PDPA Policy | Octagon Interactive

Cookies Policy

This Cookie Policy explains the meaning and use of cookies on the website www.octagoninteractive.co.th, which is operated by Octagon Interactive Co., Ltd., hereinafter referred to as the “Company.” Please read this Cookie Policy carefully to understand the Company’s practices regarding the collection, use, or disclosure of cookies, as well as your options in managing cookies. By accessing this website, you are deemed to have consented to the Company’s use of cookies in accordance with the details outlined in this policy.

1. What Are Cookies?

Cookies are small text files used to store information about your visits to a website. These files are saved on your computer or communication devices such as tablets, smartphones, or through a web browser while you are accessing the Company's website. The Company uses cookies on this website to store and record information such as website usage data and login history. The use of cookies does not cause any harm to your computer or devices in any way.

2. Purpose of Using Cookies

The Company collects data from visits to its website through cookies or similar technologies. These are used for the following purposes:

To ensure secure and uninterrupted access to user accounts on the Company’s website.
To record your usage data and preferences on the Company’s website.
To analyze your behavior while using the Company’s website.
To improve the efficiency and accessibility of the Company’s services.
To gather insights into user interests and enhance the Company’s ability to meet your needs.

3. Types of Cookies

The types of cookies used by the Company on its website include the following:

Strictly Necessary Cookies

These cookies are essential for the website to function properly and cannot be switched off in the Company’s systems. Typically, these cookies are set in response to actions made by you such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or alert you about these cookies, but doing so may cause parts of the website to not function properly.

Analytical/Performance Cookies

These cookies are used to gather statistical data and information about how users interact with the website—such as remembering your settings, the number of page views, and the time spent on pages. These cookies help the Company improve its website performance. These cookies do not identify individuals.

Functional Cookies

These cookies allow the Company to remember the choices you make while using the website, such as your login details or language preferences. The purpose of these cookies is to provide you with a more personalized experience and to avoid requiring you to enter your information again each time you use the site. These are persistent cookies that remain on your device for future visits. You can delete these cookies via your browser settings.

Advertising Cookies

These cookies are used to enhance marketing communication, analyze your geographic location and website usage, and deliver content or newsletters that match your interests based on your past online behavior. These are persistent cookies, and the Company may share this data with third parties, including its business partners.

Third-party cookies

In some cases, the Company uses cookies provided by external organizations, agencies, companies, or individuals that the Company works with—such as Google. These cookies may track metrics such as how long you spend on the site or which pages you visit to help the Company understand user behavior and improve its services. As a result, when you visit the Company’s website, you may encounter embedded content from other sources, which set their own cookies beyond the Company’s control.

Additionally, the Company uses social media buttons and/or plugins that allow you to connect with your social networks in various ways. For example, Facebook, Instagram, and LINE. These platforms may collect personal data and set cookies through the Company’s website to improve your profile on their services. The information collected is governed by the respective privacy policies of these third-party platforms.

4. Disabling Cookies

If you do not wish for cookies to be used on the Company’s website, you can change your browser settings to manage your cookie preferences accordingly. If you disable or delete certain cookies via your browser settings, please note that some parts of the website or certain features may not function as intended.

If you would like to learn more about cookies and how to manage or disable them, you can visit your browser’s official website. You may also refer to www.allaboutcookies.org for detailed guidance on rejecting or deleting cookies, as well as general information about cookies.

5. Managing Cookies

Most browsers are initially set to accept cookies by default. However, you can refuse the use of cookies or delete them through the settings page of your browser. Please note that modifying your browser settings may affect the layout and functionality of the Company’s website. If you wish to change your browser settings, you can find more information at the links provided below:

Internet Explorer
www.support.microsoft.com

Firefox
www.support.mozilla.org
www.support.mozilla.org

Google Chrome
www.support.google.com

Safari
www.support.safari.com

Microsoft Edge
www.support.microsoft.com

6. Methods and Duration of Data Storage

The Company stores your cookie-related data electronically on cloud servers. Cookies will be retained only as necessary and for an appropriate duration, depending on the type of cookie used, as follows:

Session Cookies

These are temporary cookies used to store data during your visit to the website. They are automatically deleted when you close your browser.

Persistent Cookies

These cookies remain on your device for a defined period or until you manually delete them. They are used to remember your preferences and interests to help streamline your future visits and provide content tailored to your usage. You have the right to delete these cookies at any time.

7. Changes to the Cookie Policy

The Company may revise or amend this policy at its discretion. You can review the updated terms and conditions of the amended policy via the Company’s website.
This policy was last revised and is effective as of May 30, 2022.

8. Contact Information

If you have any questions or concerns, please contact us at:

1. Data Controller

Name: Octagon Interactive Co., Ltd.
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Website: www.octagoninteractive.co.th
Phone: 02-104-9044
Email: complaint@8interactive.co.th

2. Data Protection Officer: DPO

Name: Jirapong Mukham
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Phone: 02-104-9044
Email: complaint@8interactive.co.th

Personal Data Protection Policy

Octagon Interactive Co., Ltd., hereinafter referred to as the "Company," recommends that you carefully read this Privacy Policy as it explains how the Company handles your personal data during your use of the Company’s services and visits to the Company’s website.
“Personal Data” means information relating to an individual who can be identified, directly or indirectly, excluding data of deceased persons. Examples include name, surname, phone number, address, email, national ID number, etc.
The Company reserves the right to modify, alter, or suspend the provision of services, either temporarily or permanently (or any part thereof), at its sole discretion without prior notice to you. The Company shall not be liable to you or any third party for any such modification, alteration, or suspension of services. Therefore, please regularly review the terms, conditions, and any additional notices.

