Download Free Today
Privacy Notice for Customers and Service Recipients
FlowAccount Co., Ltd. ("we", "us", "our") We respect and value the right to privacy and are committed to protecting the personal information of customers and service recipients ("Service Users"). Therefore, we have prepared this Privacy Notice to assure users that the personal information provided by users to us will be used in accordance with the needs of users, lawfully and kept safe in accordance with international standards for personal data protection.
1. What personal information do we collect?
We will collect, use, publish ("Process"). Personal information required to provide services to users may be in the form of documents or electronic information, which may require users to fill in documents or online platforms that we have determined, including the following information:
1. General information of the service user, such as the prefix of name, name, surname, occupation, ID card number. Contact information (including email and phone number), address Workplace, email, phone number.
2. Social Media Account information, such as social media user list Facebook profile, Line ID, Google Account, Apple ID, etc.
3. Online Identifier includes Username / Password, information about the device that the user uses to connect to the application or contact with the Company, such as IP address, identification code, device type, mobile network information, etc. Connection Information Browser Type Application Access Log Information Customer Behavior, including information searched, using functions on the Application, and information collected by the Company through cookies or other similar technologies.
Regarding the use of cookies, the user acknowledges that we have installed "cookies", which are computer files that will store the necessary temporary information on the user's computer for the convenience of using the user's website (which only identifies the computer, but does not identify the user or information related to the user). We may use the information recorded or collected by cookies for statistical analysis or website activities to improve the quality of our services.
4. Service usage data used by the User through the Application, including Log-in data, Application usage history data, Access Time, which will be linked to the user with the user account.
5. Payment information for the use of the Company's services, especially payment through the Company's application, where the Company may receive payment information and credit card information, including the User's payment history, through the Company's external payment system. Information on quotations, invoices, tax invoices, receipts, etc.
6. Search history information, such as browsing data, service request information, responses to our advertisements, and content visited links
7. Information related to study, seminars, and tests, such as question answering information, attendance information. Course Information Exam score information, training history Training Results Training certificates, certificates, any other documents issued by us as evidence for training and/or examinations, etc.
8. Information entered on the website and information on participation in activities such as registration for various campaigns, surveys, questionnaires, satisfaction assessments, etc. Suggestions and poll data details about the exercise of rights and complaints about other services or similar transactions.
9. Interaction and communication information, including information that the User may contact and notify us through the call center, chat system, etc. Our systems, applications and services This can be visual, animated or audio but not limited to phone calls, emails, text messages, and social media communications.
10. Other personal information that the user may provide to us, which may include, but is not limited to, photos (still images and animations) of the user who may participate in activities or training (Event / Webinar) that we may organize either in online or offline format, testimonial information or the User's opinion that the user may provide about the Company and/or other services.
11. Other personal data that we may need to collect in order to perform the Company's duties in accordance with relevant laws, notices, or regulations, including other personal data that the user may agree to forward and disclose to us.
2. Do we collect sensitive personal information of our users?
In any case, we do not have a policy to collect sensitive user personal information about your race, ethnicity, political opinions, creeds, religions or philosophies. Sexual behavior, criminal record. Health and disability information Genetic information, biometric information, or any other information that similarly affects users as announced by the Personal Data Protection Committee.
In the event that we ask the user to take a photo of the ID card or any other evidence that contains information equivalent to the information on the ID card to verify the identity, it is only a process of verifying the accuracy and verifying the user's identity to use only certain services. We do not wish to collect, collect, or use personal data that is classified as sensitive personal information, such as race, ethnicity, blood group information or religious information, even if such information appears on the ID card.
