cookies-policy | Huagruay

Privacy Notice for Training, Seminar & Other Activities

Huakruay Studio Co., Ltd. and its affiliated companies (“Company”) recognize the importance of personal data protection and are committed to protecting personal data in accordance with the Personal Data Protection Act B.E. 2562. This privacy notice has been prepared to inform you of the details related to the collection, use, disclosure, and/or processing of personal data, as well as the legal rights of the data subjects, as follows:

Definitions
Term                                                                       Meaning
Company                       Huakruay Studio Co., Ltd. and its affiliated companies
Person                       A natural person who is not deceased
Processing
Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, systematic organization, structuring, application, modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, restriction, erasure, or destruction.

Personal Data

Information about an individual that enables the identification of that individual, either directly or indirectly, but excluding information of deceased persons.

Sensitive Personal Data

Personal data related to race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health information, disability information, union membership, genetic data, biometric data, or other data which similarly affect the data subject as specified by the Personal Data Protection Committee.

Data Subject

An individual to whom the personal data refers, excluding cases where the individual has ownership or created or collected the data themselves. The term 'data subject' refers only to natural persons and does not include juridical persons, such as companies, associations, foundations, etc.

Data Controller

A person or juridical person who has the authority and responsibility to make decisions regarding the processing of personal data.

Data Processor

A person or juridical person who processes personal data on behalf of or under the orders of a data controller. Such a person or juridical person does not qualify as a data controller.

Other Definitions

For terms not defined in this privacy notice, the definitions shall be in accordance with the Personal Data Protection Act B.E. 2562.

Scope of this Privacy Notice

2.1 Natural Persons: Such as interested individuals, prospective participants, former participants, or attendees of the company's training, seminars, and other activities, which may appear in forms such as meetings, discussions, training sessions, seminars, live broadcasts, interviews, gatherings, questionnaires, surveys, or other formats.

2.2 Natural Persons: Such as employees, personnel, officers, representatives, shareholders, authorized persons, directors, contacts, referees, emergency contacts, and other individuals related to the company's corporate clients who will participate, have participated, or attend the company’s training, seminars, live broadcasts, interviews, gatherings, questionnaires, surveys, or other activities.

Hereafter, individuals referred to in sections 2.1 and 2.2 will be collectively referred to as "you" or "data subjects."

Personal Data Processed by the Company

The Company processes various types of personal data, either directly from you or indirectly from other sources, and classifies them as follows:

3.1 Personal Information: Includes prefix, name-surname, age, occupation, company name, position, work history, work-related information, gender, nationality, marital status, educational history, academic qualifications, photographs, signatures, etc.

3.2 Contact Information: Includes home address, residential address, business address, postal address, phone number, fax number, email, LINE ID, or other electronic contact information.

3.3 Government-Issued Personal Information: Includes national ID card number, passport number, taxpayer ID number, company certificate (listing company directors), or similar information.

3.4 Financial Information: Includes bank account number, type of bank account, PromptPay details, payment details, etc.

3.5 Website Usage Information: Includes cookies or similar technologies, Internet Protocol (IP) addresses, log files, date and time of website visits, visited web pages, usage behavior, etc.

3.6 Third-Party Information: Includes names, surnames, addresses, phone numbers, relationships with data subjects, emergency contacts, spouses, children, etc.

3.7 Static and Moving Images and Sounds: Includes static images, sounds, and moving images of you that the Company may collect from CCTV cameras and photography when accessing areas during training, seminars, and other activities organized by the Company.

3.8 Sensitive Personal Information: Includes religious information, food allergy information, health information, biometric information, etc. The Company will seek your consent unless there is another legal basis.

If the Company receives copies of your national ID card or other documents for legal identity verification purposes and/or to conduct any transactions with the Company, such documents may contain religious information or other sensitive personal information. The Company does not intend to collect such information unless consent is obtained or there is another legal basis. The Company will manage such information according to best practices and as permitted by law.

The Company may receive third-party information related to you that you provide to the Company, such as emergency contacts or coordinators. The Company uses this information for contact purposes. Please inform third parties of this privacy notice and obtain their consent where necessary unless there are legal exceptions that do not require consent.

The Company will not collect personal data of minors (persons under the age of 20 or not of legal age by marriage or other legal exceptions), persons with limited capacity, or persons with incapacity without consent from their legal guardians. If the Company becomes aware of collecting personal data from such individuals without consent or another legal basis, the Company will delete the data immediately upon discovery, except where other legal grounds are applicable.