1. Types of Personal Data Collected

The types of personal data the Company collects from you depend on the circumstances of the collection and the type of services you choose to use with the Company, as follows:

Personal Information: such as name, surname, etc.
Contact Information: such as address, phone number, email, etc.
Technical Information: such as IP address, Cookie ID, website activity logs, etc.
Other Information: such as photographs, videos, and any other data considered personal data under applicable data protection laws.
The Company will not collect or use your sensitive personal data, such as race, religious beliefs, or criminal records, except as required by applicable laws and regulations or with your explicit consent.

2. Collection of Personal Data

You can visit the Company’s website without disclosing your identity or personal information to the Company. The Company’s system collects data such as the number of visitors, average visit duration, and pages visited, using technology that breaks down the information into pieces that can be sent to and installed on your system. These cookies are set by the Company and expire after the relevant data connection ends. The Company uses this data to measure user numbers and continuously improve the content of the website for optimal performance.

The Company may collect personal data that can directly or indirectly identify you, such as your name, surname, address, mobile phone number, email, and contact details, for a reasonable period necessary to provide services. This occurs if you provide information to the Company or request services through telephone, email correspondence, online forms, website contact, applications, or other channels of the Company.

If you express an interest in receiving information about the Company’s services, contact requests, or inquiries, the Company will communicate with you through various channels such as SMS, email, phone calls, or letters, depending on the opportunity and convenience of contacting you.

3. Methods of Personal Data Storage

The Company stores your personal data in both physical document form and electronic form. The Company retains your personal data as follows:

Service providers hosting servers abroad (such as DigitalOcean, Google Cloud Platform, Microsoft Azure).

4. Processing of Personal Data

The Company will collect, use, or disclose your personal data for the following purposes:

To improve products, services, or user experience.
For internal management of the Company.
For recruitment purposes, employment, or other related objectives.
To gather feedback or respond to complaints.
To comply with terms and conditions.
To comply with laws, regulations, rules, or any lawful requests from government agencies, such as complying with subpoenas, court orders, or other lawful requests.
Other purposes supporting the fulfillment of the above objectives or as consented to by you from time to time.

5. Disclosure of Personal Data

The Company may disclose your personal data to other parties with your consent or as permitted by law, as follows:

1. Internal Management
The Company may disclose your personal data internally as necessary to improve and develop its products or services. The Company may consolidate internal data across different products or services under this policy for the greater benefit of you and others.

2. Third Parties
The Company may disclose your personal data to third parties, which may include affiliates, service providers, and business partners of the Company, for the purposes of contacting, coordinating, and delivering products or services. Only the necessary information regarding the availability of such products or services will be disclosed.

3. Law Enforcement

In the case of a legal requirement or request from government authorities, the Company will disclose your personal data as necessary to such agencies, such as courts, prosecutors, or the police.

6. Rights Under the Personal Data Protection Act B.E. 2562 (2019)

Under the Personal Data Protection Act (PDPA), you have the following rights as a data subject, which will be enforceable once the relevant provisions concerning personal data subject rights come into effect:

1. Right to Withdraw Consent

You have the right to withdraw your consent at any time, regardless of whether the consent was given before or after the PDPA came into effect. This withdrawal will not affect the lawfulness of processing carried out based on your prior consent.

2. Right to Access

You have the right to request access to, and obtain a copy of, your personal data held by the Company, as well as to request disclosure of how the data was obtained—unless the Company is legally entitled to refuse your request.

3. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that the Company transfer such data to another data controller, when technically feasible.

4. Right to Rectification

You have the right to request the correction of your personal data to ensure it is accurate, current, complete, and not misleading.

5. Right to Restriction of Processing

You may request the restriction of processing your personal data in the following circumstances:

During the period the Company is verifying the accuracy or completeness of your personal data at your request.
When your personal data has been unlawfully collected, used, or disclosed.
When the personal data is no longer necessary for the purposes for which it was collected, but you request retention for legal claims.
During the period the Company is validating the necessity or legality of processing your personal data in response to your objection.

6. Right to Object

You have the right to object to the collection, use, or disclosure of your personal data, except where the Company has legitimate grounds to deny the request, such as legal obligations or public interest.

7. Right to Erasure/Destruction

You have the right to request the deletion or destruction of your personal data, or to anonymize it if you believe it was unlawfully processed, is no longer necessary, or if you have exercised your right to object.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant authority if you believe the Company’s handling of your personal data violates applicable data protection laws.

You may exercise these rights or file a complaint by contacting the Company’s Data Protection Officer as listed at the end of this policy. You may also submit a request by clicking on the Data Subject Rights Request Form. The Company will respond within 30 days from the date of receiving your request, in accordance with the procedures set by the Company. If your request is denied, you will be notified of the reason via SMS, email, phone, or post.

7. Retention Period of Personal Data

The Company will retain your personal data for as long as is necessary during the period of your relationship with the Company, or for as long as necessary to fulfill the purposes set out in this policy. In some cases, your personal data may need to be retained beyond this period if required by applicable laws. Once the data is no longer necessary or the retention period has ended, the Company will delete, destroy, or anonymize your personal data so that it can no longer identify you.

