LFFINTECH Co., Ltd. ("Company") is a provider of project management tools in the name of “MANAWORK”. In order to do so, the company may be required to store your personal data as the owner of the personal data ("you"). The company is responsible for safeguarding the personal information that is under its control and strives to handle the information in a stable, secure, and reliable manner with a focus on privacy. With a focus on your privacy and security, we have developed this Privacy Policy ("Policy"), which explains how we treat your personal and sensitive information for example, collection, storage, use, disclosure, and your rights, which are part of these Terms of Service. When a service user begins to use the company’s services, in particular when the service user starts to register to subscribe to the application or communicate with the company through the specified channels, you are deemed to agree and accept this policy. If a service user refuses or accepts this policy, the company reserves the right to refuse such services to the user.
“Personal information” means any information about an individual that makes it possible to identify a person, whether directly or indirectly, but not including the data of the recipient, data of an entity, data for business contact that does not identify an individual, company name, company address, company privacy, telephone number of the place of work, email address used in the workplace, anonymous company group email address, or any other information that makes an individual unidentifiable by pseudonymous data.
“Sensitive data” means Information that is sensitive and may reduce the risk of unfair selection, such as interracial, racial, political opinion, belief in religion, religion or philosophy, sexual behavior, crime history, health information, disability, labor union information, genetic information, biological information, or any other information that affects owners of personal data in the same way as the Commission for the Protection of Personal Data.
“Processing” means any processing of personal data by automated or other means, such as collection, recording, organizing, storing, modifying or modifying, recovering, consulting, using, disclosing information (by sending, publishing, or making accessible or available by any means), arranging, aggregating, blocking or limiting, deleting or destroying.
Data Controller means any individual or entity authorized to decide on the collection, use, or disclosure of personal data. This includes any reference under personal data protection laws that has the same or similar meaning as or similar to the controller.
Data Processor means any individual or entity authorized to decide on the collection, use, or disclosure of personal data on behalf of the controller of personal data. This includes any reference under the data protection laws that means or expresses the same meaning as or is similar to the processor of personal information. The individual or entity processing such data is not a controller.
“Cookies” means small computer files that temporarily store the necessary personal data on the computer of the owner of the personal data for the convenience and speed of communication, which will only have an effect while accessing the website system.
Personal Data Protection Officer means Persons appointed by the company to be liable under the Personal Data Protection Act in 2019
The company processes personal data in accordance with each privacy notice, which is separated by type of personal data holder and by activity in which personal data is processed.
2.1 Customers/Service Users means (A) Individuals who use the company’s services, who register to subscribe to the services and/or to the company's website under the name MANAWORK.com, including the company’s website lffintech.co.th and means the person concerned, who acts on behalf of the customer or who is authorized to act on his or her behalf, the public entity or person in contact with the company, such as the person who visits the company’s website, the person contacting the company to coordinate support via the phone, the LINE Official Account, and the Facebook person contacted to obtain information from the company. The person responding to queries about the company’s services (all services collectively referred to as "services")
2.2 Partnership means Individuals and representatives of entities for example, entities, authorities, licensors, licensees, operators, employees, and employees of entities that participate in or will participate in various transactions with the company and those whose personal information appears in relevant documents. This includes persons who offer goods and/or services to the company, such as service providers, consultants, experts, academics, public practitioners, participants in business projects, contractors, or those who have any other similar relationship with the company such as entities, authorities, licensors, licensees, operators, employees, and employees of entities that participate in or will participate in various transactions with the company and those whose personal information appears in relevant documents. This includes persons who offer goods and/or services to the company, service providers, consultants, experts, academics, business project participants, contractors, or have any other similar relationship with the company.
2.3 Company staff means employees or persons who work or perform duties for the company and receive pay, salary, or remuneration from the company, such as executives, managers, employees, staff, or any other similar person. This includes persons associated with the company’s staff and persons whose personal data appears in various documents related to the job application process, such as family members, parents, spouses, and children, persons who can be contacted in an emergency, reference persons, beneficiaries.
2.4 Job Applicants means Persons applying for employment or internships or any other person who submits personal history details to the company for the purpose of applying for a job or internship as a regular employee or employee rate and this includes employees who are employed by an outsource, freelance, or trainee provider who has not been selected by the company and persons associated with the applicant, and those whose personal information appears in various documents related to the application, such as family members, reference persons, persons contacted in emergencies.
2.5 The person being photographed means Model, Presenter, Contractor or get paid for taking pictures, Company personnel, Award Winner. Including individuals who consent to the company capturing still images or motion pictures during interviews, training sessions, educational activities, event atmospheres, or group photography.
2.6 Participants means Participants of various company events and campaigns, organized by the company or those registered, including trainees, seminar attendees, as well as other individuals with similar characteristics.
2.7 Cookies The company may utilize automated technology to collect personal data when you use the website, applications, or devices, such as IP address, browser information, operating system, visited web pages, and referring websites. This technology may include the use of cookies or similar technologies. Please refer to the cookie policy for more information.
