This Policy on Use of Personal Data for Marketing Purposes

  1. What is this policy and to whom does it apply?

    1. This Policy on Use of Personal Data for Marketing Purposes (“Policy”) is prepared by Inspiration Technology Company Limited (“The Company”) to explain: (1) When the Company must obtain consent for contacting customers or potential customers for direct marketing; and (2) Methods for obtaining consent, administering, and withdrawing consent. You should consider applying this policy in conjunction with our policies, procedures and/ or other orders of the Company to protect personal information. This policy is considered part of the regulatory framework for data protection. Company's personal
    2. This policy applies to employees, employees, persons holding positions on the Board of Directors of the Company, managing director. Deputy Managing Director Assistant Managing Director and/or any other person holding the Company's management position, trainee, consultant, and independent contractor or any third party employed by the Company to perform any functions related to the processing of personal data for direct marketing purposes and/or to send and manage direct marketing communications.
    3. Department Head / Department Manager or equivalent They are responsible for implementing this policy in their respective fields. and to ensure that employees and other persons performing duties within their respective divisions or for their own work must comply with the content of this policy as well. or equivalent It is responsible for communicating this policy to employees and others acting within their respective divisions. or for their own work to acknowledge and ensure that each member of the department receives appropriate training to enable the implementation of this policy.
    4. All employees are responsible for documenting their complete consent as required. and in the event of a complaint about personal information or direct marketing communications Employees are responsible for reporting complaints received to the Customer Service Center. Phone number : 0 2194 1511, E-mail : [email protected]
  2. What is Direct Marketing?

    1. Direct marketing includes advertising or marketing communications. whether the purpose is to sell products or services of the Company or to promote sales to the Company by means of direct communication to a specific person (Marketing between businesses and customers (Business-to-Customer Marketing)) or to business partners (Business-to-business marketing (Business-to-Business Marketing) which includes e-mail, phone calls, text messages (SMS), notification messages through applications. (Notification Message) letter sending brochures Private messages on social media, etc., and include phone calls for market research. (Unless it is a telephone call solely for the purposes of market research for the Company without an offer of a product or service, e.g., to make a trade or public policy decision.)
    2. If you have any doubts that some types of communications may be direct marketing (This will result in such communication must comply with this policy) or not, please contact the Customer Service Center. Phone number : 0 2194 1511, E-mail : [email protected]
    3. The general guidelines are electronic marketing communications which are direct communications (e.g., email, text messaging (SMS), social media applications, etc.) should obtain the consent of the recipient of the communication. and should allow the data subject to easily opt-out / or use the unsubscribe button, unless an exception is made by other law, such as a legitimate interest. by law Criteria for obtaining consent for direct marketing and exclusions are contained in the Personal Data Protection Act B.E. 2562 ("the Act") and the Computer Crimes Act B.E.
  3. When should the Company rely on direct marketing consent?

    1. This section describes the consent guidelines that apply to the various forms/types of direct marketing, and Section 4 appears below expands on this section. This is to set the rules for obtaining legal consent.
    2. Some types of direct marketing require the data subject to provide an opt-in request in advance (e.g., consent). An opt-out notification (i.e., an opt-out option) is an adequate measure for other types of direct marketing (i.e., it is not required to opt-out). Obtain prior consent. However, the recipient of the communication Must be able to opt out of marketing communications or must be able to exercise the right to object by living lawful interest base)
    3. Consent to direct marketing is a complex subject, and it is therefore advisable to obtain direct marketing opt-in for electronic marketing, e.g., by email, inbox. For click-boxes, in particular direct marketing in which the sale of goods and services in addition to the main goods and services (Cross-Sale) for other products and services of the Company or of others. which exceeds the boundaries that customers can expect or direct marketing to target customers (lead) where personal information is collected from other sources or behavioral tracking. If you have any questions, please contact the Customer Service Center. Phone number : 0 2194 1511, E-mail : [email protected]
    4. Under no circumstances Recipients of any form of direct marketing communications have the following rights:
      1. The right to withdraw his previously given consent at any time.
      2. The right to notify the opt-out request (by requiring the Company to stop communicating for direct marketing) at any time or to exercise the right to object in the event of Direct Marketing the Company is under no obligation to ask customers for opt-in if the Company conducts direct marketing for legal reasons other than obtaining consent (e.g., it is necessary for the benefit of legally is necessary for the performance of the contract, etc.)
    5. Phone calls

      Calling the recipient's phone number for marketing purposes This can only be done in the following cases.

