1. Customer Consent for Data Collection
Customers acknowledge and agree that the sharing of personal data to the Company is deemed as consent for the Company to collect, use or disclose personal data according to this Policy.
1. Our general customers
2. Employees, personnel, officers, representative, agents as well as other individuals related to corporate clients and individual clients who are past and future customers
In this regard, it shall be hereinafter collectively referred to as “You” under this Policy.
2. Channels of Data Collection
Personal Data is collected while You are using our services or contacting us through various channels such as service employees who provide services at an office through emails, telephones, websites, applications, ticket reservations, online purchase or any other service channels of the Company. Moreover, data is collected from indirect sources such as HR Feed and your authorized persons or representatives and individuals with legal authority or who are permitted or approved to disclose your personal data to the Company. Furthermore, this also includes data from other sources that you release to the public and data from business partners and organizations as well as your data from any form and questionnaire, CCTV and others.
3. Objectives of Personal Data Collection and Processing
The Company collects, uses or discloses your personal data accordingly as necessary in order to achieve the objectives of providing services, performing contracts and complying with the law. Details of the objectives are as follows:
- To perform contracts between You and the Company.
- To provide suitable services or products that match your needs as well as responding to inquiries and giving assistance to a data subject.
- To perform contracts, documents comparable to contracts or content of legal relation of You and the Company, or the Company and corporates that support your travel (corporates that we provide services to).
- To comply with terms and conditions of airlines, hotels or services that You request.
- To provide reservations service of flight tickets, hotels, car rental and other services as well as visa applications according to rules of related agencies.
- To verify your identity.
- To manage or execute internal tasks of the Company which are necessary according to the law.
- To comply with the law and to cooperate with other government regulators as well as coordinating with investigation authority agencies or legal agencies, etc.
4. Types of Personal Data
“Personal Data” means data that identify you or can lead to your identity. Details are shown below:
1. Data that present identity and contact channels, including name, surname, date of birth, nationality, gender, identification number, passport number, signature, photo, telephone number, email, address, health information, marital status, educational background, work record (such as occupation, office, position, salary), house registration.
2. Financial data such as bank accounts, copy of bankbooks, details of credit cards or debit cards, and financial status.
3. Data from photos and audio collected while you are in contact with the Company such as photos and/or audio from CCTV, conversation via telephones, or communication via our online channels or electronic channels.
4. Other personal data that you provide in contracts and forms.
5. Sensitive personal data such as religion, blood group as shown in a copy of your identification card, details of your disability, health or abnormality which we can use to provide services to You.
5. Personal Data Security and Protection
The Company has formulated both technical and physical privacy protection measures together with proper management to prevent loss of, access to, use of, change of, amendment to or disclosure of personal data without authority or approval. The measures include firewall, encryption, and physical access control. In this regard, You are responsible to maintain security and privacy regarding passwords and information related to your account as well as ensuring that your personal data that the Company has retained is correct and updated.
The Company limits authorized persons (employees or staff) who can access personal data for processing based on necessity. Such persons must strictly comply with the rules of personal data protection.
6. Personal Data Retention Period
The Company shall retain your data according to necessity and the objectives specified above, and to comply with laws and regulations.
7. Types of Individuals or Agencies for Personal Data Disclosure
We may transfer your data to our branches, subsidiaries, partners, airlines, hotels, hotel groups, car rental companies, travel agencies, civil aviation authority agencies at origins/destinations, airline management agencies, the immigration bureau, the police aviation bureau, business partners, insurance companies, and reinsurance companies. This is to allow such companies and agencies to manage data and provide related services to you.
8. Request Rejection or Objection
You have the right to withdraw the consent or to object the information sharing according to the Personal Data Protection Act B.E. 2562. We will notify you about the impact of the consent withdrawal in advance if such withdrawal were to impact the collection, use or disclosure of personal data under our services.
9. Data Controller, Contact Point and Contact Method
If you have inquiries or intend to exercise the legal right related to your personal data, please contact Group Data Protection Officer at DPO@siamexpress.com