TBN Corporation Public Company Limited (hereinafter referred to as "the Company" or "TBN") recognizes the importance of personal data protection. As a "Data Controller" under the Personal Data Protection Act B.E. 2562 (including any amendments and related subordinate legislation), the Company has prepared this Privacy Notice to explain and inform you of the details regarding the collection, use, and disclosure (collectively referred to as "Processing") of your personal data when you access and use the Company's various services, including but not limited to the use of the website https://tbn.co.th, as well as any related applications or other platforms (collectively referred to as "Services").
This Notice covers informing you and ensuring you understand your rights as a "Data Subject" and the channels available for exercising such rights, as detailed below.
This Privacy Notice applies to the processing of personal data of various groups of individuals who are involved with or use the Company’s services, including but not limited to:
2.1 Strictly Necessary Cookies These cookies are essential for the website to function properly. They enable core features such as page navigation and saving your privacy preferences. The website cannot function correctly without these cookies.
2.2 Performance and Analytics Cookies These cookies collect information about how visitors use our website, such as which pages are visited most often. The data is aggregated and used solely to improve website performance and user experience.
2.3 Marketing Cookies These cookies are used to measure the effectiveness of our marketing campaigns and provide relevant content on third-party platforms.
This Privacy Notice applies to the processing of personal data of various groups of individuals who are involved with or use the Company’s services, including but not limited to:
Representatives of organizations, legal entities, clients, partners, customers, and business contacts (B2B Contacts), including directors, representatives, or authorized persons of such organizations.
Users or visitors of the Company’s website and any related platforms.
Job applicants, interns, and individuals being considered for employment, including references.
Participants in events, seminars, workshops, or other marketing activities of the Company.
Individuals who register to receive information, request system demonstrations, request products/services, download documents, or complete forms through the Company’s various channels.
Individuals who contact the Company through various channels such as email, telephone, social media, or other online channels.
Related individuals whose personal data has been transferred or disclosed to the Company, who have a relationship with the Company’s clients, partners, or service users, such as authorized persons, coordinators, or other related parties.
This Notice does not cover the use of websites, applications, or services of third parties that may be linked to the Company’s website.
Contact Information: such as full name, job title, organization/company name, address, email, telephone number, and social media accounts.
Business Information: such as organization size, industry type, business needs, and estimated budget.
Contract or Financial Transaction Information: such as tax invoice address, quotation information, and payment details.
Job Applicant Information: such as educational background, work experience, and reference information.
Other Information: such as information you provide through questionnaires, event registration forms, feedback, requests for system demonstrations, products/services, and messages used to communicate with the Company.
Technical and Website Usage Data: such as IP addresses, web pages visited, duration of use, browser type and version, operating system, and screen resolution.
Cookies and Tracking Technologies: Please refer toCookie Policy for further details
Security Data: such as CCTV footage when you enter or are present in the Company’s premises.
Data from Online Platforms or Social Media: such as LinkedIn, Facebook, or other platforms, where you choose to connect such accounts with the Company’s services.
Data from Public Sources: such as your organization’s website, business databases, corporate data from government databases, or other lawfully publicly disclosed information.
Data from Business Partners: such as business partners or external service providers.
Data from Third Parties Related to You: such as employers, colleagues, referrers, coordinators, or persons who provide your information to the Company.
The Company does not intend to collect your sensitive personal data (Sensitive Data), such as race, religion, or health information. However, in the event that you disclose or provide sensitive personal data to the Company without being requested to do so, such as by including such information in forms, supporting documents, or communications through various channels, the Company may contact you to obtain additional consent, or may proceed to delete or anonymize the data without delay if there is no necessity for processing. In addition to obtaining consent, the Company may collect, use, or disclose your personal data under other relevant legal bases.
The Company will retain your personal data for as long as necessary, taking into account the necessity and purposes for which the Company collected and processed such data, as well as to comply with legal requirements under applicable laws.
Even after the termination of your relationship with the Company, the Company may continue to collect, use, and disclose your personal data to the extent necessary and as required by law, for legitimate interests.
For data related to contracts and/or supporting documents, the Company will retain your personal data for as long as necessary to fulfill such purposes, for a period not exceeding 10 years from the date your relationship with the Company ends or the date of the last contact. However, in accordance with relevant laws and regulations, the Company may be required to retain your personal data for a period longer than stated above.
In order to comply with applicable legal timeframes and statutes of limitations, your personal data will be retained in a format appropriate to the type of data. However, the Company may need to retain your personal data beyond the legal statute of limitations in certain cases, such as filing for benefits upon maturity with life insurance funds, or cases under ongoing legal proceedings.
The Company will delete, destroy, or anonymize your personal data in accordance with the retention periods specified above, using appropriate methods.
The Company processes your personal data based on the following legal bases under Section 24 and other relevant provisions of the Personal Data Protection Act B.E. 2562 (PDPA), for the following purposes:
Purpose | Legal Basis | Details and necessity of providing information |
Responding to requests for demos, brochures, or whitepapers | Contractual necessity / Consent | You provide data directly in order to receive the requested service |
Managing implementation projects and delivering software | Contractual necessity | Necessary to perform the contract you have entered into with the Company |
Issuing quotations, invoices, and accounting documents | Legal obligation | Required under the Accounting Act and tax legislation |
Sending B2B marketing communications and campaigns | Consent | Consent is always obtained first; you may withdraw at any time |
Developing and improving products and services | Legitimate interests | The Company has a legitimate interest in improving its services |
Identity verification, security, and fraud prevention | Legitimate interests | Necessary to protect the Company’s systems and assets |
Processing job applications | Contractual necessity / Consent | Necessary for conducting eligibility checks or interviews prior to entering into a contract / You provide consent at the time of submitting your application |
Complying with regulatory or court orders | Legal obligation | When required by applicable law or a court order |
The Company may disclose your personal data for the purposes specified in Section 4 to the following third parties:
Partners and Subcontractors (Implementation Partner/Subcontractor): Only to the extent necessary for project delivery, bound by Non-Disclosure Agreements (NDA) and Data Processing Agreements (DPA).