      1. The contact person has given his consent to receive a telephone call. or has provided a telephone number for the purposes of the Customer / Potential Customer directly requested by the Company (necessary for the performance of the contract).
      2. The recipient is an existing customer and has purchased a product or service for a period of not more than 2 years and the marketing phone call relates to a similar product or service.
      3. Recipients contact the Company to consult or obtain information about products or services. and marketing calls are involved in such matters.
    6. Email, Messaging, and other electronic communications
      1. The general guidelines require that opt-in consent must be obtained in advance when communicating with any form of electronic direct marketing.
      2. An exception is made in the event that an opt-in request is not required from a customer/prospective customer who previously provided contact details during the period. have a sale (or negotiation in the sale) of the Company's products or services with the following conditions
        1. The Company markets only such products or services to such customers / potential customers. Such resemblance must be assessed on a case-by-case basis. depending on the context and expectations of the customer/potential customer; and
        2. Clients / potential customers are given the opportunity to opt-out from such marketing. whether at the time of sale (or negotiation in sales) and in every marketing communication thereafter
      3. The above criteria (Both opt-in and opt-out) do not apply to business-to-business marketing (i.e., if the Company sends marketing messages to customers who for example, you may send marketing messages to corporate customers at your corporate email address. (Global E-mail Address / Global E-mail Inbox) includes where electronic communications, such as by e-mail, are to a person representing within the organization who receives a message on behalf of the organization. have the right to opt-out of communications at any time, or to have channels for the individual to exercise the right to object to direct marketing
      4. However, the opt-in and opt-out rules governing communications apply to the case of a sole trader (i.e., where the company Send marketing messages to natural persons who are not customers (e.g., business partners who are natural persons). In such cases, the Company must obtain consent from such persons before sending business-to-business marketing messages to them. to such person
  4. How must consent be obtained for consent to be complete?

    1. Please consider the following items. To determine what actions the Company has to take in obtaining consent.
      1. The Company has examined that the law requires consent. Or is it the most suitable legal base for direct marketing
      2. The Company uses clear and easy-to-understand language in communication to inform individuals of the details of direct marketing to which they have given their consent.
      3. Consent requests are presented with clarity. and distinctly separated from other texts not mixed with or hidden in other parts of the text.
      4. The Company expressly requests that individual’s opt-in to receive marketing information by themselves (opt-in) and without using a pre-ticked box or not. The individual is deemed to have given consent (e.g., stating that if the individual is silent or does not take any action, consent is given). “I/You agree to ...” or any other similar statement. Such persons will be able to expressly confirm their consent to direct marketing. (And other processes related to the collection, use and/or disclosure of personal information) or using the approval form provided by the Company.

        example -- -

        You agree that the company collects and uses your personal information. for analyzing your personal data public relations, provide information and/or recommend products / services and special benefits of the Company to you that may be beyond your expectation.

      5. The Company must clearly state why the Company needs personal information. And how will the personal information be used for? Such information must be known by the customer / potential customer from the beginning of the collection of personal data. After the Company has received the personal information, the Company may not change the details of the use of the personal information without asking for consent again. In addition, the Company should not collect personal information "in case" for Accepting cases where the Company may use that personal information for any purpose in the future without the Company's knowledge and can clearly inform the details of the purpose of using the personal information to the customer / person who may be a customer. The Company can only collect as little personal information as the Company needs for the purposes that the Company has notified its customers / potential customers.
      6. The Company should not seek consent in situations where the consenting party is unable to independently give consent. giving that consent the consent giver must be free to give consent. by giving consent It must be caused by the person's decision to actually give that consent, e.g. The request for consent must be separated from the acceptance of the Company's terms and conditions or access to the products or The Company's services (i.e., consent to direct marketing is prohibited as a condition of acceptance of the terms and conditions of use of the Company's products or services). This means that there must be no negative effect on a person if the person does not give consent.
      7. The Company has provided a link to the Company's Privacy Policy for third parties. for more information.
      8. If the Company provides online services directly to minors (under 20 years of age), the Company will request consent only if the Company has measures to verify the age and measures to obtain consent from the legal representatives of the minors. This policy does not detail all guidelines for marketing to minors. To market to minors More advice should be sought before marketing.
  5. How does the company record and manage consent? including if the customer withdraws their consent.

