Privacy Policy
MYRIN ASSET COMPANY LIMITED (hereinafter referred to as “MYRIN”) respect and value the privacy of anyone interacting, communicating and providing Personal Data to MYRIN (“Data Subjects”), and MYRIN commits to treat all personal data with security and confidentiality.
This privacy policy (“Privacy Policy”) sets out MYRIN’s practices and security measures with respect to the Personal Data and applies to any individuals whom MYRIN engages with or otherwise whose Personal Data is in the possession of MYRIN.
Data Subjects may review this Privacy Policy together with other privacy statements which MYRIN may additionally provide on this website or on specific occasions when MYRIN collects the personal data of the Data Subjects, i.e. Privacy Statement for (i) Customers (ii) Employees and (iii) Stakeholders (“Privacy Statements”). This Privacy Policy supplements to other Privacy Statements and will not cancel, replace, or override any provision in the Privacy Statements. If there are any conflicts between the two documents, the Privacy Statements shall prevail.
1. Key Summary of this Privacy Policy
MYRIN has engaged with the Data Subjects for several purposes, and therefore has numbers of the personal data under the collection. In this regard, MYRIN ensures that the personnel, business operations, and performances of MYRIN shall comply with this Privacy Policy, the Privacy Statements (if applicable), and the Personal Data Protection Act B.E 2562 (“PDPA”) and other applicable laws, in order to protect the privacy and security of the Data Subjects, including to avoid unauthorized or unlawful acts, to prevent violation of laws, and to mitigate any potential risks from penalty imposed by the PDPA and applicable laws.
2. Types of Personal Data
“Personal Data” means any data relating to an individual which can identify such individual, directly or indirectly excluding the data of a deceased individual.
MYRIN may collect the Personal Data in relation to the Data Subjects as follows:
- Identity data such as name, title, gender, age, nationality, country of residence, marital status, date of birth, occupation, identification card, passport, other government-issued identification data, photo, and any other identity data with the similar nature.
- Sensitive data such as religion, ethnicity, dietary, sexual preference, allergy data, health data, criminal records, and biometric data.
- Contact details such as address, phone number, email, messaging application accounts, for example, Line, WhatsApp and other social media accounts, such as Facebook and Instagram.
- Financial data such as credit/debit card information, bank account details, source of fund and assets list.
- Employee data such as social security information, tax information, educational background, work experience, salary rate, work performance, working hours and leaves.
- Preference and lifestyle information, such as interest, hobby, likes and dislikes.
- Transactional data such as information of services or products sold or provided to the Data Subjects, correspondence information, enquiries, feedback and purchase history.
- Technical information such as cookies, IP address, log files, location, mobile network data, hardware model, operation system.
- Security & loss prevention data such as security camera footage and license plate data.
- Stakeholder information such as shareholding details, information in proxy, bond, debenture, and B/E details.
- Public data which is available on both online and offline channels such as social media data photos, posts, locations, friend list and liked pages.
If the Data Subjects would like to use any services or products of MYRIN, work with MYRIN or otherwise engage in any business arrangements with MYRIN, MYRIN needs the Data Subjects’ Personal Data in order to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder, meet any of the Data Subjects’ requests or comply with applicable laws. If the Data Subjects do not provide the Personal Data to MYRIN, MYRIN will not be able to provide such services or products, enter into a contract with the Data Subjects, perform any obligations thereunder and it might result to a breach of contract with MYRIN by the Data Subjects, breach of applicable laws, or the event that the Data Subjects’ requests are fully rejected.
If you provide the Personal Data about other persons to MYRIN, you affirm that this Privacy Policy and the Privacy Statements (if applicable) have been reviewed by such persons and that such persons have given their consents regarding the processing of their Personal Data (if required). The Data Subjects have to present the documents evidencing that the above actions have been carried out as may be requested by MYRIN.
