

Customer Privacy Policy
This document is Privacy Policy applies to all customers (hereinafter referred to as "You" and “Your”) of Octagon Interactive Company Limited (hereinafter referred to as "Company"). As a personal data controller according to the Personal Data Protection Act B.E. 2562, This Privacy Policy will notify all concerned about how the company collects and processes customer’s personal data in accordance with the purposes and scope of the company.
1. Purposes and Scope of the Privacy Policy
This privacy policy covers data subjects who are the company's customers including: customer, user, payer, resident, tenant, representative, agent, guest, visitor and individual being involved with the company's customers.
As used in this privacy policy, the following terms shall have the meanings set forth below:
-
“Processing” means anything done with Customer’s personal data, including collection, storage, use, disclosure and deletion of personal data.
-
“Legal bases” means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of the PDPA.
-
“Personal data” means any information relating to an individual or data subject that can be used to directly or indirectly identify a person, excluding the data of the deceased such as full name, phone number, address, email and ID verification number etc.
-
“Sensitive data” means personal data which the personal data protection act., specify that the company must process with higher security than the personal data such as ethnic origin, political opinion, religious, sexual behavior, crime history, health information, disability, union information, genetic information, biometric and other as related laws or regulations specify.
This privacy policy may be revised at any given time and the company may notify you through appropriate channels.
2. Personal Data The Company Process
The company collects the following categories of your personal data;
-
Identity data including, but not limited to, prefix, name, surname, ID number, passport number, driver's license number, and photo;
-
Address/contact data including, but not limited to, permanent address, present address, mobile phone number, and email account;
-
Residential data including, but not limited to, room number, unit code, house number, building name, and building's floor;
-
Transaction data including, but not limited to, payment, and proof of payment;
-
Profile data including, but not limited to, date of birth, religion, nationality, marital status, gender, and age;
-
Property data including, but not limited to, car types, and vehicle registration number;
-
Technical data including, but not limited to, stamp key electronic, and POS serial number; and
-
Other data including, but not limited to, data from ID Card, and data from driver's license.
3. How The Company Collect Your Personal Data
In general, the company will directly collect your personal data through these processes or channels including, but not limited to;
-
When customer fills in relevant online webforms via website and web application, such as registration form and payment form; and
-
When staff performs data extraction from identity documents through website and web application.
However, the company may collect additional personal data through third-party organizations which include; -
Service providers, such as shops, juristic persons, real estate development companies, banks and financial institutions, etc.
4. Personal Data Storage
The company stores your personal data as hard copy and soft copy by using the following systems;
-
Third-party server service providers outside of Thailand, such as DigitalOcean, Google Cloud Platform, and Microsoft Azure.
5. How The Company Process Your Personal Data
The company will collect, use, and disclose your personal data for the following, but not limited to, purposes.
1. Performance of the contract (Contractual Basis)
For the performance of the contract in order to enable you to use company's products and/or services for the purposes of which your representative/service provider are a party to the company or to fulfill your request before using the company's products and/or services, such as
(1) Providing products and/or services, including delivering company's products and/or services.
(2) Any action related to the use of products and/or services, such as processing, contacting, notifying, assigning tasks to third party service providers; Implementing coordinated and communicating to provide effectively deliver services, including the notification of any information related to or due to the usage of the company's product or service.
2. Legal Obligation
In order to perform duties in accordance with relevant laws or applicable (Legal Obligation), such as
(1) Compliance with legal, regulation, the order of the legal authority or government agencies, such as compliance with subpoenas, injunction, and otherwise authorized by law.
(2) Compliance with other necessary laws, including announcements and regulations issued under such laws.
3. Legitimate Interest
To carry out operations necessary under the legitimate interests of the company or of another person or entity without exceeding the scope that you can reasonably expect (Legitimate Interest), such as
(1) Image recording, CCTV recording, identity document verification, identity document data extraction, identity document exchange before entering this premises
(2) Owner/agent’s identity verification of the property ownership, property data recording before entering this premises
(3) Prevention, coping, and reduction of risks through deliberate actions that may cause loss of life, injury, other health impacts or property damage (eg: common property, personal property and personal safety); illegal activities; offenses relating to property, life, body, liberty or reputation, which include sharing personal information to raise the standard of work of companies and service providers in preventing, coping, and reducing the aforementioned risks.
(4) Customer relations, such as handling complaints, satisfaction assessment, customer care by service providers, processing and displaying data for service improvement, and offering new products and/or services that are beneficial to you.
(5) Risk management, supervision and internal management
(6) For the purpose of accounting and finances, such as audit, payment validation and refunding
(7) Making personal information as non-personally identifiable information (Anonymous Data)
The following are the groups of activities in which the company utilizes your personal data to carry out all activities in accordance with the aforementioned purposes:
Group of Activities
Group of PIIs
Legal Bases
Visitor Management and
Access Control
• Identity Data
• Address/Contact Data
• Residential Data
• Profile Data
• Property Data
• Contract
• Consent
• Legitimate Interest
Car Park Management and
Access Control
• Identity Data
• Address/Contact Data
• Residential Data
• Profile Data
• Property Data
• Contract
• Contract
• Legitimate Interest
Smart Locker Management and
Access Control
• Identity Data
• Address/Contact Data
• Residential Data
• Contract
• Consent
• Legitimate Interest
Identity Verification
• Identity Data
• Address/Contact Data
• Residential Data
• Profile Data
• Property Data
• Technical Data
• Legitimate Interest
Payment Process
• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Property Data
• Technical Data
• Legitimate Interest
Operations with Service Providers /Providers
• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data
• Contract
• Legitimate Interest
Customer Support, Monitoring
and Examination
• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data
• Contract
• Legitimate Interest
Complaint Management, Database
and IT troubleshooting
• Contract
• Consent
• Legitimate Interest
Audit Procedures
(Product, Service and Process)
• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Property Data
• Technical Data
• Contract
• Legitimate Interest
Data Management and
Access Control
• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data
• Contract
• Legitimate Interest
• Legal Obligation
Reporting, Making Report and
Documentation Procedures
• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data
• Contract
• Legitimate Interest
Litigation, Legal Procedures and
Legal Execution
• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data
• Evidence
• Contract
• Legitimate Interest
• Legal Obligation
Compliance with Data Subject Right
• Identity Data
• Legal Obligation
Company will process your personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes, and it is unlikely to rely on other legal bases, through this policy, the company will provide additional information about the processing's purpose and legal basis.
6. Disclosure of Personal Data
Company may disclose and/or transfer your personal data to third-party organizations and process personal data in accordance with agreements with the company and/or legal obligations. These organizations may include;
1. Organization
Company may disclose your personal data within our organization to provide and develop our products or services. Company may combine information internally across the different products or services covered by this privacy policy to help us be more relevant and useful to you and others.
2. Service Providers, Vendors & Business Partners
Company may use service providers and vendors to help us provide our services as payments and development of products or services, such as Kasikorn Bank (KBANK), auditors, legal and financial advisors, security services agency and others as related. Please note that service providers and vendors have their own privacy policy.
In relation with our business partners, the company may disclose certain personal data to them in order to coordinate and provide our products or services to you and provide necessary information about the availability of our products or services, such as juristic persons and real estate development companies.
3. Law Enforcement
Under certain circumstances, the company may be required to disclose your personal data if required to do so by law or in response to valid requests by government authority such as courts, government authorities.
7. Data Subject Rights
Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:
1. Right to withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
2. Right to access: You have the right to access your personal data that is under our responsibility; to request us to make a copy of such data for you; and to request us to reveal as to how the company obtains your personal data.
3. Right to data portability: You have the right to obtain your personal data if the company organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
4. Right to rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
5. Right to restriction of processing: You have the right to restrict any data processing activity in accordance with the following cases:
-
During pending examination process of your rectification or objection request
-
For cases where data processing activity is not in accordance with relevant laws
-
For cases where the data processing terms have passed, but you have requested for processing restriction due to legal reasons, and
-
For cases related to personal data which shall initially be deleted and/or destroyed, but was followed by an additional request of processing restriction instead;
6. Right to objection: You have the right to object to collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
7. Right to erasure/destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or retention of the data by us is no longer necessary in connection with related purposes under this privacy policy; or when you request to withdraw your consent or to object to the processing as earlier described.
8. Right to lodge a complaint: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.
You can exercise these rights as the data subject or to file a complaint against your personal data processing by contacting our Data Protection Officer as mentioned below or you can apply the request form to the company by click: Data Subject Rights Request form. The company will notify the result of your request within 30 days upon receipt of such request. If the company denies the request, the company will inform you of the reason via SMS, email address, telephone, registered mail (if applicable).
8. Time Period of Personal Data Storage
Company will keep your personal information for a period of 120 days or throughout the appropriate period according to the purposes and scope of this privacy policy to process such data still stand or/and for service, for inspection, for supervision, for safety and risk management, for preventing loss of life and property, for legal obligation, and for others as related. Company will keep your payment and transaction information for a period of 10 years for the purpose of proving and verifying cases that may arise within the statute of limitations.
Company will delete or destroy your personal information or make it non-personally identifiable information when it is no longer necessary or at the end of the said period.
9. Personal Data Security
Company endeavors to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls. Company has implemented security measures to ensure the security of your personal data in accordance with the company's information security policy.
10. Personal Data Breach Notification
Company will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, the company will also notify the personal data breach and the remedial measures to you without delay through company website, SMS, email address, telephone or registered mail (if applicable).
11. Changes to this Privacy Policy
Company holds the rights to review and edit this privacy policy as the company see appropriate. Any changes of this privacy policy, the company encourages you to frequently check on our websites and web applications. Company also notifies you to understand this privacy policy by scanning QR code on a notice at the entrance of this premises.
This privacy policy was last updated and effective on August 5,2022
Through the showing and/or exchanging of your identity document including by entering this premises, you are hereby accepting the terms stipulated within this privacy policy. If you do not agree to this privacy policy, please do not enter this premises.
12. Links to Other Sites
Any websites from other domains found on company websites and web applications are subject to their privacy policy which is not related to us.
13. Contact Information
If you have any questions about this privacy policy or would like to exercise your rights, you can contact us by using the following details:
1. Data Controller
-
Company name: Octagon Interactive Co.,Ltd.
-
Address: 919/541B, Jewelry Trade Center Building, 49th Floor, Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
-
Website: www.octagoninteractive.co.th
-
Contact: Tel. 02-104-9044 / Email: complaint@8interactive.co.th
2. Data Protection Officer: DPO
-
Name: Jirapong Mukham
-
Address: 919/541B, Jewelry Trade Center Building, 49th Floor, Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
-
Contact: Tel. 02-104-9044 / Email: complaint@8interactive.co.th
-
Data Subject Rights Request Form: https://airtable.com/shryI3tWSvWIrSevL