1. Respect for Right to Privacy
1.1 CEA respects and values user right to personal information and personal data protection. In addition, CEA acknowledges service users’ anticipation to receive safe and secured services through our website.
1.2 Any personal information that can reveal personal identification and be a complete, correct, present, and high-quality piece of personal data, i.e., name, surname, title, age, address, name of organization, account security setting, IP address, cookies, email, phone number, ID card number, etc., must be used in line with the objective of each CEA operation. Furthermore, CEA will operate with strict security measures along with protecting user data from non-consensual exploitations.
2. Personal Data Collection with Limitation and Necessity
In collecting and storing user personal data, CEA will employ only methods that are law-abiding and conscientious, limit data collection and storage to a necessity of each service, or provide other electronic services that are only in line with the objectives of CEA. In addition, CEA will request your permission before gathering data and will not keep personal information regarding genetic attributes, sexual behaviors, or any pieces of information that may cause dishonor, sense of discrimination, or inequality to an individual except:
1. Cases that are exempt by law.
2. Cases that may benefit users and consent request may not be viable at the time.
3. Cases that may be important to the life, health, or safety of you or other users.
4. Cases that may benefit police investigations or judicial reviews.
5. Cases that may benefit studies, research works, and statistical surveys.
However, for the benefit of keeping your personal information up-to-date and of improving CEA services, CEA may collect and add your personal information to your user profile from other sources only when given your consent and in necessary cases.
3. Objectives of Personal Data Collection
3.1 CEA will collect your personal information to:
- (1) Operate, conduct a study or research, find solutions, analyze data, and establish statistical database all of which are in line with our objectives.
- (2) Improve the quality of services.
- (3) Verify individual user.
- (4) Secure user accounts.
- (5) Inform users about news and newsletters.
- (6) Inform users about incoming changes.
- (7) Provide information about user activities on the website and user reception of services.
- (8) Secure and manage user accounts and check for distorted or faulty information.
3.2 In case of later changes in objectives, CEA will inform you and request your consent. All alterations will be recorded as evidence.
3.3 In case CEA collect, store, use, and disclose personal information for the purposes that are not in line with the stated objectives, you maintain the right to choose whether to allow CEA to collect, store, use, and disclose your information or not.
3.4 For the purpose of analyzing and tracking user activities on the website and of retracing usage problems, CEA thus automatically keeps log files of your following information:
- (1) IP Address,
- (2) Purpose for connecting personal information.
Moreover, in case of outsourcing, CEA only employs services from third-party agencies whose practices are in line with the PDPA.
3.5 CEA sees a necessity in processing your personal information for the following reasons (data processing bases):
- (1) Compliance with service contract. CEA has to process user personal information in order to fulfill our duties as stated in the contract. Furthermore, CEA needs to process user information to collaborate with the third parties to provide services and to conduct certain operations such as operations that involve other government or private agencies.
- (2) Legal obligation. CEA has to process personal information in order to fulfill our duties as stated by the law. This includes processing personal data to track, verify, and submit information to regulatory bodies.
- (3) Legitimate interests. CEA has to process personal information in order to uphold legitimate interests, especially those involve statistical analysis or other related activities. Moreover, this is also for legitimate interests of others such as analyzing user behaviors to improve services.
- (4) User consent. CEA will request your consent before proceeding to execute certain activities such as survey participation or sensitive information disclosure. CEA will only process your personal information according to our stated objectives. CEA will also process your personal information in cases with valid and relevant reasons that do not contradict our primary objectives. However, in cases with new or irrelevant objectives, CEA will re-request your consent specifically for these new purposes.
3.6 CEA will not take any actions that are not in line with our objectives except:
- (1) When CEA has already informed the users of the new objective and been given user consent.
- (2) When it is required by the law.
4. Limited Use of Personal Information
4.1 CEA can only use and disclose your personal information when given your consent and will do so in accordance with our objectives.
4.2 CEA will closely monitor our officers to not disclose your information for purposes that contradict our objectives or to any third parties.
4.3 CEA will allow other individuals or agencies to access your personal information only when necessary and with limitations.
CEA has devised personal information security measures which are appropriate for keeping personal information confidential and protecting it from loss and unauthorized/illegal access and usage, deletion, alteration, edition, or disclosure. These measures are devised according to our policy and guideline regarding IT security and related legal provisions.
6. Engagement of Data Subject.
6.1 In case you wish to view your own personal data, you can submit a request according to our guideline and procedure. Once CEA receives your request, we will process the request and inform you of the existence and detail of the requested piece of information as immediately as possible.
6.2 In case you detect and wish to correct any faulty pieces of information, you can submit a request to edit, alter or delete them.
6.3 You maintain the right to view the existence and types of your personal information, the objective of usage, and other following cases:
- (1) To request a copy or a certified copy of your personal information.
- (2) To request a corrective edition or alteration of your personal information.
- (3) To request a withholding of usage or disclosure of your personal information.
- (4) To request a deletion or destruction of your personal information.
- (5) To request a declaration of how your personal information has been obtained in case you have not given consent for collection.
However, CEA may deny your request in cases which may violate the law or in cases which your personal information has been made unidentifiable or unverifiable.
7. Disclosure of Personal Information to Third Parties or Other Government Agencies
7.1 CEA may share your personal information to third parties or other government agencies; however, CEA will always request your permission and inform you of the following details prior to sharing your information:
- (1) The third party or government agency which your information is shared to.
- (2) The objective of sharing your personal information.
- (3) The method of sharing your personal information.
- (4) The piece of personal information that is being shared.
- (5) The individual who maintains the right to access your personal information.
7.2 In sharing personal information to a third party or government agency, CEA will record all sharing activities as evidence.
7.3 In case CEA uses your personal information from or sends it to a third party or government agency, CEA will only do so at necessity and limit the amount of data as much as possible. CEA will also consider employing Anonymisation and Pseudonymisation for security. Any third party who processes personal information for CEA must devise suitable protective measures for personal information in accordance with this policy and is not permitted to use personal information for objectives other than those set by CEA.
7.4 In case of changes in sharing information, CEA will always inform you of the alterations and request your consent before proceeding with sharing.
8. Responsibilities of Data Controller
CEA gives all data controllers the obligations to manage, collect, use, and disclose personal information which will be fulfilled in strict accordance with our policy and guideline.
CEA maintains the right to review and revise this policy if we deem the alterations complimentary to our services, operations, and user suggestions. CEA will either announce or directly inform you of all changes prior to their execution. For further queries please contact:
Creative Economy Agency (Public Organization)
The Grand Postal Building, 1160 Charoenkrung Road,
Bangrak, Bangkok 10500
Tel: (66) 2 105 7400,
Fax (66) 2 105 7450,