The Company’s Service Providers: Acting as Data Processors, such as providers of Cloud systems, CRM, or marketing platforms, with Data Processing Agreements (DPA) executed as required by law.
Professional Advisors: Such as legal advisors, auditors, or inspectors, only where necessary, bound by professional confidentiality obligations.
Government Agencies or Courts: Where required by law or a lawful order.
Business Transfer or Merger: In the event of organizational restructuring, merger, or business transfer, the transferee will be bound by this Notice.
Where the Company discloses your data to third parties, the Company will require such parties to protect the data to standards comparable to this Notice.
The Company may need to transfer your personal data to servers or service providers in foreign countries. The Company will ensure that such transfers comply with PDPA Sections 28-29 using one of the following mechanisms:
Transfer of data to countries with adequate personal data protection standards as determined by the regulatory authority.
In cases where data is transferred to a destination country with inadequate personal data protection standards, the Company will implement appropriate personal data protection measures or rely on exceptions permitted by law, such as obtaining your consent or where necessary for the performance of a contract.
Agreements or contracts with appropriate personal data protection measures, including internationally recognized standard contractual clauses.
Where the Company discloses your data to third parties, the Company will require such parties to protect the data to standards comparable to this Notice.
You have rights under the Personal Data Protection Act (PDPA), including the right to access, request correction, deletion, suspension of use, objection, or transfer of your personal data, as well as the right to withdraw consent and the right to lodge a complaint if you find that the Company is processing your personal data unlawfully.
Under the Personal Data Protection Act (PDPA), you have the following rights to manage your personal data:
Right | Description |
Right of Access and obtain a copy | Request to access and a copy of your personal data held by the Company |
Right to Rectification | Request correction of inaccurate or incomplete data |
Right to Erasure | Request deletion or destruction of data where there is no longer a lawful basis to retain it |
Right to Restriction | Request a temporary halt to processing while another request is under consideration |
Right to Object | Object to processing based on legitimate interests or direct marketing |
Right to Data Portability | Receive your data in a machine-readable format for transfer to another controller |
Right to Withdraw Consent | Withdraw consent at any time. This will not affect the processing of data based on rights exercised prior to the withdrawal. |
Right to Lodge a Complaint | Complain to the PDPC if you believe processing is unlawful |
Rights Exercising Methods and Procedures:
You may submit a written request to exercise your rights (in Thai or English) through the contact channels specified in Clause 1. The Company will consider and notify you of the outcome within 30 calendar days from the date of receiving the request along with complete details. In the event of force majeure or if the Company is unable to complete the process within the specified timeframe, the Company will notify you of the delay along with the new timeline. However, the Company reserves the right to reject your request in cases where exemptions are permitted by law, and the Company will clearly notify you of the reasons for such rejection. Nevertheless, if you are not satisfied with the Company's processing results, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) via the website www.pdpc.or.th
The Company has established appropriate technical and organizational security measures, including:
Data Encryption during transmission (TLS/SSL) and storage.
Role-based Access Control for data access.
Access log recording and monitoring.
Regular employee training on personal data protection.
In the event of a personal data breach, the Company will notify the Office of the Personal Data Protection Committee (PDPC) within 72 hours. If there is a high risk to the rights and freedoms of data subjects, the Company will notify you without undue delay.
For users located in the European Economic Area (EEA), the Company will operate in accordance with the GDPR and related regulations. You may have additional rights as follows:
The right to lodge a complaint with the Supervisory Authority in your country.
Transfers of data outside the EEA will be conducted using internationally recognized standard contractual clauses or an Adequacy Decision for the destination country.
The Company will not use Automated Decision-Making that has a significant impact on you, unless explicit consent has been obtained or the conditions permitted by law are met.
The Company may periodically review and amend this Notice. Any updated Notice will be published on the website with the effective date specified. If there are significant changes that materially affect your rights, the Company will notify you through appropriate channels, such as email notifications or other communication channels, and will seek new consent from you (if necessary). Your continued use of the services after an updated Notice becomes effective will be deemed acknowledgment of such changes. However, the Company will not consider mere access to the website as consent to changes requiring explicit consent.
The Company shall not be held liable for any disclosure of personal data that you voluntarily share with other users in connection with your use of the website or any related services, as the case may be.
This Notice is governed by and interpreted in accordance with the laws of the Kingdom of Thailand, in particular the Personal Data Protection Act B.E. 2562 and related laws. Any dispute arising from this Notice shall be subject to the jurisdiction of competent courts in the Kingdom of Thailand.
If you have any questions regarding this Privacy Notice or wish to exercise your rights as a data subject under the law, you may contact the Data Controller or the Data Protection Officer (DPO) through the following channels:
TBN Corporation Public Company Limited
54 Bangkok Business Building, Fl. 15, Room No. 1501-1502 Sukhumvit 21 (Asoke) Road, Klong Toey Nua, Wattana Bangkok 10110
0-2258-5841
I have read and fully understood the contents of this Notice.
We use cookies to improve the performance and user experience of our website. You can find more details at Privacy Policy
You can choose your cookie settings by enabling or disabling each type of cookie as needed, except for essential cookies.
Accept AllStrictly Necessary
Analytics & Performance
Cookies Details
Marketing_&_Advertising
Cookies Details