1 Definition within this policy
(a) “Website and Application” means the Website and Application named WELALA and has the web address at https://www.welala.co/ (b) “Data Controller” means the service provider or owner of the website and application. According to this policy, namely WELALA CO., LTD, corporate registration no. 0105564154761 The office is located at 127 Gaysorn Tower, Room No. 26.16, Floor 26, Ratchadamri Road, Lumpini Subdistrict, Pathumwan District, Bangkok 10330 Contact firstname.lastname@example.org. (c) “Data Processor” means a third party who processes data for or on behalf of the Data Controller. (d) “Information” means anything that conveys the meaning of a story, facts, information or anything, whether such interpretation is achieved by its nature or through any means. and whether it is provided in the form of documents, files, reports, books, diagrams, maps, drawings, photographs, film, video or audio recordings. recording by computer by electronic means or any other way to make the recordings visible. (e) “Personal Data” means information about any natural person. which makes it possible to identify that person either directly or indirectly (f) “Sensitive Data” means the User’s personal data relating to race, ethnicity, political opinion. belief in a cult, religion or philosophy; sexual behavior Criminal records, health information, disability, genetics, biometric data, simulated face, iris, or fingerprint data. labor union information or any other information which the Personal Data Protection Committee has announced in accordance with the Personal Data Protection Act has declared as sensitive personal data. (g) “User” means you, visitor, user, member of the Website and Application. which is the owner of personal data in accordance with this policy
2 User Consent
To access the website and application The user agrees and consents to the collection and use of personal information. including sending or transferring personal information to foreign countries as follows:
(a) Purposes for collecting and using personal data including sending or transferring personal information abroad
The user acknowledges, agrees and consents to the data controller and data processor for the collection and use of personal data. For the following purposes only Public Relations and Marketing, Social Media Services and Billing
(b) Personal data collected and used including sending or transferring personal data overseas
The user acknowledges, agrees and consents to the data controller and data processor for the collection and use of personal data, including the transmission or transfer of personal data abroad. the following only Name, surname, address, date of birth Telephone number, age, education, work history, ethnicity and email address
(c) Data collection period
The user acknowledges, agrees and consents to the data controller and data processor to collect and use personal data, including sending or transferring personal data abroad for a total period of 60 (sixty) months from the date of who have consented to collect and use personal information including sending or transferring personal information abroad in accordance with this policy
3 Linking User Information of Websites and Applications with Third Party Service Providers
The user acknowledges, agrees and agrees that the data controller may link the user’s data to the website and application with third-party service providers. By linking or sharing information with third party service providers from time to time The data controller will notify users of which user data will be linked or shared with third party service providers. or share it This includes, but is not limited to, accepting, authorizing, linking, sharing or any other action. which expressly states that the user consents to the linking or sharing of information with the third party service provider;
4 Tracking User Behavior of Websites and Applications
The User acknowledges, agrees and agrees that the Data Controller may use the following systems and/or technologies to track the User’s behavior on the Website and Application. Cookies Technology, Use of Pixel Tags and Google Analytics Tag
This is only for the purposes stated below. To improve service and offer products that meet the needs of users
5 Withdrawal of User Consent
The User acknowledges that the User has the right to withdraw any consent. that the user has given to the data controller under this policy at any time by doing the following:
notify in writing by e-mail email@example.com or choose “No consent” when registering or the privacy settings window.
The user also acknowledges that once the user has taken the withdrawal of consent. Users will be affected as follows:
Users are limited to access exclusive content. including logging into the course, which will only be a visit to the website as a general public Whereas the user also agrees to the effect of the withdrawal of consent.
6 User Account
in the use of the website and application The data controller may provide each user’s account for the use of the website and application, where
The data controller has the sole right to authorize the opening of the user account. Set account type Set access rights for each user account type. Website and Application Use Rights any expenses About user account Duties and responsibilities of the user who owns the user account.
The user agrees to keep his account name, password and any information strictly confidential. and agreed not to allow and use their best efforts to prevent anyone else from using the user’s account.
In the event that the user’s account is used by another person The user agrees and warrants that any use by such third parties is performed on behalf of the user and is binding as if the user was doing it himself.
7 User Rights
To access the website and application in accordance with this policy and any consent according to this policy Users are well aware of their rights as data subjects in accordance with the Personal Data Protection Act. including but not limited to the rights of the users as follows:
(a) Users may withdraw their consent given under this Policy at any time. By giving written notice to the Data Controller in the manner and channels set forth in this Policy.
(b) Users have the right to access and obtain a copy of their personal data or related to them that the data controller has collected in accordance with this policy.
(c) Users have the right to be disclosed by the Data Controller of the acquisition of their or related personal data to which they have not given their consent. If there is such a case
(d) Users may require the Data Controller to transmit or transfer their personal data or related to them to another Data Controller. This includes obtaining such transmitted or transferred information directly from the controller of the transmitted or transferred information.