In compliance with the laws regarding personal data protection, the company will issue a Privacy Notice specifying the collection of personal data. This notice will include details of the personal data collection, which may be communicated to data subjects electronically, through short messages, or by any other method determined by the company. The company will provide prior notification to data subjects or inform them at the time of data collection, at least regarding the following details, unless the data subject is already aware of such details.
1. Identify the types of groups for which the company collects personal data.
2. Explain the purposes and methods of storing the personal data of the owners of personal data.
3. Indicates personal data collected.
4. Specify the storage period of personal data.
5. Identify all rights of personal data owners.
6. Identify how to exercise the rights of the personal data holder and withdraw consent to the storage of personal data.
7. Identify all measures taken to protect the personal information of the owner of the personal data.
8. Identify the contact channels of the controller, data controller, or data protection officer so that the data owner can contact or ask more questions, or exercise their rights as a personal data owner.
9. Identify the type of external entity that may use personal information.
In collecting personal information, the company requires measures to ensure that your personal information is properly secure and confidential. To prevent unauthorized loss, access, destruction, alteration, modification, or disclosure of information, the company and third parties designated by the company will collect your personal information under the following conditions:
4.1 The company will process the personal data you provide with restrictions on access rights and use lawful and fair methods to collect personal data that will only be processed for the purposes specified by the company.
4.2 The company will process personal data to the extent necessary for the purposes permitted by law that have been notified to the data owner before or during the collection of personal data. The company shall obtain the explicit consent of the data owner; except in the following cases, the company may collect personal data without requesting consent.
4.2.1 For purposes relating to the preparation of historical documents or notes for the public interest or in relation to research or statistical studies, the company shall provide appropriate safeguards to protect the rights and freedoms of personal data holders.
4.2.2 To prevent or suppress harm to a person’s life, body or health.
4.2.3 Necessary to comply with a contract in which the personal data holder is a contractor or to process the request of the personal information holder before entering into a contract.
4.2.4 Necessary to comply with a contract in which the personal data holder is a contractor or to process the request of the personal information holder before entering into a contract.
4.2.5 Necessary for the legitimate interests of the company or of other persons or entities, unless such interests are less important than the basic rights to personal data of the data owner.
4.2.6 To comply with the law
4.3 Collecting sensitive personal data requires the company to obtain explicit consent from the owner of the personal data before or during the collection of such sensitive data. In accordance with the criteria established by the company without prejudice to the law, the company may collect sensitive personal data for certain purposes of the service upon obtaining your express consent, when you voluntarily disclose the data to the public, or when the case is prescribed by the law on the protection of personal data, by reference to at least one of the legal grounds that the law provides for the protection of personal data as follows:
4.3.1 Processing with the explicit consent of the owner of personal data.
4.3.2 To prevent or mitigate hazards to a person’s life, body or health, without which the owner of personal data cannot give consent.
4.3.3 To carry out activities in accordance with the law of the foundation, associations, and non-profit organizations with political, religious, philosophical or labor union purposes, with appropriate protective measures.
4.3.4 Information disclosed to the public with the explicit consent of the owner of personal data.
4.3.5 Necessary to establish a legal claim, to fulfill or exercise a statutory claim, or to fight against a legitimate claim.
4.3.6 It is necessary to comply with the law for preventive or occupational medical purposes, evaluation of employee working capacity, public health benefits, labor protection, social security, national health guarantees, nursing care materials, scientific research studies, history, statistics, or important public interests.
4.4 In the event that the company processes your personal data in a manner and/or for purposes that are not consistent with the specified purpose, the company will provide you with additional policies or statements on the protection of personal data. and/or have a book to describe the processing in this way. You should read the additional policy or notice related to this policy and/or such a book (if applicable).
5.1 The company will only use personal information for the purposes communicated to the data owner. In any case where the company wishes to collect, disclose, or change the purpose of the collection, use, or disclosure, the company will notify the personal information owner before processing such personal information, unless it is required or permitted by law.
5.2 The company will use personal information appropriately. In the event that the company uses third-party service providers, the company will provide security and access controls for the use and disclosure of personal information. The company shall supervise the company’s employees, officers, or operators not to use or disclose your personal information other than for the purposes of collecting personal information that the company has assigned or disclosed to third parties.
5.3 The company may disclose your personal information that it currently holds and will store in the future to its partners, individuals, or other entities to the extent provided in the mutual agreement and as you can expect.
6.1 The company will process personal data both as a personal data controller and personal data processor in accordance with the law, with fairness and transparency, taking into account the accuracy of such personal data, determining the scope and purposes of personal data processing, and determining the duration of personal data storage as necessary under the law and business practices of the company.
6.2 The Company will provide processes and controls to manage personal information at all stages in accordance with the Company’s data protection laws and policies.
6.3 Records of Processing Activities: ROPA for recording and various activities related to the processing of personal data in compliance with the law, including updating the records of processing personal data when changes are made to the list or related activities.
6.4 The company shall provide clear procedures to ensure that the notification, purpose, collection, and details of the processing of personal data (privacy notices) and the request for consent from the personal data holders are in accordance with the law, as well as provide for supervisory and monitoring measures in this regard.
