PERSONAL DATA PROTECTION INTRODUCTION

Baan Dek Foundation (the “Foundation,” “we,” “us, or “our”) is committed to meet and uphold all obligations under the Personal Data Protection Act, B.E. 2562 (2019) and its sub-regulations issued hereunder (the “Personal Data Protection Laws”). This Privacy Notice (the “Privacy Notice”) will help you understand how we collect, use, disclosure, and/or otherwise process (collectively, the “process”) your Personal Data and explain your rights in connection with such Personal Data as well as your options to protect such Personal Data. 

This Privacy Notice applies to data subjects involved with us, which may include the following external parties: (i) beneficiaries (including adults, workers, and children), nursery children, families, community members, and related persons; (ii) donors; (iii) service providers; (iv) vendors; (v) business partners; and (vi) any individuals related to our activities (collectively referred to as “you” or “your”). 

All related parties should read and comprehend this Privacy Notice to understand how we process Personal Data.  .

 For the purpose of this Privacy Notice, “Personal Data” means any information relating to an identifiable living individual who can be identified from that data or from that data and other data. In addition to Personal Data, there are special categories of Personal Data called “Sensitive Data,” which means any Personal Data revealing racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, and biometric data of a person.  

If you have any questions or suggestions regarding this Privacy Notice or if you wish to exercise your rights in accordance with the Personal Data Protection Laws, you can contact us by using the contact details specified below:  

Baan Dek Foundation 

Official Address: 27 Moo 5 Soi 4, Chiang Mai - Doisaket Rd., T. Sanpranet, A. Sansai, Muang Chiang Mai, Chiang Mai 50210  tel. + 66 (0) 53 222 211  Email : contact@baandekfoundation.org] 

BDF Data Protection Officer (DPO):

 Mr. Werapong Peansupap,  tel. + 66 (0) 53 222 211  Email : DPO@baandekfoundation.org] 

WHAT PERSONAL DATA WE COLLECT

Personal Data 

In case of beneficiaries, nursery children, families, community members, and related persons 

We may collect Personal Data of beneficiaries, nursery children, families, community members, and related persons, including but not limited to the following categories: 

  • identity data, such as full name, nickname, photograph, video, copy of birth certificate, health insurance card, copy of national ID card, national ID number, student ID number, copy of passport, passport ID number, or similar identifiers; 

  • profile data, such as gender, age, birthdate, nationality, self-help skills for children, family background, education background;  

  • contact data, such as address, telephone number; 

  • employment data, such as occupation, salary; 

  • financial data, such as debt, bank account, copy of bankbook; or 

  • property data, such as vehicle. 

In case of service providers and vendors 

We may collect Personal Data of service providers and vendors, including but not limited to the following categories: 

  • identity data, such as full name, national ID number, passport ID number, photograph; 

  • profile data, such as gender, age, birthdate, nationality; 

  • contact details, such as telephone number; or 

  • financial data, such as bank account, copy of bankbook. 

In case of donors 

We may collect Personal Data of donors, including but not limited to the following categories: 

  • identity data, such as full name, signature; or 

  • contact details, such as telephone number, email. 

In case of business partners 

We may collect Personal Data of business partners, including but not limited to the following categories: 

  • identity data, such as full name, photograph ; 

  • contact details, such as email, telephone number; or 

  • employment data, such as position.  

Sensitive Data 

In case of beneficiaries, nursery children, families, community members, and related persons 

We may collect Sensitive Data of beneficiaries, nursery children, families, community members, and related persons, including but not limited to the following categories: 

  • religious beliefs and blood group included in a copy of national ID card;  

  • ethnic origin;  

  • health data, such as vaccination records, special needs of children, health effects of domestic violence; or 

  • criminal records, such as acts of domestic violence. 

In case of service providers and vendors 

We may collect religious beliefs and blood group included in a copy of national ID card of service providers and vendors. 

HOW WE COLLECT YOUR PERSONAL DATA 

In general, we may directly collect your Personal Data through the following processes: 

  • when you contact us, whether in written or oral communications, and whether by face-to-face interaction or any other channels, such as email, telephone, website, social media, or other presences; 

  • when you enter into a contract with us and perform the contractual obligations; or  

  • when you provide goods or services to us.  

However, we may indirectly collect your Personal Data in following cases: 

  • when we collect it through the third parties, such as your contact persons, referrals, informants, domestic and international government or non-government agencies; or 

  • when it is publicly available sources, such as public social media and website.  

HOW WE PROCESS YOUR PERSONAL DATA 

We may process your Personal Data for the specified Scope and Purposes (“Scope and Purposes”) as follow: 

  • making contact with you; 

  • entering into a contract with you; 

  • registering you into our programs and providing assistance as needed; 

  • processing payments; 

  • processing beneficiaries compensation; 

  • engaging with donors, fundraising, and raising awareness; 

  • communicating to donors, partners, and public;  

  • developing our PR strategy; 

  • interacting with government or regulatory agencies or other authorities;  

  • making other activities related to you; or 

  • complying with applicable laws and regulations. 