3. From what channels do we receive your personal data?
We may receive your personal information from the following sources:
1. Receive directly from the User, which the User may register to apply for the Service, enter into a contract, or submit various documents or provide relevant information through the application or other forms that we may prescribe to request the User's information. This includes the process by which you submit a request to exercise your rights with us, or when you communicate with us. Inquiries, handling complaints and usage problems, giving comments or feedback, whether in written or oral form, through the website, application, video call, telephone, email, post, face-to-face meeting or by any other means;
2. Information received when the user visits the Company's website or when the user uses the Company's services, which is personal information that we collect. Automatically collected from users through various channels, such as the use of cookies or other similar technologies. For more details, see Cookie Policy
3. We may receive your personal data from third parties, such as organizations or other entities that have the right to do so. or we may obtain it from social media channels. Third-party online platforms, including business partners specified in clause 5.1;
However, In case the user provides us with personal information of a person related to a juristic person. We shall assume that the User represents and warrants that the User has the legitimate rights under the Personal Data Protection Act B.E. 2562 ("Personal Data Protection Act") In forwarding and disclosing information of persons related to each juristic person. We have already processed them under the conditions set out in this policy.
4. For what purposes do we use your personal information?
We will process personal data that is necessary for our operations. The objectives are as follows:
| # | Intended Objectives | Legal basis |
|---|---|---|
| 1 | To send information on discounts, promotions, news, Information related to education conducting marketing activities such as messaging, public relations, promotions, marketing activities via email, SMS, and LINE accounts. | Consent Base |
| 2 | To contact you by phone or channels authorized by the user, and to recommend appropriate services or services that may be of interest to you, to make specific advertisements based on user behavior. | Consent Base |
| 3 | To analyze, research, and make statistics about user behavior from using the website. Applications or other channels for development and improvement. | Consent Base |
| 4 | For the purpose of complying with applicable domestic and international laws, rules, and regulations, and related to our business. This includes the lawful compliance of government agencies and relevant authorities. Legal authority, such as court orders, supervisory agencies, or authorized officers. | Basis for Contract Performance |
| 5 | To perform our obligations under the Terms of Service, in accordance with the conditions specified in the Terms of Service. This includes, but is not limited to, (a) verifying the identity and rights of each user by referring to the user account to verify the accuracy and use it to verify or identify the user's identity before using the service, (b) processing the payment transaction for the service fee, (c) providing other support services as the user may request us to provide, including but not limited to contacting and coordinating the use of our application services. However, It is necessary for us to process and collect your personal data for such purposes. For as long as the user still has an active account on the application. | Basis for Contract Performance |
| 6 | For the benefit of using and maintaining the Company's legitimate interests without unduly affecting the rights of the User as the Data Subject. The Company needs to process the User's personal data for the purpose of managing and improving the business relationship and the services that the Company will provide to the User, especially for the development and improvement of the Company's service system in order to provide services more efficiently. Handling or investigating any complaints or disputes, resolving problems. Analysis, research, and/or preparation of statistical data for the purpose of developing and improving the Company's own internal services and to comply with reasonable business criteria, such as the preparation of non-specific usage statistics examination Reporting This includes but is not limited to modelling and/or studying, analyzing, and monitoring the proportion of the Company's portfolio, including but not limited to other operations to protect the Company's legitimate rights, such as enforcing legal or contractual rights, including but not limited to: Litigation or related legal process. Internal Compliance Monitoring Internal Audit, etc. | Legitimate interests |
| 7 | To provide you with any other information related to the provision of the same type of services that the user has with us. This is beneficial to users. | Legitimate interests |
| 8 | For order management deliver Tracking, Shipping, Replacement Provide products and services. Notify the benefits received by the User, including the management of matters related to the performance of the contract. If not done, it will affect our service or make it impossible for us to provide fair and continuous service | Basis for performance of contract/basis of legitimate interest |
| 9 | To complete the transaction. Debiting and verifying the accuracy of account numbers and credit or debit card numbers and transactions related to payments. Refund of receipts, invoices, tax invoices in accordance with the Revenue Code and any other relevant laws or notices. | Contractual Basis/Legal Compliance Basis |
