---

title: Privacy Notice documentCode: OP-PI-02 organization: Smart Finder Co., Ltd.

Privacy Notice

Smart Finder Co., Ltd.

Following Smart Finder Co., Ltd.’s announcement of the Personal Data Protection Policy on June 1, 2022, in compliance with the Personal Data Protection Act B.E. 2562, the Company’s employees/staff are required to provide this Privacy Notice to prospective and existing customers of the Company pursuant to Section 23, with the following key provisions[cite: 720, 721]:

Data Controller Contact Information

| Data Controller Details | Contact Information | | :--- | :--- | | Smart Finder Co., Ltd. | Address: 99/24 Moo 8, Ratchaphruek Road, Bang Krang, Mueang Nonthaburi, Nonthaburi 11000 [cite: 722] | | | Tel: 02-422-6780 [cite: 722] | | | Fax: 02-422-6781 [cite: 722] | | | Email: support@smartfinder.asia [cite: 722] |

Personal Data to be Processed

General Personal Data:

• Personal information: including name and surname, information as specified on national identity cards and passports, copies of ID cards or ID card numbers[cite: 725].
• Contact information: including address, telephone number, social media contact channels[cite: 726].
• Workplace:[cite: 727].
• Job details: Job title, department or organization[cite: 728].
• Electronic system usage data: including email, IP address, MAC address, browser type, Service Desk program, cookies, and conversation history in various applications[cite: 729].
• Provided Information: Information you have provided when contacting or participating in any activities with the Company, etc[cite: 730].

Personal Data Processing Retention Period

| No. | Type / Category of Personal Data | Processing Period | | :--- | :--- | :--- | | 1. | Identity data e.g., name, address, contact location, phone number, email | 1. Where the person is still a customer with issued quotations and purchases completed: retained throughout the customer relationship and for 10 years from the contract termination date in accordance with statutory prescription periods[cite: 732]. | | | | 2. Where contact has been made but no agreement was reached: consent will be requested to retain data via email, and will be kept until consent is withdrawn, unless there is another legal basis to support retention[cite: 732]. | | 2. | Online identifiers such as IP Address, MAC address, transaction logs, browser type, and cookies | Retention period of 90 days pursuant to the Computer-Related Crime Act B.E. 2560 (No. 2)[cite: 732]. |

Purposes and Legal Basis for Data Processing

1. For the benefit of procuring or distributing products, providing or receiving services in various forms[cite: 734].
2. For financial and tax transactions related to the Company’s contractual obligations[cite: 735].
3. For the benefit of building a database for analyzing and presenting any services or products of the Company and its group companies, or associated persons[cite: 736].
4. For the benefit of improving operational quality, service provision, and business operations[cite: 737].
5. For analyzing and monitoring website service usage and retrospective auditing[cite: 738].
6. For aggregate data analysis (Aggregated Data) and anonymized data (Anonymized Data) to develop services, Market Intelligence reports, and new products[cite: 739].
7. For participation in various activities of the Company[cite: 740].
8. For access control, security, and prevention of danger to life, body, or health, including disease control[cite: 741].
9. To comply with laws or regulations applicable to the Company[cite: 742].

Note: Data collected for these purposes is necessary for contract performance or legal compliance[cite: 743]. Failure to provide it may result in a violation of law or inability to manage contracts[cite: 744]. Any change in purposes will be notified and recorded[cite: 745].

Legal Basis for Data Processing

We process your personal data under the following bases[cite: 747]:

| Legal Basis | Activity | | :--- | :--- | | Contractual Basis | Any activity that gives rise to a purchase/service contract, such as issuing a quotation or entering into a contract under the Civil and Commercial Code[cite: 748]. | | Consent Basis | Marketing activities. Withdrawal of consent can be done via verbal notification, complaint, or email. This may result in receiving less news and promotions[cite: 748]. | | Vital Interest Basis | e.g., disclosing personal data to a hospital to save a life[cite: 748]. | | Legal Obligation Basis | e.g., issuance of tax invoices pursuant to tax law[cite: 748]. | | Public Task Basis | – [cite: 748] | | Legitimate Interest Basis | CCTV footage recorded for asset protection and theft prevention[cite: 748]. |

Sources of Personal Data

1. Directly from you: through documents or electronic data, such as forms or online platforms[cite: 750, 751].
2. Third parties: including customers, data controllers, or processors where the Company in good faith believes they are authorized to disclose it[cite: 754].

Processing of Personal Data

• Collection: Contact and necessary information for agreements on internal servers[cite: 757].
• Usage: Contacting and offering products or services of interest[cite: 758].
• Disclosure: In the capacity of processor to government agencies (Revenue Dept, DBD, Social Security, etc.) and credit bureaus for fraud prevention[cite: 759].
• Technology: Use of AI or automated systems (chatbots) to improve service efficiency[cite: 760].
• Data Transformation: Converting usage data into Aggregated & Anonymized Data for statistical purposes[cite: 761, 762].
• Transfers: May transfer data to foreign agencies or international organizations[cite: 763].
• Role: Acts as both Data Controller and Processor; Google is the overseas-based processor[cite: 764, 766].

Safeguards for Providers

| Provider | Privacy Policy Link | | :--- | :--- | | Google | Google Privacy Policy [cite: 768] | | Azure | Microsoft Privacy [cite: 768] | | Zoho | Zoho Privacy [cite: 768] | | Service Desk (ITTS) | ITTS Privacy Policy [cite: 768] |

Retention of Personal Data

• Format: Digital file[cite: 771].
• Location: Cloud services (Google Drive, Gmail, Zoho, ITTS, GitLab, Jira, Azure)[cite: 772].
• Period: As specified in the retention period section[cite: 773].
• Destruction: Deletion and destruction within 10 days after the retention period expires or legal basis ends[cite: 774].

Rights of the Data Subject

You have the following rights[cite: 776]:

1. Right to Withdraw Consent[cite: 777].
2. Right of Access and request for copies[cite: 778].
3. Right to Rectification[cite: 779].
4. Right to Erasure[cite: 780].
5. Right to Restriction of Processing[cite: 781].
6. Right to Data Portability[cite: 782].
7. Right to Object[cite: 783].

No fees are required to exercise these rights. Results will be notified within 30 days[cite: 785, 786].

Complaints

You may lodge a complaint with the Office of the Personal Data Protection Committee[cite: 787]:

• Office of the Permanent Secretary, Ministry of Digital Economy and Society[cite: 788].
• Address: 120 Moo 3, Floors 6-9, Ratchapratsanabhakdi Building, Government Complex, Bangkok 10210[cite: 788].
• E-mail: pdpc@mdes.go.th | Tel: 02-142-1033[cite: 788].