3. Collection of the Personal Data
MYRIN may collect the Personal Data provided by the Data Subjects from any engagements or interactions with the Data Subjects either via online or offline means, such as through the websites or applications owned or controlled by MYRIN (“MYRIN’s Websites & Applications”), phone call, email, messaging applications, including when the Data Subjects use MYRIN’s services or products, apply for a position at MYRIN, engage in any transactions or business arrangement with MYRIN, or invest in MYRIN.
MYRIN may also collect the Personal Data from other sources as well, such as from family members or related persons of the Data Subjects, referrers, marketing companies, recruitment agencies, corporate customers, vendors, or stakeholders, and other publicly available sources in either online or offline database.
4. Retention Period
MYRIN will retain the Personal Data for no longer than 10 (ten) years after the last contact or termination of contractual relationship between MYRINs and the Data Subjects. However, MYRIN may continue to retain the Personal Data as long as (a) it is permitted by the PDPA and/or any applicable laws, (b) MYRIN is under the certain contracts with the Data Subjects, (c) MYRIN is under legal obligation to retain the Personal Data, (d) the consent granted to MYRIN has not been revoked, and (e) it is deemed necessary to complete the objectives of this Privacy Policy and the Privacy Statements (if applicable).
5. Purpose of Personal Data Processing
The Personal Data shall be collected and used only for the purposes and the lawful basis stated below, including any purposes and the lawful basis stated in the Privacy Statements, any other purposes that the Data Subjects have given their consents to MYRIN from time to time, and any other purposes as permitted or required in the PDPA and/or any applicable laws.
Legal Obligation
- To comply with legal requirements such as the PDPA, Civil and Commercial Code, Revenue Code, Land Cod, Labor Protection Act B.E. 2541 (1998), Social Security Act B.E. 2533 (1990), Land and Building Tax Act B.E. 2562 (2019), Accounting Act B.E. 2543 (2000), and Computer-Related Crime Act B.E. 2550 (2007).
- To comply with court orders and/or orders from governmental authorities.
- To conduct financial audit of each company in MYRIN as required by law.
Contractual Basis
- To review, evaluate and asses the Data Subjects for entering into contract with MYRIN, including to communicate with and interview them, e.g., employees and vendors.
- To enter into any agreement and fulfil the obligations thereunder.
- To provide the Data Subjects with related services and products.
- To maintain and manage relationship and communicate with the Data Subjects.
- To provide any personalized services, goods and products to the Data Subjects.
- To make or process payment, refund, or issue invoices and receipts.
- To response to the Data Subjects’ request about the residential projects which the Data Subjects are interested to acquire.
Legitimate Interest
- To administer and protect MYRIN’s business security.
- To authenticate and verify the Data Subjects in any relevant transactions.
- To prevent any loss, crime, fraud or any unlawful acts.
- To conduct an investigation of anti-money laundering and transaction failure.
- To conduct internal audit of business.
- To proceed with debt collections.
- To administer and solve technical problem on the MYRIN’s Websites & Applications and to improve MYRIN’s business.
- To connect data between MYRIN for ordinary business operation.
- To allow advisors, service providers, vendors, suppliers, contractors, sub-contractors to provide and supply MYRIN with services and products.
- To carry out, manage and improve the ordinary business operations and to establish a management for a good corporate governance.
- To recruit and evaluate potential any of the directors, employees, vendors or others to work with MYRIN.
- To manage the current and future recruitment for a vacant position.
- To communicate with the Data Subjects’ reference, e.g. former employer for background check before entering into any agreement.
- To contact your related person for any emergency case.
- To enter into contract or communicate with corporate customers, vendors or stakeholders through their representative such as directors or employees.
- To take a photo or video footages of the Data Subject at any events held by MYRIN and publish or advertise such photo or video footages on MYRIN’s Websites & Applications or other platforms, without being a targeted advertisement.
