WHAT ARE COOKIES?
Cookies are tiny text files that are stored on your computer, tablet or mobile phone. They are not harmful to your computer or your security and have nothing to do with viruses. Cookies are created when a user’s browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server. Cookies have several functions, including, among others, collecting information of and remembering users’ preferences and generally facilitating users’ use of the website.
The information generated by the cookies about your use of the website, including your IP address, will be transmitted to and stored on Google’s servers. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Google only receives the User-ID, not the information of other personal data of yours.
WHAT IF I WANT TO CONTROL MY COOKIE PERMISSIONS?
Update : 27/05/2021
CRE (THAILAND) COMPANY LIMITED, the Self Storage service provider under the trademark Keep It Self Storage (“the Company”) adheres to ethical business code of conducts and compliance with applicable legal framework. The Company is aware of your trust in the Company’s products and services and recognizes your need for security in transaction and the handling of your personal data.
For prioritizing your privacy and safeguarding your personal data, the Company, therefore, has set out policies, regulations and rules for the Company’s business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to Company will be processed to meet your needs and in accordance with the laws.
1.Purpose of this Policy
This Policy is to inform you to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data.
2.Personal data which the Company collects, uses, and/or discloses
- Personal Data is data that can directly or indirectly identify you, i.e.
- Personal data that you give directly to the Company, or available to the Company by your rental of products and/or services, contact, visit, search via online channels, website, Call Center, assigned persons or other means.;
- Personal data received or accessed by the Company from other sources not directly from you. For example, government entities, financial institutions, business partners and information service provider, etc. The Company will collect data from other sources only when your consent is given as consistent with laws unless where necessary for the Company as permissible under laws.
Your personal data that the Company collects, uses and/or disclose, including but not limited to:
- Personal information such as name, surname, age, date of birth, marital status, national identification number, passport number, phone records, pictures and other identification information;
- Contact information such as home address, workplace, current address, telephone number, E-mail, LINE account ID;
- Financial information such as account number used in transaction related to the Company, asset lists, financial information on rental, monthly payments;
- Data related to devices or machines such as IP address, log, device ID, MAC address, Cookie ID;
- Other information such as your activities on the website, pictures, videos, and other information deemed personal data under the Personal Data Protection Laws
- Sensitive Data is personal data that is specially categorized by law and will be collected, used and/or disclosed by the Company only when the Company has obtained explicit consent from you or where necessary for the Company as permissible under law. The Company may collect, use and/or disclose biometric identifiers (Biometrics), e.g., facial recognition, fingerprint recognition, retina recognition, voice recognition for the purpose of verifying and confirming your identity.
(Unless otherwise specified in this Policy, personal data and sensitive data about you above will be collectively called “Personal Data”)
3.The Company’s purposes of collecting, using and/or disclosing your Personal data
3.1 For your benefits in using the Company’s products and/or services that meet your own purposes and for other purposes necessary under laws.
3.1.1 To allow you to rent the Company’s products and/or services that meet your purposes under your contract with the Company or to take steps at your request prior to renting the Company’s products and/or services (Contractual Basis), for instance,
(1) to issue quotations, to give information about the Location of Keep It, products of Keep It, etc.
(2) to take any steps in relation to the providing of any products and/or services, e.g. document delivering, processing, contact, notification, etc. to comply with the purposes of product usage.
3.1.2 To comply with relevant or applicable law (Legal Obligation), for instance,
(1) to comply with an order from a competent authority; and/or
(2) to comply with Consumer Protection Law, Life Insurance Law, Non-life Insurance Law, Tax Law, Anti-money Laundering Law, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Law, Computer Law, Bankruptcy Law, Law concerning rental and other laws to which the Company is subject both in Thailand and in other countries including regulations and rules issued pursuant to such laws.
3.1.3 To take necessary steps for the Company’s legitimate interests or other individual or juristic person which are not overriding your reasonable expectations (Legitimate Interest), for instance,
(1) to record voice conversation with call center or images from CCTV, to exchange ID cards before entering buildings;
(2) to maintain relationship with customers, e.g. complaint handling, satisfaction survey, customer service by the Company’s staff, notification or offer on any products and/or services of the same types you are using for your benefits;
(3) to manage risks, monitor, manage within organization including to refer such tasks to affiliated companies in the conglomerate under the Personal Data related policy of the conglomerate (Binding Corporate Rules);
(4) to anonymize your Personal Data (Anonymous Data);
(5) to prevent, respond, and minimize potential risks arising from corruption, cyber threat, debt default or contractual breach (e.g. bankruptcy related data), law violation (e.g. money laundering, terrorism and proliferation of weapon of mass destruction financing, offences related to property, life, body, liberty or fame); including sharing Personal Data to enhance work standards of affiliated companies/other companies in the same business in order to prevent, respond, and minimize the above risks;
(6) to collect, use and/or disclose the Personal Data of directors, representatives, agents of customers that are juristic person;
(7) to contact, voice or image recording during meetings, trainings, seminars or booth activities;
(8) to collect, use, and/or disclose the Personal Data of person under court’s receivership order; and
(9) to receive – dispatch parcels.
