سياسة الخصوصية
Alfaiz Thai Travel Company Limited is a destination management company of travel services, catering to the needs of discerning travelers between the Kingdom of Thai and the Gulf Cooperation Council (GCC.) countries. The focused core focus of Travel management company was incorporated in 2022, we have built an impeccable reputation for exceptional services in four specific travel markets: Holistic Luxury travel, Corporate, Leisure, and Medical and Wellness.
We have intentionally been running the business with the good governance, and emphasizing the privacy and safety of personal information, the company would control clearly all personal data processing activities.
This privacy policy is designed to ensure all website’s users and clients the confidence on how the company manages your personal information, it will be kept safely under the personal information security measurements by law, and it is same international level.
For website’s user, you will be able to get more information about processing of your personal data, including using your right and channel for using your right from a notification letter of privacy policy in advance.
In addition, this privacy policy will be applied only when the company has the right to control the data information, in case the company runs personal data processing activities on behalf of a processor for other government or private organization who is the controller of all data, please directly check details of data processing in their privacy policy, or a notification letter of privacy policy of that government or private organization.
Collection and storage of your personal information
The company may collect and store your personal information in both direct and indirect ways;
- Your given information to the company
- Your given information to any persons involved with the company.
- Your information shared from the group companies.
- Your information shared from other company or organization that has cooperation with you (On behalf of the company representative)
- Social network and/ or other public relations medias that you use for connecting with the company
- Other reliable sources of public information
Types of personal information that will be collected by the company
The company may collect various types of information, depending on the objectives of information usage, and its user’s operation, the data collection may include;
This personal data can include in generally:
- Name- surname
- Phone number
- Date of Birth
- Location
- Financial Information
- Social Security Number
- IP Addresses
Other details to be collected
-
- More detail of personal identification such as nationality, occupation, identification number, credit card number, address, copy of identification card, copy of passport, photo, picture and video
- Personal characteristics such as age or sex.
- Personal information of travel interest such as subscription of destination website, packages, type and number of traveling group, preferred destination, travel history, used airlines, visited hotels and type of visitor.
- Financial information such as bank account, credit card info, payment method, and other payment details.
- Data usage history such as website cookies, including website usage behavior, log info, interest, devices or IP address to access internet service, setting data, website customization, date or location.
- Other information such as your given personal information when contacting with the company, interest and type of travel or package, interaction with the company through Call Center, social network, other chatting channels, travel info, workplace, method for sending documents.
The company determines appropriate time for storing your personal information based on concerned objectives, and your information will be later permanently deleted and destroyed. Unless, it is necessary to store your information according to relevant regulations, or it is under the right protection of the company. Data must be stored for maximum 10 (Ten) years, except there may be another law or regulation for longer period of data retention, or it is for the right protection of the company.
Once the storage period is expired, the company will delete the given data, and ensure the data removal from the company’s server, or the data will be kept safely in a form of unidentifiable data subject.
Purpose of use and disclosure of personal information
The company will compile your personal information in order to take action on behalf of counterparty, comply with the laws, or take the legal benefits. And, the company will disclose your personal information for the mentioned objectives, including these following objectives;
Purpose of travel management
-
- To process operation according to your request for subscription of services needed.
- To manage and control your trip internally, including creating and collecting records, registration related to designed trip and services, and disclosing the information to the involved parties.
- To make a contract that the company do on behalf of user/ client with other company or person.
- To manage a meeting for user/ traveler.
- To process a request for paying process.
- To process a complaint and summary of all complaints.
- To report the situation or significant circumstance towards any accidents.
- To report status or progress of the legal dispute or complaint, and summary of the dispute resolutions.
- To ensure that the website’s content will be effectively presented and shown on your electronic devices.
- To manage all information for user, interested persons, including various channels for sharing comments, inquiries, reactions and notification of benefits
- To provide campaigns, packages, activities, trainings, seminar or trips arranged by the company.
Other purposes
-
- To follow the agreements of the company in both direct and indirect operations.
- To process all necessary operations of the company and generate benefits under the relevant laws and fundamental rights of data subject.
- To ensure the security and safety of the company.
- To evaluate and proceed all of your requests.
- To ensure the protection and prevent any disguise.
- To verify, analyze and provide all concerned documents requested by government sector or other organizations.
- To comply with any law or concerned regulation.