### Sources of Personal Data

The Company collects your personal data through the following processes:

4.1 Data Provided Directly by You: Includes data found in training, seminar, and activity registration, supporting documents, complaints about activities, account or profile registration data with the Company through offline and online channels, communication data (letters or conversations, including images and sounds), and data provided through surveys, feedback, or comments.

4.2 Data Collected Automatically: When you use the Company’s services or visit the Company’s website through electronic devices such as mobile phones or computers, the Company may collect personal data through technologies like “cookies” or similar technologies.

4.3 Data from External or Public Sources: Includes reliable sources such as the Department of Provincial Administration, Department of Business Development, commercial data sources, websites, social media platforms, data providers, relevant agencies, companies, associations, or federations related to you or your organization.

4.4 Data from Participation in Company Activities: Includes marketing activities, contests, sweepstakes, events, or competitions organized by or on behalf of the Company and/or partners or affiliates authorized to conduct such activities.

### Purposes of Personal Data Processing

The purposes for which the Company processes your personal data based on legal grounds include:

5.1 Purposes Requiring Consent: The Company processes your personal data based on consent when no other legal basis is applicable.

5.2 Purposes Based on Other Legal Grounds:

(1) Contractual Basis: For initiating, entering into, or performing a contract with you.
(2) Legal Compliance: For fulfilling legal obligations.
(3) Legitimate Interests: For the legitimate interests of the Company or third parties.
(4) Protection of Vital Interests: For preventing or mitigating harm to the life, body, or health of individuals.
(5) Public Interest: For performing tasks for public interest or exercising official authority.

The Company relies on the above bases or other legal grounds as permitted by data protection laws, such as:

(1) Preventing or mitigating harm to the life, body, or health of individuals who cannot give consent.
(2) Activities of foundations or non-profit organizations under legal conditions.
(3) Publicly disclosed information with explicit consent.
(4) Legal claims.
(5) Compliance with laws for objectives related to:

(a) Preventive or occupational medicine.
(b) Public health benefits.
(c) Labor protection and social security.
(d) Research studies.
(e) Significant public interest.

To process your personal data for the following purposes:

- To contact, communicate, register, or verify your identity for the Company's training, seminars, and activities.
- To inform hosts, moderators, speakers, and relevant persons for conducting training, seminars, and activities.
- To manage your accounts and financial transactions, including payments, refunds, receipts, invoices, service follow-ups, verifications, and cancellations.
- To communicate, coordinate, provide services, notify alerts, news, and service information, and to update and correct your personal data as a Company service user.
- To present marketing information, notify alerts, news, and service information, and to update and correct your personal data as a Company service user.
- To manage various service-related issues such as inquiries, requests, feedback, complaints, claims, disputes, or compensations.
- To provide technical assistance and resolve issues, notify problem resolutions, and survey your satisfaction with the Company's services or training, seminars, and activities.
- To record images, sounds, or videos of training, seminars, and activities organized by the Company.
- To publicize, report, or disseminate information about the Company's training, seminars, and activities to the public through various channels, such as the Company’s website, social media networks, and digital platforms.
- To publicize, report, or disseminate training, seminars, and activities to you or your organization, including notifying benefits that you or your organization may be interested in.
- To conduct training, seminars, and activities, both general and electronic, and to issue training certificates.
- To manage advertising, publicity, marketing campaigns, analysis, service development, customer contact for recommendations or service offerings, and media advertisement management.
- To comply with regulations and conduct internal and external business audits.
- To prevent or mitigate harm to your or others' life, body, or health.
- To investigate, prevent, or address legal violations, risk prevention, or reasonable suspicion of illegal activities or potential threats to the safety of others.
- To comply with data protection laws, such as responding to data subject rights requests, and other legal compliance.
- To comply with internal policies and applicable laws, including regulations, rules, and practices, such as obtaining business operation permits as required by law, coordinating with government agencies, courts, or relevant bodies, investigating, filing complaints, preventing crimes, fraud, and complying with legal requirements.
- To process personal data for research or statistical purposes, such as conducting statistical surveys, research studies, designing training curricula, and improving the Company's services.
- To create a network of data protection officers and strengthen compliance with data protection laws.

