NBTC Privacy Guideline

  1. The Customer Data Privacy Protection Guideline

    In order to provide the criteria for protecting the rights of Customer regarding Customer Data, rights to privacy and freedom of communication through telecommunications service, which are in accordance with the criteria of the Commission.

    Therefore, Advanced Wireless Network Company Limited shall set up the notification for the purpose of collecting Customer Data, the duration for collecting the Customer Data, the type of person or authority that the Customer Data shall be disclosed, the rights of the Customer, and the consent of Customers in accordance with the prevention and protection measures in order to maintain the security of Customer Data including technical and managerial aspects in the organization as appropriate for each telecommunications service and also building trust for telecommunications service in accordance with the criteria set forth in this document.

  2. Definitions
    1. “The Company” means Advanced Wireless Network Company Limited
    2. “Customer Data” means the Customer Information for the use of telecommunication number, fact, detail relating to Customer that may directly or indirectly identify Customer, service usage data, telecommunication number including the telecommunications service behavior of Customer, excluding the use of technical information as necessary for the benefit of network management, communication, and the operation of the business.
    3. “Data Processing” means any action regarding the use, disclosure or editing of the Customer Data, no matter by any means also including the transmitting or transferring of Customer Data used in such telecommunications business
    4. "Collection” means the obtaining of Customer Data.
    5. “The Customer Information for the use of telecommunication number” means the information regarding telecommunication number, name, last name and address of Customer.
    6. “Customer” means the person who uses telecommunications service as individual person and juristic person, whether it is the party with the Company or not.
    7. “The Commission” means the National Broadcasting and Telecommunications Commission.
    8. “The Office” means the Office of the National Broadcasting and Telecommunications Commission.
  3. The collection, storage and processing of Customer Data
    1. The Company shall collect, store and process the Customer Data, once obtained consent of Customer through one of the following means:
      1. Application Form
      2. The Company’s website
      3. Short Message Service (SMS)
      4. Others
    2. The processing of Customer Data The Company shall process Customer Data for the purpose of its telecommunications business such as:

      - For the benefit of researching or statistics relating to providing service, collecting Customer Data in confidence

      - The information is legally disclosed to the public.

      - For the benefit of the customer

      - The preparation of the database and the use of the customer’s information to improve the quality of service.

      - The preparation of the database and the use of the customer’s information to offer the privileges based on the customer’s interest.

      - The preparation of the database and the use of the customer’s information to prepare for the promotional campaign or any Company activities etc

    3. The Company shall collect Customer Data directly from Customer as necessary for the telecommunications business of the Company according to the lawful purpose
    4. The Company shall not collect information regarding the physical disabilities, except for the benefit of providing the appropriate services for those with physical disabilities
    5. The Company shall not collect information regarding hereditary characteristic, except for information that appears on documents which can be disclosed by law.
    6. The Company shall not collect the information that affects the sentiment, or may cause damage or affects to the rights, freedom of the Customer, as prescribed by the Commission.
    7. The Company shall collect Customer Data for the last 3 months of using service, retrospective from current date of using service.
    8. In case of the termination of telecommunications service, the Company shall collect the Customer Data, in accordance with Article 3.7 for 3 months from service termination date
  4. The disclosure of Customer Data

    The Company can disclose the following Customer Data without consent of Customer:

    1. The disclosure of Customer Data to the government authority or government officer by virtue of the provisions of specific laws to maintain the stability of the State, or to maintain the public order or good moral, and fully comply with the procedures as prescribed by such laws.
    2. The use or disclosure of Customer Data as necessary to prevent damage to life, body or health of the Customer.
    3. The submission of Customer Data to the Commission or to the Office, upon receiving a request from the Commission or the Office, for the benefit of controlling and regulating the telecommunications business according to laws.
  5. Rights of Customer
    1. Customer can review/request the copy or the certified true copy of its Customer Data by submitting a written request to the Company with the payment of fees as stipulated by the Company according to the rates determined by the Commission.
    2. Customer can edit or change its Customer Data completely and accurately by notifying the Company in writing or via the Company’s website.
    3. Customer can suspend, disclose or revoke its consent to process its Customer Data in any activities which is not affect the service provided to the user at any time by notifying the Company in writing.
  6. Measures to secure Customer Data
    1. The Company shall arrange for access levels to Customer Data and periodic change of password of employees accessing/using data, in order to maintain the security of Customer Data.
    2. The Company shall arrange for measures to ensure information security according to risk from technological development as follows:
      1. Maintaining physical security. Maintaining personnel security by secure recruiting, segregating duty, providing proper training and assigning the right role for employees so that they are able to perform their duties properly.
      2. Maintaining the security of IT systems, by segregating system, access control, intrusion detection and change control.
      3. Maintaining the information security of Customer Data, by classifying confidential data, proper handling confidential data and managing hard copy document.
      4. Maintaining the security of communications and communications networks by communications networks access control systems providing backup and recovery of data, control of data transmission, the checking of the accuracy of in-transit data, and the control of remote access to IT systems.
      5. Business continuity management
    3. The Company shall not wiretap, monitor, intercept, or reveal content of customer communication, no matter form, unless by the provision of laws.
    4. The Company shall set up protection systems for any actions to alter data
    5. The Company shall provide an incoming caller ID service, a system that protects outgoing caller IDs, and call screening in accordance with the criteria set by the Commission
    6. The Company shall provide obtained consent Customer Information for the use of telecommunications number to those who have been authorized to prepare directory service under the Telecommunications Business Act B.E. 2544
  7. Complaints

    Customers may complain on infringement of Customer Data, right to privacy and freedom of communication through the use of telecommunications, in accordance with the complaint regulations as specified by the Company.

Effective date: 1st March 2016 onwards.