(e) Users may object to the collection, use or disclosure of their personal data or related to them in the following cases:
The data controller collects, uses or discloses the user’s personal data out of necessity for the legitimate interests of the data controller or of any other person from whom the user may prove that he has better rights than the controller. information
The Data Controller collects, uses, or discloses the User’s personal data in order to comply with the Data Controller’s law in which the User may prove that he or she has better rights than the Data Controller.
The data controller collects, uses or discloses such personal data for direct marketing purposes.
The data controller collects, uses or discloses such personal data for the purposes of scientific research studies. history or statistics, where research is not necessary to carry out the public interest.
(f) Users may require the Data Controller to delete, destroy or de-identify the data subject. In the following cases
when the personal information is no longer necessary for keeping in accordance with the purposes for collecting, using or disclosing that personal information;
When the user who owns the personal information withdraws his consent to the collection, use or disclosure of that personal information and the data controller has no other legal authority to collect, use or disclose that personal information. longer
When the user has objected to the lawful collection, use or disclosure of such information.
When personal data has been collected, used or disclosed unlawfully, rules, regulations, regulations on personal data protection
(g) the user may have the data controller suspend the use of such personal data while still retaining it. In the following cases
The data controller is currently being investigated by a committee of experts in accordance with the Personal Data Protection Act, which the user has complained of such investigation.
Personal data has been collected, used or disclosed unlawfully, rules, regulations, regulations on personal data protection.
In the event that the user has a need for the data controller to keep his or her personal data for the benefit of the user’s own claims, such as the user’s legal claim. Compliance or exercise of legal claims or raising the defense of legal claims The user may require the data controller to simply suspend the use of the data instead of proceeding to delete, destroy or make the data identifiable as the owner of the data.
The data controller is in the process of proving or refusing to object to the collection, use or dissemination of the user’s personal data in accordance with the personal data protection law which the user has legally objected to.
(h) when the user finds that the user’s personal data is wrong, backward, unclear, or unclear, the user has the right to the data controller to rectify such personal data to be accurate, current, complete and without causing misunderstanding. can be wrong
(i) Users may complain to a panel of experts in accordance with the Personal Data Protection Law in the event of a breach or non-compliance with the Data Controller’s law, rules, regulations, data protection regulations and/or data processor
To collect and use personal information in accordance with this policy The Data Controller will provide appropriate security measures to prevent the loss, access, use, alteration, alteration or disclosure of non-compliance with the following measures, standards, technologies and/or systems.
Set access rights (Access Right)
This includes controlling the data processors to maintain the security of personal data not less than those set forth in this policy.
9 Amendment of Personal Data
The data controller will provide the following audit systems and measures:
(a) take action to correct personal data to be accurate, current, complete and not cause misunderstanding;
(b) delete, destroy personal data that exceeds the period for which the user has given consent; and
(c) delete, destroy personal information that is not related to the use of such personal information as the user has given consent.
10 Collection Use and/or disclose personal information in accordance with the Personal Data Protection Act.
The user acknowledges and agrees that the data controller may collect, use and/or disclose the user’s information without the user’s prior consent. This is to the extent necessary and only insofar as it is for the purposes and in the following cases.
(a) to achieve the objectives relating to the preparation of historical documents or archives for the public interest; or in connection with research studies or statistics which have put in place appropriate safeguards to protect the rights and freedoms of the User’s personal data.
(b) to prevent or suppress any danger to life, body or health of any person;
(c) It is necessary for the performance of a contract to which the user of the personal data subject is a party or for the execution of the request of the user of the personal data subject prior to entering into such contract.
(d) it is necessary for the performance of duties in the public interest of the data controller or for the exercise of state powers entrusted to the data controller;
(e) It is necessary for the legitimate interests of the data controller or of another person for whom such benefits are more important than the user’s fundamental rights to personal data.
(f) It is in compliance with the data controller law.
In this regard, the data controller will record the collection, use or disclosure of the user’s personal data in accordance with the preceding paragraph as important.
11 Collection Use and/or disclose sensitive personal data (Sensitive Data)
The user acknowledges and agrees that in addition to collecting Use and/or disclose personal information collected by the user with his express consent. have used and/or disclosed the personal data in the preceding paragraph The data controller may collect Use and/or disclose sensitive personal data (Sensitive Data) of users without prior consent from users. This is to the extent necessary and only insofar as it is for the purposes and in the following cases.
(a) to prevent or suppress harm to the life, body or health of the user whose personal data subject is unable to give consent; for whatever reason (b) is information that is publicly available with the express consent of the user of the personal data subject. (c) it is necessary for the establishment compliance Use or fight against statutory claims (d) It is necessary to comply with the law in order to achieve the objectives relating to
preventive medicine or occupational medicine Employee competency assessment medical diagnosis Providing health or social services medical treatment health management or social work systems and services
Public benefits in the field of public health such as health protection from dangerous communicable diseases or epidemics that may be transmitted or spread into the Kingdom. or control of standards or quality of drugs, medical supplies or medical devices It has put in place appropriate and specific measures to protect the rights and freedoms of users of personal data subjects, especially the confidentiality of personal data in accordance with professional or professional ethics.