8. Security of Personal Data

The Company implements measures to ensure the security of your personal data based on the principles of confidentiality, integrity, and availability. These measures are intended to prevent the loss, unauthorized access, deletion, destruction, use, alteration, modification, or disclosure of personal data. The Company's security controls include administrative safeguards, technical safeguards, and physical safeguards related to access and control of personal data. These measures are aligned with the Company’s Information Security Policy and best practices.

9. Personal Data Breach Notification

In the event of a personal data breach, the Company will notify the Office of the Personal Data Protection Committee without undue delay and, where feasible, within 72 hours after becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, the Company will also notify you of the breach and the remedial measures taken without undue delay through various channels such as SMS, email, telephone, or postal mail.

10. Changes to the Privacy Policy

The Company may amend or update this Policy as it deems appropriate. You can review the revised terms and conditions of this Policy on the Company’s website.

This Policy was last updated and became effective on 30 May 2022.

11. Privacy Policy of Other Websites

This Privacy Policy applies solely to the products, services, and use of the Company's website. If you access other websites, even through the Company’s website, your personal data will be governed by the privacy policy of those respective websites, over which the Company has no control or responsibility.

12. Contact Information

If you have any questions or concerns, please contact us at:

1. Data Controller

Name: Octagon Interactive Co., Ltd.
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Website: www.octagoninteractive.co.th
Phone: 02-104-9044
Email: complaint@8interactive.co.th

2. Data Protection Officer: DPO

Name: Jirapong Mukham
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Phone: 02-104-9044
Email: complaint@8interactive.co.th
Data Subject Rights Request Form: https://airtable.com/shryI3tWSvWIrSevL

CCTV Privacy Policy

Octagon Interactive Co., Ltd. (hereinafter referred to as the “Company”) has installed and operates Closed-Circuit Television (CCTV) for surveillance and security purposes to protect the life, body, and property of individuals. The Company collects personal data of staff, operators, customers, employees, contractors, visitors, or any individuals who enter the premises (hereinafter collectively referred to as “you”) through the use of such CCTV equipment.
This Privacy Notice explains the Company's practices regarding the collection, use, or disclosure of personal data obtained through CCTV, as well as your rights as a data subject under the Personal Data Protection Act B.E. 2562 (2019).

1. Legal Grounds for Processing Personal Data

The Company collects and processes personal data based on the following legal grounds:

1. The necessity to prevent or mitigate harm to the life, body, or health of an individual.

2. The necessity for the legitimate interests of the individual or the Company.

3. The necessity to comply with applicable laws related to safety, occupational health, workplace environment, and the Company’s property.

2. Purpose of Collecting Personal Data

The Company collects your personal data for the following purposes:

To protect your life, body, health, and property from harm.
To safeguard the Company’s premises, offices, facilities, and assets from damage, disruption, destruction, or other criminal acts.
To support relevant authorities in law enforcement for the prevention, suppression, investigation, and prosecution of legal offenses.
To assist in judicial dispute resolution processes, disciplinary procedures, or grievance processes.
To support investigative processes or complaint-handling procedures.
To assist in the initiation or defense of civil litigation, including but not limited to legal actions related to employment.
To perform any other related actions necessary to fulfill the objectives of the CCTV system.

3. Collection of Personal Data

The Company installs CCTV cameras in visible locations and places signage at entry and exit points, as well as in other areas deemed necessary for surveillance. These measures are intended to inform individuals that CCTV is in operation. The Company collects your personal data when you enter these areas. The CCTV cameras record still images and video footage within areas under the Company’s supervision.

4. Methods of Personal Data Retention

The Company retains your personal data in both physical and electronic formats. Your personal data is stored as follows:

On servers provided by foreign service providers (e.g., DigitalOcean, Google Cloud Platform, Microsoft Azure)

5. Disclosure of Personal Data

The Company may disclose your personal data to others with your consent or as permitted by law, as follows:

1. Internal Organizational Management

The Company may disclose your personal data internally to the extent necessary to fulfill the purposes specified in this policy. The Company will maintain the security of your personal data, including limiting access to authorized personnel only.

2. Third Parties

The Company may disclose your personal data to third parties, which may include affiliates, service providers, or business partners, to the extent necessary to prevent harm to your life, body, or property in accordance with the purposes stated in this policy.

3. Law Enforcement

In cases where the law or a government agency requires, the Company will disclose your personal data as necessary to such agencies, including but not limited to courts, prosecutors, and the police.

6. Rights Under the Personal Data Protection Act B.E. 2562 (2019)

1. Right to Withdraw Consent

2. Right to Access

3. Right to Data Portability

4. Right to Rectification

You have the right to request the correction of your personal data to ensure it is accurate, current, complete, and not misleading.

5. Right to Restriction of Processing

You may request the restriction of processing your personal data in the following circumstances:

During the period the Company is verifying the accuracy or completeness of your personal data at your request.
When your personal data has been unlawfully collected, used, or disclosed.
When the personal data is no longer necessary for the purposes for which it was collected, but you request retention for legal claims.
During the period the Company is validating the necessity or legality of processing your personal data in response to your objection.

6. Right to Object

7. Right to Erasure/Destruction

8. Right to Lodge a Complaint

7. Retention Period of Personal Data

The Company will retain CCTV footage containing your personal data for a period of 120 days, or for as long as necessary to fulfill the surveillance purposes associated with this policy. In some cases, the data may need to be retained beyond this period if required by law. Once the data is no longer necessary or the retention period has expired, the Company will delete, destroy, or anonymize the data so that it can no longer be used to identify you.