To process your Personal Data in accordance with the Scope and Purposes lawfully, we rely on the legal bases under the Personal Data Protection Laws. However, we may process your Personal Data for more than one legal basis depending on the specific Scope and Purpose for which we are using your Personal Data. The legal bases that we rely on include: 

Contractual Basis 

We are obligated to process your Personal Data to carry out the contractual obligations committed to you. These required Personal Data make up most of the data stated in Clause 3. If you withhold any of your Personal Data for the specified Scope and Purposes, we may not be able to fulfill our contractual obligations under the contracts made with you.  

Legitimate Interests 

In specific situations, we may require your Personal Data to achieve our or any third parties’ legitimate interests, provided that such legitimate interests do not override your interests and fundamental rights and freedoms. 

Legal Obligation 

We are obligated to process your Personal Data according to any legal obligations and requirements, including but not limited to providing your Personal Data to relevant government agencies, such as Ministry of Social Development and Human Security. If you withhold any of your Personal Data for the specified Scope and Purposes, there might be consequences under applicable laws. 

Consent 

In some circumstances, we may require your explicit consent to process your Personal Data or Sensitive Data. In requesting your consent, we will comply with the requirements of the Personal Data Protection Laws.  

Substantial Public Interest 

In some circumstances, we may be required to process your Sensitive Data for reasons of substantial public interest by providing the suitable measures to protect your fundamental rights and interest. 

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may disclose your Personal Data to external organisations in accordance with the Scope and Purposes and the legal bases specified in Clause 4. These organisations may include: 

  • business partners; 

  • donors; 

  • social media platforms; 

  • service providers, such as information technology and cloud service providers and auditing and accounting service providers; or 

  • government agencies, such as the Ministry of Social Development and Human Security. 

In the disclosure of Personal Data, we ensure that appropriate security measures, such as confidentiality arrangements, are put in place to protect your Personal Data as required by applicable laws. 

TRANSFER OF PERSONAL DATA TO FOREIGN COUNTRIES

For the Scope and Purposes mentioned above in this Privacy Notice, we may transfer your Personal Data to third parties or servers in another country, which the data recipient country may not have the same data protection standards as Thailand. In addition, we ensure that the transfer complies with the Personal Data Protection Laws. 

DATA RETENTION PERIOD

We will retain your Personal Data for as long as it is necessary to (1) fulfill the Scope and Purposes set out in this Privacy Notice, (2) establish, exercise, or defend the legal claims, and (3) comply with the period under the applicable laws and regulations. 

YOUR PERSONAL DATA RIGHTS

Subject to the Personal Data Protection Laws, your Personal Data rights include:  

  • Right to withdraw consent – where your consent has been obtained, you are entitled to withdraw such consent by submitting the consent withdrawal form to us; 

  • Right of access – you may have the right to request access to and obtain a copy of all your Personal Data processed by us; 

  • Right to data portability – you may have the right to receive a copy of  your Personal Data in a commonly used electronic format. You may also have the following rights: 

    • the right to transfer your Personal Data automatically to other organisations; and 

    • the right to receive a copy of your Personal Data that is automatically transferred to other organisations, except where it is technically unfeasible; 

  • Right to object – you may have the right to object to any processing activities of your Personal Data in some circumstances; 

  • Right to erasure – you may have the right to request for the deletion or anonymisation of the Personal Data that we process about you, in accordance with the following cases: 

    • the Personal Data is no longer necessary for the processing purposes; 

    • you have withdrawn your consent; 

    • you object to the unlawful processing of your Personal Data based on legitimate interests; and 

    • the processing activity is not in accordance with the law; 

  • Right to restrict processing – you may have the rights to restrict any data processing activities in the following cases: 

    • during the verification process where you exercise your right to request for the rectification of your Personal Data or your right to object the processing of Personal Data; 

    • when the Personal Data is initially requested for erasure but is followed by an additional request to restrict the processing instead; and 

    • when you request to restrict the processing of Personal Data due to legal claims. 

  • Right to rectification – you may have the right to have any inaccurate or incomplete Personal Data rectified; and 

  • Right to lodge a complaint - you may have the right to lodge a complaint to competent authorities in case we unlawfully process your Personal Data or do not comply with applicable laws. 

If you wish to exercise Personal Data protection rights, you can contact us by using contact details specified in Clause 1. We will consider your request and proceed with your request within 30 days from the date we receive the request. However, please be informed that your rights mentioned above are subject to the relevant factors and that we may not proceed with your request if we can rely on the lawful grounds to process your Personal Data. 

SOCIAL NETWORKS

Our website hosts plug-ins from common social networks. If you use such a plug-in, a connection to the servers of the relevant social network will be established, and information about your visit to our website will be transferred. If you are logged in to these social networks, this information can be related by the social network to your personal profile. BDF is not liable for the transfer and processing of your data by social networks. Please refer to the terms and policies of use of the relevant social networks.

 

ACCESS AND MODIFICATION

You have the right to access your personal data collected by BDF and to modify it subject to applicable legal provisions.

You may also exercise your right to object by emailing the Foundation regarding data privacy at contact@baandekfoundation.org.

For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, such as a driver's license or passport, along with your request.

If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments regarding data privacy to contact@baandekfoundation.org.

All requests will receive a response as swiftly as possible and in accordance with applicable law.

 

UPDATES

We may modify this policy from time to time. Consequently, we recommend that you consult this page regularly, particularly when making further reservation on our website.