Labor protection social security National Health Insurance Welfare related to medical treatment of persons entitled to the law Car Accident Protection or Social Protection The collection of personal data of users is necessary to fulfill the rights or obligations of the data controller or user of the data subject. Appropriate measures have been taken to protect the fundamental rights and interests of users of the personal data subject.
Scientific research studies By collecting, using and/or disclosing only as necessary, and appropriate measures are taken to protect the fundamental rights and interests of the user of the personal data subject as required by the Protection Committee. Personal data has been determined
Significant public interest Appropriate measures have been taken to protect the fundamental rights and interests of users of the personal data subject.
In this regard, the data controller will record the collection, use or disclosure of the user’s personal data in accordance with the preceding paragraph as important.
Use of the Website and Application by persons who are under the User’s custody, custody or defense.
The user undertakes that he is not and will not allow any person who is a legally impaired person to visit, use, or become a member of the Website and Application.
(a) an incompetent person under the supervision of the user;
(b) a quasi-incompetent person in the custody of the user;
In the event that the user consents to the person above to visit, use or become a member of the website and application The user agrees to be deemed that the user has exercised the parental, guardian or guardian power of such person, as the case may be, in agreeing and giving consent under this policy in all respects.
for and on behalf of such persons as well
13 Sending or Transferring Personal Data Overseas
The data controller may transmit or transfer the user’s personal data abroad in the following cases.
(a) the destination country or international organization receiving personal data has adequate personal data protection standards in accordance with the laws, rules, regulations and regulations on personal data protection;
(b) obtaining the consent of the personal data subject provided that the user of the personal data subject has been informed and informed of the inadequate personal data protection standards of the destination country or international organization receiving the data;
(c) is a legal practice
(d) it is necessary for the performance of the contract to which the user of the personal data subject is a party or for the execution of the request of the user of the personal data subject prior to entering into that contract.
(e) It is a contractual act between the data controller and another person for the benefit of the user of that personal data subject.
(f) to prevent or suppress harm to the life, body or health of the user, the subject of the personal data or any person when the owner of the personal data is unable to give consent at that time
(g) it is necessary for the carrying out of missions for the benefit of the public;
14 Notification of Personal Data Violation
In the event that the data controller becomes aware of a personal data breach, regardless of the breach by any person. The data controller will take the following actions:
(a) where there is a risk of affecting the rights or liberties of any person; The data controller will notify the personal data breach to the Office of the Personal Data Protection Commission. without delay as it can be done within 72 (seventy-two) hours from the knowledge of the incident
(b) where there is a risk of having a high impact on the rights or freedoms of any person The data controller will notify the personal data breach and remedial measures to the Office of the Personal Data Protection Commission and to the users of the personal data subject. without delay as it can be done within 72 (seventy-two) hours from the knowledge of the incident
15 Complaints and Reporting Problems with Personal Data
Users may complain and report issues with personal information. including but not limited to Requesting the data controller to amend and/or correct the data objection to data collection or suspend the use of information at the following channels firstname.lastname@example.org
16 Recording of Important Items
Unless the data protection law requires otherwise the data controller’s rights. The data controller records important items regarding the storage, use, or disclosure of information in writing or electronically for verification by users, data subjects or government agencies. including but not limited to the following items:
(a) Personal data collected
(b) the purpose of collecting each type of personal data
(c) Information about the Data Controller
(d) retention period of personal data
(e) Rights and methods of access to personal data including conditions relating to persons entitled to access to personal data and conditions of access to such personal data
(f) Collection, use or disclosure of personal data that is exempt from obtaining the consent of the user, the data subject.
(g) refusal of requests and objections
(h) details of measures to maintain the security of personal data
17 Amendment to Policy
18 Relationship of the Contracting Parties
where both parties understand and know that The entry into this policy does not cause the parties and their employees to have any relationship as an employee under labor law or as a partner under the Partnership and Company law.
19 Assignment of Rights
Unless expressly stated otherwise in this Policy. The parties agree not to assign their rights, duties and/or liabilities under this Policy to any person without the other party’s prior written consent.
20 Waiver of Rights
The fact that the data controller does not exercise its right or delay in any matter or at any time It shall not be deemed that the data controller has waived its rights in such matter. and the fact that the data controller exercises partial or waiver of rights in any matter or at any one time It shall not be regarded as a waiver of the right in other matters or on other occasions as well.
21 Segregation of Policy
If any statement or agreement in this policy is invalid, incomplete or unenforceable. For whatever reason, the parties hereby agree that other statements and agreements The Agreement shall remain valid and binding on the parties as if there is no void, incomplete or unenforceable part of this Policy.
22 Governing Law
This policy shall be governed by the laws of Thailand.
23 Dispute Resolution
If there is an argument any conflict occurred as a result of this policy, if the parties cannot be agreed upon The parties agree to bring the dispute to the court in Thailand.
24 Deletion of User Account
After deleting the user account Your account will no longer be activated, restored, or accessed. You must create a new user account.