- To share Personal Data of the Data Subject on a need-to-know basis for the purpose of merger and acquisition, business reorganization, insolvency, rehabilitation and similar proceedings of MYRIN.
- To assess any potential risk of investment.
- To collect Personal Data of witness to a contract as an evidence.
Consent
- To maintain relationship between MYRIN and the Data Subjects such as to provide gifts or hold a birthday party according to the Data Subjects’ preferences.
- To conduct targeted and/or direct marketing, i.e. to offer sales, updates and promotions of the products and services pursuant to the Data Subjects’ preference and lifestyle, including the events that the Data Subjects might be interested in attending.
- To conduct data analytics and market research, in order to learn about the products and/or services that the Data Subjects might be interested in receiving.
- To take a photo or video footages of the Data Subjects at sale galleries and publish or advertise such photo or video footages on MYRIN’s Websites & Applications or other platforms.
- To provide meals and/or other facilities pursuant to the Data Subjects’ food allergy or religion.
- To evaluate the suitability of the Data Subjects for entering into contract with MYRIN considering their sensitive data such as criminal records and health data.
- To collect your sensitive Personal Data as necessary, e.g. to use your identification card (which contains your religion and/or blood type and/or for verification of your identity before continuing the transaction).
Other lawful basis
Apart from the lawful basis mentioned earlier, MYRIN may collect, use or disclose the Personal Data based on lawful basis below.
- To prepare historical documents or archives for the public interest, or for purposes relating to research or statistics.
- To prevent or suppress a danger to a person’s life, body or health.
- To carry out a public task, or for exercising official authority.
6. To Whom Personal Data is Disclosed
MYRIN may be required to disclose the Personal Data in relation to the Data Subjects to the third parties, including without limitation to:
- the companies within MYRIN
- governmental authorities such as the Revenue Department, Department of Business Development, Stock Exchange of Thailand, Securities and Exchange Commission Thailand Land Office and the Immigration Bureau, including courts and any other authorities as required by law.
- financial institutions, insurance companies and insurance brokers
- service providers, suppliers, business partners,
- stakeholders
- professional advisors such as accountants, lawyers, IT advisors, technicians, and auditors.
- Third parties to whom MYRIN chooses to sell, transfer, merge, any portions of the business, assets, or shares. This includes the parties in relation to the events of business reorganization, insolvency, rehabilitation and similar proceedings.
In this regard, the disclosure shall be conducted for the purposes as stated in the Privacy Policy, the Privacy Statements and the consents given by the Data Subjects and/or other purposes as required or permitted by the PDPA and/or any applicable laws.
7. Cross-Border Transfer
Due to the nature of modern hospitality business, MYRIN may disclose or transfer the Personal Data in relation to the Data Subjects to the parties located overseas in which the destination countries may or may not have the equivalent level of protection for Personal Data protection standards. In any case, MYRIN takes steps and measures to ensure that the Personal Data is securely transferred, the receiving parties have in place an appropriate level of protection standards or other there are derogations as required or allowed by PDPA and other applicable laws.
In the event that the destination countries do not have sufficient data protection standards, MYRIN will ensure that the transfer of your Personal Data will be in accordance with the PDPA or other applicable laws.
8. Cookies
Cookies are software that is stored in the MYRIN’s Websites & Applications and sent to the Data Subjects’ browser when using the MYRIN’s Websites Applications. The Cookies on the MYRIN’s Websites & Applications are used to identify and distinguish the users who have visited the MYRIN’s Websites & Applications and track their personal preferences, which the data of the users shall be automatically collected by Cookies. These Cookies do not cause any harmful effects to the computer or transmit any viruses, Cookies otherwise help MYRIN to serve the users with personalized service or support, provided that its purposes of using are:
- to allow the users to access or use services or functions in MYRIN’s Websites & Applications.
