Privacy Policy

Personal Data Protection Policy of POTENTIA (THAILAND) COMPANY LIMITED

www.potentia.co.th (“Potentia”) is a website that deals with commercial services, business management consulting services, personnel management, and other consulting services in Thailand. We operate our business in adherence to ethical standards and respect for your privacy. Potentia has always placed importance on personal data protection and security to ensure that your personal data obtained by Potentia will be used in accordance with the objectives and in compliance with the Thai Personal Data Protection Act BE 2562 (“PDPA”). Potentia has formulated this personal data protection policy (this “Policy”) to inform you, as a data subject, of the objectives and details for collection, use, and/or disclosure of personal data, including your legal rights.

This Privacy Policy is subject to change, and persons providing data to Potentia should review this document from time to time on the company website.

DEFINITIONS

At Potentia the roles described in the PDPA are fulfilled as follows:

  • The Data Controller– the decision-making authority on the collection, use, and disclosure of collected personal data – is Potentia itself.
  • The Data Processor– a party that collects uses or discloses personal data at the instruction of the Data Controller.
  • The Data Manager (the equivalent of the Protection Officer specified in the PDPA)– is the person designated by Potentia to facilitate and ensure PDPA compliance.
  • Data Subject – Members, employees, customers or associates of Potentia who are natural persons and juristic persons involved with Potentia or Potentia’s customers. The information of these persons is held by Potentia.

“Assessment” means an instrument, questionnaire, or series of tests that are completed by one or more Respondents to provide information about a Respondent to the Respondent on either online or offline platform, to Potentia Thailand, and to Potentia Thailand’s customers, usually with the aim of generating one or more Reports.

“Certified Practitioner” means an individual (i) who has successfully completed one or more of our certification programs for certain Assessments, (ii) who administers one or more Assessments to one or more Respondents, and (iii) who interprets the Reports (or other output generated by parent companies of Potentia Thailand) to provide feedback to the Respondent(s) about the Reports. 

“Customer” means an individual, business, or other entity that purchases Potentia Thailand’s Products or Services, or with which Potentia Thailand has a contractual relationship to provide Products or Services. 

“Personal Data” means any information or opinion recorded in any kind of material form or not and whether true or not which identified individual, or an individual who is reasonably identifiable. Personal data includes, for example, name – surname, e-mail address, mailing address, telephone number, billing information, photographs, and other information incidental to providing or receiving Products or Services or which you may choose to provide to Potentia Thailand. 

“Sensitive Personal Data” means any information or opinion recorded in any kind of material form or not and whether actual or not which relates to race, religion, nationality, political opinions, medical information, sexual behavior, criminal records, or any other information which affects any data subject in a similar way as announced by the Personal Data Protection Committee. 

“Products or Services” means the products or services promoted, sold, or available for sales, such as our Assessments, Reports, supplemental materials, and development program courses. “Report(s)” means an analysis of the scoring and responses provided in connection with an assessment, which a Certified Practitioner or Customer may use to interpret a Respondent’s responses to an Assessment. 

“Response(s)” means any written or recorded reactions in any kind of material form or not and whether true or not, whether anonymous or not which individuals or an individual provide feedback for our products or services. 

“Respondent(s)” means individuals or/and an individual who takes, will take, or has taken an assessment either through online or offline platforms (e.g. program evaluation).

COLLECTION OF PERSONAL DATA

A.1. Purpose of Collecting Personal Data

Potentia collects Personal Data for a variety of reasons and purposes, including:

      A1.1. To ensure satisfactory operations and administration of Potentia.

      A1.2. To ensure compliance with Thai laws and regulations.

      A1.3. To ensure the safety and wellbeing of all those with whom Potentia engages.

      A1.4. For statistical and analytical purposes.

A.2. Categories of Personal Data Collected

      The categories of personal data do Potentia collect, use, and/or disclose

A2.1.  Personal data is the data that can directly or indirectly identify you, i.e.

  • Individual means Individual Customer, individual having involvement with services of Potentia or Potentia’s customers, and general individual.
Type of dataExamples of data that Potentia collects, uses and / or discloses
Personal information
  • Title, first name, middle name, last name, alias (if any)
  • Gender, date of birth, age
  • Marital status, family status, number of family members and children
  • Data of relationships
  • Nationality, country of residence
  • Signature
  • Data on the document issued by government agencies such as copy of national ID card, copy of passport, copy of visa, copy of certificate of alien, copy of work permit, copy of government / state enterprise official, copy of house registration, copy of birth certificate, copy of name change, copy of marriage certificate, copy of divorce certificate, copy of death certificate, copy of driving license or documents used for identifying and confirming identity of the same characteristic etc.
Contact information
  • Address per important document, home address and address in the country of your nationality, workplace
  • Telephone number, mobile phone number, facsimile, email
  • Name or user name for contact via electronic communication or online social media (such as LINE ID)
  • Evidence for having residence in Thailand (for foreign national)
Education and work information
  • Data on a copy of student ID card, the highest education level
  • Career and professional field
  • Position, current years of work
  • Work detail, type of business
Other information
  • Any other data deemed personal data under the personal data protection law.
  • Personnel of Juristic Person means individual having involvement with a juristic person which is a customer of, or use services with Potentia.

