Privacy Policy | Principle

Personal Data Privacy Policy

Principle Law and Advisory Co., Ltd.

Whereas Principal Law and Advisory Co., Ltd. ("Company") has recognized and emphasized the importance of protecting personal data, including the commitment to respect the privacy rights of customers, service users of the Company, whether physical or electronic, visitors to the website www.principlethailand.com ("Website") of the Company, collectively referred to as ("Service Users"), and the Company has the necessity to collect, use, and disclose personal data ("Personal Data Processing") of Service Users in providing services. The Company has therefore prepared this Personal Data Privacy Policy ("This Policy") to establish measures for Personal Data Processing of Service Users, as well as to inform rights, duties, and various conditions related to Personal Data Processing that the Company will implement for Service Users to know, so that the Company can develop and improve service provision efficiently, correctly, completely, reliably, and to comply with the Personal Data Protection Act B.E. 2562, Royal Decrees, Announcements, Rules, Regulations, Bylaws, Measures, Implementation Guidelines, Orders, including announcements of the Personal Data Protection Committee issued under the Personal Data Protection Act B.E. 2562 ("Personal Data Protection Law").

This Policy shall be effective for Service Users who visit or use services through the Company's Website or other services related to the Company's operations, and shall not apply to other services or other websites that may be linked to other channels of external parties beyond the Company's service provision or control, where Service Users must study and understand the personal data protection policy for using such other services or websites. The visit or use of services by Service Users through the Company's Website means that Service Users have read, agreed, and accepted all terms and conditions under This Policy completely. If Service Users cannot comply with the terms and conditions under This Policy, the Company reserves the right to provide the Company's services, as personal data processing under This Policy is directly necessary for providing services to the Company's Service Users. The continued use of the Company's services by Service Users shall be deemed as acceptance of this Policy at all times.

The Company reserves the right to improve This Policy as appropriate to ensure that the Company's service provision is always consistent with practices and laws regarding personal data protection without prior notice to Service Users. However, the Company will notify Service Users of changes and amendments to the policy for personal data security by announcing the revised policy for Service Users to know generally, and the policy for personal data security shall be effective when the Company has announced such policy and when Service Users have used the Company's services after such amendments and changes for personal data security, it shall be deemed that Service Users have accepted such amendments and changes.

1. Types of Personal Data that the Company Processes in Service Provision

1.1 Personal Data

Personal data that the Company will collect or process may vary according to the scope of the Company's services that Service Users have used with the Company. Personal Data means data about a person which makes it possible to identify that individual or Service User, whether directly or indirectly ("Personal Data"), which includes but is not limited to the following data:

Identity Data: such as first name, last name, nickname, signature, title, position, photograph, date of birth, place of birth, age, copy of national ID card, copy of passport, driver's license, business card, or similar items that identify a person directly or indirectly.
Contact Data: such as postal address, office address, email, telephone number, social media accounts.
Financial Data: such as billing address, bank account, credit card, or other payment information.
Service Usage Behavior Data: such as username, password, transaction history that Service Users conduct, including various interests of Service Users.
Activity Data: such as participation and providing information through feedback forms or providing information through the Company's Website.
Company Operations Data: such as audio and video recordings of online meetings, seminar data whether through physical or electronic channels, or other data received through physical or electronic methods.
Other Data: as necessary or related to legal services and the Company's objectives.

1.2 Sensitive Personal Data

In addition to Personal Data Processing and the nature of Personal Data according to Section 1.1, in some cases the Company needs to process sensitive personal data. Sensitive Personal Data means Personal Data related to race, ethnicity, political opinions, beliefs in religion or philosophy, sexual behavior, criminal history, health data, disability, labor union data, genetic data, and biometric data ("Sensitive Personal Data").

Sensitive Personal Data that the Company may need to process includes:

Religious beliefs and health data included in copies of national ID cards or passports

The Company will collect Personal Data and Sensitive Personal Data only as necessary and reasonable to achieve the purpose of using the Company's services and the Company's legitimate business objectives according to law only.