- to increase effectiveness of the MYRIN’s Websites & Applications in operating online service or interactive applications;
- to enhance the visitation to the MYRIN’s Websites & Applications, such as to recognize a name, account, password or previous interest, in order to serve those who repeatedly use the MYRIN’s Websites & Applications or services; and
- to analyze the performance, including updating and improving the operation of the MYRIN’s Websites & Applications.
If the users, as the Data Subjects, disagree to the use of Cookies in automatically collecting the data while browsing the CGD Group’s Websites & Applications, the users can choose not to accept Cookies by visiting https://lanecove-rama3.com/.
9. Log Files
MYRIN may record log files from the Data Subjects visiting MYRIN’s Websites & Applications. Log files include IP address, browser type, internet service provider name, entry and exit pages, platform type, date/time stamp, and a number of clicks.
10. Surveillance camera
MYRIN uses surveillance cameras to capture footage of the visitors and the vehicles in and around the location of MYRIN for safety purposes including the prevention and detection of crimes. The surveillance cameras of MYRIN will detect the entrance, the lobby, the terrace, the parking lot outside of the buildings, the fence around the buildings and the area within the perimeter of MYRIN, which is accessible by the people throughout 24 hours. The surveillance system does not use sound recording. MYRIN ensures that live feeds and captures from the surveillance cameras will be observed by authorized persons of MYRIN only.
11. Minors
The minor means any person under the age of 20 years. MYRIN may not know the age of the Data Subjects visiting MYRIN’s Websites & Applications. The parents of the minors providing the Personal Data through MYRIN’s Websites & Applications, may request MYRIN to delete the Personal Data of such minors (if applicable). If MYRIN is aware that the Data Subjects are minors and such minors cannot act alone according to the Civil and Commercial Code, MYRIN will, and without delay, proceed to obtain consent from the parents, if required by the PDPA.
12. Personal Data Security Measure
MYRIN recognizes the importance of maintaining the security of the Data Subjects’ Personal Data. Therefore, MYRIN has implemented reasonable technical and organizational security measures to protect the Data Subjects’ Personal Data collected by MYRIN against unauthorized access, misuse, loss or destruction, which include control access, encrypted storage and storage with lock.
13. Personal Data Collected prior to PDPA’s Effectiveness
MYRIN is entitled to continue collecting and using your Personal Data which has been collected before PDPA’s effectiveness in accordance with the original purposes. If you do not wish MYRIN to continue collecting and using your personal data, you may withdraw your consent at any time by contacting MYRIN or the Data Protection Officer as detailed in Paragraph 18.
14. Data Subjects’ Rights
Where permitted by the PDPA or applicable laws and under the relevant criteria/requirements specified thereunder, the Data Subjects have the rights with respect to their Personal Data to:
- Access: The Data Subjects may have the right to access or request a copy of the Personal Data, which MYRIN is collecting, using or disclosing about the Data Subjects, including to disclose the acquisition of the Data Subjects’ Personal Data which MYRIN obtained without the Data Subjects’ consent. For the Data Subjects’ own privacy and security, MYRIN may require the Data Subjects to prove their identity before providing the requested Personal Data.
- Data Portability: The Data Subjects may have the right to obtain Personal Data of them, which MYRIN holds, in a structured, electronic format, and to send or transfer such Personal Data to another data controller, where this is (a) Personal Data of the Data Subjects and (b) MYRIN is collecting, using or disclosing such Personal Data on the basis of the Data Subjects’ consent or to perform a contract with the Data Subjects.
- Rectification: The Data Subjects may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data which MYRIN collects, uses or discloses about the Data Subjects rectified.
- Withdraw Consent: For the purposes of consent, which the Data Subjects have given to MYRIN for the collecting, using or disclosing of the Data Subjects’ Personal Data, the Data Subjects have the right to withdraw such consent at any time.
- File a complaint: The Data Subjects have the right to file a complaint with the Personal Data Protection Committee if the Data Subjects believe that there is any violation of the PDPA.
