PRIVACY NOTICE

The Capital Law Office Limited (“we,” “us,” or “our”) recognizes the importance of the protection of the privacy and security of the Personal Data (as defined below) of our prospective, current and former clients, business partners (including their employees, personnel, officers, representatives, shareholders, authorized persons, members of the board of directors, management, contact persons and agents), employees and users of our website.

The purpose of this Privacy Notice (this “Notice”) is to provide you with information as to how we collect, keep, use, disclose, transfer and/or otherwise process your Personal Data.

We may update this Notice from time to time. It is recommended that you periodically visit our website for the most recent version of the Notice.

1. Personal Data we collect

In this Notice,

Personal Data” means the personal data as defined in the Personal Data Protection Act of Thailand B.E. 2562 (2019) (as amended); and

Sensitive Data” means the Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect the data subject in the same manner.

In the course of our business operation, we may collect your Personal Data directly from you or indirectly from your representative or other sources (e.g. online platforms, third party, CCTV, and other publicly available sources).  The specific types of Personal Data collected will depend on the context of your relationships and interactions with us.  The followings are types of Personal Data that we may collect (which is not exhaustive list):

1.1 In relation to our provision of professional legal services and related activities
  • Personal details: such as first name, last name, nick name, title, age, gender, photos, nationality, date and place of birth, marital status, education, work-related information (as applicable) (e.g. position, function, occupation, job title, company for which you work, at which you are employed or in which you hold shares), information on government-issued cards (e.g. national identification card, passport, house registration, and driver’s license), percentage of shares, signature, social security number, and other identification information;
  • Contact details: such as address, telephone number, mobile phone number, fax number, email address and other similar information;
  • Financial details: such as account and financial details, e.g. account number and account type, billing address, and other payment information;
  • Transaction details: such as Personal Data of your or your counterparty’s directors, shareholders, employees, or any other individuals relating to the transaction contained in documents, correspondence or other materials provided by or relating to the transactions contemplated by you or the company in which you work for or hold shares or directorship;
  • Recordings: such as CCTV footage, audio or video recordings; and
  • Other information: such as the Personal Data provided to us in the course of our services.
1.2 In relation to our human resources related activities
  • Personal details: such as first name, last name, nickname, title, age, gender, photos, nationality, date and place of birth, marital status, education, work-related information (as applicable) (e.g. position, function, occupation, job title), information on government-issued cards (e.g. national identification card, passport, house registration, and driver’s license), signature, social security number, finger scan, data of your children, military status, and other identification information;
  • Contact details: such as address, telephone number, mobile phone number, fax number, email address, emergency contact information, and other similar information;
  • Qualification details: such as professional experience, employment records, current and desired salary, educational history, transcripts, certifications, licenses, association memberships, resume, and information obtained from references whose contact information you have supplied to us;
  • Compensation details: such as information about your salary and benefits, e.g. payroll information, salary, remuneration, and entitlement to benefits, and information of your bank account;
  • Work-related details: such as information on your absences, such as the dates of leaves or vacation taken by you; disciplinary information, such as employee misconduct or misbehavior; evaluation records, such as your performance assessments and performance reviews;
  • Recordings: such as CCTV footage, audio or video recordings; and
  • Other information: such as the Personal Data provided to us in the course of your employment.
1.3 In relation to our website
  • Personal details: such as first name and last name;
  • Contact details: such as telephone number, mobile phone number, and email address; and
  • Cookies: such as necessary cookies (to ensure that you can use our website and its features), performance cookies (to assess how you use our website for further improvement), functionality cookies (to remember your settings and preferences), and security cookies (to mitigate the risks relating to security breach).

2. Purposes and legal bases

The Personal Data and Sensitive Data are collected, used, and/or disclosed by us to carry out a variety of activities that are related to our service for the following purposes.

2.1 Purpose for which consent is required

If you are our employee, we may rely on your consent to collect, keep, and/or use your biometric data, i.e., finger scan, which is the Sensitive Data, for accessing the office for the purposes of authentication, verification, security and safety.

Where legal basis is consent, you have the right to withdraw your consent at any time.  This can be done so, by contactingdpo@thecapitallaw.com as further detailed in Section 8 below. The withdrawal of consent will not affect the lawfulness of the collection, keeping, use, and/or disclosure of your Personal Data and Sensitive Data based on your consent before it was withdrawn.

