Personal Data Protection Policy

Stream I.T. Consulting Company Limited

        1. Introduction
          Stream I.T. Consulting Company Limited (“Company”) acknowledges and respects your privacy. Therefore, the Company has established this Personal Data Protection Policy (“Policy”) to govern the collection, use, and disclosure of personal data. The Company has prepared this Policy in accordance with the Personal Data Protection Act B.E. 2562 and other relevant laws.
        2. Scope
          This Policy applies to all Personal Data for the purposes of collecting, using, disclosing, transferring, or processing Personal Data. In this Policy, “Personal Data” means any information that can be used to identify you, whether directly or indirectly, including information you provide when registering through the Company’s website, registering for Company events, cookies, transaction information, and usage experience, including but not limited to name, gender, age, date of birth, address, email, telephone number, LINE ID, IP address, pictures, moving images, and any other information that is considered personal data under the Personal Data Protection Act.
          “You” refers to a person who is the owner of the Personal Data and/or the owner of Sensitive Data who has provided Personal Data to the Company, whereby the Company has the authority to make decisions regarding the collection, use, disclosure, processing, or transfer of Personal Data for the purposes specified in the contract or in this Policy, which is legally referred to as the “Data Controller,” with employees specifically assigned by the Company to have the authority to carry out the collection, use, or disclosure of Personal Data, which is legally referred to as the “Data Processor.” The Company will use your Personal Data for the following purposes:
          • For compliance with applicable laws, such as the Personal Data Protection Act, the Electronic Transactions Act, the Telecommunications Business Act, the Anti-Money Laundering Act, the Civil 1 and Commercial Code, the Criminal Code, the Civil Procedure Code, and the Criminal Procedure Code, etc.
          • For the benefit of investigations by inquiry officials or the adjudication of cases by the Court.
          • For the legitimate interests of the Company or other individuals or legal entities that are not the Company.
          • To prevent or suppress dangers to your life, body, or health.
          • To comply with a contract to which you are a party or to use in acting in accordance with your request prior to entering into such contract.
          • To achieve the purposes related to the preparation of historical documents or archives for the public interest or for education, research, or statistical purposes, for which appropriate security measures have been provided.
          • For the benefit of business partners in knowing news and information and offering information that may be beneficial to you.
          • For the benefit of analysis and processing to improve the efficiency of the Company’s products and services, including the development of solutions for you.
          • For the benefit of providing advice and recommending products that provide the greatest benefit to you.
        3. Personal Data Collected by the Company
          • Personal Information: Name-Surname, Age, Address, Contact Information, Telephone Number, Email Address, LINE ID, and Facebook Account.
          • Identification Documents: Copies of National Identification Card and/or Passport.
          • Employment Information: Job Title.
          • Financial Information: Such as a copy of a bank book for payment of goods or wages.
          • Feedback Data: Information about your opinions and impressions regarding the use of the Company’s services or products.
        4. Sources of Personal Data
          The Company may obtain your Personal Data from two sources:
          1. Personal Data Received Directly from You: The Company will collect your Personal Data from the following service procedures:
            • Contractual Relationship: Contacting and entering into a contract for the purchase or sale of the Company’s services and products.
            • Voluntary Submission: Your voluntary participation in surveys or correspondence via email or other communication channels.
            • Consent to Contact: Your voluntary consent to allow contact channels for sending news, offering solutions, providing consultations, or coordinating operations according to various projects.
            • Contacting Company Employees: Your voluntary contact with the Company’s employees to perform duties under the contract.
          2. Personal Data Received from Third Parties: The Company may receive your Personal Data from the following third parties:
            • Authorized Disclosures: Personal Data received from third parties who have the right to disclose the information.
            • Publicly Available Information: Personal Data that is in the public domain. The receipt of such information, whether directly from you or from authorized external parties, may be obtained through various methods such as email, telephone numbers, documents, or other channels on various media.
        5. Consent
          The Company will collect, use, and disclose your Personal Data only after obtaining your consent. Consent may be given either electronically or in writing. You are free to give your consent.
          The Company will not make your consent a condition for the collection, use, or disclosure of Personal Data that is not necessary or relevant to entering into a contract or the provision of services. However, your Personal Data may be collected, used, or disclosed without your consent in the following cases:
          • For purposes related to the preparation of historical documents or archives for the public interest, or related to research or statistics.
          • To prevent or suppress dangers to the life, body, or health of a person.
          • For the performance of a contract to which you are a party or to use in taking action in accordance with your request prior to entering into a contract, whereby the Company will use Personal Data only as necessary for the performance of the contract.
          • For the performance of duties in carrying out missions for the public benefit of the Company or performing duties in the exercise of state power conferred upon the Company.
          • For the legitimate interests of the Company or other persons, unless such interests are overridden by your fundamental rights in your Personal Data.
          • For compliance with the law or orders of government agencies with legal authority.
        6. Sensitive Data
          “Sensitive Data” means Personal Data concerning race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health information, disabilities, trade union membership, genetic data, biometric data (facial pictures, iris scans, or fingerprints), video, or any other data that similarly affects the owner of the Personal Data, without your consent, except in the following cases:
          • To prevent or suppress dangers to your life, body, or health, where consent cannot be given for any reason whatsoever.
          • For the conduct of lawful activities with appropriate safeguards by a foundation, association, or non-profit organization with political, religious, philosophical, or labor union objectives provided to members, former members, or persons having regular contact with the foundation, association, or non-profit organization in accordance with those objectives and without disclosing the Personal Data outside the foundation, association, or non-profit organization.
          • The Sensitive Data has been made public with your explicit consent.
          • The Sensitive Data is necessary for the establishment, exercise, or defense of legal claims.
              • The Sensitive Data is necessary for compliance with the law to achieve the objectives concerning preventive or occupational medicine, the assessment of the working capacity of the employee, the medical diagnosis, the provision of health or social care or treatment, 1 the medical management, health care, or social security systems and services.
              • Public health interests, such as health protection against serious cross-border threats to health or epidemics, or the control of standards or quality of medicines, medical supplies, or medical devices, which have appropriate and specific measures to safeguard your rights and freedoms.
              • Labor protection, social security, national health insurance, medical treatment benefits for persons entitled under the law, protection of victims of road accidents, or social protection, where the collection of Personal Data is necessary for compliance with the Company’s rights or obligations, and appropriate measures are in place to protect your fundamental rights and interests.