Type of data

Examples of data that Potentia collects, uses and/or discloses

Personal information

·        Title, first name, middle name, last name, alias (if any)

·        Gender, date/month / year of birth, age

·        Marital status, signature,

·        Data on documents issued by government agencies such as a copy of national ID card, copy of passport, copy of visa, copy of an alien certificate, copy of work permit, copy of house registration, or documents used for verifying and confirming the identity of the same characteristics, etc.

Contact information

·        Address per important document, current home address and address in the country of nationality, workplace

·        Telephone number, mobile phone number, facsimile number, email

Work information

·        Career and professional field

·        Position, current years of work

·        Work detail, type of business

 

A2.2. Sensitive Personal Data

“Sensitive Personal Data” means personal data which is specifically determined by law. Potentia has no intention to collect Sensitive Personal Data from you.

In certain cases, however, Potentia may need to collect Sensitive Personal Data from you for providing services to you, for example, religion displayed on a copy of national ID card) or race (displayed on a copy of passport of some countries), biometric data (such as facial recognition data, fingerprint recognition data, electronic signature data which uses technology extracting specific behavior of such signing for identification and authentication of the person who writes such signature etc. Potentia shall collect, use and / or disclose the Sensitive Personal Data provided that Potentia has been given explicit consent by you or permitted by law. This shall be undertaken on a case – by – case basis when Potentia is required to collect Sensitive Personal Data from you.

(Unless specifically stated otherwise, personal data and Sensitive Personal Data as earlier mentioned shall hereinafter be collectively referred to as “Personal Data”.)

 

A2.3. Personal Data of minors, incompetent or quasi – incompetent persons

Potentia has no intention to collect, use and / or disclose Personal Data of minors, the incompetent or quasi – incompetent persons, unless consent from the guardian, the appointed guardian or the appointed curator (as the case may be) is given to Potentia. If Potentia discovers that the collection, use and / or disclosure of Personal Data of minors, the incompetent or quasi – incompetent persons is undertaken without consent from the guardian, the appointed guardian or the appointed curator (as the case may be), Potentia shall delete or destroy such Personal Data, or collect, use and / or disclose such Personal Data only for the cases where Potentia has other lawful bases that required no consent.

 

A2.4. Personal Data of any other third party

If you provide Personal Data of any other third party who is a Personnel of Juristic Person and / or who has involvement with you to Potentia such as shareholders, directors, authorized persons, family members, reference persons and / or any other person etc., please inform those persons of the details under this Policy and request their consent, if necessary, or apply other lawful bases to ensure that Potentia can collect, use and / or disclose Personal Data of the aforementioned third party.

 

A.3. Consent

The Data Subject’s consent is required for Potentia to acquire and retain Personal Data.

Your consent will typically be given by your signing an application form or other operational document or otherwise confirming your agreement with this Privacy Policy and its subordinate policies. Your agreement can be requested or communicated to Potentia in writing or by electronic means permitted under the PDPA.

 

A.4. Channel for collection of personal data

Potentia may collect your personal data via the following channels:

The personal data that you give directly to, or held by Potentia by your use of services, contact, through Potentia’s contact channels such as office, website, online social media account of Potentia, email, or telephone, postal mail, short message service (SMS), questionnaire, name card, meeting, training, seminar, event, recreation, marketing promotion activity, contact or any other channel. Including, the personal data received or accessed by Potentia from other sources, such as government agencies, a person having legal authority or legal right, any other person or agency with which you have a legal relationship, etc.

Customer or respondent’s assessment report(s) and response(s) are considered as Personal Data which we need to collect and acknowledge. In accordance with assessment interpretation ethics which all certified practitioners acknowledged and shall announce at their own session and this policy, they are confidential unless the owner of report(s) or response(s) gives us permission of disclosure for specific reasons.

Should you not permit us to use your personal data, do not submit any information to the website or any channel of Potentia.

 

MANAGEMENT OF PERSONAL DATA

B.1. Use of Personal Data

Potentia will use your Personal Data for one or more of the purposes stated under A.1. above.

 

B.2. Retention of Personal Data

The guiding principle is that Personal Data will be retained – subject to certain limitations whereby a Data Owner can exercise rights granted under the PDPA to access, edit or eliminate his Personal Data – for as long as Panthera Group needs the data to fulfill its intended purpose.

