Academy
Career
Contact
Legal & Privacy

Privacy Notice

Privacy and data protection policy.

Introduction

TBN Corporation Public Company Limited (hereinafter referred to as "the Company" or "TBN") recognizes the importance of personal data protection. As a "Data Controller" under the Personal Data Protection Act B.E. 2562 (including any amendments and related subordinate legislation), the Company has prepared this Privacy Notice to explain and inform you of the details regarding the collection, use, and disclosure (collectively referred to as "Processing") of your personal data when you access and use the Company's various services, including but not limited to the use of the website https://tbn.co.th, as well as any related applications or other platforms (collectively referred to as "Services").

This Notice covers informing you and ensuring you understand your rights as a "Data Subject" and the channels available for exercising such rights, as detailed below.

1. What Are Cookies? ​

This Privacy Notice applies to the processing of personal data of various groups of individuals who are involved with or use the Company’s services, including but not limited to:

2. Types of Cookies We Use

2.1 Strictly Necessary Cookies These cookies are essential for the website to function properly. They enable core features such as page navigation and saving your privacy preferences. The website cannot function correctly without these cookies.

2.2 Performance and Analytics Cookies These cookies collect information about how visitors use our website, such as which pages are visited most often. The data is aggregated and used solely to improve website performance and user experience.

2.3 Marketing Cookies These cookies are used to measure the effectiveness of our marketing campaigns and provide relevant content on third-party platforms.

1. What Are Cookies? ​

This Privacy Notice applies to the processing of personal data of various groups of individuals who are involved with or use the Company’s services, including but not limited to:

Representatives of organizations, legal entities, clients, partners, customers, and business contacts (B2B Contacts), including directors, representatives, or authorized persons of such organizations.

Users or visitors of the Company’s website and any related platforms.

Job applicants, interns, and individuals being considered for employment, including references.

Participants in events, seminars, workshops, or other marketing activities of the Company.

Individuals who register to receive information, request system demonstrations, request products/services, download documents, or complete forms through the Company’s various channels.

Individuals who contact the Company through various channels such as email, telephone, social media, or other online channels.

Related individuals whose personal data has been transferred or disclosed to the Company, who have a relationship with the Company’s clients, partners, or service users, such as authorized persons, coordinators, or other related parties.

This Notice does not cover the use of websites, applications, or services of third parties that may be linked to the Company’s website.

2. Personal Data the Company Collects

2.1 Data You Provide Directly to the Company

Contact Information: such as full name, job title, organization/company name, address, email, telephone number, and social media accounts.

Business Information: such as organization size, industry type, business needs, and estimated budget.

Contract or Financial Transaction Information: such as tax invoice address, quotation information, and payment details.

Job Applicant Information: such as educational background, work experience, and reference information.

Other Information: such as information you provide through questionnaires, event registration forms, feedback, requests for system demonstrations, products/services, and messages used to communicate with the Company.

2.2 Data the Company Collects Automatically

Technical and Website Usage Data: such as IP addresses, web pages visited, duration of use, browser type and version, operating system, and screen resolution.

Cookies and Tracking Technologies: Please refer toCookie Policy for further details

Security Data: such as CCTV footage when you enter or are present in the Company’s premises.

2.3 Data the Company Receives from Other Sources

Data from Online Platforms or Social Media: such as LinkedIn, Facebook, or other platforms, where you choose to connect such accounts with the Company’s services.

Data from Public Sources: such as your organization’s website, business databases, corporate data from government databases, or other lawfully publicly disclosed information.

Data from Business Partners: such as business partners or external service providers.

Data from Third Parties Related to You: such as employers, colleagues, referrers, coordinators, or persons who provide your information to the Company.

Disclaimer Regarding Sensitive Personal Data:

The Company does not intend to collect your sensitive personal data (Sensitive Data), such as race, religion, or health information. However, in the event that you disclose or provide sensitive personal data to the Company without being requested to do so, such as by including such information in forms, supporting documents, or communications through various channels, the Company may contact you to obtain additional consent, or may proceed to delete or anonymize the data without delay if there is no necessity for processing. In addition to obtaining consent, the Company may collect, use, or disclose your personal data under other relevant legal bases.

