A2.2. Sensitive Personal Data
“Sensitive Personal Data” means personal data which is specifically determined by law. Potentia has no intention to collect Sensitive Personal Data from you.
In certain cases, however, Potentia may need to collect Sensitive Personal Data from you for providing services to you, for example, religion displayed on a copy of national ID card) or race (displayed on a copy of passport of some countries), biometric data (such as facial recognition data, fingerprint recognition data, electronic signature data which uses technology extracting specific behavior of such signing for identification and authentication of the person who writes such signature etc. Potentia shall collect, use and / or disclose the Sensitive Personal Data provided that Potentia has been given explicit consent by you or permitted by law. This shall be undertaken on a case – by – case basis when Potentia is required to collect Sensitive Personal Data from you.
(Unless specifically stated otherwise, personal data and Sensitive Personal Data as earlier mentioned shall hereinafter be collectively referred to as “Personal Data”.)
A2.3. Personal Data of minors, incompetent or quasi – incompetent persons
Potentia has no intention to collect, use and / or disclose Personal Data of minors, the incompetent or quasi – incompetent persons, unless consent from the guardian, the appointed guardian or the appointed curator (as the case may be) is given to Potentia. If Potentia discovers that the collection, use and / or disclosure of Personal Data of minors, the incompetent or quasi – incompetent persons is undertaken without consent from the guardian, the appointed guardian or the appointed curator (as the case may be), Potentia shall delete or destroy such Personal Data, or collect, use and / or disclose such Personal Data only for the cases where Potentia has other lawful bases that required no consent.
A2.4. Personal Data of any other third party
If you provide Personal Data of any other third party who is a Personnel of Juristic Person and / or who has involvement with you to Potentia such as shareholders, directors, authorized persons, family members, reference persons and / or any other person etc., please inform those persons of the details under this Policy and request their consent, if necessary, or apply other lawful bases to ensure that Potentia can collect, use and / or disclose Personal Data of the aforementioned third party.
The Data Subject’s consent is required for Potentia to acquire and retain Personal Data.
A.4. Channel for collection of personal data
Potentia may collect your personal data via the following channels:
The personal data that you give directly to, or held by Potentia by your use of services, contact, through Potentia’s contact channels such as office, website, online social media account of Potentia, email, or telephone, postal mail, short message service (SMS), questionnaire, name card, meeting, training, seminar, event, recreation, marketing promotion activity, contact or any other channel. Including, the personal data received or accessed by Potentia from other sources, such as government agencies, a person having legal authority or legal right, any other person or agency with which you have a legal relationship, etc.
Customer or respondent’s assessment report(s) and response(s) are considered as Personal Data which we need to collect and acknowledge. In accordance with assessment interpretation ethics which all certified practitioners acknowledged and shall announce at their own session and this policy, they are confidential unless the owner of report(s) or response(s) gives us permission of disclosure for specific reasons.
Should you not permit us to use your personal data, do not submit any information to the website or any channel of Potentia.
MANAGEMENT OF PERSONAL DATA
B.1. Use of Personal Data
Potentia will use your Personal Data for one or more of the purposes stated under A.1. above.
B.2. Retention of Personal Data
The guiding principle is that Personal Data will be retained – subject to certain limitations whereby a Data Owner can exercise rights granted under the PDPA to access, edit or eliminate his Personal Data – for as long as Panthera Group needs the data to fulfill its intended purpose.
B.3. Sharing Personal Data
Potentia will not sell your Personal Data to a third party. Potentia may share your Personal Data with third parties if:
- a) The third party is assisting Potentia in its operations and administration (e.g., IT service providers and Data Processors, etc.) Potentia is under an obligation to disclose such information to comply with legal requirements or to protect Potentia ’s rights and property.
- b) By e-mail communications to subscribers, either individually, or to all subscribers, for weekly and other periodic news mailings, and health and safety announcements.
Otherwise, disclosure to a third party of any of your Personal Data will only be made after Potentia receives your consent.
B.4. Security of Personal Data
Potentia, as Data Controller, is responsible for the establishment and maintenance of reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification and disposal of Personal Data or similar risks. Potentia will limit access to Personal Data to parties needing to use such data for company purposes only.
Transmission of information via the internet is, however, not completely secure. While Potentia will take reasonable measures to protect Personal Data provided to Potentia through the internet, Potentia cannot guarantee the security of Personal Data submitted to Potentia in this way.
B.5. Terms of keeping Personal Data
Potentia will also keep Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Potentia will undertake operations through appropriate steps to delete or destroy the Personal Data or make it anonymous when it is no longer necessary or said period ends.
RIGHTS OF DATA OWNER
C.1. Right of Access
Individuals who have provided Personal Data to Potentia have a right to confirm what data is being held on them, how it is being used, and the purpose for which it is being used. Requests should be directed to the Data Manager, and Potentia will respond within one month to all such requests while retaining the right to decline requests it may consider inappropriate.
C.2. Right to deletion or destruction
An individual may request the removal of Personal Data from Potentia’s records if he/she considers that the purpose for which the data was originally collected is no longer valid if they withdraw their consent previously given to the processing of the Personal Data or for similar reasons, or due to a legal obligation.
C.3. Right to Cease Collection, Handling, or Use
An individual may request that Potentia discontinue the collection, processing, or use of his/he data.
C.4. Right to Restrict Processing
An individual may request the blocking or suppression of the processing of his/her data (while allowing Potentia to retain it) if he/she contests the accuracy of the data, or if he/she alleges that the stated purpose for which the data is being held and used is incorrect.
C.5. Right to Data Portability
Individuals can request that their Personal Data held by Potentia be transferred to another organization. Such requests will be considered on an individual basis, as they constitute an exception to Potentia’s stated policy on not sharing data with third parties.
C.6. Right to rectification:
An individual may request to rectify their Personal Data to keep it accurate, up-to-date, complete, and not misleading. He/she can submit their request to exercise their rights by contacting Potentia.
All requests arising from the Data Subjects’ rights should be directed to the Data Manager at Potentia, at the address below, where they will be acknowledged promptly with a response as soon as practicable but no later than one month from their receipt.
Potentia (Thailand) Co., Ltd. (Head Office)
14th Floor, One Pacific Place
140 Sukhumvit Road, Kweang Klongtoey, Khet Klongtoey, Bangkok 10110
Tax ID: 0105520017742
C.8. Complaints and Dispute Resolution
If an individual is dissatisfied with the handling of his Personal Data by Potentia, the complaint should initially be directed to the Data Manager, who shall consider and respond to the complaint within 30 days. If the Data Subject is dissatisfied with the response, the Data Subject may appeal in writing to Potentia’s General Manager, who shall refer the matter to the General Committee. The General Committee shall consider the matter, which may include the Data Subject’s explanation of the basis of his/her position. The General Committee shall render its decision on the matter promptly, but in any event within 60 days of the General Manager’s receipt of the appeal. The decision of the General Committee shall be final, subject to the right of the Data Subject to refer the matter to the appropriate authority under the PDPA.
D.1. Use of ‘Cookies’
Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes such cookies. Cookies are useful because they allow a website to recognize your device.
D.2. Collection of Email Addresses
Potentia will use the e-mail addresses obtained from you to deliver information that you have agreed to receive, including events and services, etc.
Please direct all questions or comments to Potentia’s Data Manager.