            In addition to the exceptions where consent is not required, as mentioned above, the Company will request your consent to collect, use, or process your Sensitive Data. The Company will use your Sensitive Data only as necessary for the performance of the contract and for your benefit, and the Company will implement security measures for the protection of Sensitive Data that are no less than those prescribed by law.

        7. Your Rights (Data Subject Rights)
          You have the following rights:
          • Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your Personal 1 Data that you have given to the Company at any time while your Personal Data remains with the Company.
          • Right of Access: You have the right to access your Personal Data and request the Company to provide you with a copy of such Personal Data, including requesting the Company to disclose the source of the Personal Data that you did not provide to the Company.
          • Right to Rectification: You have the right to request the Company to correct inaccurate data or supplement incomplete data or update data to be current.
          • Right to Erasure: You have the right to request the Company to delete your data for certain reasons. If the Company is unable to delete the data in accordance with your request, the Company will inform you of the reason within 30 (thirty) days from the date you notify the Company of your request to exercise your rights.
          • Right to Restriction of Processing: You have the right to restrict the processing of your Personal Data for certain reasons.
          • Right to Data Portability: You have the right to transfer the Personal Data that you have provided to the Company to another data controller or to yourself for certain reasons.
          • Right to Object: You have the right to object to the processing of your Personal Data for certain reasons.
        8. Processing of Personal Data
          The Company may disclose your Personal Data or other information about you that the Company currently holds and will hold in the future to business partners, individuals, or other legal entities within the scope specified below:
          • The Company shares personal data with other Data Controllers or Data Processors to support its business operations. The Company shall establish contractual terms (within the scope prescribed by law) requiring such Data Controllers or Data Processors to process personal data solely for the purposes for which you have provided consent for disclosure. Furthermore, such Data Controllers or Data Processors shall be required to destroy or return said data when the processing of such personal data is no longer necessary.
          • The Company may disclose personal data upon request, as deemed appropriate and in accordance with applicable laws. In the event of an acquisition or sale of all or part of the Company’s business, personal data collected by the Company shall be considered transferable assets that may be transferred to the acquiring entity.
          • The Company may disclose your personal data under legal requirements pursuant to court orders, warrants, law enforcement proceedings, regulatory investigations, or other circumstances as prescribed by law. Furthermore, the Company may receive requests, such as court orders, warrants, or law enforcement proceedings from government agencies, state authorities, or regulatory bodies supervising the provision of services. In cases where disclosure of personal data is requested under the authority of law, orders, guidelines, or any requests from legally authorized state agencies, or requests from agencies involved in legal proceedings, including where reasonably necessary to enforce the Company’s terms and conditions of use, without obtaining your permission, in order to comply with legal requirements or law enforcement. In executing such requests, the Company shall proceed:
            • Only to the extent necessary for national security, public interest, or law enforcement purposes; or
            • In accordance with laws, government regulations, or court judgments that explicitly stipulate duties or permissions.
          • The Company may comply with the criteria for the international transfer of personal data by entering into standard contractual clauses or implementing other mechanisms as prescribed under the applicable personal data protection law, and the Company may rely on personal data transfer agreements or other approved mechanisms for the global transfer of personal data.
          • The Company may disclose your personal data to business partners, third parties to whom the Company provides services, or on behalf of the Company, including for processing your purchase orders, payment processing, data analysis, news delivery, market research and analysis, satisfaction surveys, and other purposes as specified in this policy. The following third parties have the same obligations to protect your personal data as the Company:
            • Service providers who process personal data on behalf of the Company.
            • Employees, staff, and contractors who have duties requiring access to personal data.
            • Customers or users who can access personal data collected from public sources and data received from each individual.
            • Global network partners and business partners of the Company who use the Company’s data as part of their service provision.