6.5 The company provides guidelines to allow access to personal data only to persons who need to know and access personal data so that the company can perform its duties on written instructions from the employer or within the scope of the employment. In the case of the company being a personal data processor, the company will process personal data on written orders as specified in the contract and within the limits of the employed job only and will comply with the law regarding the protection of personal data in relation to the duties of the personal data processor.
6.6 In the event that the company transfers or allows other parties to use personal data, the company will establish agreements on the use of such personal data to determine rights and obligations in accordance with the company’s data protection laws and policies.
6.7 In the event that the company transfers or transfers personal data abroad, it will act in accordance with the law.
6.8 The company will destroy personal data upon the expiration of the period, in accordance with the law and business practices of the company.
6.9 The company will evaluate the risks and provide measures to mitigate them and reduce the impact of the processing of personal data.
6.10 The company will provide reviews of policies, standards, guidelines, procedures, and other documents related to the protection of personal data on a regular basis. In order to keep up-to-date with compliance with laws and circumstances at each time.
The company will store owner’s data according to the type of activity and purposes of the processing of personal data as specified in the privacy notice on the company’s website. After the expiration of the above period, the company will delete or destroy such personal data from the storage of the company and the other parties that provide it to the company (if any), make the personal information of the data owner unidentifiable, or otherwise proceed as required by the data protection law. To ensure the effective protection of personal data, unless it is the case that the company may continue to store such personal data as required by personal data protection laws or other relevant laws.
However, the company may retain the personal data of the data owner for a longer period than that if the law permits or such personal data retention is necessary for the establishment of the company’s legal claim, compliance with the law, compliance with the orders of its employees or relevant state authorities, and for business purposes or by legal right.
The company grants the right to the owners of personal data to have the rights under the law with respect to the protection of personal information as set out below.
8.1 Right to withdraw consent to the processing of personal data whenever personal data is with the company.
8.2 The right to access and receive copies of your personal data and the right to request disclosure of personal data
8.3 Right to request personal information in a form that can be generally read or used.
8.4 Right to object to the processing of personal data at any time.
8.5 The right to request the company delete, destroy, or convert personal information into an unidentifiable data holder
8.6 Right to request the company suspend the use of personal data
8.7 The right to request that the company process personal data correctly, up-to-date, fully, and without misunderstanding
8.8 The right to complain if the company or its employees or employers violate or fail to comply with the law regarding the protection of personal data through the complaint processing form.
The company respects your personal rights and gives you the opportunity to choose how to be contacted by the company. The company will follow your request to ensure transparency, the quality of the data, and the accuracy of the information. Any request to exercise your rights as required by law must be made in writing through the electronic system that the company has provided on its website.
The company recognizes the importance of protecting the security of your personal information. The company therefore takes appropriate measures to prevent loss, access, destruction, use, alteration, modification, or unlawful disclosure of personal information, including the following policies, regulations, practices, and procedures:
9.1 Establish clear operational policies and procedures to protect personal data and handle data in a safe manner, as required by law.
9.2 We do not sell or transfer your personal data in any case, and we will not transfer your personal information to any party other than the company’s personal data processor.
9.3 Restricting the rights of the company’s employees to access personal information and establishing the rights to access or use the personal information of the owner of personal data in order to maintain the confidentiality and security of the information.
9.4 Access protection prevents the unauthorized use of personal data by providing encryption, identity authentication, and virus detection technologies as needed.
9.5 Verify the status of the company’s partners. Partners who do business with the company must comply with various legal and regulatory principles that protect personal data and set limits on the use of personal data.
9.6 Monitor the company’s website through an agency that specializes in data protection and security.
9.7 Dedicate company’s employees to training on data protection and security.
9.8 Assess practices regarding the protection of personal data, data management, and the security of appropriate technical, physical, and transactional information, including reviewing security measures when necessary or when technology changes.
9.9 Establish a monitoring system to delete or destroy personal data when the period of retention is specified, irrelevant, or exceeds what is necessary for the purpose of collecting such personal data.
9.10 Provide a system for reporting personal data breaches to the Office of the Commission on the Protection of Personal Data within 72 hours, as long as reasonable action is possible. Unless such a violation has no risk of affecting the rights and freedoms of the individual.
The company’s website may contain links to third-party websites where those third parties may collect certain information about the use of the services and personal information. The company cannot be held responsible for the security or privacy of any information collected by such third-party websites. Personal data owners should exercise caution and review the privacy policies of those third-party sites in detail before using their services, as follows:
10.1 The company allows users to export data to third-party applications and websites, including social networking sites, which include but are not limited to Facebook, Google Accounts, and LINE Accounts. When exporting such data, it indicates that the user may be disclosing user information to third parties or other entities responsible for operating and maintaining the application and third-party websites. Other persons who access or use those applications or websites may have access to user information. The company does not own or manage the apps or websites that users connect to, so the company advises users to be cautious about disclosing personal information in this way. And users should review the privacy policies of those sites to ensure that users are satisfied with the way that those sites use the information that users provide to them.
The company may modify or amend this privacy policy from time to time to comply with the criteria required by law. The company will notify you of the changes through its website and/or platforms.