Cloud D Consulting Privacy Statement
This privacy statement is effective as of January 1st, 2022. Please note that this privacy statement will be updated by Cloud D Consulting (hereby known as “Cloud D”) to reflect any changes in the way we handle your personal data or changes in laws applicable to privacy in the Kingdom of Thailand.
1. Protecting your personal data
Cloud D protects personal data in accordance with applicable laws of the Kingdom of Thailand and our own data privacy policies. In addition, Cloud D maintains the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.
1.1 Types of personal data collected and processing of data
Cloud D collects personal data of our employees, potential employee candidates, clients, suppliers, business contacts and website visitors. If the data we collect are not listed in this privacy statement, then we will give the appropriate notice of which other data will be collected and how they will be used if required by law.
Categories of personal information: Categories of personal information captured by type
Personal & contact details: Names, identifiers and contact details (e-mail, phone, physical addresses etc).
Commercial information: History and records of the products and services you have purchased or received free of charge from Cloud D.
Digital marketing and social media information:
Web-based Identifiers, including the IP address, social media name/handle or other online identifiers, including e-mail address and mobile numbers associated with social accounts.
Browser/web history data and preferences conveyed via selection, viewing, purchase of goods, services and/or content, including information about your mobile device including type of device, operating system, device identification number(s).
Social media content, including posts and anything posted by an individual online or which references an individual.
Analytics and/or profiles of individuals based on the data collected on them from 3rd parties.
Audiovisual (AV) content: Photographs, images/footage recorded on closed circuit television or other audio/video devices or systems captured during marketing/public filming of events, including recording of virtual workshops or similar training sessions.
Professional / employment-related information: Professional or employment-related information, such as current position, title, employer, location, length of service, recommendations from 3rd party recruiters and/or public job websites. Additionally, Cloud D may collect additional personal details for employment purposes, such as national identification number, marital/civil partnership status, domestic partners, dependents, emergency contact information, and proof of Thai military exemption.
Cookies and geolocation data: We collect cookies in all circumstances when visiting the Cloud D website (assuming opt-in).
Education information or employment-related information: We may collect information about your education and professional or employment-related information, such as your employment history.
Documentation required under immigration laws: We may collect data on citizenship, passport data, and details of residency or work permits as required by the Kingdom of Thailand.
Financial information for payroll purposes: Bank account and other relevant financial details we need for payroll and expense purposes.
Requested recruitment information: Information requested to be provided during the recruitment process, whether direct recruitment (from a university) or indirect (via recruitment agencies).
Recruitment information you submit: Information that you submit in resumes/CVs, recommendations and/or other written materials.
Information generated during recruitment: Information generated as a result of interviews related to you by recruiters, based on their interactions with you or via Internet searches as allowed under applicable Thai law.
Recruitment information received from 3rd parties: Information related to you provided by third-party recruitment/placement firms, individual recruiters or public job websites.
Thai Immigration: Documentation required under immigration laws for non-Thai citizens.
Employment history and background checks: Information about your prior employment, education, including but not limited to transcripts, letters of verification of employment.
1.2 Purposes for which we use your personal data
Purpose: Justification / Legal Basis
Managing our contractual and/or employment relationship with you: Necessary for the execution of a contract to which you are the counter-party.
Recruitment: Necessary for the basis of our legitimate interests for ensuring that we recruit the appropriate candidates.
Facilitating communication with you: Justified on the basis of our legitimate interests for ensuring proper communication and emergency handling within the organization.
Operating and managing our business operations: Justified on the basis of our legitimate needs for ensuring the proper functioning of our business.
Complying with legal requirements: Necessary for the compliance with a legal obligation to which we are subject.
Improving the security and functioning of our website: Justified on the basis of our legitimate interests for ensuring that you receive an acceptable user experience when visiting our website and ensuring the appropriate security safeguards are in place when submitting us your personal data.
Assess your suitability for employment: Justified on the basis of Cloud D’s legitimate interests of ensuring that it recruits the appropriate candidates.
1.3 Your rights with respect to the processing of your personal data
You are entitled, in the circumstances and under the conditions, and subject to the exceptions, set out in applicable Thai law, to:
Request access to the personal data we’ve processed about you. This entitles you to be informed of whether we hold personal data about you, and if we do, allows you to obtain a copy of that personal data.
Request a rectification of your personal data. This entitles you to have your personal data be corrected if it is inaccurate or incomplete.
Request to object to the processing of your personal data. This entitles you to request that we no longer process your personal data for any future purpose.
Request the deletion of your personal data. This entitles you to request the deletion of your personal data.
Request the restriction of the processing of your personal data. This entitles you to request that we only process your personal data in limited circumstances with your consent.
Request portability of your personal data. This right entitles you to receive a copy (in a commonly used machine-readable format such as comma-delimited files) of personal data that you have provided to Cloud D, or request Cloud D to transmit such personal data to another party.
1.4 Data Retention
We must retain personal data for no longer than is necessary. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but should be determined in a manner consistent with our data retention guidelines.
We retain your data as long as we have an ongoing relationship with you, in particular, if our parties have an on-going business relationship.
We will only keep the data for as long as needed to provide and/or market services to you.
We retain your data for as long as needed in order to comply with our legal and contractual obligations.
1.5 Data Security
We maintain organizational policies, including the physical and technical security aspects for all the personal data we hold. We have systems, safeguards, policies, controls and procedures to maintain these security aspects and adopt market leading security measures to protect your personal data. These include, but are not limited to:
Fully updated and legal versions of all software required in business operations and storing of personal data
Centralized management of all staff email accounts utilizing a global cloud-based email provider
CRM system provided by a leading cloud-based CRM provider for all lead and customer data
Remote management of all registered mobile devices and laptops, including the ability to lock accounts
Wireless networks utilizing enterprise-class security for all in-office staff
Dedicated office T1 network connection with a fixed IP address
Physical security on all corporate laptops in the form of table locks
Biometric authentication required for corporate laptops
Biometric door locks at physical office location
1.6 Transfers of the personal data to any third parties
We may transfer personal data to our service providers, technology partners, advisors, public and governmental authorities or 3rd parties in connection with a corporate or commercial transaction that may or may not materialize. Such third parties may be in other countries, or located domestically in Thailand. Before we do so, however, we shall take the necessary precautions to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and our internal policies.
We may disclose personal information to 3rd parties for other business purposes as follows:
We share your information with 3rd-party service providers that provide services to us, including but not limited to: billing, payment processing, outsourced development, email services, advertising and marketing, security and performance monitoring, processing or fulfilling orders and transactions, verifying customer information, research, data hosting, auditing, and data processing;
To protect and defend the legal rights, safety, and security of Cloud D, our affiliates, users, or the public, including to protect against fraud and malicious activity; and
For other business purposes described in this privacy statement or for any other purpose disclosed to you at the time we collect the information or pursuant to your consent.
1.7 Data Privacy Contact Point
Any inquiries about this policy should be directed to the Data Protection Officer (DPO) here.