Privacy Policy
Last Updated Nov 19, 2021

AOT Microsite Visitors’ Privacy Policy

Latest updated: 19 พ.ย. 2021

Abstract

       AOT Microsite processes personal data of Personnel with the reasonable measures to act in compliance with the Thailand’s Personal Data Protection Act B.E. 2562 (“PDPA”). You can see our full detailed Privacy Policy through the attached QR code, however the summary of our Privacy

policy is shown below.

Topic

Overview

What data do we process? 

We process collected personal data including but not limited to Identity Data, Address / Contact, and IT Data.

How do we use those data? 

We process personal data according to the purpose and scope of Airports of Thailand Public Company Limited, with the legal bases as explained in our Privacy Policy.

Who do we transfer information to? 

In some circumstances, we may be required to transfer personal data to Third-Party Organizations, which are stated in our vendors/partners list.

What are your rights as   a data subject?

As a data subject, you are entitled to the data subject rights which include but not limited to right to access, right to rectification and right to erasure.

Revision of the policy

Any revision made will be notified to all related parties regarding the changes in The Privacy Policy.

 

 

AOT Microsite Visitors’ Privacy Policy 1.0

1. Purpose and scope

2. What personal data do we process?

3. How do we collect your personal data?

4. How does SKY ICT use your Personal Data?

5. Usage of Personal Data with External Third-party Organization

6. Transferring Personal Data to Foreign Countries

7. Security Measures for Personal Data Protection

8. Time Period of Personal Data Storage

9. Website Visitors’ Personal Data Rights

10. Policy Revision

 

 

1. Purpose and scope

       This Privacy Policy applies to all AOT Microsite Visitors (“Visitors”). GFIN-SKY Consortium acts as the Data Processor, who has the role and responsibility in processing and ensuring the security and privacy of all personal data in accordance with Personal Data Protection Act (2019), under the scope and purpose determined by Airports of Thailand Public Company Limited as the Data Controller.

Data Controller Contact Information

Airports of Thailand Public Company Limited (AOT)
333 Cherdwutagard Road, Srikan, Don Mueang, Bangkok 10210, Thailand

Tel.: 1722 or (+66) 2535 1192
E-mail: aotpr@airportthai.co.th

Data Protection Officer (DPO) Contact Information

[*]

E-mail:

       This Privacy Policy covers data subjects who are AOT Microsite Visitors, including Airline Passengers, Airport Visitors, Airport Staff.

       As used in this Privacy Policy, the following terms shall have the meanings set forth below:

       ‘Processing’ means anything done with AOT Microsite Visitors’ personal data, including collection, storage, use, disclosure, and deletion.

       ‘Legal Bases’ means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of PDPA.

       This policy may be revised at any given time as notified to Personnel through appropriate channels.

 

2. What personal data do we process?

       AOT Microsite stores the following Visitors’ personal data:

  • Address/Contact including but not limited to Address, Phone number and Email
  • Identity Data including but not limited to Full name (excluding biometric data)
  • Profile Data including but not limited to Sex, Country of Residence, Birth Date
  • IT Data including but not limited to the Cookie ID

 

3. How do we collect your personal data?

       In general, AOT Microsite will directly collect Visitors’ personal data through these processes (or channels) including but not limited to:

  • Collecting cookie ID from your visit to AOT Microsite (see cookies policy for details)
  • Fill in the form on the website.

 

4. How does AOT Microsite use your Personal Data?

       AOT Microsite uses Visitors’ personal data to carry out tasks per Airports of Thailand Public Company Limited’s scope and purpose of providing group of activities, including but not limited to:

Group of Activities

Group of PIIs

Legal Bases

Contact Us
  • Address / Contact
  • Identity Data
  • IT Data
  • Contract

Visitor Activity Report
  • Profile Data
  • IT Data
  • Contract

Newsletter
  • Address / Contact
  • Consent

 

       AOT Microsite will process Visitors’ personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes unclarified above, AOT Microsite would ask for new consent to process Visitors’ personal data on such uses.

 

5. Usage of Personal Data with External

Third-party Organization

        AOT Microsite may be required to pass on personal data to external third-party organizations and process personal data in accordance with the contract or the legal obligation of GFIN-SKY Consortium. These organizations may include:

       - Google Analytics

       For the case where personal data is being passed on the external third-party organizations, AOT Microsite will ensure that the minimum amount of personal data is being sent and consider anonymization and pseudonymization techniques for greater security. Nevertheless, external third-party organizations who will process Visitors’ personal data for AOT Microsite will be required to have an appropriate privacy policy. AOT Microsite does not permit these external third-party organizations to use the Visitors’ personal data in a way that diverge from the agreed scope and purpose.