2.2 Purposes for which we may rely on other legal bases in collecting, using and/or disclosing the Personal Data

We rely on the following legal bases to collect, use, and/or disclose your Personal Data: (a) a contractual basis, for our initiation or fulfillment of a contract or engagement with you; (b) a legal obligation; for the fulfilment of our legal obligations; (c) the legitimate interest of ourselves and third parties, which we would balance it with your interest and fundamental rights and freedoms in relation to the protection of the Personal Data; (d) vital interest, for preventing or suppressing a danger to a person’s life, body and/or health; and (e) public interest, for the performance of a task carried out in the public interest or for the exercise of official actions.

Accordingly, we rely on the legal bases in (a) to (e) above for the following purposes of collection, use, and/or disclosure of the Personal Data:

In relation to our provision of professional legal services and related activities

  • contacting you prior to the entering into our service contract with us;
  • processing applications for our service relating to you, including but not limited to processing your requests for our services, executing our service contract, processing the proposed transactions, and issuing and processing invoices;
  • providing legal advice and responding to your inquiries in order to perform our obligations under our service;
  • managing and administering your relationship with us;
  • carrying out your instructions or responding to your inquiries, requests, feedback and complaints;
  • conducting identity verification and client conflict of clearance checking processes and other checks and screenings;
  • maintaining and updating contact lists/directories and keeping the relevant contracts and documents;
  • informing our news, publications, and invitations to seminars and/or events;
  • preventing, detecting and investigating fraud, misconduct, or any unlawful activities, whether or not requested by any governmental or regulatory authority, and analyzing and managing risks;
  • complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any governmental, tax, law enforcement or other authorities or regulators (whether local or foreign), such as the Stock Exchange of Thailand, Thailand Futures Exchange, Thailand Securities Depository, Thailand Clearing House, Office of the Securities and Exchange Commission of Thailand, Bank of Thailand, Anti-Money Laundering Office, and Thai Revenue Department;
  • managing our infrastructure, internal control, audit and business operations and complying with our policies and procedures, including but not limited to those relating to risk control, security, audit, finance and accounting, systems and business continuity;
  • addressing or investigating any complaints, claims or disputes;
  • enforcing our legal or contractual rights, including but not limited to debt collection;
  • facilitating financial audits to be performed by an auditor, or receiving legal advisory services from legal counsel appointed by you or us;
  • performing our obligations under any agreements to which you are a party; and
  • maintaining security via surveillance cameras (CCTV).

In relation to our human resources related activities

  • providing salary, compensation and benefits, such as payroll, bonuses, and welfare;
  • managing internal organization management, such as resource allocation, internal audits, and administration;
  • administering leave in compliance with our work rules;
  • analyzing so as to improve of our work force and employment practices;
  • complying with legal obligations, such as labor, health, and safety requirements, or as requested by governmental agencies;
  • maintaining employee disciplinary records for effective management or to impose disciplinary action when necessary;
  • conducting internal investigations to follow up on complaints or claims, monitor employee misbehavior, and prevent fraud;
  • communicating with designated contacts in case of an emergency;
  • protecting our information secrecy and assets;
  • for other purposes as reasonably required by us in connection with your employment, (such as to proceed with the activities or operation for us or on behalf of us), or as set out in your employment agreement, the work rules, or any documents related to human resources; and
  • maintaining security via surveillance cameras (CCTV).

In relation to our website

  • contacting you and responding to your inquiries;
  • informing our news and publications;
  • monitoring and improving our website; and
  • notify you of any changes in our Notice.

If the Personal Data we collect from you is required to meet our legal or regulatory obligations or enter into an agreement with you, we may not be able to provide or continue to provide our services to you or determine your employment or engagement (as the case may be) if we cannot collect the Personal Data when requested.

3. To whom we may disclose the Personal Data

We may disclose the Personal Data to the following third parties (including their representatives or agents) who process Personal Data in accordance with the purposes under this Notice. These third parties may be located in or outside Thailand. You can visit their privacy policies to learn more details on how they process the Personal Data.

3.1 Our service providers

We may cooperate with other companies to perform services on our behalf or to assist with the provision of our services to you. We may share the Personal Data to such service providers. In the course of providing such services, the service providers may have access to the Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we will ask them not to use the Personal Data for any other purposes. We will ensure that all the service providers we work with will keep the Personal Data secure.