| 10 | Receiving Complaints Receive feedback, communicate, conduct surveys, survey opinions about products and services. Order execution Requests, including to manage relationships, such as customer care, satisfaction assessment, Counseling, clarification, answering questions. | Basis for performance of contract/basis of legitimate interest |
| 11 | For the purpose of establishing legal claims. the exercise or exercise of legal claims, or the defense of our claims; In various legal procedures, such as investigations, hearings by government officials. Case Preparation Litigation and/or court battles, etc. | Legitimate interests |
| 12 | For billing or outstanding debts, entering into transactions. Processing payments, handling claims and disputes, including dispute resolution proceedings. Establishment of legal claims Exercise of rights or dispute legal claims. Prosecution of various cases as well as actions to enforce legal proceedings. | Basis for performance of contract/basis of legitimate interest |
| 13 | To notify you of the use of the service. Near the end of the contract period. Creating and maintaining user accounts, including processing. Monitoring the use of the service and closing user accounts. | Basis for Contract Performance |
| 14 | For use in sales, transfers, We may disclose or transfer personal data to one or more third parties in connection with the transaction. | Legitimate interests |
| 15 | To prevent security risks, such as monitoring network activity logs, identifying security incidents, conducting data security audits, and any other prevention against malicious, deceptive, fraudulent, or unlawful actions. Development, provision, implementation Testing and maintenance of IT systems | Legitimate interests |
| 16 | To enhance and refine our products and services, including the legitimate use of data to train our artificial intelligence systems. This training aims to improve the efficiency and quality of services we provide to our customers. | Legitimate interests |
5. Do we share your personal information?
In principle, The Company will keep the Personal Data of the User Owner confidential but in accordance with the stated purposes of processing personal data. The Company may be required to disclose personal information to third parties from time to time. Under the condition that the Company will disclose personal data only as necessary. By sharing the user's personal information with other parties. We will take appropriate measures to protect personal information and to comply with the standards required by personal data protection laws. We may share your personal information with individuals or organizations. as follows
1. Business Partners with Mutual Agreement We will provide you with a list of business partners in order to make a decision to consent to the sharing of information for marketing purposes, such as for promotion, publicity, or offering products and services to you.
2. Service providers and data processors who provide support services to our services. We got Assign or hire to manage or process Personal Data. In order to provide services, including those acting on behalf of the Company or in conjunction with the Company to carry out the relevant purposes as specified in this Notice, and it is necessary to obtain your Personal Data, which may include but is not limited to information technology system service providers, payment service providers, bookkeeping or consultants, for the business operation and operation of any other application or service of the Company or in connection with the Company's business operations, where it is reasonably necessary to disclose your Personal Data to achieve the Company's business objectives.
3. Government agencies that are responsible for supervising according to the law or that request the sharing of personal data by virtue of legal authority or permitted by relevant laws.
6. Do we send or transfer your personal information overseas?
1. We may send or transfer the User's Personal Data to other parties overseas when it is necessary for the performance of a contract to which the User is a party, or for the performance of a contract between the Company and another person or juristic person, for the benefit of the User, or for the purpose of fulfilling the User's request before entering into a contract, or to prevent or suppress danger to life. To comply with the law or to carry out important public interest missions.
2. We may store user data on computers, servers, or the cloud provided by other parties, and may use third-party programs or applications in the form of software services and platform services to process personal information. However, we will not allow unrelated persons to access personal information and will require those other parties to have appropriate security protection measures.
3. In addition, In the processing of personal data of the user owner. The Company may need to send or transfer the User's Personal Data to companies located abroad, which may include information technology systems companies or cloud or server companies located overseas. For the benefit of performing contractual obligations that the Company may have to the User. We will comply with personal data protection laws and take appropriate measures to ensure that users' personal information is protected and users can exercise their rights in relation to their personal information in accordance with the law. and to prevent other persons from using or disclosing personal data without authorization.
7. How long do we keep your personal information?
We will retain the User's personal data for as long as necessary to achieve the purposes for which the personal data is processed. as follows
1. When we receive information from registration We will retain your information for as long as necessary to provide services to you, and for as long as you remain a member, and will continue to do so for another 5 (five) years following the year of termination of membership or termination of the relationship.