3.2 To enable you to receive benefits from using and/or renting products and/or services according to your given consent, for instance,
(1) For you to receive products and/or services that are better and suitable for your need;
(2) For you to receive offers, privileges, recommendations and other information including eligibility to attend special activities; regardless of being products and/or services, privileges, promotions, information or special activities of the Company, business partners of the company, or other third parties depending on your given consent.
4.Persons whom the Company may disclose your Personal Data to
4.1 The Company may disclose your Personal Data to other person to the extent permissible under your consent or law. The persons or entities receiving such data will collect, use, and/or disclose the Personal Data to the extent permissible under your consent or related to this Policy.
4.2 The Company may disclose the data to other persons or entities to the extent permissible under your consent or law. For example, Personal Data processors, external service providers, sub-contractors, financial institutions, auditors, credit rating companies, competent authority, any corporations or individuals under relationship or contract with Company; including executives, employees, staffs, contractors, the Company’s advisor and of those person or entity who receive the data, etc.
5.Transferring of your Personal Data to other countries
5.1 When it is necessary, the Company may send or transfer your Personal Data to affiliated companies/companies in the same business located in other countries or to other receivers in ordinary course of the Company’s business, e.g. sending or transferring the Personal Data to be stored on server/cloud in other countries.
5.2 If the receiving countries do not maintain adequate standard levels, the Company will ensure that the sending and the transferring are in compliance with legal requirements and will put in place the Personal Data protection measures as necessary, appropriate and in consistent with confidentiality measures. For example, entering into confidentiality agreement with receivers in such country; or in case of affiliated companies/companies in the same business being the receivers, setting out the Personal Data policy that is audited and certified by competent authorities under relevant law and controlling the sending and transferring to comply with such policy instead of legal requirements.
6.The length the Company retain your Personal Data
6.1 The Company will retain your Personal Data for as long as necessary during the period you are a customer or under relationship with the Company, or for as long as necessary in connection with the purposes set out in this Policy, unless law requires or permits longer retention period. For example, retention pursuant to Anti-money Laundering Law, retention for proving and examining in the event of dispute within legal prescription period of not over 10 years, etc.
6.2 The Company may erase, destroy, or anonymize the Personal Data when it is no longer necessary or when the period lapses.
7.Protection of your Personal Data
For retention of your Personal Data, the Company implements technical measures and organizational measures to ensure appropriate security in the Personal Data processing and preventing Personal Data breach. The Company has set out policies, rules and regulations on Personal Data protection to prevent data receivers from using or disclosing the data outside the purposes or without authorization or unlawfully. The Company has amended the policy, rule and regulation as frequently as necessary and appropriate.
Moreover, the Company’s executives, staffs, employees, contractors, agents, advisers and data receivers are obligated to keep the Personal Data in confidence pursuant to confidentiality measure provided by the Company.
8.Your rights related to Personal Data
Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulation set out by the Company. In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf.
- Right to withdraw consent: If you have given consent to the Company to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the period your Personal Data available to the Company, unless it is restricted by laws or you are still under beneficial contract.
Withdrawal of your consent may affect your rental and/or uses of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.
- Right of access: You have the right to access your Personal Data that is under the Company’s responsibility; to request the Company to make a copy of such data for you; and to request the Company to reveal as to how to Company obtain your Personal Data.
- Right to data portability: You have the right to obtain your Personal Data if the Company organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the Company to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by the Company directly to other data controller unless not technically feasible.
Your Personal Data above must be under your consent given to the Company to collect, use, and/or disclose; or those the Company deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with the Company.
- Right to object: You have the right to object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the Company, corporation or individual which is within your reasonable expectation; or for carrying out public tasks. If you request to object, the Company will continue collecting, using and/or disclosing your Personal Data only when the Company can establish a legal basis that doing so is more important than your fundamental rights; or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis.
- Right to erasure: You have the right to request the Company to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; or retention of the data by the Company is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
- Right to restriction of data processing: You have the right to request the Company to suspend processing your Personal Data during the period where the Company examines your rectification or objection request; or when it is no longer necessary and the Company must erase or destroy your Personal Data pursuant to relevant laws but you instead request the Company to suspend the processing.
- Right to rectification: You have the right to rectify your Personal Data to be updated, complete and not misleading.
- Right to complaint: You have right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws.
- The exercise of rights above may be restricted under relevant laws and it may be necessary for the Company to deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If the Company denies the request, the Company will inform you of the reason.
You may request to exercise your rights via the following channels:
Rights Channels Processing Time
Right to withdraw consent Email 7 Days
Right of access Email 7 Days
Right to data portability Email 7 Days
Right to object Email 7 Days
Right to erasure Email/Telephone 7 Days
Right to restriction of processing Email 7 Days
Right to rectification Email/Telephone 7 Days
9.Contacting the Company and the Data Protection Officer
If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact the Company and/or the Data Protection Officer via the following channel:
- CRE (THAILAND) COMPANY LIMITED
Company Office Hours: 09.30 am. – 05.00 pm.
Address: 200 Tossapon Building, Room 5B, Ratchadaphisek Road,
Huaykhwang, Huaykhwang, Bangkok 10310
- CRE Data Protection Officer