Privacy Policy for Customers

ASIA CONNECT CORPORATION COMPANY LIMITED ("we," "us," "our") understands the importance of protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data, and your rights as a data subject, in compliance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) and other relevant laws.

Collection of Personal Data

We collect your personal data directly from you during interactions such as:

• Account registration: Information provided during account creation.
• Login methods: Data from Facebook and Google logins.
• Face vector data and facial images: Collected for clock-in/out and employee management purposes using facial recognition technology.
• Location data: Latitude and longitude coordinates for tracking employee clock-in locations.

Types of Personal Data Collected

We collect the following types of personal data, depending on the services you use:

• Personal Identification Data: Name, surname, age, date of birth, nationality, identification card, passport number, etc.
• Contact Information: Address, phone number, email address, etc.
• Account Details: Username, password, transaction history.
• Proof of Identity: Copies of identification cards or passports.
• Financial Data: Purchase history, credit card details, bank account information.
• Technical Data: IP address, cookie ID, activity logs, etc.
• Biometric Data: Face vector data and facial images for clock-in/out and employee management.
• Location Data: Latitude and longitude coordinates collected during clock-in.

Collection of Data from Children

If you are under 20 years old or legally restricted, we may need parental or guardian consent to collect, use, or disclose your personal data. If we become aware that we have collected personal data from children without proper consent, we will take immediate steps to remove that information from our systems.

Storage of Data

Your personal data may be stored in the following locations:

• Servers located within Thailand.
• Servers located outside of Thailand.
• Third-party service providers within and outside of Thailand.
• Face vector data for time attendance is stored locally on the clock-in/out device and is encrypted.
• Facial images and face vector data uploaded by the site administrator are stored in our storage services (e.g., Amazon S3), and face vectors are processed and stored in our database for verification purposes.
• Location data is stored in our database for internal management purposes.

Use of Data

We use the personal data we collect for various purposes, including but not limited to:

• Account management: Creation and management of your accounts.
• Service provision: Delivering products and services to you.
• Product improvement: Enhancing user experiences, products, and services.
• Internal operations: Managing internal business processes and customer relations.
• Marketing: Conducting marketing activities and promotions.
• After-sales services: Providing customer support and after-sales services.
• Employee time attendance: Verifying employee attendance using facial recognition and tracking employee clock-in locations.
• Internal Reporting: Location data may be shown in internal reports for management purposes.
• Legal compliance: Ensuring adherence to applicable laws, regulations, and our Terms and Conditions.

Disclosure of Personal Data

We may disclose your personal data to the following entities under certain circumstances:

• Within our organization: For the development of services and products.
• Service providers: For payment processing, marketing, and technical support (subject to their own privacy policies).
• Business partners: To coordinate certain services.
• Law enforcement or regulatory bodies: In response to legal requirements or court orders.

Face Data

We handle face data with the highest security standards and in compliance with the PDPA. The collection and usage of face data are as follows:

• Data collected: Face images and face vector data are collected for employee authentication to clock in/out and for employee management.
• Usage:
  • The initial face image is uploaded by the site administrator to the face recognition system via the admin panel. This image is permanently stored on the server and is used as the employee's profile image in the mobile app and for legal documentation purposes, including some reporting for management.
  • During clock-in/out, face recognition is performed by sending face images to a recognition API, which returns the employee code. Once this process is complete, the face image is immediately deleted from the system.
• Storage:
  • The raw image of the employee’s face is stored in our storage service (e.g., Amazon S3). Face vector data is processed and stored in the database for authentication purposes.
  • All sensitive face vector data is encrypted and stored securely. Face images used during clock-in/out are stored temporarily and deleted immediately after processing.
• Sharing with third parties: Face data is not shared with third parties. Only usage data (non-sensitive) may be shared with Google Analytics for analyzing user behavior and generating reports for managerial purposes.
• Retention:
  • Face images uploaded initially by the administrator are stored permanently for employee management purposes.
  • Clock-in/out face images are deleted immediately after the process is complete.
  • Face vector data is retained only during the employment period and is deleted when no longer necessary or upon termination of employment.
• Location Usage:
  • We collect and store latitude and longitude coordinates to verify employee clock-in locations at the work site. This location data is not shared with third parties and is only used for internal management processes.
  • Location data may be included in internal reports for monitoring and evaluation purposes.
  • Location in privacy policy: The collection, use, disclosure, and retention of face data are detailed in the sections "Types of Personal Data Collected," "Storage of Data," "Use of Data," "Face Data," "Location Usage," and "Data Retention."

Cross-Border Data Transfers

We may transfer personal data, including face data and location data, to organizations or servers located outside of Thailand. We ensure that such transfers comply with the PDPA and that appropriate safeguards are in place to protect your personal data.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Once the retention period has expired, we will erase, destroy, or anonymize your data. Face data and location data are deleted when they are no longer needed or when your employment ends.

Your Rights as a Data Subject

You have the following rights regarding your personal data:

• The right to access your personal data.
• The right to request correction of inaccurate data.
• The right to request deletion of your data.
• The right to request restriction of processing your data.
• The right to data portability.
• The right to object to the processing of your data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website. We encourage you to review this Privacy Policy periodically for any updates.

Contact Information

If you have any questions regarding this Privacy Policy or wish to exercise your rights under the PDPA, please contact us at:

Data Controller and Data Protection Officer
ASIA CONNECT CORPORATION COMPANY LIMITED
333/134 Soi Chalong Krung 44, Lam Pla Thio, Lat Krabang, Bangkok, 10520
Email: contact@asiaconnectth.com
Website: www.asiaconnectth.com
Phone: 02-026-3939

Last Updated: October 10, 2024