 

6. Transferring Personal Data to Foreign Countries

       AOT Microsite may be required to pass on personal data to foreign countries, including, but not limited to

  • United States

       For these cases, AOT Microsite will pass on Users’ personal data only when these requirements have been met. These include:

  • Receiving foreign country has a substantial personal data regulation in place
  • Receiving organization has a substantial privacy policy in place and certified by the Personal Data Committee
  • Receiving organization is obligated to follow a substantial privacy policy with a sufficient remedial measure in accordance with the procedures identified by the Personal Data Committee (including, but not limited to, standard contract, vendor process agreement)
  • A necessary task to exercise legal rights
  • Consent has been received from appropriate individuals agreeing to the pass on of Users’ personal data to a foreign country that does not have a substantial privacy policy
  • A necessary task to carry out contractual agreements of the Users
  • A necessary task to carry out under a contractual agreement between two entities for the benefit of the Users
  • To ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time
  • A necessary task for the good of the public

 

7. Security Measures for Personal Data Protection

       AOT Microsite has implemented security measures to ensure the security of Visitors’ personal data (More details are available at [link]). External third-party organizations must carry out the processing of personal data in accordance with AOT’s policy and agrees to ensure the security of Visitors’ personal data (More details about GFIN-SKY Consortium’s IT Security Policy are available at https://www.skyict.co.th/privacy-policy)

 

8. Time Period of Personal Data Storage

       AOT Microsite will store Visitors’ personal data throughout for the appropriate period according to AOT Microsite’s scope and purpose including other important matters such as legal requirements, accounting, and auditing purposes. (More details are available at [link])

 

9. Website Visitors’ Personal Data Rights

       Your personal data rights include:

  • Right of Access – you have the right to request a copy of all your personal data and assess if the company is processing your personal data in accordance with the law or not
  • Right to Data Portability – for the case where a company has an automated platform allowing you to access your personal data automatically:
    • You have the right to ask for your personal data to be transferred automatically to other organizations
    • You have the right to ask for your personal data to be directly transferred to other organization, with the exceptions of cases where there is a technological limitation
  • Right to Object – you have the right to object to any data process activity of your personal data for the legal bases, including:
    • Public Task or Legitimate Interest
    • Direct Marketing Purposes
  • Right to Erasure – you have the right to request data deletion or anonymization, in accord to the following cases:
    • Expiration of data processing required terms
    • Consent has been withheld
    • Objections raised on the data processing activity
    • The processing activity is not in accordance with the law
  • Right to restrict processing – you have the rights to restrict any data processing activities, in accordance with the following cases:
    • During the process of personal data assessment as requested
    • For cases related to personal data which has initially asked for deletion and erasure but was followed by an additional request of processing restriction instead
    • For cases when the data processing terms have passed, but you have requested for processing restriction due to legal reasons
    • During the process of personal data processing objection verification
  • Right to Rectification – You have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, the company might not edit this themselves.

 

        In the cases where AOT Microsite may not be able to carry out and exercise your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the rights to retract your consent by emailing to all related parties. AOT Microsite will be required to terminate all processes as soon as possible. However, the retraction only is carried out to all data processing after the retraction. Any data process activity carried out before the retraction will not be reversed.

       Please be informed that AOT Microsite does record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available at: https://www.law.chula.ac.th/event/9705/

       In the case where you have the intention to exercise your personal data protection rights, please contact AOT Call Center 1722 or (+66) 2535 1192. AOT Microsite will process this request in a secure and timely manner. Also, in case that AOT Microsite fails to preserve your rights under PDPA, you can file complaint to Office of the Personal Data Protection Commission (‘PDPC’)

 

10.Policy Revision

       This Privacy Policy applies to all AOT Microsite Visitors and was last updated on 19/11/2021. AOT Microsite holds the rights to review and edit the policy periodically if there is any change in activities or any significant change. Any revision made will be notified to all related parties regarding the changes in data processing activity procedures.

1. What information we collect
The official Application of Airport of Thailand Public Company Limited (AOT) may collect your personal information which you provide to us during the use of Application. Personal information may include:  
    1.1.    Personal information e.g., name, ID card number, passport number, date of birth, country of residence, profile picture  
    1.2.    Contact information e.g., phone number, email address  
    1.3.    Credit or debit card information, including the name of cardholder, card number, expiry date
    1.4.    Travel information e.g., flight/hotel/transport information
    1.5.    Location information within the airports
    1.6.    Linked third-party accounts e.g., Facebook account, Google account, Line account
    1.7.    Feedback information e.g., feedback, complaint, survey
    1.8.    Log data and device information e.g., IP address, cookies
    1.9.    Tracking information e.g., cookies and similar technologies