            • The Company’s auditors, lawyers, and consultants in various fields.
            • Service providers and contractors providing support services.
            • Government agencies, including state authorities, are empowered to request personal data, such as the Revenue Department, Royal Thai Police, Office of the Attorney General, Courts, state officials authorized to request personal data, inquiry officers, public prosecutors, etc.
            • Third parties with whom you have requested the Company to share data.
        9.  Security of Personal Data
          • The Company maintains personal data security standards and has obtained ISO 27001 security certification. The Company shall adjust its security measures in accordance with said security standards to ensure the confidentiality of personal data to prevent loss, unauthorized access, destruction, use, modification, alteration, or disclosure of personal data without rights or unlawful basis, as well as to prevent unauthorized use of personal data. This compliance is in accordance with the Cyber Security Policy, the Ministry of Digital Economy and Society Notification on Personal Data Security Maintenance B.E. 2563 (2020), and other relevant laws.
          • The Company implements the following policies and procedures for secure data management and prevention of unauthorized access:
            • Establish policies and procedures for secure data management and as may be additionally specified in agreements between the Company and you.
            • Restrict employees’ or staff members’ access to personal data to only authorized personnel
            • Prevent unauthorized access to your data through data encryption, authentication, and virus detection technology as necessary.
            • Require business partners conducting business with the Company to comply with rules under personal data protection laws and regulations, monitor the Company’s website through specialized units with expertise in personal data protection and online security.
            • Conduct background checks on employees or staff members and provide training and awareness regarding personal data protection to the Company’s working team.
            • Regularly evaluate practices concerning personal data protection, data management, and data security of the Company.
          • For the retention period of personal data, the Company shall implement appropriate security measures to process your requests. The Company shall retain your personal data under the following periods:
            • In cases where you provide information to the Company as a customer or service user, the Company shall retain your data for as long as necessary to provide services to you and shall continue to retain it for an additional 10 (ten) years from the date of service termination.
            • In cases where you provide information to the Company as a contractual party, the Company shall retain your data for as long as necessary for contractual performance and shall continue to retain it for an additional prescription period of 10 (ten) years from the date of contract termination.
          • The deletion, destruction, or return of personal data upon the expiration of the specified retention period, as mentioned above, will be carried out by the Company within thirty (30) days from the date the retention period ends. Upon request, the Company ensures that all of your data will be securely removed from its servers or retained in a manner that prevents identification of your personal identity. However, the Company may retain certain data beyond the stated period if necessary for business purposes or as legally permitted, such as for security, prevention of violations or misconduct, anti-money laundering, or financial record-keeping.
        10. Marketing and Promotional Activities
          During the provision of services, the Company may send you information regarding marketing activities, promotions, products, or service solutions that the Company believes may be of interest to you to enhance the effectiveness of its services.
          If you agree to receive such communications, you have the right to withdraw your consent at any time. You may cancel your consent to receive marketing communications by submitting a request through the contact channels provided at the end of this policy.
        11. Company Contact Information
          Phone: +662-263-9789
          Email: pdpa@stream.co.th
          Website : https://www.stream.co.th
          Head Office Address: 195 One Bangkok, Tower 4, 21st Floor, Unit 2013 -2014, 2113 – 2114, Witthayu Road, Lumpini, Pathumwan, Bangkok, 10330 Thailand.
          Regulatory Authority Details
          If the Company, its employees, or staff violate or fail to comply with applicable personal data protection laws, you have the right to file a complaint with the Office of the Personal Data Protection Committee (PDPC).
        12. Policy Amendments
          If the Company makes any significant changes to its personal data protection practices, it will update and revise this policy accordingly. The updated policy will be published on the Company’s website (https://www.stream.co.th) to inform you about how the Company collects, uses, discloses, and protects personal data in compliance with applicable practices, laws, and regulations.