 

B.3. Sharing Personal Data

Potentia will not sell your Personal Data to a third party. Potentia may share your Personal Data with third parties if:

  1. a) The third party is assisting Potentia in its operations and administration (e.g., IT service providers and Data Processors, etc.) Potentia is under an obligation to disclose such information to comply with legal requirements or to protect Potentia ’s rights and property.
  2. b) By e-mail communications to subscribers, either individually, or to all subscribers, for weekly and other periodic news mailings, and health and safety announcements.

Otherwise, disclosure to a third party of any of your Personal Data will only be made after Potentia receives your consent.

 

B.4. Security of Personal Data

Potentia, as Data Controller, is responsible for the establishment and maintenance of reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification and disposal of Personal Data or similar risks. Potentia will limit access to Personal Data to parties needing to use such data for company purposes only.

Transmission of information via the internet is, however, not completely secure. While Potentia will take reasonable measures to protect Personal Data provided to Potentia through the internet, Potentia cannot guarantee the security of Personal Data submitted to Potentia in this way.

 

B.5. Terms of keeping Personal Data

Potentia will keep your Personal Data only for as long as it is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Potentia will also keep Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Potentia will undertake operations through appropriate steps to delete or destroy the Personal Data or make it anonymous when it is no longer necessary or said period ends.

 

RIGHTS OF DATA OWNER

Having consented to the collection and retention of Personal Data in accordance with this Privacy Policy, the Data Subject retains rights to review the data held and ensure its accuracy and compliance with the requirements of the PDPA. This section outlines those rights and the procedure for handling requests for changes to the data held.

 

C.1. Right of Access

Individuals who have provided Personal Data to Potentia have a right to confirm what data is being held on them, how it is being used, and the purpose for which it is being used. Requests should be directed to the Data Manager, and Potentia will respond within one month to all such requests while retaining the right to decline requests it may consider inappropriate.

 

C.2. Right to deletion or destruction

An individual may request the removal of Personal Data from Potentia’s records if he/she considers that the purpose for which the data was originally collected is no longer valid if they withdraw their consent previously given to the processing of the Personal Data or for similar reasons, or due to a legal obligation.

 

C.3. Right to Cease Collection, Handling, or Use

An individual may request that Potentia discontinue the collection, processing, or use of his/he data.

 

C.4. Right to Restrict Processing

An individual may request the blocking or suppression of the processing of his/her data (while allowing Potentia to retain it) if he/she contests the accuracy of the data, or if he/she alleges that the stated purpose for which the data is being held and used is incorrect.

 

C.5. Right to Data Portability

Individuals can request that their Personal Data held by Potentia be transferred to another organization. Such requests will be considered on an individual basis, as they constitute an exception to Potentia’s stated policy on not sharing data with third parties.

 

C.6. Right to rectification: 

An individual may request to rectify their Personal Data to keep it accurate, up-to-date, complete, and not misleading. He/she can submit their request to exercise their rights by contacting Potentia.

 

C.7. General

All requests arising from the Data Subjects’ rights should be directed to the Data Manager at Potentia, at the address below, where they will be acknowledged promptly with a response as soon as practicable but no later than one month from their receipt.

 

Data Manager

Potentia (Thailand) Co., Ltd. (Head Office)

14th Floor, One Pacific Place

140 Sukhumvit Road, Kweang Klongtoey, Khet Klongtoey, Bangkok 10110

Tax ID: 0105520017742

Tel: 02-653-5040

Email: People.Thailand@lhh.co.th

 

C.8. Complaints and Dispute Resolution

If an individual is dissatisfied with the handling of his Personal Data by Potentia, the complaint should initially be directed to the Data Manager, who shall consider and respond to the complaint within 30 days. If the Data Subject is dissatisfied with the response, the Data Subject may appeal in writing to Potentia’s General Manager, who shall refer the matter to the General Committee. The General Committee shall consider the matter, which may include the Data Subject’s explanation of the basis of his/her position. The General Committee shall render its decision on the matter promptly, but in any event within 60 days of the General Manager’s receipt of the appeal. The decision of the General Committee shall be final, subject to the right of the Data Subject to refer the matter to the appropriate authority under the PDPA.

 

OTHER

D.1. Use of ‘Cookies’

Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes such cookies. Cookies are useful because they allow a website to recognize your device.

To learn more about cookies, visit Cookie Policy.

 

D.2. Collection of Email Addresses

Potentia will use the e-mail addresses obtained from you to deliver information that you have agreed to receive, including events and services, etc. 

 

Please direct all questions or comments to Potentia’s Data Manager.

Why Cookies?

Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes such cookies.

Use and Management of Cookies

The website uses cookies and other similar technologies to improve the browsing experience.
For more information, check the Privacy Policy and Cookie Policy.