8. Personal Data Security Measures

The Company has implemented measures to ensure the security of your personal data based on the principles of confidentiality, integrity, and availability. These measures are in place to prevent the loss, unauthorized access, deletion, destruction, use, alteration, modification, or disclosure of personal data. The Company applies a combination of administrative safeguards, technical safeguards, and physical safeguards, particularly regarding access control and the use of personal data. These measures are aligned with the Company’s Information Security Policy and best practices.

9. Personal Data Breach Notification

In the event of a personal data breach concerning your information, the Company will notify the Office of the Personal Data Protection Committee without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, the Company will also inform you of the breach and provide remedial measures without undue delay through various communication channels such as SMS, email, telephone, or postal mail.

10. Changes to the Personal Data Protection Policy

The Company may revise or amend this policy as deemed appropriate. You can access the updated terms and conditions of this policy via the Company’s website. The Company will also notify you of any updates through the QR code displayed on the CCTV warning signs. This policy was last revised and became effective on May 30, 2022.

Your entry into the premises constitutes acknowledgment and acceptance of the terms of this policy. If you do not agree with the terms, please refrain from entering the premises. Continued access to the premises after the policy has been revised and published through the aforementioned channels will be deemed as your acknowledgment of the changes.

11. Personal Data Protection Policy of Other Websites

If you visit other websites, even through links provided on the Company’s website, the protection of your personal data will be governed by the privacy policy of those respective websites, with which the Company has no involvement.

12. Contact Information

If you have any questions or concerns, please contact us at:

1. Data Controller

Name: Octagon Interactive Co., Ltd.
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Website: www.octagoninteractive.co.th
Phone: 02-104-9044
Email: complaint@8interactive.co.th

2. Data Protection Officer: DPO

Name: Jirapong Mukham
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Phone: 02-104-9044
Email: complaint@8interactive.co.th
Data Subject Rights Request Form: https://airtable.com/shryI3tWSvWIrSevL

Personnel & Applicants Privacy Policy

This document is the Personal Data Protection Policy for Personnel, hereinafter referred to as “Personnel” or “You,” of Octagon Interactive Co., Ltd., hereinafter referred to as the “Company.” The Company acts as the data controller under the Personal Data Protection Act B.E. 2562 (2019). This Personal Data Protection Policy explains how the Company collects and uses your personal data within the scope and for the purposes of the Company as outlined below.

1. Scope and Purpose of the Personal Data Protection Policy

This policy covers personal data owners who are personnel of the company, including directors, executives, employees, family members, emergency contacts, consultants, interns, part-time employees, job applicants, and outsourced workers. Under this personal data protection policy, the following terms have the meanings defined below:

“Processing” means any operation performed on personal data of the company’s personnel, including collection, use, storage, disclosure, and deletion of personal data.
“Legal basis for processing” means the necessary grounds for processing personal data under Sections 24 and 26 of the Personal Data Protection Act.
“Personal data” means information relating to an individual that can identify that individual, directly or indirectly, but does not include information of deceased persons. Examples include name, surname, phone number, address, email, national ID number, etc.
“Sensitive personal data” means personal data specifically defined by law, such as race, political opinions, beliefs in sects, religion or philosophy, sexual behavior, criminal history, health information, disability, union membership, genetic data, biometric data, or other similar information as prescribed by law, which the company must handle with special caution.

This personal data protection policy may be reviewed and updated at any time, and you will be notified through appropriate communication channels accordingly.

2. Types of Personal Data Processed

The company processes your personal data as follows:

Identity data, such as title, first name, last name, nickname, national ID number, employee ID number, signature, photograph, etc.
Contact and address data, such as social media contact information, current address, social media accounts, contact details, home phone number, mobile phone number, email, emergency contact, etc.
Employment data, such as job position, type of employment, most recent job title, company name, time records, employment history, leave records, performance evaluations, information related to company IT system usage, test data, references, workplace address, job application details, work phone number, expected salary, etc.
Financial data, such as bank account number, salary, benefits, debtor information, etc.
Background data, such as relationships, weight, date of birth, nationality, marital status, references or background checks, military status, height, gender, age, etc.
Technical data, such as IP address, computer serial number, video footage, images from CCTV, etc.
Documentary evidence, such as copies of ID cards, copies of house registration, etc.
Educational data, such as GPA, educational history, educational certificates, training or seminar participation, etc.

Additionally, the company may collect and use sensitive personal data as follows:

Health data, such as health insurance information, disabilities, medical history, vaccination records, health checkup results, etc.
Criminal history data, such as criminal records.
Biometric data, such as facial recognition, fingerprints, etc.
Other data, such as race, religion or philosophy, and any other data affecting your personal data as specified by the Personal Data Protection Committee.

3. Collection of Personal Data

The company collects personal data directly from you through the following processes or channels:

Filling out forms, related documents, contracts, supporting documents, or online forms.
Completing relevant forms via various platforms such as Airtable or Google Forms.
Filling out forms through the company’s website.
Communication via email, telephone, and social media.

However, the company may also collect additional information from external agencies, including:

Financial service providers such as banks and financial institutions.
Service providers such as recruitment agencies and the National Credit Bureau.
Training providers such as educational institutions.
Government or official agencies such as the Bank of Thailand, police stations, Ministry of Finance, and courts.
Healthcare providers such as hospitals and clinics.

