Introduction
Thai Flight Training Company Ltd. (TFT) aims at provision of services with quality to respond to your expectation. TFT realizes the importance of personal data protection and the compliance with laws and regulations. This Privacy Notice is provided to you to inform you how we protect your personal data and your rights as the Data Subjects.
TFT as the “Controller” has the authority to determine the collection, use and disclosure of personal data in compliance with the Personal Data Protection Act B.E.2562 (2019) (PDPA) (“the Act”), the General Data Protection Regulation of the European Union (GDPR) and other related laws (“the applicable privacy laws”)
TFT hereby informs you as the Data Subject who may be (1) the person who has contacted TFT either be, has been or may further be a customer of TFT or (2) employee, personnel, staff, representative, shareholder, director, contact person, agent or person associated with juristic person or natural person under (1) above or party of persons who has contacted TFT either be, has been or may further be a customer of TFT, of how we protect your personal data obtained or may obtain from the business conduction and the provision of services through various channel e.g. website, telephone, electronic channel, application, social media or other sources, to ensure that TFT will protect your personal data and will collect, use or disclose your personal data only in the case necessary, lawful and appropriate, and also to inform you the rights you may have as the Data Subject, as more detailed in this Privacy Notice.
1. The Personal Data that TFT Collects, Uses and Discloses.
1.1 The Data that Identify the Data Subject Directly or Indirectly
(1) Personal Data consisting of name, last name, sex, date of birth, age, contact details, data in various documents such as identification card, passport, residential card, alien card, work authorization, social security card, driving license, car registration book, house registration, signature, tax identity, data concerning member of family, facial photo, educational background, occupation or status.
(2) Contact Details consisting of address as appeared on the house registration, address for delivery of documents, postal address, email address, house telephone number, mobile telephone number, fax number, name or account for application through digital channel e.g. Line, Google, Facebook, YouTube, Instagram or Twitter and contact information provided to TFT.
(3) Financial and Transaction Information consisting of bank account number, credit card number, debit card number, type of credit or debit card, information from the analysis of personal data, payment information or other information about the use or application for the use of the service with TFT.
(4) Contact Information consisting of information received through branch offices, telephone, electronic or digital channel, social media, information from CCTV and mobile service which information may appear in written form, voice or video record, transaction record, photograph or motion pictures.
(5) Information Technology Technical Data consisting computer serial number or internet protocol (IP address), Media Access Control (MAC), address code or serial number of the equipment conning to the network (MAC Address), Transaction Log, device ID, connecting information through application connecting channel (API),
Cookies, type and version of Plug-In, Browser, operating system and platform, mobile internet or network, setting information on device and other technical data from the use of platform, application and operating system of TFT.
(6) Usage Information consisting of username or code for the service, password, searching information, browsing history, viewing history, menu accessed, time period for using the website, platform, application, favorite menu, question & answer, log file, communication and suggestion to TFT.
(7) Behavioral Information consisting of information about personal interest, service usage behavior.
(8) Work Information consisting of start date, department, years of service, job position, job bibliography, job certification and reference, personnel ID, salary, wages, benefits, salary adjustment history, working record, disciplinary record, date of termination, type of termination, time in-out record, leave of absence history, bank details, emergency contact details, details of beneficiaries of an insurance.
(if any), educational background and reports, training and development information, photo, work history, other non-financial benefits, insurance information, family information, meeting records and opinions.
(9) Medical Record consisting illness information, medical conditions.
(10) Scorings and Testing Results.
1.2 Sensitive Personal Data where TFT shall obtain your consent prior to the collection consisting of biometric data (e.g. Facial recognition, finger scan, retinas and voice recognition data), religious, criminal record, health or any other information as may be published by the Data Protection Board may announce.
In some case, provision of personal information is necessary for the legal obligation or performance of contract or necessary for entering into the contract. If you do not provide the information, this may result in TFT will be unable to comply with the legal or contractual obligation that TFT has with you.
2. Purposes for Which Your Personal Data are Collected, Used and Disclosed.
In some case, provision of personal information is necessary for the legal obligation or performance of contract or necessary for entering into the contract. If you do not provide the information, this may result in TFT will be unable to comply with the legal or contractual obligation that TFT has with you.
