“Personal Data” means any information pertaining to a Data Subject, which enables the identification of Data Subject, whether direct or indirect.
Data collection and storage under this Policy will be conducted within the purpose, scope and lawful methods as necessary for the scopes of service, or other services provided by electronic means within Company’s scope of service. Accordingly, Company will inform Data Subject to acknowledge and consent through electronic, Short Message Service (SMS) or other methods as specified by the Company.
Company may collect personal data relating to Data Subject preference or subscribed service in which consisting of racial, religious or philosophical beliefs, health information, biological information, disabilities, heredity information or other information. Therefore, Company shall request consent from Data Subject before collection except;
2.1. in compliance with a legal obligation such as Personal Data Protection Act., Electronic Transaction Act., Telecommunication Business Act., Anti-Money Laundering Act., Civil and Commercial Code, Criminal Code, Civil and Commercial Procedure Code, and Criminal Procedure Code;
2.2 for the purpose for investigation of the inquiry authorities or adjudication of a competent court;
2.3. for Data Subject’s benefit, and the consent cannot be made at that time;
2.4. for the necessity purpose of the legitimate interests pursued by the Company or personnel or other juristic person which is not related to the Company;
2.5. it is necessary to prevent or to avoid danger to a person’s life, body or health;
2.6. it is necessary for the performance of a contract to which the Data Subject is a party or in order to proceed as requested by the Data Subject prior to entering into a contract; or
2.7. for achieving the purposes in the making of history documents or annals for public interest or for study, research, statistical purposes under appropriate protection measures.
3.1. The Company recognizes the importance of maintaining the security of Data Subject personal data. Therefore, the Company has established measures to maintain the security of personal data appropriately and consistency, and make Data Subject’s personal data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of personal data without rights or unlawful in accordance with the AIS Cyber Security Policy.
3.2. Any personal data that the Company received from Data Subject such as name, residential address, contact number, identification number, financial information which is complete and up-to-date relating to an identified or identifiable of Data Subject will be used in accordance with the objectives of the Company. The Company will carry out appropriate measures to prevent personal data from being used without permission.
The Company shall collect, store, use of Subscriber’s Personal Data for the purpose or activity which Data Subject interesting in relating to telecommunication service, broadcasting service, payment service or other services, digital service, marketing research and survey, promotional activities, providing privilege based on Subscriber’s preferences or data analysis in order to offer goods or services of Company and/or a person who is a distributor, agent, or the person who related thereof, and/or other person, or legal obligations or regulation to which the Company is subject whether present or in the future, including consent to the Company to send, transfer and/or disclose personal data to Company business group, business alliance, any agency, organization or juristic person who has a contract or a legal relationship with the Company and/or Cloud Computing Service Provider by allowing the Company to send, transfer and/or disclose such information through domestically and internationally. The Company shall retain Subscribers’ Personal Data as long as necessary only for the above mentioned purposes, where the Data Receiver or Data processor is also obligated by law to retain Personal Data as well. If there is a later update in the purpose of collecting Personal Data, the Company will inform the Subscriber.
5.1 The Company will use or disclose Data Subject personal data in accordance with the consent of the Data Subject, and will be solely used for the Company’s purpose in order to provide services. The Company will supervise its employees, officers or operating staffs from using and/or disclosing Data Subject’s personal data in any way other than the purpose of service or to a third party except:
5.1.1. in compliance with a legal obligation such as Personal Data Protection Act., Electronic Transaction Act., Telecommunication Business Act., Anti-Money Laundering Act., Civil and Commercial Act., Criminal Act., Civil and Commercial Procedure Act., and Criminal Procedure Act.;
5.1.2. for the purpose for investigation of the inquiry authorities or adjudication of a competent court;
5.1.3. for Data Subject’s benefit, and the consent cannot be made at that time;
5.1.4. for the necessity purpose of the legitimate interests pursued by the Company or personnel or other juristic person which is not related to the Company;
5.1.5. it is necessary to prevent or to avoid danger to a person’s life, body or health;
5.1.6. it is necessary for the performance of a contract to which the Data Subject is a party or in order to proceed as requested by the Data Subject prior to entering into a contract; or
5.1.7. for achieving the purposes in the making of history documents or annals for public interest or for study, research, statistical purposes under appropriate protection measures.
5.2. The Company may use third party IT Service providers in order to retain personal data, which such Service provider must have security measures by prohibiting the collection, use or disclosure of personal data other than those specified by the Company.
6.1 Data Subject may request to access its Call Detail Record (CDR) in accordance with the requirements and methods set by the Company at AIS Service Center or request Company to provide the acquisition of Personal Data. However, the Company may deny such right subject to exception by applicable laws or Court order.
6.2 Data Subject may request the Company to correct or change its Personal Data that is not correct or inaccurate in order to keep such data up-to-date.
6.3 Data Subject may request the Company delete or destroy such Personal Data, except in the case that the company must comply with the relevant laws for the preservation of such personal data.
The Company has complied with laws, including the Notification of the National Telecommunications Commission on Measures for Protection of Telecommunications Service Users’ Rights Related to Personal Information, Privacy Rights and Freedom to Communicate by Means of Telecommunications, and other applicable privacy laws, as well as, publish a NBTC Privacy Guideline on the Company's website.
Customer and Service Management Business Unit
Advanced Info Service Company Public Limited and subsidiary companies
414 Phaholyothin Road, Samsen-Nai, Phayathai, Bangkok 10400
Or Data Protection Office Unit
Email: [email protected]
Last updated: November, 2019