Personal Data Protection Policy for General Public

This Policy determines the guidelines for collection, use and disclosure of personal data pursuant to the Personal Data Protection Act, B.E. 2562 (2019). This Policy applies to the general public of ASPHERE INNOVATIONS PUBLIC COMPANY LIMITED (the “Company”). The general public are required to thoroughly read this Policy.

1. Definition 

“Personal data” in this Policy refers to any information that relates to an individual who can be identified, directly or indirectly, and all kinds of information that can identify an individual, including but not limited to identification number, address information, online information, information on physical and mental characteristics, social, economic, cultural information or any other information that can identify an individual. 

2. Data collected by the Company

2.1 General personal data 
The Company has to collect, use and disclose your personal data, including but not limited to:  

  • Name-surname 
  • Date of birth 
  • Age 
  • Identification Number of Player (ID)  
  • IP Address 
  • Health or disability information  
  • Nationality 
  • Religion 
  • Sex 
  • Address, house registration, domicile  
  • Identification card or passport  
  • Telephone number  
  • Mobile phone number  
  • E-mail 
  • Taxpayer Identification Number 
  • Vehicle Registration Number  
  • Travel information

2.2 Special Personal Data

The Company collects your special personal data pursuant to Section 26 of the Personal Data Protection Act, B.E. 2562 (2019) such as race, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other similar data. The Company will access, collect, use, disclose or control such personal data with due care in an extent required by applicable laws. The Company will notify you of details on collection, use or disclosure of such special personal data before or during collection of such data under the requirements and conditions required by applicable laws.

2.3 Personal Data Concerning Legal Offences

You acknowledge that in case of any legal offence, either civil or criminal case or any other law, the Company has the right to collect or use your personal data concerning such legal offence. The Company will access, collect, disclose or control such personal data with due care in an extent required by applicable laws.

2.4 The Company collects, processes and uses the following personal data obtained from the third party
You acknowledge and agree that the Company will collect, process and use personal data, including but not limited to:

  • Data concerning name, surname, identification number, player ID, IP Address, address, date of birth, sex, age, photograph, e-mail, bank account number, credit card number, telephone number that may be obtained by the Company from financial institutions, agents or business partners of the Company.  
  • Your health data to an extent required by the law. The Company may collect your health data from respective hospitals, clinics or medical personnel.  
  • Immigration data such as identification number, passport, immigration data or other data related to you. The Company may obtain such data from government agencies or consulates for the benefit of the data subject and legal compliance. Types of data may vary on the requirements of each country. 

Please note that for security protection and maintenance for the general public and for the Company’s interest, the Company has installed security CCTVs in the Company’s premises. The Company or any third-party service provider employed by the Company may collect, use and process your still or motion images and your personal data provided by you while entering the Company’s premises.

3. Data Processed by the Company

The Company processes personal data directly collected from you or collected by any third party as specified in Clause 2 for the purposes of provision of services, performance of contract or legal compliance.

In some cases, the Company applies an automatic decision-making process for your personal data processing via a computer system, for example, the Company may evaluate personal data concerning provision of services and products or other matters. You may ask for more information by directly contact the Company’s Data Protection Officer.

4. Purposes and Legal Basis for Collection, Use and Disclosure of Your Personal Data  

The Company collects, uses and discloses your personal data for the following

purposes: 

  • To deliver, present or publicize information concerning the Company’s services based on your interest via various communication channels including social media, e-mail and telephone.  
  • To promote, develop and strengthen business relationships between you and the Company.  
  • To consider, process, test or analyze your interest in order to promote, enhance and improve the Company’s services and completely correspond to your interest and needs.  
  • To train, control or guarantee employees and quality concerning coordination or communication via various channels with you. 
  • To deal and solve problems, inquire and analyze problems possibly arising from the Company’s services. The Company will use such data as deemed necessary only.  
  • To manage, reply answers or acknowledge any communication, your service complaint or feedback.  
  • To clarify, notify or inform of any change in the format or information concerning the Company’s services.  
  • To inspect, protect or prevent any wrongful act, violation or breach of laws, rules, regulations and any other condition of the Company.  
  • To promote or publicize participation in any advertising campaigns and promotional activities under the Company’s conditions. 
  • To comply with relevant laws, rules, regulations and announcements.  
  • To maintain the benefit of the Company’s business operations.

The Company may collect, use and disclose your personal data in compliance with applicable laws. In case of special personal data, including (i) data identifying race or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; (ii) biometric and genetic data and (iii) health data, sexual orientation. The Company performs data processing whether (i) the Company has been given your consent to do so or (ii) the Company is required to collect, use and disclose your personal data in compliance with applicable laws or for protection of the Company’s interest. 

You may ask for more information by contacting the Company’s Data Protection Officer when the Company collects, uses and discloses your sensitive personal data. After giving your consent, you may withdraw such consent at any time by contacting the Data Protection Officer. Upon withdrawal of your consent, the Company may have to continually process personal data in compliance with applicable laws or for protection of the Company’s interest. The Company will notify you at the time of your consent withdrawal which personal data must be continually collected or processed by the Company in compliance with applicable laws. 