3. Data Retention Period

The Company will retain your personal data for as long as necessary, taking into account the necessity and purposes for which the Company collected and processed such data, as well as to comply with legal requirements under applicable laws.

Even after the termination of your relationship with the Company, the Company may continue to collect, use, and disclose your personal data to the extent necessary and as required by law, for legitimate interests.

For data related to contracts and/or supporting documents, the Company will retain your personal data for as long as necessary to fulfill such purposes, for a period not exceeding 10 years from the date your relationship with the Company ends or the date of the last contact. However, in accordance with relevant laws and regulations, the Company may be required to retain your personal data for a period longer than stated above.

In order to comply with applicable legal timeframes and statutes of limitations, your personal data will be retained in a format appropriate to the type of data. However, the Company may need to retain your personal data beyond the legal statute of limitations in certain cases, such as filing for benefits upon maturity with life insurance funds, or cases under ongoing legal proceedings.

The Company will delete, destroy, or anonymize your personal data in accordance with the retention periods specified above, using appropriate methods.

4. Purposes and Legal Basis for Personal Data Processing

The Company processes your personal data based on the following legal bases under Section 24 and other relevant provisions of the Personal Data Protection Act B.E. 2562 (PDPA), for the following purposes:

Purpose

Legal Basis

Details and necessity of providing information

Responding to requests for demos, brochures, or whitepapers

Contractual necessity / Consent

You provide data directly in order to receive the requested service

Managing implementation projects and delivering software

Contractual necessity

Necessary to perform the contract you have entered into with the Company

Issuing quotations, invoices, and accounting documents

Legal obligation

Required under the Accounting Act and tax legislation

Sending B2B marketing communications and campaigns

Consent

Consent is always obtained first; you may withdraw at any time

Developing and improving products and services

Legitimate interests

The Company has a legitimate interest in improving its services

Identity verification, security, and fraud prevention

Legitimate interests

Necessary to protect the Company’s systems and assets

Processing job applications

Contractual necessity / Consent

Necessary for conducting eligibility checks or interviews prior to entering into a contract / You provide consent at the time of submitting your application

Complying with regulatory or court orders

Legal obligation

When required by applicable law or a court order

5. Disclosure of Personal Data to Third Parties

The Company may disclose your personal data for the purposes specified in Section 4 to the following third parties:

Partners and Subcontractors (Implementation Partner/Subcontractor): Only to the extent necessary for project delivery, bound by Non-Disclosure Agreements (NDA) and Data Processing Agreements (DPA).

The Company’s Service Providers: Acting as Data Processors, such as providers of Cloud systems, CRM, or marketing platforms, with Data Processing Agreements (DPA) executed as required by law.

Professional Advisors: Such as legal advisors, auditors, or inspectors, only where necessary, bound by professional confidentiality obligations.

Government Agencies or Courts: Where required by law or a lawful order.

Business Transfer or Merger: In the event of organizational restructuring, merger, or business transfer, the transferee will be bound by this Notice.

Where the Company discloses your data to third parties, the Company will require such parties to protect the data to standards comparable to this Notice.

6. Cross-Border Transfer of Personal Data

The Company may need to transfer your personal data to servers or service providers in foreign countries. The Company will ensure that such transfers comply with PDPA Sections 28-29 using one of the following mechanisms:

Transfer of data to countries with adequate personal data protection standards as determined by the regulatory authority.

In cases where data is transferred to a destination country with inadequate personal data protection standards, the Company will implement appropriate personal data protection measures or rely on exceptions permitted by law, such as obtaining your consent or where necessary for the performance of a contract.

Agreements or contracts with appropriate personal data protection measures, including internationally recognized standard contractual clauses.

Where the Company discloses your data to third parties, the Company will require such parties to protect the data to standards comparable to this Notice.

7. Data Subject Rights

You have rights under the Personal Data Protection Act (PDPA), including the right to access, request correction, deletion, suspension of use, objection, or transfer of your personal data, as well as the right to withdraw consent and the right to lodge a complaint if you find that the Company is processing your personal data unlawfully.