- Objection: The Data Subjects may have the right to object the collection, use, and disclosure of the Personal Data in certain circumstances, including the case where Personal Data is being processed under the basis of public interest and legitimate interest or for the purposes of direct marketing and/or scientific, historical or statistic research.
- Restriction: The Data Subjects may have the right to restrict the processing of the Personal Data in circumstances that (i) MYRIN is under pending examination process to check the accuracy of Personal Data or to verify basis with regard to the Data Subjects’ objection request for the collection, use and disclosure of the Personal Data, (ii) the Data Subjects request MYRIN to restrict the use of the Personal Data instead of deleting or destroying, and (iii) the Personal Data is no longer necessary for the purposes of collection, use and disclosure but the Data Subjects request MYRIN to retain such Personal Data to establish, comply, exercise or defend legal claims.
- Deletion (‘right to be forgotten’): The Data Subjects may have the right to request that MYRIN delete or de-identify Personal Data which MYRIN collects, uses or discloses about the Data Subjects, unless MYRIN is not obligated to do so, or if MYRIN needs to retain such Personal Data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
The Data Subjects may exercise these rights by changing privacy preference, unsubscribing, or contacting MYRIN or the Data Protection Officer as detailed in Paragraph 18 below.
The Data Subjects’ request to delete or anonymize the Personal Data, or request to restrict or object to the processing of the Personal Data could mean that MYRIN is unable to perform its obligations under an existing contract and unable to provide the Data Subjects with the services and products and/or to acts on the Data Subjects’ request.
In the event that your withdrawal of consent will affect you in any manner, MYRIN or the Data Protection Officer will inform you of the consequences of such withdrawal of consent accordingly.
For the Data Subjects’ privacy and security, MYRIN may refuse to comply with the request if (a) the person submitting the request does not have evidence to verify that he/she is the data subject or does not has the authority to submit such request (b) the request is not reasonable, e.g., the person submitting the request does not have the rights under the PDPA or does not have Personal Data in MYRIN’s possession (c) the request is excessive or vexatious, e.g., the request unreasonably repeats a previous request from the same person (d) MYRIN has compelling legitimate grounds to reject such request as required or permitted by the PDPA and/or any applicable laws.
15. Privacy Policy of other Websites
The MYRIN’s Websites & Applications contain address links to other websites. This Privacy Policy applies only to the MYRIN’s Websites & Applications and MYRIN shall be solely responsible subject to the scope of this Privacy Policy. MYRIN shall not be responsible for any collection, storage, process, or disclosure of Personal Data, or the use of Cookies conducted by other websites which the Data Subjects access from the MYRIN’s Websites & Applications. Therefore, MYRIN would kindly suggest the Data Subjects carefully review the privacy policies of other websites before submitting any Personal Data.
16. Amendment and Review
MYRIN may regularly review this Privacy Policy and the Privacy Statements from time to time to be in accordance with any amendments made to the PDPA and applicable laws. Amendments to this Privacy Policy and the Privacy Statements will be publicly announced on the MYRIN’s Websites & Applications or other available channels.
17. Miscellaneous
This Privacy Policy and the Privacy Statements are governed by and shall be construed in compliance with the PDPA and the laws of Thailand. This Privacy Policy and the Privacy Statements are written in English and Thai language. In the event of any inconsistency between the English versions and Thai versions, the English versions shall prevail.
18. Contact Us: DPO
Regarding all queries or awareness with respect to the Personal Data arising from this Privacy Policy, the Privacy Statements, or the activities of MYRIN, including the exercise of any rights as set out in Paragraph 14, please contact the Data Protection Officer of MYRIN at the below address:
Data Protection Officer of MYRIN
To: Data Protection Officer
Address: No. 223/79 Country Tower A, Sanphawut Road, Bangna-Tai Sub-district, Bangna District, Bangkok Metropolis, Thailand
Website: https://lanecove-rama3.com
This Privacy Policy is published on March 2023