2.1 to contact, communicate or provide information about the products or services that you use or will use;
2.2 to respond to your request or contract that you have with TFT or associated with the request or contract that you have made with TFT, for example, delivery of document, demand for debt payment including to comply with the contract that we have with other person and necessary and relating to provision of a service to you;
2.3 to manage relations between you and TFT and to prepare detailed or historical records about services provided to you for further service to you;
2.4 to manage information of corporate customers which your personal data may be involved;
2.5 to comply with laws, rules and regulations;
2.6 to perform any acts as the supervisory authorities may describe, request or recommend to comply;
2.7 to manage and administrate TFT’s internal businesses, e.g. compliance, improvement, or internal audit;
2.8 to administrate or manage all risks e.g.
(1) to protect, handle or minimize risks arising from illegal acts which may occur to you, the customers, TFT’s personnel and TFT by using the data for improvement of security system through various service channels, working systems and safety and security systems for information technology operation of TFT;
(2) for security purpose, e.g. photo recording of the person contacting or doing transaction with TFT via CCTV and the exchange of identification card when accessing the building for the security reasons within TFT areas;
2.9 to procure and offer products, services and alternatives of services to you, including communication, warning, deliver or offer privilege, benefits, awards or information about products or services of TFT, the companies in TFT group or business alliances which may of interest to you, or for sale promotion or lucky drawing activity;
2.10 to monitor the use of services or transaction according to your orders;
2.11 to manage all complains e.g. the investigation on the use of the services or transmission of data within or between TFT and other persons, the process for accepting of the complaint from you, compensation or as information for improving such services;
2.13 for strategic purpose, protecting interest or evaluation of the business result or services of TFT;
2.14 for evaluation, development and improvement of products or services or for execution of the rights by TFT;
2.15 for marketing promotion project or activity, meeting, seminar, entertainment or the site orientation;
2.16 for storage of data on cloud service and other system used for storing data;
2.17 for the performance of contract as TFT as the contractor or for execution of the right or enforcement of contract of TFT;
2.18 for connecting or facilitate the use of website, application and platform of TFT or other persons;
2.19 for application for a job or for the employment.
The collection, use and disclosure of your personal data including the cross-border transfer thereof shall be performed in accordance with the above principles.
3. Persons or organizations who the data may be disclosed to.
TFT may have to disclose your personal data to other persons or organizations within or outside the country to fulfill the purposes under this notice as follows:
3.1 Business Alliances for example, business alliance in air transport, tourism, hotel, car rent, marketing, financial institution, insurance or life assurance or any persons involving the promotion or loyalty program, data analysis, platform joint service provider or person whose name or trade mark appears on the contract, website or other service channels of TFT.
3.2 Persons Involving in the Services of TFT for example Thai Airways Public Company Ltd., joint provider with TFT, outsourcing service provider, contractor or provision of goods or service to TFT or agent of TFT within and outside the country who TFT is a contracting party, for example, infrastructure development provider, technical infrastructure developer, electronic or information technology system developer, logistics and cargo terminal service provider, Cloud computing service provider, data analysis provider and event and activity organizers.
3.3 Person or Organization as Described by Laws TFT may have to disclose your personal data for the purpose of compliance with laws, rules, regulations or order of the government agency, state agency, supervisory agency or in case TFT believes that the disclosure is necessary for complying with laws to protect the right of TFT or other person, for the safety of person, to protect, investigate or manage the fraud, security or safety in various areas, for example, tax authority, fund administrator, social security authority or financial institution.
3.4 Advisors of TFT, for example, legal, financial, technical experts and auditor.
3.5 Right and Obligation Assignee or Novation Assignee including the person involving in the reorganization, business assignment, investment, merger, purchase or sell of properties, shares or businesses by a person involving such activities, shall be in accordance with this notice.
3.6 Other Related Persons, for example, beneficiary, person has the authority to perform the duty for or guarantor.
3.7 Association, Organization, Club and Other Bodies, for example, TFT Research Network.
3.8 Websites and Other Social Media, for example, Facebook, Google, Instagram
TFT shall inform the person or organization who the data has been disclosed to treat the data in a safe manner according to TFT’s policy and laws. TFT shall allow the use your personal data for the intended purposes and order of TFT only.
4. Storage of Your Personal Data and Duration.
4.1 Storage of Your Personal Data
TFT takes security measure to your personal data both in document and electronic form to protect the data from loss or unauthorized or unlawful access, use, amendment, revision or disclosure.
4.2 DatDuration for Storage Your Personal Data
TFT will collect your personal data as it is needed for the respective purposes as informed in this notice as necessary as specified by laws at the maximum period of 10 years from the date your relation with TFTshall cease, except that it is otherwise necessary by TFT as specified by laws or such personal data are unable to be erased or destroyed due to the technical limitation.