This policy takes effect on February 19, 2025.

 

Ready to get started?

Launch Your Project with Us

Contact Us

At Stream IT, we leverage our profound expertise and unwavering commitment to innovation to propel your business to new heights in the digital transformation landscape. Our team of highly skilled professionals is dedicated to delivering cutting-edge and customized solutions, ensuring that every project we embark upon not only meets but surpasses your expectations.

Facebook-f Linkedin
Contact Us
Scroll to Top

Search

PDPA Icon

We use cookies to optimize your browsing experience and improve our website’s performance. Learn more at our Privacy Policy and adjust your cookie settings at Settings

Settings Allow
Privacy Preferences

You can choose your cookie settings by enabling/disabling cookies for each category as needed, except for necessary cookies.

Allow All
Manage Consent Preferences
  • Necessary cookies
    Always Active

    Necessary cookies are essential for the functioning of the website, allowing you to use and browse the site normally. You cannot disable these cookies in our website's system.
    Cookies Details

  • Analytical Cookies for Enhancing User Experience

    These cookies are used to collect information about website usage, such as the number of visitors, popular web pages, and browsing behavior, which helps the website owner improve the user experience.
    Cookies Details

  • Functional Cookies for Remembering User Settings

    These cookies help enhance the website's functionality by remembering user settings such as username, language, region, or customizations.
    Cookies Details

Save
Privacy Preferences
Name
dpdpa_consent
Category
Necessary cookies
Host
.stream.co.th
Duration
1 Year
Description
Stores the visitor’s cookie consent preferences.
Name
_ga
Category
Analytical Cookies for Enhancing User Experience
Host
.stream.co.th
Duration
2 Years
Description
Used by Google Analytics to distinguish users and store information about site usage, helping site owners to measure and improve performance.
Name
_ga_3PY0GXY9G2
Category
Analytical Cookies for Enhancing User Experience
Host
.stream.co.th
Duration
2 Years
Description
Used by Google Analytics to distinguish users and store information about site usage, helping site owners to measure and improve performance.
Name
_gid
Category
Analytical Cookies for Enhancing User Experience
Host
.stream.co.th
Duration
24 Hours
Description
Used by Google Analytics to distinguish users and store information about site usage, helping site owners to measure and improve performance.
Name
wp-dark-mode-device
Category
Functional Cookies for Remembering User Settings
Host
.stream.co.th
Duration
1 Year
Description
Stores user’s dark mode preference and timezone.
Name
wp-dark-mode-timezone
Category
Functional Cookies for Remembering User Settings
Host
.stream.co.th
Duration
1 Year
Description
Stores user’s dark mode preference and timezone.
Name
pll_language
Category
Functional Cookies for Remembering User Settings
Host
.stream.co.th
Duration
1 Year
Description
Stores user’s dark mode preference and timezone.