In addition, the Company may collect, use and disclose personal data for other purposes consistent with or corresponding to the purposes mentioned above as well as for achieving the purposes of historical, or statistical or scientific research, the archives for public interest. If practicable, the Company will not use identifiable data for such purposes or the Company will follow the procedures to limit the scope of personal data used by the Company in such research or data backup. The Company may use pseudonymous to avoid using your personal data.  

5. Recipient of Your Personal Data  

The Company realizes the importance of ensuring adequate personal data protection and security and tries to limit access to your personal data only for certain persons on a need-to-know basis in order to performing existing work. The Company’s employees, personnel, affiliates, business partners and any third party executing the service agreement with the Company concerning collection, use and disclosure of personal data and other contractual parties acting on behalf of the Company will obtain and collect, use and disclose your personal data. The Company will disclose your personal data to these companies in an extent that is necessary for processing of personal data in order to provide you with services and protect the Company’s interest. The Company agrees to protect your personal data from unauthorized use, access or disclosure. You may

contact the Data Protection Officer for more information on types of the Company’s service providers who will obtain your personal data from the Company. The Company may disclose your contact information appeared on the officer’s book of records to the Company’s employees and general people. However, you have the right to ask for deletion of your data from the Company’s system under the requirements, conditions and period specified by the Company.  

The Company may provide your personal data for any other company or agency such as government agency, public agency, service regulatory agency or corporate regulatory agency or government agency in charge of immigration, tax, national security and crime as required by applicable laws for the purposes of the Company’s business operations or joint activities, travel, joint events, professional affiliations and research.  

In addition, you agree that the Company may disclose or transfer your personal data to its affiliates or business partners for the purposes of the Company’s business operations or policy compliance or protection of the Company’s interest or legal interest or announcement issued by the Company from time to time.  

6. Cross-Border Transfer of Personal Data  

The Company may transfer your personal data abroad for the purpose of the Company’s business operations to the extent that is necessary. You accept and agree that the Company may transfer your personal data from Thailand to any person or agency in other countries or in other jurisdictions, whether personal data protection law of such country meets the standard of personal data protection law in Thailand or not. The Company will take appropriate procedures to protect your personal data to the same level as the personal data protection law of Thailand.  

7. Retention Period  

The Company will retain your personal data for a period required by applicable laws. You may check the retention period of your personal data with the Company by contacting the Data Protection Officer.  

8. Your Rights 

You may at any time exercise the following rights concerning your personal data: 

  • Right to access your personal data collected by the Company and request for rectification of any inaccurate or incomplete data.  
  • Right to request for copy of personal data in electronic format that you may send or ask the Company to send to any third party directly.  
  • Right to make any objection against processing of your personal data for marketing purpose and any other purposes.  
  • Right to request for deletion of your personal data which is no longer necessary for the purpose of collection and right to restrict the scope of personal data processing if such deletion is rejected.  
  • Right to request the Data Controller to stop using your personal data. 
  • Right to request the Company to rectify, update, make completion and avoid misunderstanding.  
  • Right to make any claim to controlling agency if you believe that there is any infringement on you right.  

Your exercise of rights shall be in accordance with the requirements, announcements and rules issued by the Company pursuant to th the provisions of the personal data protection law as well as the Company’s personal data protection policy and other criteria. By exercising such rights, you are required to submit a written request to the Company’s Data Protection Officer according to the details stated in Clause 9 of this Policy. Consideration on such request shall be at the sole discretion of the Company and the Company’s decision on such request shall be deemed final. 

In case that you request the Company to delete, destroy, restrict collection, use, processing or disclosure of personal data, temporarily suspend use of personal data, anonymize personal data or withdraw your consent, there may be certain restrictions for the Company to process any transaction or service for you.  

9. Data Protection Officer  

If you intend to exercise the rights under Clause 8 or have any question about collection, use or disclosure of your personal data, please contact the Data Protection Officer as follows:  

Data Protection Officer 

Address
51 Major Tower Rama 9 – Ramkhamhaeng, 18th Floor, Room 3-8 Rama 9 Road, Hua Mak, Bangkapi, Bangkok Thailand 10240  

Tel. 02-769-8888 

E-mail dpo.th@asphere.co 

10. Withdrawal of Consent  

If you no longer wish the Company to collect, use, process or disclose your personal data, you may withdraw your consent by submitting a request to the Data Protection Officer.  

Withdrawal of consent shall be in accordance with the conditions, requirements, announcements or regulations stipulated in the personal data protection law, the Company’s personal data protection policy and other requirements specified by the Company.  

11. Amendment  

The Company reserves the right to amend this Policy in any reason whatsoever as deemed appropriate and for the purposes of compliance with applicable laws, the government’s policies, rules, notifications, regulations or other relevant matters. Upon any change, the Company will announce on the website at  Personal Data Protection Policy for General Public   Such change will come into effect once published on the website. You acknowledge and agree to comply with the amended personal data protection policy. You are recommended to regularly check out and read the Company’s personal data protection policy on the website.