    1. Consent recording

      Please consider the following items. To determine how consent recordings are required

      1. The Company records when and how the consent is obtained.

        Example -When a Customer/Personal Customer mark showing that Customer/Person has completed giving consent online, the Company will record the date and time (Timestamp) and record how the consent method was to be made. Online Consent Marks If a customer / person who is a potential customer fills in a consent form document which has a text box to mark, the company will record the time that the customer / potential customer gives consent. Finish and record that the consent method is to mark on the paper form.

      2. The Company records what it has informed the individual about while giving consent.

        For example, the company recorded a message showing that “I consent to ....” or “I apply for benefits…” which is the message that is notified to the customer / person who may be a customer at the time such person marks consent.

        CONSIDERATIONS: The Company has the obligation to prove that the customer/prospective customer has given their consent.

      3. Once the marketing is terminated, the Company will not retain evidence of consent for longer than necessary.
    2. Consent Management (and withdrawal of consent)

      The following list sets out guidelines for you to determine what actions may be taken to manage ongoing consent. Including in the event that the customer / potential customer withdraws their consent from the collection, use or disclosure of personal data.

      1. The Company should regularly review the consent obtained to determine whether the relationship between the Company and the Personal Data Subject Personal Data Processing Activities and whether the purpose of processing has changed
      2. The Company must facilitate individuals to withdraw their consent at any time. By allowing consent to be withdrawn as easily as giving consent. and clearly inform the customer / potential customer of the method of withdrawing their consent. As a general rule, the customer/prospective customer should be able to opt-out use the same interface used when opt-in (e.g., application, website, etc.). A prospective customer can easily opt-out use the same communication channel as the one used to communicate with the customer/prospective.
      3. The Company must act without delay upon request to withdraw consent, that is, as soon as the Company will be able to operate using the Company's system. If the system causes a delay, the Company must explain the problem. To the customer / prospective customer at the time the customer requests to withdraw their consent, the Company informs third parties involved in marketing (e.g., third party service providers who send marketing communications) as soon as they can. After the customer/potential customer withdraws their consent, the Company must stop marketing. And if there is no other legal base for the Company to continue using the personal information, the Company must delete or make the personal information non-identifiable to the person who owns the personal information.
      4. The Company must not take any action that is unfavorable or harmful to the person who wishes to withdraw his consent. and take any action to discourage individuals from withdrawing their consent.
    3. In addition, the following steps should be taken prior to any marketing communication with each potential customer: In the case of purchasing a list of target customers in marketing (Marketing List)
  6. Processing of personal data obtained from third parties for marketing purposes.

    1. In the event that you collect personal data from other sources (e.g. not collecting personal data directly From the data subject), you are obliged to notify the data subject of the details as stipulated in Section 23 of the Act (for example, notify using the Company's personal data protection policy for third parties) without delay within thirty days from the date of Date of collecting personal information and must obtain the consent of the owner of the personal data Unless there are other exceptions by law (Article 25 of the Act), if you plan to use the collected personal data to communicate with the data subject. You should submit the Company's Privacy Policy for third parties. to the owner of such information in the first communication the best practice is to obtain consent from individuals directly for the purpose of collecting, using and/or disclosing personal data and submitting the Company's personal data protection policy to such individuals within thirty days from the date of collection. collect such personal data
  7. Personal online advertising.