If you choose not to provide your personal information to the company, it may affect you. The company may be unable to fulfill your requests or contractual obligations. Consequently, some or all of the company's services might not be available to you, leading to potential inconvenience, unmet contractual obligations, or loss of benefits/opportunities. In certain cases, not providing the necessary information may affect compliance with legal requirements applicable to either the company or yourself, possibly resulting in legal penalties.

Disclosure of Your Personal Information

The company may disclose your personal information to the following third parties for the purposes outlined in this privacy notice. Note that you may also be subject to the privacy policies of these third parties. Therefore, it is recommended that you review their privacy policies to understand how they process your personal information.

6.1 Third Parties

The company may hire other companies, agents, or contractors to provide services to the company. It may disclose your personal information to such external service providers, including but not limited to, infrastructure developers, internet and website providers, digital service providers, logistics and shipment companies, audit firms, training and seminar organizers, data storage and cloud service providers, security service providers, software application providers, consultants, affiliates, business partners, potential buyers, seminar and event organizers, hosts, moderators, speakers, and related persons for the company's training, seminars, and activities.

6.2 Government Agencies

The company may be required to disclose and/or transfer your personal information to government agencies, law enforcement authorities, courts, officials, or other entities where there is a legitimate belief that it is necessary to comply with legal obligations, protect the company's rights, protect others' rights, ensure safety, or investigate, prevent, or address fraud issues.

Cookies and Their Use

When you visit the company's website, it automatically collects certain information from you through the use of cookies.

Cookies are specific data related to your computer that track information about your website usage. This information is used to analyze trends, manage the website, monitor user movements, and remember user preferences. Some cookies are essential for the website to function correctly (Necessary Cookies). Other cookies improve your website experience, personalize content, and facilitate easier browsing by remembering usernames (securely) and language settings.

Most web browsers allow you to choose whether to accept cookies. If you opt out of cookie tracking or delete cookies, it may impact your website usage. Lack of cookie storage may limit some website functions or features.

Additionally, third parties may use cookies on the company's website to display advertisements related to your interests based on your browsing history. These third parties may collect your history or other information to understand how you accessed the site and which web pages you visited afterward. The information collected automatically may be linked to personal data you previously provided on the company's website. Note that you may also be subject to the privacy policies or cookie policies of these third parties. Therefore, it is recommended that you review their privacy policies to understand how they process your personal information.

Transfer of Personal Data to Foreign Countries

8.1

The company may transfer your personal data abroad when necessary to fulfill a contract you are a party to or to carry out a request made by you before entering into a contract, to prevent or suppress danger to life, body, or health, to comply with laws, or for public interest tasks, or with your consent, or as permitted by law.

8.2

The company may store your data on computers, servers, or cloud systems provided by other entities and may use software or applications of others in the form of software-as-a-service and platform-as-a-service to process your personal data. The company will ensure that unauthorized persons cannot access personal data and will require these entities to have appropriate personal data security measures.

8.3

If it is necessary to transfer your personal data abroad, the company will comply with data protection laws and take appropriate measures to ensure your personal data is protected. You will be able to exercise your rights regarding your personal data as specified by law. The company will ensure that the recipients of your personal data have suitable measures to protect your data, process it only as necessary, and prevent unauthorized use or disclosure.

Data Retention and Retention Period of Your Personal Data

9.1

The company will retain your personal data as long as necessary, considering processing purposes and legal requirements or other accepted business standards, such as a 10-year retention period according to the statute of limitations.

9.2

The company will continue processing your personal data even after you terminate your relationship with the company as necessary for legal compliance, legitimate interests, or anonymization.

9.3

The company will regularly review and delete or destroy personal data, make it permanently non-identifiable, or otherwise remove all data that is no longer necessary or relevant to processing purposes, or upon your request to delete your personal data.

Your Data Subject Rights

10.1 Right to Withdraw Consent

You have the right to withdraw your consent at any time while your personal data is with the company, except where the company has legal grounds to deny the request.

Withdrawing your consent may affect your job application, benefits from the company, or useful information you might receive. For your benefit, you should understand and inquire about the potential impacts before withdrawing consent.

10.2 Right to Access Personal Data

You have the right to access your personal data and request a copy of it. You may also request the company disclose the source of the personal data in its possession unless the company has legal grounds to deny the request.

10.3 Right to Data Portability

You have the right to receive your personal data in a readable, automated format, request the company transfer such data to another data controller, and directly receive the personal data transferred or transmitted to another data controller unless the company has legal grounds to deny the request.

