AOT Ground Aviation Services Company Limited (“Company”) realizes the importance of the personal data protection, therefore, the Company formulates this Policy in order that the public will acknowledge and understand the way which the Company treats the personal data of the Personal Data Subject, for instance, collection, storage, usage, disclosure, including any rights of the Personal Data Subject. Therefore, the Company announces this Policy as the principle for personal data protection, as follows:
1. Definitions of the Personal Data
“ Personal Data ” means the data relating to person which it can specifically identify such person, directly or indirectly, (but it shall not include the data of the deceased), for instance, first name, family name, address, phone number, ID card number, passport number, Social Security Card number, driver’s license number, tax payer’s number, financial data, credit data, educational background, financial status, health record, working-experience background, e-mail address, car registration, IP Address, Cookie ID, etc.
“ Sensitive Personal Data ” means the data which is really personal matter of the person but it is sensitive and it may be possible to be the unfair discrimination, for instance, race, clan, political view, belief in doctrine, religion or philosophy, sexual behavior, criminal record, health record, disability data, union labour data, genetic data, biological data or any other data affecting the Personal Data Subject in similar manner as announced and determined by the Personal Data Protection Committee.
2. Collection of the Personal Data
The Company shall collect, use the Personal Data with an objective, scope, and lawful and fair mean. The data shall be collected to the extent that it is necessary for the operation under the Company’s objective only. In this connection, the Company shall cause the Personal Data Subject to acknowledge, give consent, via electronic system, or in writing, according to the form, mean of the Company. In case where the Company collects the Sensitive Personal Data of the Personal Data Subject, the Company shall seek explicit consent of the Personal Data Subject prior to the collection, unless the collection of the Personal Data and the Sensitive Personal Data are an exceptional case where the seeking of consent is not necessary as stipulated in the Personal Data Protection Act B.E. 2562 (2019) or any other laws.
3. The Company collects the data according to the objective
The Company shall collect the data to the extent that it is necessary according to lawful objective and in line with the mission of organization, and the Company has determined the objective of the Personal Data in each category clearly in preparation of record of items of the Personal Data. In this regard, the Company shall collect, use or disclose the Personal Data according to the objective as it informed the Personal Data Subject. In case where there is new objective and it is necessary to use such new objective, the Company shall inform and seek prior consent of the Personal Data Subject.
4. Quality of the Personal Data
The Company shall collect the Personal Data directly from the Personal Data Subject. In case where it is necessary to collect data from other source, the Company shall inform the Personal Data Subject within 30 days as from the date on which the Company does so, and obtains the consent from the Personal Data Subject.
The Company shall improve the collected data to be accurate, updated, not misleading. In this regard, the Company shall improve the collected Personal Data every two years and the Company assigned the Personal Data Subject to inform the change of his/her Personal Data when there is any change of his/her Personal Data.
The Company shall neither collect, nor use, nor disclose the Sensitive Personal Data, unless it is necessary to use such Data under an explicit consent of the Personal Data Subject and the Company shall impose a measure to store such Data separately from general data.
5. Disclosure of the Personal Data
The Company shall neither disclose the Personal Data without the lawful basis for processing such Data and not being in line with the objective of collection of such Data, unless there is the consent of the Personal Data Subject or such Data is disclosed under the rule stipulated by laws.
In case where it is necessary to send or transfer the Data to foreign country, the Company shall verify that the destination Data recipient has standard on the Personal Data protection. In case where the destination Data recipient does not have adequate standard or policy on the Personal Data protection, the Company shall notify the Personal Data Subject to acknowledge so, and the Company shall seek an explicit consent of the Personal Data Subject every time.
6. Measure/Safeguard on the Security of the Personal Data
The Company shall impose the appropriate measure/safeguard on the security of the Personal Data, which include the Administrative Safeguard, Technical Safeguard and the Physical Safeguard in order to prevent any loss, unlawful access, destruction, usage or disclosure of Personal Data, and the Company limits the access to use the Personal Data only for the relevant officer.
7. The Responsibility of the Personal Data Controller
The Company has imposed the necessary measure for collecting, using or disclosing the Personal Data safely. In this connection, the Company has the training, creates the awareness and provides knowledge, understanding to the operators who relates to the usage of the Personal Data in working as from such operators start their work, the Company also determines the duty to control, store and protect the Personal Data of organization.
In case of any leak or breach of the Personal Data, the Company shall check, investigate and shall determine the guideline to solve and prevent therefrom and the Company shall impose the remedial measure for the Personal Data Subject and it shall inform the Personal Data Subject including relevant persons to acknowledge so within seventy two hours.
8. The Disclosure relating to the Policy and Guideline on the Practice regarding the Personal Data
The Company has already imposed the policy on the Personal Data protection, guideline on the Personal Data management, including the measure necessary for the preserving the security of the Personal Data which is collected, used or disclosed by the Company according to its mission. In case where the Personal Data Subject or the interested person has any doubt or intends to know any details of treatment relating to his/her Personal Data, he/she may contact the Personal Data Controller or the Personal Data Protection Officer according to the details as specified in Clause 11. of this Policy.
9. Rights of the Personal Data Subject
The Personal Data Controller respects the rights of the Personal Data Subject, in terms of the consent, access to data, request for copy, request for sending or transferring of data, rejection, request for disclosure of data source, updating of data, request for cessation of usage, deletion, destruction of data, withdrawal of consent or filing of complaint in case where there is violation of personal data protection law, the owner (“Personal Data Subject”) of personal data (collected, stored by the Company) shall still have the right in his/her data in all respect.
10. Change of this Policy
The Company may change this Policy to be in line with any change relating to the processing of your Personal Data, and according to the stipulation of personal data protection law or any other relevant laws. In this connection, the Company shall inform you to acknowledge the change of this Policy via the Company’s website.
11. To contact the Personal Data Controller
In case where you (as the Personal Data Subject) intend to contact the Company to inquire or to exercise any right relating to your Personal Data, you can contact
11.1 The Personal Data Controller
AOT Ground Aviation Services Company Limited
222 Room 4326, 4th Floor, Passenger Terminal 1, Don Mueang International Airport, Vibhavadi Rangsit Road, Sanambin Sub-District,
Don Mueang District, Bangkok
11.2 The Personal Data Protection Officer (DPO)
Policy prepared by AOT GROUND AVIATION SERVICES (AOTGA) (www.aotga.com)