Additionally, the company may collect personal data of third parties related to you, which you provide to the company, such as your spouse, children, parents, family members, emergency contacts, beneficiaries, references, or former employers. The company uses this data to manage your benefits and entitlements, contact you in emergencies, or reference information beneficial to you. Please inform these third parties of this Personal Data Protection Policy to acknowledge the company’s policy and obtain their consent for the collection, use, and disclosure of their personal data in accordance with the company’s purposes.

4. Methods of Personal Data Storage

The company stores your personal data in both physical documents and electronic formats. Your personal data is stored as follows:

Company servers located in Thailand
Servers provided by third-party service providers located overseas (such as DigitalOcean, Google Cloud Platform, Microsoft Azure)

5. Personal Data Processing

The company collects, uses, and discloses your personal data in various ways, including but not limited to achieving the following purposes:

1. Contractual Basis
To perform the contract to which you are a party, whether it is an internship agreement, employment contract, or any other contract, or to process your request/application prior to entering into the contract, as applicable. Examples of personal data collected, used, and disclosed by the company include:
(1) Written examinations, interviews, payment of wages or other compensation, provision of benefits, timekeeping, leave, appointment, transfer, position changes, organizational restructuring, performance evaluation and management;
(2) Skill development, employee ID card issuance, employee registration, employee data management, communication, compliance with laws, tax payment, risk management, audit, fraud prevention, disciplinary investigation, complaint handling, internal management, and other employment-related purposes.

2. Legal Obligation
To comply with legal duties imposed on the company as an employer or otherwise, such as:
(1) Civil and commercial laws, labor protection laws, social security laws, compensation laws, labor relations laws, provident fund laws, tax laws, anti-money laundering laws, laws preventing and suppressing financing for terrorism and proliferation of weapons of mass destruction, computer laws;
(2) Other necessary laws, including announcements and regulations issued pursuant to such laws.

3. Legitimate Interest
For the legitimate interests of the company or other persons or legal entities, not exceeding what you can reasonably expect, or for other purposes permitted by law, such as:
(1) Capturing still images and video footage from CCTV;
(2) Preparing meeting minutes, broadcasting audio and video for meetings, recording still images and videos of meetings as evidence, and public relations through print and electronic media;
(3) Conducting surveys, participating in internal activities, announcing results, receiving and delivering parcels, analysis, research, and statistics;
(4) Risk management, audit, complaint handling, internal management, fraud prevention and response;
(5) Cyber threat prevention, law violation detection, monitoring use of electronic devices to improve work efficiency, or behavior monitoring, legal proceedings;
(6) Making data anonymous;
(7) Data of applicants who were not selected and their references.

4. Consent

To collect, use, and disclose your personal data as necessary, such as:
(1) Health data for recruitment, welfare and medical expense reimbursement, medical treatment, referral, annual physical examination, vaccination, health insurance, blood type;
(2) Biometric data, e.g., facial recognition, fingerprint, palm print, for identity verification for attendance, meeting, training, activities, office entry;
(3) Criminal record data for recruitment or qualification checks for the assigned work;
(4) Recording still images or videos for corporate publicity materials.

Group of Activities

Group of PIIs

Legal Bases

Access Control Management

• Address/Contact Data
• Property Data
• Identity Data
• Work-related Data
• Profile Data
• Evidence
• Biometric Data

• Contract
• Consent
• Legitimate Interest

Recruitment process

• Identity Data
• Address/Contact Data
• Work-related Data
• Profile Data

• Family-related Data
• Evidence

• Health Data

• Contract
• Consent

Audit Procedures

• Work-related Data
• Identity Data
• Family-related Data

• Educational Data
• Address/Contact Data
• Profile Data

• Transactional Data

• Legitimate Interest

Back-up, update database and IT troubleshooting

• Property Data
• Identity Data
• Work-related Data
• Address/Contact Data

• Legitimate Interest

Company's Property Management

• Address/Contact Data
• Financial Data
• Identity Data
• Evidence

• Work-related Data

• Contract
• Legitimate Interest

Project/Product Support, Monitoring and Examination

• Work-related Data
• Identity Data
• Transactional Data

• Address/Contact Data
• Profile Data

• Contract
• Legitimate Interest

Reporting and Notification Procedures

• Identity Data
• Work-related Data
• Educational Data

• Profile Data

• Transactional Data

• Contract
• Legitimate Interest

Documentation Procedures

• Identity Data
• Work-related Data
• Profile Data
• Evidence
• Address/Contact Data

• Contract
• Legitimate Interest

Internal Personnel Record and Management

• Identity Data
• Address/Contact Data

• Work-related Data
• Profile Data
• Financial Data
• Evidence
• Transactional Data
• Biometric Data
• Family-related Data
• Educational Data

• Contract
• Legitimate Interest

• Consent

Litigation, Legal Procedures and Legal Execution

• IT Data
• Address/Contact Data
• Profile Data
• Identity Data
• Work-related Data
• Transactional Data
• Evidence

• Financial Data

• Family-related Data

• Contract
• Legitimate Interest
• Legal Obligation

Personnel Training and Personnel Assessment

• Identity Data
• Financial Data
• Transactional Data
• Profile Data
• Address/Contact Data