10.4 Right to Object to Processing

You have the right to object to the processing of your personal data at any time if the processing is based on legal grounds specified by law unless the company has legal grounds to deny the request.

10.5 Right to Erasure of Personal Data

You have the right to request the deletion or destruction of your personal data or to make it anonymous, unless the Company has a legal basis to refuse as prescribed by law.

10.6 Right to Restrict Processing of Personal Data

You have the right to request the temporary suspension of the use of your personal data in cases where the Company is in the process of verifying your request for data correction or objection, or in other cases where the Company no longer needs the data and must delete or destroy it according to relevant laws, but you request the suspension of use instead.

10.7 Right to Rectification of Personal Data

You have the right to request that the Company corrects your personal data to ensure it is accurate, up-to-date, complete, and not misleading.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a legal authority if you believe that the processing of your personal data violates or does not comply with relevant laws.

If you have any questions regarding the Company's practices concerning your personal data, please contact the Company using the contact details provided in section 15 of this Privacy Policy. In case there is a reasonable belief that the Company has violated data protection laws, you have the right to submit a complaint to the expert committee appointed by the Personal Data Protection Committee according to the regulations and procedures prescribed by data protection laws.

Upon receiving a request to exercise your rights under data protection laws, the Company will proceed within the timeframe stipulated by law. The Company reserves the sole right and discretion to comply with or reject your request based on the criteria prescribed by law.

Personal Data Security Measures

The Company prioritizes the security of your personal data to ensure that its employees and external parties acting on its behalf adhere to appropriate personal data protection standards, including duties to prevent data breaches.

The Company will securely store your personal data following technical measures, organizational measures, and physical measures to maintain appropriate security in processing personal data and to prevent data breaches. The Company has established policies, regulations, and guidelines for personal data protection, including measures to prevent recipients from processing the data outside the intended purposes or unauthorized processing.

The Company regularly updates these policies, regulations, and guidelines as necessary and appropriate. Additionally, the management, employees, contractors, agents, consultants, and data recipients from the Company are required to maintain the confidentiality of personal data according to the confidentiality measures set by the Company, including agreements on personal data processing.

Links to Third-Party Websites

While using the Company's application or website, there may be links to social networks, digital platforms, and other websites operated by third parties. The Company cannot be responsible for the content or personal data protection standards of those other websites unless otherwise specified. Any personal data you provide to those third-party websites will be collected by those parties and subject to their respective privacy notices or policies (if any). In such cases, the Company advises you to review and follow the privacy notices or policies displayed on those websites separately from the Company's.

Personal Data Collected Before the Enforcement of the Personal Data Protection Act

The Company has collected, used, and/or disclosed your personal data provided to the Company by any means due to your relationship with the Company as an employee, worker, customer, partner, business ally, shareholder, or board member, or any other capacity before the effective date of the Personal Data Protection Act. The Company notifies you that it will continue to collect and use such personal data for the original purposes for which it was collected and used before the enforcement of the Personal Data Protection Act.

The Company will not disclose such personal data to others unless with your consent or as permitted by law.

If the Company intends to process such personal data beyond the original purposes for which it was collected and used before the enforcement of the Personal Data Protection Act, the Company will notify you and proceed to process your personal data according to the principles and methods prescribed by law. You can find further details about the collection, use, and/or disclosure of your personal data in the Privacy Policy.

If you do not wish for the Company to continue collecting and using such personal data, you have the right to withdraw the consent previously given to the Company before the Personal Data Protection Act becomes effective by contacting the Company as detailed in this Privacy Policy.

Changes to the Privacy Policy

The Company will regularly review the Privacy Policy to ensure compliance with practices, laws, and relevant regulations. If there are changes to the Privacy Policy, the Company will notify you of such amendments along with the updated Privacy Policy through the Company’s website and other appropriate channels. Therefore, the Company recommends that you periodically review the changes to this Privacy Policy.

If you have any questions or need to inquire about the processing or exercise of your personal data rights under this Privacy Policy, you can contact us using the following details:

Data Protection Officer

Email: huagruay.studio@gmail.com

Contact Address

Huagruay Studio Co., Ltd.

Office address: 223/2 Moo 14, Nong O Sub-district, Ban Pong District, Ratchaburi Province, 70110

16. Governing Law

You acknowledge and agree that this Privacy Policy is governed by and interpreted in accordance with Thai law, and the Thai courts have jurisdiction to consider any disputes that may arise.