For the purposes of this Privacy Policy, “Personal Data” means any directly or indirectly identified or identifiable information as listed below.

We may collect your Personal Data directly or indirectly from other sources, such as the Companies under BTS Group, other third parties (e.g. reference persons, brokers, investors, analysts, employers), public domain (e.g. online social media), and third-party website or the relevant government agencies. The specific type of Personal Data which we collect will depend on the context of your relationship with us or the Companies under BTS Group, and the services or products you wish to receive from us or the Companies under BTS Group. The followings are example of Personal Data which we may collect:

2)  Contact information, such as postal address, house registration address, national identification card address, workplace address, phone number, facsimile number, email address, LINE user account, Facebook account, and other information related to online social media;

3) Financial information, such as bank account information;

4) Transaction information, such as information in the documents related to such transaction (e.g. contract, land deed, receipt);

5) Technical information, such as Internet Protocol (IP) address, web beacon, log, device model and type, hardware-based identifiers such as universal device identifier (UDID), media access control information, software-based identifier such as identifier for advertisers for iOS operation system (IDFA), or identifier for advertisers for Andriod operation system (AAID), connection information, access information, single sign-on (SSO) information, login log, access time, time spent on our webpage, cookies, login data, search history, browsing detail, browser type and version, time zone setting and location, plug-in browser types and versions, operating system and platform, and other technology on devices used to access the platform;

6) Information related to relationship management, such as opening of customer account, management, operation, payment, dispute resolution, processing and reporting on behalf of the customer, such Personal Data may also include communication records with us;

7) CCTV details, please see our “CCTV Privacy Policy” for more details on how we collect, use and/or disclose Personal Data

If you provide Personal Data of any third party (such as emergency contact or other party) to us, e.g. their name, family name, address, relationship and contact information, you represent and warrant that you have the authority to do so
by (i) informing such other person about this Privacy Policy; and (ii) obtaining consents (where required by laws or necessary) to permit the Company to use the Personal Data in accordance with this Privacy Policy. 

We do not intentionally collect your sensitive data (“Sensitive Data”) such as the Sensitive Data as appeared in the government issued documents (e.g. religion information on the national identification card). However, in case that we do, we will only collect, use, and/or disclose Sensitive Data on the basis of your explicit consent or where permitted by law.

We only collect the Personal Data of children, quasi-incompetent person and incompetent person where their parent or guardian has given their consent. We do not knowingly collect Personal Data from persons under the age of 20 without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian’s consent. In the event that we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required or from quasi-incompetent person and incompetent person without their legal guardians, we will delete it immediately or collect, use and/or disclose if we can rely on other legal basis apart from consent or where permitted by law.

We may collect, use and/or disclose Personal Data for the following purposes:

2.1 THE PURPOSE OF WHICH WE RELY ON CONSENT:

2.2 THE PURPOSE THAT WE MAY RELY ON OTHER LEGAL BASES FOR COLLECTION, USE, AND/OR DISCLOSURE OF PERSONAL DATA

We may disclose or transfer your Personal Data to the following third parties who collect, use, and/or disclose Personal Data in accordance with the purposes under this Privacy Policy. These third parties may be located inside or outside Thailand. You can visit their privacy policy to learn more details on how they collect, use and/or disclose Personal Data since you could also be subject to their privacy policies.

3.1 Companies under BTS Group

As the Company is part of the Companies under BTS Group which all collaborate and partially share customer services and/or systems, e.g. service system and website-related systems, we may need to transfer your Personal Data to,
or otherwise allow such Personal Data to be accessible by the Companies under BTS Group, for the purposes set out above. In this regard, the Companies under BTS Group, our affiliates and subsidiaries could also rely on the consent obtained by us to use your Personal Data.

In addition, the Company collaborates with BSS Holdings Company Limited (“BSSH”), which is one of the Companies under BTS Group, to develop the operation of media and digital marketing businesses in order to allow us to provide better services to you, including complying with the applicable laws in relation to Personal Data protection. Please visit the privacy policy of BSSH as well as the privacy policies of other Companies under BTS Group to learn the details
on how they collect, use, and/or disclose your Personal Data.

3.2 Our service providers

We may engage other companies, agents or contractors to perform services on our behalf or to accommodate the provision of services. We may disclose Personal Data to the third-party service providers, including, but not limited to,
(1) infrastructure, software, internet and website developers and IT service providers; (2) event organizers; (3) data storage and/or document destruction service providers; and/or (4) travel agencies/ travel companies.

In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to provide the services, and we will ask them not to use your Personal Data for any other purposes. We will take steps to ensure that all the service providers we work with will keep your Personal Data secure.

3.3 Our business partners

We may transfer your Personal Data to our business partners to operate our business and provide services including, but not limited to, project owners, manufaturers or service providers for CSR projects, banks, financial institutes, securities companies, insurance companies, provided that the receiving business partner shall agree to treat Personal Data in
a manner consistent with this Privacy Policy.