• Work-related Data

• Contract
• Legitimate Interest
• Legal Obligation

Personnel’s Financial Procedures

• Address/Contact Data
• Identity Data
• Work-related Data
• Profile Data

• Contract
• Legitimate Interest

Personnels' Welfare Protection

• Financial Data

• Identity Data
• Transactional Data

• Work-related Data
• Address/Contact Data
• Profile Data
• Evidence

• Health Data

• Family-related Data

• Contract
• Legitimate Interest
• Legal Obligation
• Consent

Social Security

• Financial Data
• Identity Data
• Work-related Data
• Family-related Data
• Profile Data
• Address/Contact Data
• Evidence
• Health Data

• Legal Obligation

Tax filing, Payroll and Promotion

• Financial Data
• Identity Data
• Work-related Data
• Address/Contact Data
• Profile Data
• Transactional Data
• Evidence

• Contract
• Legal Obligation

Promote organization

• Identity Data
• Work-related Data
• Profile Data

• Contract
• Legitimate Interest

Sending and receiving documents

• Identity Data
• Profile Data
• Work-related Data
• Address/Contact Data

• Contract
• Legitimate Interest

Exercise of data subject rights

• Identity Data

• Legal Obligation

Recruitment and Resignation Procedures

• Profile Data
• Evidence
• Identity Data
• Work-related Data
• Address/Contact Data
• Health Data
• Educational Data
• Financial Data

• Family-related Data

• Legitimate Interest
• Contract
• Consent

The Company will process the personal data of personnel only for the purposes that have been previously specified. In certain cases, the Company may process your personal data for other related purposes that are not inconsistent with or beyond the original purposes. However, if it is necessary for the Company to process your personal data for purposes unrelated to the original ones, the Company will obtain new consent or notify you of the new purposes for which your data will be used.

6. Disclosure of Personal Data

The Company may disclose your personal data to others with your consent or as permitted by law, as follows:

1. Internal Organizational Management
The Company may disclose your personal data internally to the extent necessary to carry out operations and management activities in accordance with the purposes stated in this policy.

2. Third Parties
The Company may disclose certain personal data to third parties, which may include affiliates, service providers, and business partners of the Company, to the extent necessary for communication, operations, and coordination in accordance with the purposes outlined in this policy. This includes, for example, training and seminars, transportation services, document storage and destruction services, security services, marketing services, IT services, business consulting firms, financial institutions, auditors, legal or tax advisors, and other consultants.

3. Law Enforcement
In cases where required by law or requested by government authorities, the Company will disclose your personal data as necessary to government agencies, such as courts, prosecutors, police, the Revenue Department, the Department of Skill Development, the Immigration Bureau, and other relevant authorities.

7. Rights Under the Personal Data Protection Act B.E. 2562 (2019)

1. Right to Withdraw Consent

2. Right to Access

3. Right to Data Portability

4. Right to Rectification

You have the right to request the correction of your personal data to ensure it is accurate, current, complete, and not misleading.

5. Right to Restriction of Processing

You may request the restriction of processing your personal data in the following circumstances:

During the period the Company is verifying the accuracy or completeness of your personal data at your request.
When your personal data has been unlawfully collected, used, or disclosed.
When the personal data is no longer necessary for the purposes for which it was collected, but you request retention for legal claims.
During the period the Company is validating the necessity or legality of processing your personal data in response to your objection.

6. Right to Object

7. Right to Erasure/Destruction

8. Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant authority if you believe the Company’s handling of your personal data violates applicable data protection laws.

You may exercise these rights or file a complaint by contacting the Company’s Data Protection Officer as listed at the end of this policy. You may also submit a request by clicking on the Data Subject Rights Request Form. The Company will respond within 30 days from the date of receiving your request, in accordance with the procedures set by the Company. If your request is denied, you will be notified of the reason via SMS, email, phone, or post.

8. Retention Period of Personal Data

The Company will retain your personal data for as long as necessary during the period you are a job applicant, employee, or personnel of the Company, or for as long as necessary to fulfill the relevant purposes specified in this policy. In certain cases, the Company may be required or permitted by law to retain your data beyond that period, such as:

1. Job Applicants: For applicants who are not selected, the Company will retain your personal data for a period of 1 year from the date of notification of the result, in order to contact you should there be any future job openings that may be suitable for you.

2. Employees and Personnel: For employees and personnel of the Company, your personal data will be retained for a period of 10 years from the date of termination of employment or engagement. This is for the purpose of verification or legal defense in the event of potential disputes within the statute of limitations as prescribed by law.

The Company will delete, destroy, or anonymize your personal data once it is no longer necessary or upon the expiration of the aforementioned retention periods.

9. Personal Data Security Measures

The Company implements measures to secure your personal data based on the principles of confidentiality, integrity, and availability, in order to prevent loss, unauthorized access, deletion, destruction, use, alteration, modification, or disclosure of personal data without permission. These measures include administrative safeguards, technical safeguards, and physical safeguards regarding access or control of personal data, in accordance with the Company’s Information Security Policy and practices.

10. Personal Data Breach Notification

In the event of a personal data breach, the Company will notify the Office of the Personal Data Protection Committee without undue delay and within 72 hours after becoming aware of the breach, to the extent possible. If the breach is likely to result in a high risk to your rights and freedoms, the Company will also notify you of the breach along with remedial measures without undue delay via various channels such as SMS, email, phone call, or letter.

11. Changes to the Personal Data Protection Policy

The Company may amend or update this Policy as deemed appropriate. You can access the revised terms and conditions of the Policy through the Company’s website or internal communications. This Policy was last updated and has been effective since May 30, 2022.

12. Personal Data Protection Policies of Other Websites

If you visit other websites, even through the Company’s website, the protection of your personal data will be governed by the privacy policies of those respective websites, which are not affiliated with the Company.