2. In case of an application for the exercise of the rights specified in this Notice. We will retain evidence of the exercise of rights under the Personal Data Protection Law for 1 (one) month from the month in which the Company completes the processing of the request.
3. In other cases, we will retain the User's personal information for as long as reasonably necessary to achieve the purposes set out in this Notice. However, In the event that the retention period of personal data cannot be clearly determined. We will retain information for as long as we can expect in accordance with the standard of collection (e.g., a maximum of 10 years under general law). If there is a court action. The User's personal information may be stored until the end of such operation, including any period of time necessary to complete the purpose, and then the User's information will be deleted or retained as permitted by law.
Upon the expiration of the specified period, we will delete, destroy, or make such personal information non-personally identifiable as the subject of the personal data, or take any other action as required by the Personal Data Protection Law to ensure the effective protection of personal data. However, we will retain some information for longer than stated above. If it is necessary to comply with the law or an investigation of copyright matters, or to comply with the orders of officials or government agencies with the authority of the relevant persons, and for business or legal purposes, such as for security, for the prevention of infringement or misconduct, or for the purpose of keeping financial records, etc.
8. How do we keep your personal information safe?
To ensure the security of the User's personal information. We have established a data control policy and a policy to maintain the confidentiality, accuracy and availability of all personal data that we may need to process. The right to access personal data is defined and restricted. In addition, additional measures to maintain the security of the system and personal information are established to protect all personal information from destruction or intrusion by bad actors or those who do not have the right to access the data by using advanced data security standards in accordance with industry standards, and the website is required to have SSL encryption to ensure the security of data transmission between the website and the database system. This is in line with the policies and practices of information security, and Privacy Policy
9. How do we treat the personal information of third parties?
In the event that the Customer provides us with personal information of third persons, the Customer represents and warrants that the Customers has the legitimate right under the Personal Data Protection Act to transmit and disclose such person's information and the Customers has informed those third persons of this Privacy Notice and has obtained their consent, where necessary, for the use of their personal information .
10. What are the rights of the user under the Personal Data Protection Law?
We respect the legal rights of users as data subjects. Therefore, we allow data subjects to apply for various rights under the provisions of the law.
(1) Right to withdraw consent: If the User has given consent to the processing of Personal Data (whether the consent provided by the User before the effective date of the Personal Data Protection Law or after); You have the right to withdraw your consent at any time during the period your personal data is with us. The withdrawal of consent does not affect the processing of personal data to which the user has given lawful consent, unless there is a restriction of such right by law, or by the condition that consent cannot be withdrawn, or there is a contract between the user and us that benefits the user, or may result in our inability to achieve some or all of the purposes specified in this document.
However, The withdrawal of the user's consent may affect the user from the use of various services, such as the user will not receive new benefits, promotions or offers, do not receive services that meet the user's needs, or do not receive useful information, etc.
(2) Right to access personal information: The user has the right to request access to the user's personal information that is under our responsibility and request us to make a copy of such information to the user, including asking us to share how we obtained the user's personal information, except in cases where we have the right to refuse the user's request according to the law or court order, or in cases where the user's request may cause damage to the rights and freedoms of other persons.
(3) Right to transfer personal data: The user has the right to request the transfer of the user's personal data if we have made the personal data available in a format that can be read or used by an automated tool or device and can use or share the personal data by automated means, as well as the right to request us to send or transfer personal data in such form to another data controller when it is possible by automated means, and the right to request that we send or transfer personal data in such form to the user's personal data in such form to the user's personal data in the event that we have made it available to the user in an automated manner or to request that the personal data be sent or transferred in such form to the user's personal data in such a format that can be read or used by an automated tool or device. Other data controllers directly, unless it is not possible to do so for technical reasons.
(4) Right to object: The User has the right to object to the processing of the User's Personal Data at any time. If the processing of the User's personal data is carried out for the necessary operation under our legitimate interests or that of another person or entity without exceeding the extent that the User can reasonably expect, or to carry out a mission in the public interest, or for marketing purposes, or for the purpose of scientific, historical or statistical research, the Company shall not be able to do so.
