The Personal Data Protection Act B.E. 2562 (the “PDPA”) gives a Data Subject certain rights as specified herein in relation to Personal Data. A Data Subject is able to exercise any of the said rights by providing the following information to the Company as Data Controller.
The Company reserves the right to request more information or additional documents from the Applicant. The Company also reserves the right to reject any request for which the Applicant cannot prove that he/she is the Data Subject or the Attorney.
In case any of the following occurs, the Company may need to deny your request.
(1) Applicant fails to clearly prove that the Applicant is the Data Subject or certified Proxy.
(2) Such request does not have reasonable ground, for example, where the Applicant does not have the right to request access to Personal Data or the Company does not own such Personal Data.
(3) Such requests are superfluous, i.e., all requests are the same nature or are repeating the same content without justification.
(4) The Company is unable to provide you with access, make copies, or disclose information regarding the acquisition of Personal Data, if this would be in contravention of the law or a court order or otherwise, if the fulfilment of such a request will have an adverse impact on the rights and liberties of others.
After considering the reason of your request, the Company will notify the result of the consideration and take relevant actions within 30 days from the date of receiving the request.
In the event that the Company refuses to process your request, you can make a complaint to the Personal Data Protection Committee at the Office of the Personal Data Protection Committee, Ministry of Digital Economy and Society.