2. Purposes of Personal Data Processing

The Company has the necessity to process Personal Data of Service Users to be able to provide the Company's legal services correctly and efficiently, as well as to comply with Personal Data Protection Laws. The Company will process Personal Data of Service Users lawfully and transparently. The Company has the following purposes for Personal Data Processing:

For the Company's legal service provision under the Company's terms and conditions, including for identity verification and tracking various transactions of Service Users, checking service payment conditions, and for communication with Service Users as necessary.
To comply with marketing policies and service quality development of the Company, where the Company may use Personal Data of Service Users to promote marketing policies through physical or electronic channels, including satisfaction surveys of Service Users and research or strategy analysis to develop, improve, and maintain the Company's service quality.
To comply with related laws, including preparing tax documents or other actions as required by law, including compliance with court judgments or orders from government agencies.
For necessity and benefit in protecting and maintaining various rights of the Company, where the Company has security measures such as Personal Data processing to maintain the Company's security, CCTV cameras for surveillance, preventing unauthorized access, protecting personnel and property, including for performing legal duties and for legitimate legal interests.
For other purposes that the Company deems appropriate and in accordance with legal requirements.

2.1 Legal Basis

In processing Personal Data of Service Users according to Section 2, the Company relies on various legal bases under Personal Data Protection Law. However, the Company may process Personal Data of Service Users by relying on more than one legal basis, depending on the purpose for which the Company uses Service Users' Personal Data. The legal bases that the Company relies on include:

Contract Basis

The Company needs to process Personal Data of Service Users to fulfill contractual obligations between the Company and Service Users.

Legitimate Interest Basis

The Company needs to process Personal Data to protect the Company's legitimate legal interests or legitimate legal interests of third parties or relevant government agencies.

Legal Obligation Basis

The Company needs to Process Personal data of Service Users to perform legal duties and any legal requirements, including but not limited to processing Personal Data of Service Users to relevant government agencies such as the Revenue Department, Department of Business Development, etc.

Consent Basis

In some cases, the Company may need to obtain consent from Service Users for Personal Data Processing, including Sensitive Personal Data. Requesting consent from Service Users, the Company will proceed by considering the rights and duties of Service Users under personal data protection law, such as clearly informing purposes to Service Users, freedom in giving consent of Service Users, etc.

The Company will process Personal Data of Service Users only for purposes according to Section 2, except where the Company considers it necessary to process Personal Data for other purposes and such purposes are consistent with the original purposes. If Service Users want to know additional details about personal data processing, please contact the Company through the channels in Section 6.

If the Company has the necessity to process personal data of Service Users for other purposes different from Section 2, the Company will notify Service Users in advance, along with explaining reasons and relevant legal basis according to Personal Data Protection Law.

3. Rights of Service Users under Personal Data Protection Law

The Company acknowledges and respects the legal rights of Service Users in relation to Personal Data as follows:

Right to Access: Right to access and request copies of Personal Data, including the right to request correction of such Personal Data to be current and accurate.
Right to Object: Right to object to personal data processing.
Right to Erasure: Right to request suspension of use, deletion, destruction, or making Personal Data unable to identify individuals when such data is not necessary or when Service Users withdraw consent. Service Users may contact the Company directly to request the suspension of use, deletion, destruction, or anonymization of their Personal Data. The Company will verify the ownership of the Personal Data prior to carrying out such suspension of use, deletion, destruction, or anonymization for the respective Service Users.
Right to Withdraw Consent: Right to withdraw consent for the processing of personal data previously given by the Service User.
Right to Data Portability: Right to send or transfer Service Users' Personal Data to any person designated by Service Users.
Right to Information: Right to request disclosure of how personal data was obtained

3.1 Exercise of Rights

Service Users can contact the Company directly to exercise all the above rights according to Section 6 without any cost, and the Company will consider and notify the results of considering the request to exercise the above rights to Service Users within a reasonable period from the date the Company receives such request. The Company will make the best effort to comply with Service Users' requests under the Company's processes and applicable laws.

To protect the privacy and security of Service Users, the Company will verify Service Users' identification every time before accepting such requests and will respond within an appropriate time period.

Service Users acknowledge that the Company may not be able to allow Service Users to exercise rights in some cases, but such refusal to exercise rights will be subject to personal Data Protection Law, such as the Company may refuse Service Users' requests to suspend use, delete, destroy, or make Personal Data unable to identify individuals due to prohibition by various legal provisions, especially requests that affect the Company's accounting operations, any petition processes, or for purposes of fraud detection or prevention, and retention of necessary data that is not allowed to be deleted or anonymized according to law, etc.

4. Data Retention and Storage Period

The Company will retain Service Users' Personal Data in both hard copy documents and electronic files (soft copy) by storing them within the Company's office and in computer systems with appropriate security measures. Personal Data will be retained as long as necessary to achieve the purposes of Personal Data Processing under This Policy and to comply with Personal Data Protection Law or requirements of other related laws.

4.1 Personal Data Retention Period

No.

Type / Category of Personal Data

Processing Period

Identity Data