If the user files an objection. We will continue to process the User's personal information. Only where we can show that the legal reasons are more important than the basic rights of the user or for the purpose of confirming the legal rights. Compliance with the law or fighting in legal proceedings on a case-by-case basis.
(5) Right to request deletion or destruction of data: The user has the right to request the deletion or destruction of the user's personal information, or to make the personal information non-identifiable to the user. If the User believes that the User's Personal Data has been processed improperly in accordance with the relevant law, or when it is deemed that it is no longer necessary for us to retain it for the relevant purposes in this Notice, or when we deem that the User can comply with the right to withdraw consent or exercise the right to object as stated above.
(6) Right to request restriction of use of personal data: The user has the right to request the temporary suspension of the use of personal data in the event that we are investigating the user's request for the right to correct personal data or request for objection, or any other case where we are no longer necessary and need to delete or destroy the user's personal data in accordance with the relevant laws, but the user requests us to suspend the use of personal data instead.
(7) Right to request correction of information: If the User considers that the User's Personal Data is inaccurate as it really is. The User may notify us to correct or change the User's Personal Data or to supplement the information to be current, complete and not misleading.
However, If the user wishes to request correction of information about the image, we will only correct the information item related to the user's image. Where it is our lawful necessity and where the processing of the request incurs costs, we may charge such costs. In case we have grounds to reject the user's request. We will provide a record of the rejection of the request with the reasons as evidence.
(8) Right to complain: The user has the right to complain to us through the website channel by selecting Data Processing Complaint Form If the User believes that the processing of personal data is in violation or non-compliance with relevant laws, the User shall not be able to do so.
11. How can users exercise their rights under the Personal Protection Law?
1. In the event that the User wishes to withdraw the consent given by the User. Users can fill in Consent Withdrawal Request Form Through our website or in the event that the User exercises other rights as specified in Clause 10, the User may fill in the Data Subject Rights Request Form through our website. We will consider and notify the result of the User's request within 30 (thirty) days from the date we receive the request. However, we may refuse to exercise the User's rights under the conditions required by law. If we are unable to process a user's request, we will not be able to do so. We will record the rejection of the request with a reason.
2. We will do our best to facilitate and process the User's request in accordance with the capabilities of the relevant system, unless it is found that the processing of the request is at risk of violating the rights and freedoms of other users, or is contrary to the law or the security policy of the system, or in the case of the inability to comply with the request due to technical reasons.
3. In some circumstances, we may ask you to verify your identity before exercising your rights for your own safety. From time to time, there may be restrictions on the use of certain rights of the user or there may be a fee. We will clarify to the user if we are unable to comply with the user's request to exercise the right to use the service, or we will notify the user. If we need to charge you for the processing requested by the user.
12. How can users contact for more information?
We have assigned our Data Protection Officer, Mr. Warodom Kasiolan, to be the coordinator of our personal data protection. In the event that the user considers that the processing of personal data is not as follows: Not in accordance with Personal Data Protection Act B.E. 2562 (2019) or have any suggestions, questions, or want to inquire about the details of the collection, use and/or disclosure of personal data, including the application for rights under this Notice. as follows
FlowAccount Co., Ltd.
141/12, 11th Floor, Unit 12B Condominium Surawong Tower, Surawong Road, Suriyawong, Bangrak, Bangkok(Revised.20240718)
Telephone: 02-026-8989
Data Protection Officer
For inquiries or inquiries to request the exercise of various rights of the data subject, please contact directly via email dpo@flowaccount.com
13. Will the Privacy Notice be amended?
We reserve the right to amend and update this Policy from time to time to suit the processing of the User's personal data in accordance with the Company's service provision and in accordance with relevant laws. The revised policy will be announced through the Company's various contact channels, which will take effect immediately upon announcement. The fact that users continue to use the Company's services, especially the use of application services. After the announcement of the revised policy, it shall be deemed that the user has accepted the revised policy.
This Privacy Notice was last reviewed on August 15, 2024.