Disclosure of your personal information
The company will not disclose your personal information without lawful basis for processing, in case the company will have to share your personal information to third party, the company will manage it appropriately in order to ensure the security and no unauthorized access to the information, including unauthorized usage, modification or disclosure. The company may disclose your personal information to the following parties;
-
- Hotel or service provider’ partners.
- Guide, driver, concerned suppliers under each trip management.
- External service providers or group of companies that serve the company, such as information technology service provider, cloud service provider.
- Government sector and regulator.
- Auditor, lawyer, and other company’s consultants.
- Individual or legal entity who are involved with the company, merger, sale, company acquisition, or other group companies restructure, or other possibility in the future.
- Other regulators upon your request for information allocation.
Disclosure of your personal information to overseas.
The company will disclose your personal information to any oversea receiver as permitted by privacy law and/ or relevant regulations, and the company may allocate the information to overseas under international data transfer agreement or other concerned data protection law. The company may share or allocate the information to any receiver who agrees to follow all right protection regulations, that will prevent breaking a contract or other authorized mechanism when allocating personal information to overseas.
Data security and protection measures
The company has been served by other group companies who has their own policy for information and technology protection as same level of information security standards system. It is the high cyber security and essential protection system for the access, use, modification, correction, unauthorized disclosure of personal information, and also identity phishing. The company has invested and spent times and men-power to ensure the high standard security and protection management. Your personal information is safe under the company’s cyber controls system. In addition, the data security and protection policy of the other group companies is also applied when cooperating with the company, including maintaining the physical and environmental security, controlling both input and output operations, information access, important data backup, confidentiality, and data protection. Moreover, the company and other group companies who provide information and technology services will review all protection measures properly according to relevant laws.
The company will delete or conceal your personal information immediately after storing your information is reasonably no longer required. In addition, the company may appropriately destroy your data without prior notice.
Despite the company exerts and attempts to maintain the high standard data protection by using technical equipment together with administrative management to control all data security and unauthorized access to personal information or confidentiality, but it may not prevent all mistakes, such as computer virus attacks or access of hackers. It is highly recommended to always be up-to-date with computer news, install effective software, i.e., Personal Firewall to protect your computer from any attacks, or information phishing, and always check and keep confidentiality of your account statement, such as account balance, date of transaction, including privacy data collection, and financial condition.
Rights of the personal data subject
Regarding the data protection law, you as the data subject have your rights by law to modify or edit your information under all personal data protection regulations.
-
-
- Right to access your personal data
- Right to edit your personal data
- Right to request for deleting or destroying your personal data.
- Right to restrain the use of your personal data
- Right to object the collection, process, and allocation of your personal data
- Right to request for data portability.
- Right to withdraw your consent.
-
In addition, you have the right by law to make a request a government regulator or Personal Data Protection Committee through Ministry of Digital Economy and Society, in order to control the company when breaking the data protection regulations occurred.
In case you have given the consent to the company, you are able to withdraw your consent at any times, but it may affect to some provided services, the company will inform you once your consent withdrawal has been received.
In addition, the right for this request will be considered and proceeded only when the company is a controller of the processing of your given personal information. In case you claim for your right on your given information that the company is only a processor of other controller, the company will be able to send a concerned notification to that controller, in order to request for being a controller of your personal data and later support your right.
Contact
In case you have any inquiries, suggestions, or concerns related to the above regulations, or you may have questions or queries about the use of personal information, you may contact the company through these following channels.
Alfaiz Thai Travel Company Limited
Email: Booking@alfaizthaitravel.worksspace.co
Telephone: +66(0)2 254 8622
Address: O-Nes Tower 6, 6th Floor , Sukhumvit 6, Khlongtoey, Bangkok, Thailand 10110
Remarks
-
-
- Please specify your contact details when requesting or claiming for your right, the company will get back to you as soon as possible.
- In case of contacting of personal information issues, no charge will be applied by the company, but there may be some expenses for processing an extra request of your personal data modification according to the personal data protection laws.
-
Modification policy
In case there is any modification of data protection principles, the company will adjust and update the letter of policy notification on the company’s website, therefore you will be able to reach all conditions of personal data collection, disclosure, management, and data protection.
This privacy policy is effective from 01 January 2023.
Privacy Notice
According to Personal Data Protection Act, B.E. 2562, Afaiz Thai Travel Company Limited will comply with the personal data protection law for processing any personal data subject of individual, and will follow all personal data protection regulations, including sending notification to data subject under this notice’s conditions and requesting for consent of the subject (In some cases).