1.    Purpose and Scope
       Le Cordon Bleu Dusit Co., Ltd. (“the Company”) is aware of the importance of your Personal Data given to the company with trust; therefore, the company is obliged to comply with the Personal Data Protection Act B.E. 2562 and to assure the right of individuals to be protected concerning the collection, use, storage, disclosure, and deletion of Personal Data (“Processed”) for the protection of life, health, and property under security measures. The company may collect the personal data of employees, workers, customers, visitors, third parties, or any persons (“you”) who enter the monitoring area inside and around the building, and various locations (“area”) of the Company through CCTV equipment.

Purpose of Processing Personal Data:

• To prevent danger to life, health, and personal safety including your property.
• To build protection for facilities and property from damage, obstruction, destruction of property, or other crimes.
• To support agencies involved in law enforcement to deter, prevent, search and prosecute.
• To assist in the effective resolution of disputes arising in disciplinary or grievance procedures.
• To assist in investigations or proceedings related to whistleblowing
• To support the establishment of rights or raise them as defenses in legal proceedings, including but not limited to civil and labor cases.
• To verify your identity and to comply with applicable law

      ‘Legal Bases’ means justifiable reasons to process Personal Data in accordance with Article 24 and 
Article 26 of PDPA hereunder

• Legitimate Interests: The Company shall process your Personal Data to maintain security, take care of the company's assets, and investigate various incidents occurring within the area.
• Legal Obligation: The Company may process your Personal Data for legal compliance in case of crime or accidents that occur within or around the building and place as requested by a government agency, or use it as evidence.

2.    What Personal Data do we process?
       The Company may process these groups of Personal Data specified hereunder.

• Identity Data including but not limited to Photo, Video and Voice recorded.

3.    How do we collect your Personal Data?
       The company will directly collect the Personal Data through CCTV.

4.    How do we use your Personal Data?
       The Company shall use Personal Data for our operations concerning the monitoring area based on the legal basis under the Personal Data Protection Act B.E. 2562
       The Company will process your Personal Data according to the stated purposes and scope. If there came upon a case where Personal Data were to be processed for other purposes unclarified above, the Company would ask for new consent to process your personal data on such uses.

5.    Usage of Personal Data with External Third-party Organization
       The Company may be required to disclose your Personal Data to external third-party organisations and process your Personal Data in accordance with the contract or the legal obligation of the Company. These organisations may include:

• Government Agency including but not limited to the Royal Thai Police, Office of the Attorney General, Court, or government officers such as prosecutors, inquiry official.
• CCTV Vendor.

      For the case where Personal Data is being passed on the external third-party organizations, the Company will ensure that the minimum amount of Personal Data is being sent and consider anonymization and psuedonnymisation techniques for greater security. Nevertheless, external third-party organizations who will process your Personal Data for the Company will be required to have an appropriate privacy policy. The Company does not permit these external third-party organizations to use the Personal Data in a way that diverge from the agreed scope and purpose. 

6.    Transferring Personal Data to Foreign Countries
       In this processing activity, the Company does not transmit or transfer Personal Data from CCTV to any foreign country.

7.    Security Measures for Personal Data Protection
       The Company has implemented security measures to ensure the security of your Personal Data. External third-party organizations must carry out the processing of Personal Data in accordance with the Company’s policy and agrees to ensure the security of your Personal Data.

8.    Time Period of Personal Data Storage
       The Company will store your Personal Data for the period of 30 days according to the scope and purpose including other important matters such as legal requirements, financing and auditing purposes.

9.    Data Subject Rights
       Your Personal Data rights include:

• Right of Access – you have the right to request a copy of all your Personal Data and assess if the company is processing your Personal Data in accordance with the law.
• Right to Data Portability – for the case where a company has an automated platform allowing you to access your Personal Data automatically:
  
  • You have the right to ask for your Personal Data to be transferred automatically to other organizations;
  • You have the right to ask for your Personal Data to be directly transferred to other organization, with the exceptions of cases where there is a technological limitation.

• Right to Object – you have the right to object to any data processing activity of your Personal Data for the legal bases, including:

  • Public Task or Legitimate Interest
  • Direct Marketing Purposes
• Right to Erasure – you have the right to request data deletion or anonymization, in accordance to the following cases:
  
  • Expiration of data processing required terms.
  • Consent has been withheld.
  • Objections raised on the data processing activity.
  • The processing activity is not in accordance with the law.
• Right to restrict processing – you have the rights to restrict any data processing activities, in accordance with the following cases:
  
  • During the process of Personal Data assessment as requested
  • For cases related to Personal Data which has initially asked for deletion and erasure but was followed by an additional request of processing restriction instead
  • For cases when the data processing terms have passed, but you have requested for processing restriction due to legal reasons
  • During the process of Personal Data processing objection verification.

• Right to Rectification – You have the right to edit your Personal Data to be correct and concurrent to the present. If any mistake was detected, the company might not edit this themselves.

      In the cases where the Company may not be able to carry out and exercise your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the rights to retract your consent by emailing to all related parties. The Company will be required to terminate all processes as soon as possible. However, the retraction only is carried out to all data processing after the retraction. Any data process activity carried out before the retraction will not be reversed.

      Please be informed that the Company does record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available at:

      In the case where you have the intention to exercise your Personal Data protection rights, please contact our Data Protection Office (DPO) as the contact details given above. The Company will process this request in a secure and timely manner.

10.  Policy Revision
       The Company holds the rights to review and edit the policy as the company sees fit. Any revision made will be notified to all related parties regarding the changes in data processing activity procedures.