Under the Personal Data Protection Act (PDPA), you have the following rights to manage your personal data:

Right

Description

Right of Access and obtain a copy

Request to access and a copy of your personal data held by the Company

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion or destruction of data where there is no longer a lawful basis to retain it

Right to Restriction

Request a temporary halt to processing while another request is under consideration

Right to Object

Object to processing based on legitimate interests or direct marketing

Right to Data Portability

Receive your data in a machine-readable format for transfer to another controller

Right to Withdraw Consent

Withdraw consent at any time. This will not affect the processing of data based on rights exercised prior to the withdrawal.

Right to Lodge a Complaint

Complain to the PDPC if you believe processing is unlawful

Rights Exercising Methods and Procedures:

You may submit a written request to exercise your rights (in Thai or English) through the contact channels specified in Clause 1. The Company will consider and notify you of the outcome within 30 calendar days from the date of receiving the request along with complete details. In the event of force majeure or if the Company is unable to complete the process within the specified timeframe, the Company will notify you of the delay along with the new timeline. However, the Company reserves the right to reject your request in cases where exemptions are permitted by law, and the Company will clearly notify you of the reasons for such rejection. Nevertheless, if you are not satisfied with the Company's processing results, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) via the website www.pdpc.or.th

8. Personal Data Security Measures

The Company has established appropriate technical and organizational security measures, including:

Data Encryption during transmission (TLS/SSL) and storage.

Role-based Access Control for data access.

Access log recording and monitoring.

Regular employee training on personal data protection.

In the event of a personal data breach, the Company will notify the Office of the Personal Data Protection Committee (PDPC) within 72 hours. If there is a high risk to the rights and freedoms of data subjects, the Company will notify you without undue delay.

9. For Users in the European Economic Area (EEA) and GDPR Compliance

For users located in the European Economic Area (EEA), the Company will operate in accordance with the GDPR and related regulations. You may have additional rights as follows:

The right to lodge a complaint with the Supervisory Authority in your country.

Transfers of data outside the EEA will be conducted using internationally recognized standard contractual clauses or an Adequacy Decision for the destination country.

The Company will not use Automated Decision-Making that has a significant impact on you, unless explicit consent has been obtained or the conditions permitted by law are met.

10. Changes to the Privacy Notice

The Company may periodically review and amend this Notice. Any updated Notice will be published on the website with the effective date specified. If there are significant changes that materially affect your rights, the Company will notify you through appropriate channels, such as email notifications or other communication channels, and will seek new consent from you (if necessary). Your continued use of the services after an updated Notice becomes effective will be deemed acknowledgment of such changes. However, the Company will not consider mere access to the website as consent to changes requiring explicit consent.

11. Disclaimer of Liability

The Company shall not be held liable for any disclosure of personal data that you voluntarily share with other users in connection with your use of the website or any related services, as the case may be.

12. Governing Law

This Notice is governed by and interpreted in accordance with the laws of the Kingdom of Thailand, in particular the Personal Data Protection Act B.E. 2562 and related laws. Any dispute arising from this Notice shall be subject to the jurisdiction of competent courts in the Kingdom of Thailand.

13. Contact Information and Channels

If you have any questions regarding this Privacy Notice or wish to exercise your rights as a data subject under the law, you may contact the Data Controller or the Data Protection Officer (DPO) through the following channels:

Company Name

TBN Corporation Public Company Limited

Registered Address

54 Bangkok Business Building, Fl. 15, Room No. 1501-1502 Sukhumvit 21 (Asoke) Road, Klong Toey Nua, Wattana Bangkok 10110

Telephone

0-2258-5841

This policy was last updated on 27 April 2026

I have read and fully understood the contents of this Notice.

Top
Mainmenu
Investor Relations
Academy
Career
Contact

We use cookies to improve the performance and user experience of our website. You can find more details at Privacy Policy

Privacy Preferences

You can choose your cookie settings by enabling or disabling each type of cookie as needed, except for essential cookies.

Accept All
Manage Consent Preferences
  • Strictly Necessary
    Always Active

    Strictly Necessary

  • Analytics & Performance

    Analytics & Performance
    Cookies Details

  • Marketing

    Marketing_&_Advertising
    Cookies Details

Save