    1. Personal online advertising is the use of personal information obtained from online activities to conduct online advertising that is tailored to individual interests.
    2. Cookies are small data files that a server installs on an individual's computer. The cookie sends information about the website the person visits back to the server. which in general the information collected includes details about the websites and web pages the person has visited. The amount of time you visit the website or web page. Date and time of visit and has the person read the advertisements that appear?
    3. The Company may use such tracking technology on the device of the Customer/Personal Customer when the Customer/Personal Customer visits the Website, or the Company may contract with a third party who is the Service Provider. Advertising Such third parties may publish advertising information about the Company's products on other websites. Because this type of advertising has the potential to collect personal information. And can be used to create personal profiles. Therefore, it is necessary that the Company must do the following:
      1. Only hire reliable service providers. There are measures to protect data and privacy.
      2. Understand the measures of such service providers to protect personal data.
      3. Employ only service providers that are equipped with appropriate management mechanisms. To allow individuals to give their consent and withdraw their consent to cookies. (Including any other technology) that can be used to receive personalized advertising materials.
      4. Ensure that the third-party publishers who install the Company's cookies have a privacy/cookie policy. appropriate describing the cookies of such third parties and with the consent of the end-user, the end-user. (If necessary)
  8. Disclosure of personal information to external service providers who provide marketing services.

    1. When employed by an external service provider to collect, use personal information on behalf of the Company to provide marketing services, the Company should take the following actions:
      1. Check information about external service providers before hiring. To ensure that such third-party service providers are able to comply with the Company's requirements for personal data protection and personal data security.
      2. Enter a written contract with an external service provider. By specifying the terms and conditions relating to the collection, use and/or disclosure of personal data in the contract, please use the personal data processing contract form. (Contract the personal data controller enters with the personal data processor) or personal data transfer contract form (a contract entered by the Personal Data Controller with the Personal Data Controller) as appropriate.
      3. Monitoring that the Third-Party Provider continues to perform its contractual obligations and in the event that the Third-Party Provider fails to comply Such non-compliance must be promptly corrected. or terminate the employment contract and
      4. Establish an international data transfer mechanism in accordance with applicable personal data protection law if the external service provider is outside Thailand.
    2. Disclose personal information to external service providers as necessary to provide services to the Company.
    3. If the Third-Party Service Provider collects personal data on behalf of the Company (for example, the Third Party Service Provider directly interacts with the Customer itself), the Bank shall assign duties to the Third Party Service Provider in a manner consistent with the Company's duties such as: Requires the external service provider to be obliged to inform the Company's privacy policy to the customer and to obtain the customer's consent on behalf of the Company (if necessary). In requesting consent in relation to marketing, the Company must require that the consent that personnel of third-party service providers request on behalf of the Company also comply with the terms of this policy.
    4. If an external service provider communicates for marketing on behalf of the Company, the Company shall assign duties to the Third-Party Service Provider in a manner consistent with the Company's obligations, such as specifying that the Company is the one making such communications. There are no regulations requiring personal data processor details at the time of requesting consent. However, information must be disclosed in this regard. in the Privacy Policy (which must be submitted to the subject of personal data that the Company collects, uses the data regardless of whether the processing is based on the consent of the personal data subject or not).
    5. Third-Party service providers are prohibited from using personal data for marketing on their behalf. or disclose that personal information to any other person (for example, to their other customers).
    6. If the personal data controller and/or the third-party personal data processor is outside Thailand It will be deemed to be a transfer of personal data to a foreign country. This can only be done if there is an appropriate legal basis. You should consult the Legal Department. to get advice on how to have a legal base appropriate for the transfer of personal data abroad in the case of requesting consent for the transfer of personal data to foreign countries Such consent should be sought separately from consent in other cases.
  9. Public information.

    1. The Company may use information from public sources for various purposes if the Personal Data Subject can reasonably expect that Personal information that they make publicly available will be used for that purpose (for example, if a person discloses their personal information on a LinkedIn profile can use that profile information. for business purposes before meeting the said person. that is personal Generally, such information should not be used for business purposes.)
    2. Collection of information from public sources to comply with the following rules.
      1. The Company's personal data protection policy for third parties should be disclosed to the data subject. personal note (or displayed as a link to the Company's privacy policy for such third parties).
      2. Sensitive personal data should not be collected and used. unless the person to whom the personal data belongs has made such information publicly available. or that person has given consent expressly.
      3. Collection of personal data should be limited to those that are necessary for the legitimate purpose. and retained for as long as necessary and the information is current. It should be deleted if the information is no longer needed, or the information is out of date.
  10. Questions and assistance.

    If you have questions or concerns about our compliance with this policy, please send inquiries to the Customer Service Center. Phone number : 0 2194 1511, E-mail : [email protected]