ILCT Ltd. (‘ILCT’ or ‘We’) values your privacy and is committed to safeguarding your personal data. This Privacy Policy covers how we manage and safeguard personal data, and your rights under the Personal Data Protection Act B.E. 2562 (‘PDPA’).

Personal data that ILCT collects:
In general, the collection of personal data will happen through cookies on our website, or directly from you for example via telephone, email, or documents.

Types of data collected may include (but is not limited to):

  • Personal data such as name, surname, age, date of birth, nationality, identification card, passport, etc.
  • Contact information such as address, telephone number, e-mail address, etc.
  • Account details such as username, password, transactions history, etc.
  • Proof of identity such as copy of identification card, copy of passport, etc.
  • Transaction and Financial information such as purchase history, credit card details, bank account, etc.
  • Technical data such as IP address, Cookie ID, Activity Log, etc.
  • Other such as photo, video, and other information that is considered personal data under the Personal Data Protection Laws.

Please, refer to our Cookies Policy to find out more about which information are collected and how we collect it through cookies.

We may collect, use or disclose sensitive data, which is specially categorized by the law, when we have obtained explicit consent from you or where necessary for us as permissible under the law. We may collect, use or disclose your sensitive personal data as follows:

  • racial
  • health data
  • any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee.

Minors

If you are under the age of 20 or have legal restrictions, we may collect use, or disclose your personal data. We require your parents or guardian to be aware and provide consent to us or be allowed by applicable laws. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

What we use your personal data for

We may use the collected data for various purposes:

  • To ceate and manage accounts
  • To provide products or services you request
  • To improve products, services, or user experiences
  • To share and manage information within the organization
  • To conduct marketing activities
  • To gather user’s feedback
  • To process payments of products or services
  • To comply with our Terms and Conditions
  • To comply with laws, rules, and regulatory authorities.

You may browse and use the website without informing us of your identity or disclosing any information that may be used to identify you as an identifiable person. However, if you wish to use some services on the Website, you may be required to give certain Personal data. We receive and store any information you knowingly provide to us when you fill out an online form on the Website.

Disclosure of Personal Data

We may disclose your personal data to the following parties in certain circumstances:

  • Organization: We may disclose your personal data within our organization to provide and develop our products or services. We may combine information internally across the different products or services covered by this Privacy Policy to help us be more relevant and useful to you and others.
  • Law Enforcement: Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by government authorities such as courts.

Therefore, ILCT may be required to collect, use and disclose personal data without consent, and may do so only if it is duly granted by relevant laws and PDPA.

Data Subject Rights

According to the Personal Data Protection Act, you are entitled to exercise any of the following rights:

  • Withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Act, you have the right to withdraw such consent at any time throughout the period your personal data are available to us unless it is restricted by laws, or you are still under beneficial contract.
  • Data access: You have the right to access your personal data that is under our responsibility, to request us to make a copy of such data for you, and to request us to reveal how we obtain your personal data.
  • Data portability: You have the right to obtain your personal data if we organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means, to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means, and to request to have the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
  • Objection: You have the right to object to the collection, use, or disclosure of your personal data at any time if doing so respects our legitimate interests, or any corporation or individual which can be reasonably expected, or for carrying out public tasks.
  • Data erasure or destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use, or disclosure of your personal data is against relevant laws, or if the retention of data by us is no longer necessary in connection with related purposes under this Privacy Policy, or when you request to withdraw your consent or to object to the processing as earlier described.
  • Suspension: You have the right to request us to suspend processing your personal data during the period when we examine your rectification or objection request, or when it is no longer necessary, and we must erase or destroy your personal data pursuant to relevant laws but instead you request us to suspend the processing.
  • Rectification: You have the right to rectify your personal data for them to be up to date, complete, and not misleading.
  • Complaint lodging: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use, or disclosure of your personal data is violating or is not in compliance with relevant laws.

You can exercise these rights as Data Subject by contacting us (see Contact Us section). We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reasons via any means you entitled us to use (if applicable).

Please allow us a reasonable time to respond and effect any change.

How and where we store your personal data

We store your personal data as hard copies and/or soft copies.

The personal data will be retained in accordance with the characteristics of the personal data received: the personal data will be retained on our server or our archives, which are located on our premises in Bangkok, Thailand. Access to the aforementioned data is protected and restricted to ILCT personnel.

How long we keep your personal data

The period of our retention of your personal data is often related to the legal prescription and enforcement periods. We will not retain your personal data for any longer than is required to meet the purposes for which it was collected, held, and processed.

At the end of the retention period, or when we are required to comply with your request for the erasure of your personal data, we shall delete, erase, permanently anonymize, or otherwise dispose of any personal data.

Cookies

To enrich and improve your experience, we use cookies or similar technologies to display appropriate content and store your preferences on your computer. We use cookies to identify and track visitors, their usage of our website, and their website access preferences. If you do not wish to have cookies placed on your computer, you should set your browser to refuse cookies before using our website.

Please, visit our Cookies Policy to know more about how we use cookies.

Data Security

We endeavor to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard, and access controls.

Such measures will be reviewed when deemed necessary.

Data Breach Notification

We will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of a Personal Data Breach should it occur, unless such breach is unlikely to result in harm to the rights and freedom of yours. If the Personal Data Breach is likely to result in a high risk of harming your rights and freedoms, we will also notify you of the Personal Data Breach and the remedial measures without delay through our website, or via any means you entitled us to use (if applicable).

Revisions 

We reserve the right to change, amend or update the Privacy Policy at any time we deem appropriate. We will inform you without delay of any change, amendment, or update on our website, which you can check at any time.

This Privacy Policy was last updated and effective on June 1, 2022.

Links to other sites on our website

Any websites from other domains found on our site are subject to their privacy policy, which is not related to us.

Contact us,

  • as Data Controller

ILCT Ltd.

Address: 18th Floor, Sathorn City Tower, 175 South Sathorn Road, Bangkok 10120, Thailand

Phone: 66 (0) 2679 – 6005

FAX: 66 (0) 2679 – 6041

Email: law@ilct.co.th