13. Contact Information

If you have any questions or concerns, please contact us at:

1. Data Controller

Name: Octagon Interactive Co., Ltd.
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Website: www.octagoninteractive.co.th
Phone: 02-104-9044
Email: complaint@8interactive.co.th

2. Data Protection Officer: DPO

Name: Jirapong Mukham
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Phone: 02-104-9044
Email: complaint@8interactive.co.th
Data Subject Rights Request Form: https://airtable.com/shryI3tWSvWIrSevL

Customers' Privacy Policy

This document is Privacy Policy applies to all customers (hereinafter referred to as "You" and “Your”) of Octagon Interactive Company Limited (hereinafter referred to as "Company"). As a personal data controller according to the Personal Data Protection Act B.E. 2562, This Privacy Policy will notify all concerned about how the company collects and processes customer’s personal data in accordance with the purposes and scope of the company.

1. Purposes and Scope of the Privacy Policy

This privacy policy covers data subjects who are the company's customers including: customer, user, payer, resident, tenant, representative, agent, guest, visitor and individual being involved with the company's customers.

As used in this privacy policy, the following terms shall have the meanings set forth below:

“Processing” means anything done with Customer’s personal data, including collection, storage, use, disclosure and deletion of personal data.
“Legal bases” means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of the PDPA.
“Personal data” means any information relating to an individual or data subject that can be used to directly or indirectly identify a person, excluding the data of the deceased such as full name, phone number, address, email and ID verification number etc.
“Sensitive data” means personal data which the personal data protection act., specify that the company must process with higher security than the personal data such as ethnic origin, political opinion, religious, sexual behavior, crime history, health information, disability, union information, genetic information, biometric and other as related laws or regulations specify.

This privacy policy may be revised at any given time and the company may notify you through appropriate channels.

2. Personal Data The Company Process

The company collects the following categories of your personal data;

Identity data including, but not limited to, prefix, name, surname, ID number, passport number, driver's license number, and photo;
Address/contact data including, but not limited to, permanent address, present address, mobile phone number, and email account;
Residential data including, but not limited to, room number, unit code, house number, building name, and building's floor;
Transaction data including, but not limited to, payment, and proof of payment;
Profile data including, but not limited to, date of birth, religion, nationality, marital status, gender, and age;
Property data including, but not limited to, car types, and vehicle registration number;
Technical data including, but not limited to, stamp key electronic, and POS serial number; and
Other data including, but not limited to, data from ID Card, and data from driver's license.

3. How The Company Collect Your Personal Data

In general, the company will directly collect your personal data through these processes or channels including, but not limited to;

When customer fills in relevant online webforms via website and web application, such as registration form and payment form; and
When staff performs data extraction from identity documents through website and web application.

However, the company may collect additional personal data through third-party organizations which include;

Service providers, such as shops, juristic persons, real estate development companies, banks and financial institutions, etc.

4. Personal Data Storage

The company stores your personal data as hard copy and soft copy by using the following systems;

Third-party server service providers outside of Thailand, such as DigitalOcean, Google Cloud Platform, and Microsoft Azure.

5. How The Company Process Your Personal Data

The company will collect, use, and disclose your personal data for the following, but not limited to, purposes.

1. Performance of the contract (Contractual Basis)

For the performance of the contract in order to enable you to use company's products and/or services for the purposes of which your representative/service provider are a party to the company or to fulfill your request before using the company's products and/or services, such as

(1) Providing products and/or services, including delivering company's products and/or services.

(2) Any action related to the use of products and/or services, such as processing, contacting, notifying, assigning tasks to third party service providers; Implementing coordinated and communicating to provide effectively deliver services, including the notification of any information related to or due to the usage of the company's product or service.

2. Legal Obligation

In order to perform duties in accordance with relevant laws or applicable (Legal Obligation), such as

(1) Compliance with legal, regulation, the order of the legal authority or government agencies, such as compliance with subpoenas, injunction, and otherwise authorized by law.

(2) Compliance with other necessary laws, including announcements and regulations issued under such laws.

3. Legitimate Interest

To carry out operations necessary under the legitimate interests of the company or of another person or entity without exceeding the scope that you can reasonably expect (Legitimate Interest), such as

(1) Image recording, CCTV recording, identity document verification, identity document data extraction, identity document exchange before entering this premises

(2) Owner/agent’s identity verification of the property ownership, property data recording before entering this premises

(3) Prevention, coping, and reduction of risks through deliberate actions that may cause loss of life, injury, other health impacts or property damage (eg: common property, personal property and personal safety); illegal activities; offenses relating to property, life, body, liberty or reputation, which include sharing personal information to raise the standard of work of companies and service providers in preventing, coping, and reducing the aforementioned risks.

(4) Customer relations, such as handling complaints, satisfaction assessment, customer care by service providers, processing and displaying data for service improvement, and offering new products and/or services that are beneficial to you.