5. International Transfer of Your Personal Data.
In case TFT is necessary to transfer your personal data to other persons in other countries, for example, your or TFT’s contracting party, branch office of TFT in other countries, the subsidiary companies, authority or organization in other countries, the destination country where data protection measures are not sufficient as required by laws. In such case, TFT will take appropriate measure to ensure that your personal data will be transferred safely.
Personal data may be shared with related third party service providers who will process it on behalf of TFT for the purposes identified above. In this case, we use additional safeguards to protect your personal data such as “Data Processing and Transfer Agreement” and “Standard Contractual Clauses” for sharing to the processor outside EU/EEA or Thailand, as the case may be. We process your data mainly within the Kingdom of Thailand and EU. If you acquire services that involve the transfer of your data to other countries, with equivalent or non-equivalent data protection measures with the Kingdom of Thailand or the EU, such as international flight connections, we will also transfer your data to these other countries. In this respect we also refer to the general privacy policy of the International Air Transport Association (IATA) https://www.iatatravelcentre.com/privacy.htm
When you are under GDPR, in some cases when we transfer your data to countries outside of the EU or EEA, we use additional safeguards to protect your personal data, such as the EU Commission approved “Standard Contractual Clauses”. A copy of the clauses can be provided for your review on request to the contact details provided in section 10.
6. Website System used for collecting the Data.
When access to the website system of TFT, TFT will automatically collect some data from your usage for the purposes detailed in this notice, for example, TFT will take the data that Cookies and other similar technologies has recorded or collected for statistical analysis or other activities of the website system or business of TFT to help TFT to provide best experience for the use of website to you including the improvement of efficiency and quality of website system service of TFT.
7. What rights do you have?
As the data subject, you may exercise the following rights;
7.1 Right of access and Request a Copy
You have a right of access to your personal data and request for a copy which are under our responsibility or request for the disclosure of the collection of personal data that you have not consented.
7.2 Right of Data Portability
Where your personal data are provided to TFT by consent or necessary for performance of contract or by a request you have made to TFT or as announced by the Data Protection Committee, and in case TFT has made data, and those data are in machine-readable format, you the right to request the transmit those machine-readable data to another controller, where technically feasible.
7.3 Right to Object
You have a right to raise objection to collect, use or disclose your personal data in case (1) TFT collects your personal data for necessary reason for the public task, the exercise of right by the government sector or for the legitimate interest of TFT, person or juristic person (2) TFT collects, uses or discloses your personal data for the purpose of direct marketing or (3) TFT collects, uses or discloses your personal data for the purposes of scientific, historical or statistical research, except as necessary for the purposes of public task of TFT.
7.4 Right to Erasure or Destroy Personal Data
You have a right to request to erase, destroy or to make your personal data unidentifiable in case (1) your personal data are no longer necessary in relation to the purposes for which they were collected (2) you have withdrawn your consent and TFT does not have the authority by other legal ground to collect, use or disclose such personal data (3) you have objected to the collection, use or disclose of your personal data collected by TFT for the reasons of necessity to perform the public task of TFT, the exercise of the right by the public authority or for the legitimate interest of TFT or other person or juristic person and TFT has no overriding legitimate grounds to refuse such objection (5) your personal data are unlawfully collected, used or disclosed, except in case it is necessary for TFT to collect your personal data for legal obligation or for the establishment, exercise or defence of legal claims or the use or protection of the right of TFT.
7.5 Right to Restriction
You have the right to restriction of the use of your personal data in case (1) TFT is in the process of verification of the accuracy of your personal data (2) TFT unlawfully collects, uses or discloses your personal data (3) TFT no longer needs the personal data for any purposes, but they are required by you for the establishment, exercise or defence of legal claims (4) you have objected the use of your personal data pending the verification whether the legitimate grounds of TFT override those of you.
7.6 Right to Ratification
You have the right to request TFT to rectify your personal data to be accurate, complete and not to mislead.
7.7 Right to Withdrawal of Your Consent
Where you have consented to collect, use and disclose your personal data, you have the right to withdraw your consent to TFT at any time.
7.8 Right to Cancellation of Your Consent
You have the right to cancel your consent where TFT has collected your personal data prior to the Data Protection Act became effective by submitting your cancellation request to the office of TFT where you use or has used the services.
7.9 Right to Complaint
You have the right to lodge you complaint to the agency or responsible authority when TFT or a processor of personal data including employee or contractor of a processing company infringe or does not comply with the data protection laws.