2. How do we use this information and legal basis for this use
The official Application of Airport of Thailand Public Company Limited (AOT) may process your personal information according to the purpose and limited to what is necessary for the following purposes:
    2.1.    As required to provide our services and pursue our legitimate interests:
        2.1.1.    We will use your information to provide products and services you have requested, and respond to any comments, queries or complaints you may send us; 
        2.1.2.    We will use your information for processing your enrollment to our loyalty program and managing your account; 
        2.1.3.    We will monitor use of our websites and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;

        2.1.3.    We will use information you provide to personalize our websites, products or services for you;
        2.1.4.    If you provide a credit or debit, we will also use third parties to check the validity of the sort code, account number and card number you submit in order to prevent fraud;
        2.1.5.    We will trace back customer activities to prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, in accordance with applicable law;  
        2.1.6.    We will use information you provide to investigate any complaints received from you or from others, about our website or our products or services;
        2.1.7.    We will use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
        2.1.8.    We will use data of some individuals to invite them to take part in market research;
        2.1.9.    We will use your data for statistical research and analytic purposes to improve our website or our products or services;
        2.1.10.    In some cases, we will contact you for product or customer satisfaction surveys.
    2.2.    Where you give us consent:
        2.2.1    We will send you newsletters containing news concerning our company and our products, services and special offers.
        2.2.2    We will send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners.
        2.2.3    We will place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used. 
        2.2.4    We create your profile for marketing purposes in order to deliver advertisements that match your interests.
        2.2.5    On other occasions we ask you for consent, we use the data for the purpose which we explain at that time.
    2.3.    For purposes with are required by law: 
        2.3.1.    Upon request/order from regulators and law enforcement
        2.3.2.    To take action against or to prevent the fraud, deceit or making purchase without permission which is possible to happen.

3. Technology to remember information (Cookies)
Our Application may contain cookies or other similar technologies to remember information, depends on the types of service we provide. Cookies or similar technologies may be used to collect information. For example, types of browser or operating system maybe collected and use to count the number of users of the Application or to understand users’ needs. Moreover, cookies or similar technologies will help us “tailor” the Application to each user’s preference by remembering information of each user when using the Application. Cookies or other similar technologies may not be used for collecting your personal information, unless you allow us by giving your consent and choose to fill in your personal information.

4. Disclosure of your information
The official Application of Airport of Thailand Public Company Limited (AOT) may reveal your personal information to legal entities and other service providers who take part in provision of the respective service to you. This may include:
    4.1.    Business partners and affiliates of AOT
    4.2.    Third-party providers of transportation services
    4.3.    Third-party providers of accommodation and tourism services
    4.4.    Third-party merchants wh
    4.5.    IT providers of AOT 
    4.6.    Government agencies where requested by the respective applicable law
    4.7.    Regulators or law enforcement entities

In case of disclosure of personal information with other parties which are not declared above, the official Application of Airport of Thailand Public Company Limited (AOT) has an obligation to notify you, prior disclosure of your information.

5. Security of your information
Your personal information will be kept safe and handle properly, conforming to our code of conduct. Only our employees, staff, and representatives, who authorized by Airport of Thailand Co., Ltd and entities stated in section 4, may gain access to your personal information only whenever is necessary and under supervision.

6. Withdrawing consent
You, as our customer, have an unconditional right to withdraw consent from any activities which require your consent for data processing. You may also deactivate your account, thus opt-out from all our services, at any time.
However, we may have other legal grounds or legal obligations for processing data for other purposes, such as those stated in section 2.

7. Your rights regarding personal information
You have the right to ask us for information about our data processing or for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required to keep by law or when we have compelling legitimate interests in retaining the data.
We will provide you with a copy of your personal data when you (or, in case of children, your parents or representatives) request to do.
We shall inform you without delay within 30 days after receiving of the request. This period may be prolonged for a further month, if several data subjects exercise their rights and their cooperation is necessary to a reasonable extent. If we refuse to take action on the request of the data subject, we shall inform you of the reasons for the refusal.
When you are under GDPR regulation, to exercise any of these rights you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.

8. Retention of your personal information
The official Application of Airport of Thailand Public Company Limited (AOT) may retain your personal data as long as it is needed for the respective purpose of data processing and applicable law then, thereafter, to comply with any applicable recordkeeping provisions. Personal data may also be contained in backup files which we keep for information security purposes and regularly delete when the backup period is over.
Where we process registration data, we do this for as long as you are an active user of the Applications.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

9. Contact Us
Airports of Thailand Public Company Limited (AOT)
333 Cherdwutagard Road, Srikan, Don Mueang, Bangkok 10210, Thailand
Or call AOT Contact Center 1722 or (+66) 2132 1888

Thank you
Application team of Airports of Thailand Public Company Limited (AOT)