(5) Risk management, supervision and internal management

(6) For the purpose of accounting and finances, such as audit, payment validation and refunding

(7) Making personal information as non-personally identifiable information (Anonymous Data)

The following are the groups of activities in which the company utilizes your personal data to carry out all activities in accordance with the aforementioned purposes:

Group of Activities

Group of PIIs

Legal Bases

Visitor Management and Access Control

• Identity Data

• Address/Contact Data

• Residential Data

• Profile Data

• Property Data

• Contract
• Consent
• Legitimate Interest

Car Park Management and Access Control

• Identity Data
• Address/Contact Data
• Residential Data
• Profile Data
• Property Data

• Contract
• Contract
• Legitimate Interest

Smart Locker Management and Access Control

• Identity Data
• Address/Contact Data
• Residential Data

• Contract
• Consent
• Legitimate Interest

Identity Verification

• Identity Data
• Address/Contact Data
• Residential Data
• Profile Data
• Property Data
• Technical Data

• Legitimate Interest

Payment Process

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Property Data
• Technical Data

• Legitimate Interest

Operations with Service Providers /Providers

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data

• Contract
• Legitimate Interest

Customer Support, Monitoring and Examination

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data

• Contract
• Legitimate Interest

Complaint Management, Database and IT troubleshooting

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Property Data
• Technical Data

• Contract
• Consent
• Legitimate Interest

Audit Procedures (Product, Service and Process)

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Property Data
• Technical Data

• Contract
• Legitimate Interest

Data Management and Access Control

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data

• Contract
• Legitimate Interest
• Legal Obligation

Reporting, Making Report and Documentation Procedures

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data

• Contract
• Legitimate Interest

Litigation, Legal Procedures and Legal Execution

• Identity Data
• Address/Contact Data
• Residential Data
• Transaction Data
• Profile Data
• Property Data
• Technical Data
• Evidence

• Contract
• Legitimate Interest
• Legal Obligation

Compliance with Data Subject Right

• Identity Data

• Legal Obligation

Company will process your personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes, and it is unlikely to rely on other legal bases, through this policy, the company will provide additional information about the processing's purpose and legal basis.

6. Disclosure of Personal Data

Company may disclose and/or transfer your personal data to third-party organizations and process personal data in accordance with agreements with the company and/or legal obligations. These organizations may include;

1. Organization
Company may disclose your personal data within our organization to provide and develop our products or services. Company may combine information internally across the different products or services covered by this privacy policy to help us be more relevant and useful to you and others.

2. Service Providers, Vendors & Business Partners
Company may use service providers and vendors to help us provide our services as payments and development of products or services, such as Kasikorn Bank (KBANK), auditors, legal and financial advisors, security services agency and others as related. Please note that service providers and vendors have their own privacy policy.

In relation with our business partners, the company may disclose certain personal data to them in order to coordinate and provide our products or services to you and provide necessary information about the availability of our products or services, such as juristic persons and real estate development companies.

3. Law Enforcement
Under certain circumstances, the company may be required to disclose your personal data if required to do so by law or in response to valid requests by government authority such as courts, government authorities.

7. Rights Under the Personal Data Protection Act B.E. 2562 (2019)

1. Right to Withdraw Consent

2. Right to Access

3. Right to Data Portability

4. Right to Rectification

You have the right to request the correction of your personal data to ensure it is accurate, current, complete, and not misleading.

5. Right to Restriction of Processing

You may request the restriction of processing your personal data in the following circumstances:

During the period the Company is verifying the accuracy or completeness of your personal data at your request.
When your personal data has been unlawfully collected, used, or disclosed.
When the personal data is no longer necessary for the purposes for which it was collected, but you request retention for legal claims.
During the period the Company is validating the necessity or legality of processing your personal data in response to your objection.

6. Right to Object

7. Right to Erasure/Destruction

8. Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant authority if you believe the Company’s handling of your personal data violates applicable data protection laws.

8. Time Period of Personal Data Storage

Company will keep your personal information for a period of 120 days or throughout the appropriate period according to the purposes and scope of this privacy policy to process such data still stand or/and for service, for inspection, for supervision, for safety and risk management, for preventing loss of life and property, for legal obligation, and for others as related. Company will keep your payment and transaction information for a period of 10 years for the purpose of proving and verifying cases that may arise within the statute of limitations.

Company will delete or destroy your personal information or make it non-personally identifiable information when it is no longer necessary or at the end of the said period.

9. Personal Data Security

Company endeavors to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls. Company has implemented security measures to ensure the security of your personal data in accordance with the company's information security policy.

10. Personal Data Breach Notification

Company will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, the company will also notify the personal data breach and the remedial measures to you without delay through company website, SMS, email address, telephone or registered mail (if applicable).

11. Changes to this Privacy Policy

Company holds the rights to review and edit this privacy policy as the company see appropriate. Any changes of this privacy policy, the company encourages you to frequently check on our websites and web applications. Company also notifies you to understand this privacy policy by scanning QR code on a notice at the entrance of this premises.
This privacy policy was last updated and effective on August 5, 2022.

Through the showing and/or exchanging of your identity document including by entering this premises, you are hereby accepting the terms stipulated within this privacy policy. If you do not agree to this privacy policy, please do not enter this premises.

12. Links to Other Sites

Any websites from other domains found on company websites and web applications are subject to their privacy policy which is not related to us.

13. Contact Information

If you have any questions or concerns, please contact us at:

1. Data Controller

Name: Octagon Interactive Co., Ltd.
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Website: www.octagoninteractive.co.th
Phone: 02-104-9044
Email: complaint@8interactive.co.th

2. Data Protection Officer: DPO

Name: Jirapong Mukham
Address: 919/541B, Jewelry Trade Center Building, 49th Fl., Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
Phone: 02-104-9044
Email: complaint@8interactive.co.th
Data Subject Rights Request Form: https://airtable.com/shryI3tWSvWIrSevL