3.4 Third parties permitted by law

In certain circumstances, we may be required to disclose or share your Personal Data to third parties in order to comply with a legal or regulatory obligation. This includes any law enforcement agency, court, regulator, government authority, embassy, consulate, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety; or to detect, prevent, or otherwise address fraud, security or safety issues.

3.5 Professional advisors

We may have to disclose Personal Data to our expert advisors including, but not limited to,
(1) independent advisors, project advisors, financial advisors; (2) legal advisors who assist us in our business operations and provide litigation services such as defending or initiating legal actions; and/or (3) auditors who provide accounting services or conduct financial audit for the Company.

3.6 Other third parties

We may be required to disclose Personal Data based on the legal bases in accordance with the purposes as specified in this Privacy Policy to other third parties, such as the public, complainants or other third parties that we receive a request to access our CCTV records etc.

3.7 Third parties connected with business transfer

We may disclose or transfer your Personal Data to our business partners, investors, major shareholders, assignees or transferees in the event of any reorganization, restructuring, amalgamation, merger, acquisition, business transfer, in whole or in part, sale, purchase, joint venture, assignment, or any similar event involving transfer or other disposition of all or any portion of our business, assets or stock. If any of the above events occurs, the receiving party will comply with this Privacy Policy to respect your Personal Data.

We may disclose or transfer Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards as Thailand’s. We take steps and measures to ensure that Personal Data is securely transferred, the receiving parties have in place suitable data protection standard and the transfer is lawfully permitted under the applicable laws.

We retain Personal Data for as long as is reasonably necessary to fulfil purposes for which we obtained them and to comply with the relevant legal and regulatory obligations. However, we may have to retain Personal Data for a longer duration, as required by the applicable laws.

If you visit our websites, cookies will gather or track certain information in relation to your use of our websites which
will be used to analyze trends, administer our websites, track users’ movements around the websites, or to remember users’ settings. Some of the cookies are necessary because without them, the site would not be able to function properly. Other cookies will help us to improve your experience on our websites and adjust the content to suit your needs which would make your browsing more convenient as the cookies remember the users (in a secure manner)
as well as your language preferences.

Usually, most internet browsers allow you to control whether or not to accept cookies. If you
reject cookies, it might affect your use of the websites and your ability to use some or all of
the features or areas of our websites may be limited.

Please find more details about the cookies we use for our VGI website at VGI Cookies
Policy for more details and for VGI ONE webpage at  VGI ONE Cookie Policy. 

As a way to protect personal privacy of Personal Data, we maintain appropriate security measures, which includes administrative, technical and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of Personal Data against any accidental or unlawful or unauthorized loss, alteration, correction, use, disclosure or access, in compliance with the applicable laws.

In particular, we have implemented access control measures which are secured and suitable for our collection, use, and/or disclosure of Personal Data. We restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user, access management to limit access to Personal Data to only authorized persons, and implement user responsibilities to prevent unauthorized access, disclosure, perception, unlawful duplication of Personal Data or theft of device used to store and process Personal Data. This also includes measures that enables the
re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of collecting, using and/or disclosing of Personal Data.

Subject to applicable laws and exceptions thereof, a data subject may have the following rights to:

1) Access: Data subjects may have the right to access or request a copy of the Personal Data we are collecting, using and/or disclosing. For privacy and security, we may require proof of the data subject’s identity before providing the requested Personal Data;

2) Rectification: Data subjects may have the right to have incomplete, inaccurate, misleading, or or not up to date Personal Data that we collect, use and/or disclose rectified;

3) Data Portability: Data subjects may have the right to obtain Personal Data we hold about that data subject,
in a structured, electronic format, and to transmit such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are collecting, using and/or disclosing that data on the basis of data subject’s consent or to perform a contract with the data subject;

4) Objection: Data subjects may have the right to object to certain collection, use and/or disclosure of Personal Data;

5) Restriction: Data subjects may have the right to restrict our use of Personal Data where the data subject believes such Personal Data to be inaccurate, that our collection, use and/or disclosure is unlawful, or that we no longer need such Personal Data for a particular purpose;

6) Withdraw Consent: For the purposes the data subjects have consented to our collection, use and/or disclosure of Personal Data, data subjects may have the right to withdraw consent at any time

7) Deletion: Data subjects may have the right to request that we delete, destroy or anonymize Personal Data that we collect, use, and/or disclose, except we are not obligated to do so if we need to retain such Personal Data in order to comply with a legal obligation or to establish, exercise or defend legal claims; and

8) Lodge a complaint: Data subjects may have the right to lodge a complaint to the competent authority where the data subject believe our collection, use and/or disclosure of Personal Data is unlawful or non-compliance with applicable laws in relation to data protection.

If you wish to contact us to exercise the rights relating to your Personal Data or if there is any queries about your Personal Data under this Privacy Policy, please contact our Data Protection Officer (DPO) at: