Privacy Policy | GetLinks DPP

Personal Data Protection Policy for a Customer

GetLinks Limited is strongly aware of an importance of rights and privacy of a customer, including a natural person who performs on behalf of a juristic person (the “Data Subject”). Therefore, the Company provides this personal data protection policy for the purpose of informing the Data Subject regarding collection, usage and disclosure (the “Processing”) under the personal data management of the Company.

The Purpose of Personal Data Processing
1. For providing the service to the Data Subject in relation to recruitment and any operation which allows the Data Subject to present the resume for accessing to the suitable job position or selecting the job position which interested the Data Subject, or assisting the Data Subject to be chosen in the suitable job position.
2. For an execution upon a request of the Data Subject prior to entering into an agreement, or for complying with an agreement, provided that the Data Subject is a party to the Company; for instance, for a purchase of goods and/or service providing to the Data Subject; any performance in accordance with an agreement which the Data Subject is a party; including, goods delivery; finance and accounting management; and any performance which provides goods and/or services as requested by the Data Subject
3. For confirmation or authentication of the Data Subject for any operation or communication with the Company; and
4. For marketing operation; informing any news and benefits; and information analysis.
5. For following up and answering any questions, inquiries or requests of the Data Subject
Personal Data for Personal Data Processing
1. Source of the Personal Data
  1. Directly collect from the Data Subject; for instance, a collecting of the personal data from filling in the Company’s form; or entering into the Company’s website via cookies.
  2. Indirectly collect from other sources which is not directly from the Data Subject; for instance, asking for the data from a third party; or searching the personal data through any website. The Company shall notify the
  3. Data Subject and request a consent from the Data Subject, without delay, within 30 days from the date which the Company collects the personal data from such source.
  4. Collecting the personal data from a minor, an incompetent person and a quasi-incompetent person, the Company shall take into account of a personal data protection at the highest level as required by laws.
2. Types of the Personal Data to be Processed
  1. Personal Data such as name, surname, identification number;
  2. Contact Data such as permanent address, current address, telephone number, email and data on any social media platform; and
  3. Data of an Equipment or Instrument such as IP address Cookie, ID IMEI.
Usage and Disclosure of the Personal Data
The Company may disclose the personal data, if necessary, for the purpose of complying with the informing Company’s objectives to a third party and/or any other organizations or entities as follows
1. Trading partners, business partners of the Company, subsidiary and/or other service providers, including financial institution. Disclosing the personal data to such third party and/or any other organizations or entities, the Company shall manage those mentioned persons to keep the personal data in secret and not to use it for any other purposes rather than the scope set forth by the Company.
2. Government sector which has a legal authority according to the laws; for the purpose of complying with the laws, orders, petitions; in order to coordinate with any sectors in relation to the legal compliance.
Personal Data Collection Period
1. The Company shall collect the personal data of the Data Subject for a necessary period for the purpose of the Company’s objective in accordance with a type of the personal data; except, there is a permission by laws providing a period extension for collection. In the event that the personal data collection period cannot be precisely specified, the Company shall collect the personal data for a foreseeable period in accordance with a collection standard. Once such collection period is expired, the Company shall delete or destroy such personal data.
2. In the case that the Company uses the personal data of the Data Subject with his consent, the Company shall process such personal data until the Data Subject notifies to cancel such consent and the Company has completely cancellation as requested. In this regard, the Company shall collect necessary part of the personal data for recording a cancellation of such consent by the Data Subject.
Disclosure and Transfer of Personal Data to Third Parties and Foreign Countries
The Company may disclose Personal Data within the GetLinks Group, its affiliates, and strategic partners in Thailand or abroad for purposes related to procurement, service delivery, regulatory compliance, contractual obligations, or business operations. Personal Data may also be shared in connection with corporate restructuring, mergers, acquisitions, or sales of the Company.
Additionally, the Company may disclose Personal Data to external auditors, regulatory authorities, public agencies, or other entities as required by law, court orders, or authorized officials. The Company will take necessary measures to ensure the confidentiality and security of Personal Data, whether in paper or electronic form, including during transfer.
For international data transfers, the Company shall strictly comply with the Personal Data Protection Act (PDPA) and implement appropriate safeguards. The Company shall ensure that recipients of Personal Data in foreign jurisdictions have adequate protection measures and process the data only as necessary and in accordance with applicable laws.
The Rights of the Data Subject under the Laws
The Data Subject has the rights as follows:
1. Right to Withdraw a Consent
  The Data Subject has the right to withdraw a consent of Processing the personal data which has been given to the Company at all time. In this regard, the withdrawal shall not affect a part of the personal data which has been Processing with lawfully consent given by the Data Subject.
2. Right to Access and Request Receive a Copy of the Personal Data
  The Data Subject can inform the Company to provide a copy of the personal data and has the right to inform the Company to disclose an acquisition of the personal data where such personal data has been given without the Data Subject’s consent.
3. Right to Request Receive to Send or Transfer the Personal Data
  The Data Subject can request the Company to send the data to other persons and request to receive the personal data which the Company has sent or transferred to other persons.
4. Right to Object Collection, Usage or Disclosure of the Personal Data
  The Data Subject can object collection, usage or disclosure of the personal data upon there is no necessity to collect, use and disclose the personal data; or upon a collection, usage or disclosure for a purpose of direct marketing.
5. Right to Request for Deleting or Destroying the Personal Data
  The Data Subject can request the Company to delete or destroy the personal data upon there is no further necessity of collection; or upon there is an unlawful Processing of the personal data.
6. Right to Request for a Usage Suspension of the Personal Data
  The Data Subject can inform the Company to suspend the personal data usage during a personal data correctness inspection as requested by the Data Subject for a correctness amending of such data; or as requested to suspend instead of deleting the data.
7. Right to Request for an Alteration/Addition of the Personal Data
  The Data Subject can request the Company to amend an incorrect, not-up-to-date, misleading personal data and/or to add the incomplete data.
8. Right to Complain
  The Data Subject has the right to complain in the event that the Company violates or does not comply with the Personal Data Protection Act or with a declaration issued in accordance with the Personal Data Protection Act.
The Data Subject can exercise the rights which provided by law by contacting the Company or the Data Protection Officer in accordance with article 8 and 9 of this policy (the rights can be exercised upon the Personal Data Protection Act has come to effect on the data controller). The Company shall proceed with and consider the complaint in accordance with the rights of the Data Subject within 30 days from the date that the complaint has been received. In this regard, the Company shall reserve the rights to refuse to proceed the Data Subject’s right under the conditions of the laws or under any agreements with the Company.
Security Measure
The Company has adopted the technical security standard and appropriate management in order to protect the personal data from an unauthorized accessing usage or disclosure; misusage; loss; destruction, by using the appropriate standard for security such as data level security or access restriction of the personal data, in order to ensure that only an authorized person can access to the personal data of the Data Subject. The Company has provided an appropriate security measure to prevent loss; access; usage; alteration; amendment; disclosure of the personal data from an unauthorized person or a person who is not related to the personal data.
The Information of the Data Controller (the Company)
GetLinks (Thailand) Company Limited
Address: 193/36 Lake Rajada Office Complex, Unit 10B, 10th Floor, Ratchadaphisek Road, Klongtoey Sub-district, Klongtoey District, Bangkok
Contact: 02-1266927
The Information of the Data Protection Officer (DPO)
1. Department: Human Resource
  Contact: (+66) 2126 6927
  Email: [email protected]
The Company reserves the right to make all additions, alterations, improvements to the personal data protection measure to be appropriated in accordance with the Personal Data Protection Act. In the event that there is any amendment, the Company shall inform the Data Subject afterward.