in place, and that the transfer is in compliance with the PDPA.
We have implemented technical and organisaional measures to provide protection against loss, misuse, unauthorized access, disclosure and modification of your personal data. External third party organisations are also required to carry out the processing of your personal data in accordance with our security policy.
We will retain your personal data for as long as it is reasonably necessary to fulfill the purposes for which we have obtained your personal data as set out in this Privacy Notice, and to establish exercise or defense the legal claims. However, we may have to retain your personal data for a longer duration, if required by any applicable law.
Subject to applicable laws and exceptions thereof, your personal data rights include:
a) Right of access – you may have the right to request a copy of all your personal data we are processing about you;
b) Right to data portability – for the case where we have an automated platform allowing you to access your personal data automatically:
(i) you may have the right to ask for your personal data to be transferred automatically to other organisations; and
(ii) you may have the right to ask for your personal data to be directly transferred to other organisations, with the exceptions of cases where there is a technological limitation;
c) Right to object – you may have the right to object to any data process activity of your personal data in some circumstances;
d) Right to erasure – you may have the right to request for the deletion or anonymization of the personal data that we process about you, in accordance with the following cases:
(i) the personal data is no longer necessary for the processing purposes;
(ii) you object the processing of your personal data by us based on our legitimate interests and we do not have an overridding legitimate ground for the processing; and
(iii) the processing activity is not in accordance with the law;
e) Right to restrict processing – you may have the rights to restrict any data processing activities, in accordance with the following cases:
(i) during the verification process in accordance with the rights request to rectify the personal data;
(ii) for cases related to personal data which has initially asked for erasure but was followed by an additional request of processing restriction instead;
(iii) for cases when the data processing terms have passed, but you have requested for processing restriction due to legal reasons; and
(iv) during the process of personal data processing objection verification;
f) Right to rectification – you may have the right to edit your personal data to be correct and concurrent to the present; and
g) Right to lodge a complaint – you may have the right to lodge a complaint to competent authorities in the case that we unlawfully or not in compliance with applicable laws with the processing of your personal data.
Please be informed that your above-mentioned rights are subject to the relevant factors and we may not be able to process your request if we can rely on the lawful grounds to collect your personal data.
In the case where you have the intention to exercise your personal data protection rights, please contact us through channel specified above. We will process this request in a secure and timely manner.
In order to improve efficiency in operating your personal data, we may amend this Privacy Notice as we deem appropriate by publishing its latest version on our applications and/or websites. We will notify you if such changes materially affect the operation of your personal data, or if we are required to do so by law.