3.2 Our business partners

We may transfer the Personal Data to persons involved in our service which you receive from us, including payment recipients, correspondents, agents, beneficiaries, account nominees, intermediaries, custodians, vendors, co-brand business partners, market counterparties, issuers of products, or global trade repositories to whom we disclose the Personal Data in the course of providing services to you and to whom you authorize us to disclose the Personal Data.

3.3 Third parties permitted by law

In certain circumstances, we may be required to disclose or share the Personal Data to a third party in order to comply with our legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party for which we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party’s or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.

3.4 Our professional advisors

We may disclose or transfer the Personal Data to our professional advisors relating to audit, accounting, tax and information technology (IT) services who assist us in running our business and defending or bringing any legal claims. When we disclose the Personal Data to the third parties, we will take steps to ensure the protection of such Personal Data, such as confidentiality arrangements or other appropriate security measures to the extent required by law.

3.5 Other organizations

In order to perform our contractual and other legal responsibilities or for our legitimate interests, we may disclose the Personal Data to other organizations as follows:

  • counterparties in the transaction, and/or their lawyers or related persons, such as their employees, advisors, and/or directors;
  • social media platforms; and
  • online publishing and ranking companies.

When we disclose the Personal Data to other organizations, we will take steps to ensure the protection of such Personal Data, such as confidentiality arrangements or other appropriate security measures to the extent required by law.

4. Cross-border transfer

We may disclose or transfer the Personal Data to third parties or servers located overseas, and the destination countries may or may not have the same data protection standards as Thailand. We have taken steps and measures to ensure that the Personal Data is securely transferred, that the data recipients have suitable data protection standards and appropriate safeguards in place, and that the transfer is lawful by relying on the derogations as permitted under the law.

5. Period for which we retain the Personal Data

We retain the Personal Data for as long as it is reasonably necessary to fulfill the purposes for which we have obtained it as set out in this Notice and to comply with our legal and regulatory rights and obligations. However, we may have to retain the Personal Data for longer duration if required by applicable law.

We will thoroughly assess your Personal Data, taking into account its quantity, type, and sensitivity, as well as the processing purposes. We will also consider alternative measures and evaluate potential risks from unauthorized use and disclosure. This evaluation will guide us in determining the suitable retention period for your Personal Data. Afterward, specific details may be retained in an aggregated and anonymized form, and we may utilize this information without notifying you further.

6. Unintentional processing of Personal Data

Our activities are not generally aimed at minors, and we do not knowingly collect the Personal Data from the minors (those who have not reach the legal age (20 years of age or by marriage)) without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian’s consent. If you are a minor, quasi-incompetent or incompetent person and wish to engage in a contractual relationship with us, you must obtain the consent from your parent or legal guardian prior to contacting us or providing us with the Personal Data. If we learn that we have unintentionally collected the Personal Data from any minor without parental consent when it is required, or from quasi-incompetent person or incompetent person without their legal guardians’ consent, we will delete it immediately or continue to process such Personal Data if we can rely on other legal bases apart from consent.

7. Rights of data subjects

Subject to the applicable laws and exceptions thereto, you are entitled to the following rights regarding the Personal Data:

  • Access: to access or request a copy of your Personal Data we are processing;
  • Data Portability: to obtain a copy of your Personal Data in a readable electronic format and to transmit such Personal Data to another data controller;
  • Objection: in some circumstances, to object any collection, use, or disclosure of the Personal Data in certain activities which are specified in this Notice;
  • Deletion: to request that we delete, destroy or anonymize your Personal Data that we process, e.g. if the data is no longer necessary for the purposes of processing;
  • Restriction to restrict our processing of your Personal Data if you believe such Personal Data is inaccurate, that our processing is unlawful, or that we no longer need to process such Personal Data for a particular purpose;
  • Rectification: to have your Personal Data that is incomplete, inaccurate, misleading or out-of-date rectified;
  • Lodge a complaint: to lodge a complaint to the competent authority if you believe our processing of your Personal Data is unlawful or non-compliant with the applicable data protection law.

8. Contact Details

If you wish to contact us to exercise your rights relating to the Personal Data or if you have any queries regarding this Notice, please contact:

The Capital Law Office Limited
44 Smooth Life Tower 16th Floor, North Sathorn Road
Silom, Bangrak, Bangkok 10500 Thailand

Tel: +66 2633 9088

Email: dpo@thecapitallaw.com