Data Privacy Policy

AIRA Advisory Company Limited

AIRA Advisory Company Limited (the “Company”) recommends you to understand our privacy policy (the “Privacy Policy”). This Privacy Policy describes how the Company collects, stores, uses and discloses your Personal Data. The Company hereby notifies you about the Company’s compliance with the Privacy Policy as follows:

1. Definition

“Company”
mean
Aira Advisory Company Limited
“You” or “Data Subject”
mean
Person who owns Personal Data
“personal information”
mean
Any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular

2. Limited Collection of Personal Information

2.1.  collection of Personal Data shall be limited to the extent necessary in relation to the lawful purpose of the Company. This includes, but not limited to, acting as a provider of advisory service in relation to finance, law, accounting, and administrative. In this regard, the Company will notify You, by message or through any channel as deemed appropriate, for your acknowledge and consent.
2.2.  The Company will proceed to get permission from You prior to the collection except:
2.2.1. To comply with the law;
2.2.2. To prevent or suppress a danger to life, body or health of a person;
2.2.3. To process your request prior to entering to the contract;
2.2.4. To carry out missions for the public interest of the Company or performing duties in exercising state powers that have been given to the Company;
2.2.5. It is necessary for the legitimate interests of the Company or of a person or juristic person other than the Company. Unless such benefits are less important than your fundamental rights in your Personal Data.
2.3.  The achievement of the purposes relating to the preparation of the historical documents or the archives for public interest, or for purposes relating to research or statistics. In accordance to the law, the Company will not collect any information pertaining to racial, ethnic origin, political opinions, philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data or of any data which may affect the Data Subjects in the same manner except:
2.3.1. To prevent or suppress a danger to the life, body or health;
2.3.2. It is a legitimate activity with appropriate protection of a foundation, association or non-profit organization with political, religious, philosophical or trade union objectives for its members;
2.3.3. The member refers to former members or who are in regular contact with the Foundation Associations or non-profit organizations for such purposes without disclosing such personal data;
2.3.4. Information that is made public with the explicit consent of the individual whose Personal Data is being processed;
2.3.5. It is necessary to retain such Personal Data in order to comply with a legal obligation or to establish, exercise or defend legal claims;
2.3.6. For the benefit of investigation by the investigating officer or the adjudication of court cases;
2.3.7. It is necessary to comply with the law in order to achieve the objectives as follows:
2.2.7.1 Using in preventive medicine or occupational medicine to access the ability of the employee, medical diagnosis, health service, social service, medical treatment. This includes health management or social welfare system. In case of not to comply with law, the personal information is in responsibility of a professional or a person who has a duty to keep that Personal Data confidential by law must comply with the contract between Data Subject and a medical professional;
2.2.7.2 For social benefit such as preventing from epidemic that may spread into the Kingdom, standard control, quality of medicine or medical equipment. The Company has put in place appropriate and specific measures to protect your rights and freedoms, especially the confidentiality of your Personal Data according to duties or professional ethics;
2.2.7.3 Labor protection, social security, national health insurance, welfare relate to medical treatment of the rightful person under the law, car accident victim protection law or social protection where the collection of Personal Data is necessary to perform the rights or duties of the data controller or your data controller. Appropriate measures have been put in place to protect your fundamental rights and interests;
2.2.7.4 For scientific, historical, statistical research or other public interest. However, it must be done in order to achieve such purposes only as necessary and appropriate measures have been taken to protect your fundamental rights and interests as announced by the committee;
2.2.7.5 Public interest by providing appropriate measures to protect your fundamental rights and interests.

3. Quality of personal information

Your complete and up-to-date personal information obtained by the Company, such as your name, address, telephone number, identification number, financial information which can identify your identity. The Company will take reasonable steps to protect information from misuse, interference and loss and from unauthorized access, modification or disclosure.

4. Purposes for the collection, usage and disclosure of Personal Data

4.1.  The Company will collect, use and disclose your personal information only to the extent that it is necessary for the Company's operations bound by Company’s purpose. This includes but not limited to being a consultant and giving advice on financial, legal, accounting, management and legal issues;
4.2.  For the further alteration in the purpose of collecting personal information, the Company will inform and ask for your consent.

5. Limitation on Personal Data usage

5.1.  The Company enables to disclose your personal information according to your consent. The usage of personal information, collection and storage must align with Company’s purpose only;
5.2.  The Company will take are the operation of collection, use and disclose Personal Data. This includes disclosure of Personal Data apart from the purpose or third parties. Unless exempted as specified in clause 2.2 and clause 2.3;
5.3.  In some cases, the Company may use a contractor to collect and secure Personal Data to prohibit to usage of the data for other purposes than what is required fo.

6. Security Measures

The Company realizes the importance of the security of Personal Data. Therefore, the Company implemented adequate and strict security measures in accordance with Policy and Guidelines on Information Technology of the Company, to prevent Personal Data, loss, access, destruction, use, alteration, correction, and to prohibit unauthorized or unlawful use of Personal Data.

7. Disclosure of operations, practices and policies relating to personal data

The Company has a policy to comply with the law, including the announcement of the Office of the Personal Data Protection Commission and related laws, including the protection of data on the Company’s website by issuing measures.

8. Participation of data subjects

8.1.  You are entitled to request access to and obtain a copy of your Personal Data, under the Company’s care and responsibility, as well as to request the disclosure of the acquisition of your Personal Data. The Company may deny your request as required by law or by court order;
8.2.  You have the right to verify the data existence, characteristics of personal information, and purposes of data usage. However, the Company may deny your rights if required by law, or in the event that your personal information is anonymous or unidentifiable;
8.3.  Should You discover that your Personal Data kept by the Company is not correct or has been modified, You have the legal right to request the Company to correct it so that your Personal Data is accurate, up-to-date, complete, and will not incur any misunderstandings. The Company will keep an objection record. Upon an order from the court, the Company will allow the successor to send request to access the Personal Data in case of decease of the Data Subject.

9. Responsibilities of data controllers

The data controller has to comply with regulations, rules, and orders set forth by the Company in order to operate according to the policy on Personal Data protection in accordance with the standards of this announcement. The data controller is responsible for complying with the Company's information security policy.

10. Contact

HR department
AIRA Advisory Company Limited
319 Chamchuri Square Building
17th Floor, Phayathai Road, Pathumwan, Bangkok 10330