The Royal Bangkok Sports Club
The Royal Bangkok Sports Club (“RBSC”) hereby gives you the confidence that all the personally identifiable information that you have provided to us are important and critical information that we commit to assure the protection and we shall only process those information at the best security information standards and all those personally identifiable information (“PIIs”) shall be kept in strict confidence.
PII that RBSC is processing in the Services Provision and the Communication with the User
1. General information relating to you that you have provided in the membership application form or other registration form for any visit to RBSC, including name, surname, dates of birth and nationality as well as the membership card number and information;
2. Contact information, including address, contact address, telephone number and email;
3. User’s transaction information, including any visit or services uses transaction log and details that you have entered into both offline and online, the user account, password, transaction logs that the User has undertaken via the membership system or the website of RBSC and include payment information, for instance, bank account or credit card number used for the purchase of services and goods;
4. Information relating to your preference and interest that RBSC may process to personalize RBSC’s recommendation on services and/or products that would fit with your preference and interest;
5. Other technical information that can identify or link to your identity, including IP address, setting and browser connection that the user uses to connect to the Website and may include various types of cookies used in order to track your behavior on the website;
6. Other information that you may give for the purpose of marketing and sales promotion; the participation in the event, survey, competition, lucky draw; or any other promotional events and activities; and
7. Other PII that you may give to RBSC during the correspondence and communication for the service performance from RBSC to you as the user; or any other PII that you may give the consent to RBSC to process.
RBSC may collect your PII in the following circumstances:
1. When you contact RBSC (i.e. when you contact RBSC for any enquiry or for the effectuation of the transactions undertaken in person or on the Website, on phone or via email);
2. When you submit your PII for the membership enrollment and registration, either offline on paper, via the email submission or online channel, including on the Website;
3. When you register your interest and when you subscribe to get information and news relating to the products and/or services of RBSC as well as other marketing materials;
4. When you participate in the survey, competition, lucky draw or other promotional events;
5. When you gives your feedback and opinion on RBSC’s services (i.e. survey gathering on the Website or paper questionnaire / survey) and/or
6. When you submit any PII to RBSC for any other purposes.
In addition to the direct submission of the PII from you to RBSC (as defined above), RBSC may receive your PII from the third party sources that you may contact with and you have given consent to them to disclose your PII to RBSC, for instance, the reference of PIIs made by the other member during the communication and registration in the membership process. Upon the receipt of the PII from such third party, RBSC shall deem and believe that the disclosing party of your PII have already obtained the consent from you as the data subject to disclose your PII to RBSC.
Objectives for the PII Process Undertaken by RBSC
The PII that you have provided to RBSC shall be collected and used for these particular purposes:
1. Qualification verification both in the case of membership privileges usage or other services uses; provisions of the membership benefits and privileges defined by RBSC pursuant to the Membership terms and conditions as well as the provision of other support services that would include the identity authentication that shall be conducted before the access will be granted to you for the visit of certain parts of the Website;
2. Upon the receipt of your consent, use your PII in email or other communication channels, including the social media channel for sending the information and newsletter about RBSC’s services and events that may match your interest;
3. Creation and improvement of the business relationship between RBSC and you that may include the case where RBSC uses your PII for the employee training or supervisions to assure the service quality (in particular for the customer support staff provided through various channel); for analysis, investigation and complaints resolution; provided that for the PII process for this particular purpose, RBSC shall re-assess the necessity in doing this again to limit the scope to as necessary only;
4. Management of the communication and correspondence that you may contact RBSC (i.e. enquiry or complaint management or other feedback submission)
5. Preference analysis where RBSC may adjust the service provisions and channel, in particular the ones relating to the test and analysis process where RBSC shall use their best effort in fulfilling your interest and request to the maximum extent and to create the good relationship between RBSC and you;
6. Prevention and inspection of the fraud or illegal use of RBSC’s services, i.e. to prevent and protect the legitimate rights of RBSC in managing and resolving the breach that you may have committed; and to assess and manage the commercial risk or any other associated risks in other aspects of RBSC;
7. Assessment and participation in the competition, promotional events or other activities for points collection that you may have agreed to enter into under the relevant defined terms;
8. Performance of any legal obligations that RBSC may have and compliance with the instructions given by the relevant regulatory authorities, for instance, for the tax payment purpose or any other obligations under the Computer Crime Act or the electronic transaction regulations
9. Other purposes that RBSC may consider related to the objectives already defined above.
Disclosure of the PII
Generally, your PII shall be kept in strict confidence by RBSC; provided that in certain circumstances, RBSC may have certain necessity to disclose the PII to these groups of people in order to fulfill Company’s contractual or legal obligations:
1. To disclose to the outsourced service providers that have been engaged to provide direct services to RBSC in the performance of any obligation to you, for instance the relevant professional counsel and other third party service providers engaged to provide performance assessment of the website or the services; provided that always that RBSC shall disclose your PII only for the specified objectives and solely on the need-to-know basis.
2. To disclose RBSC’s operational information that may include your PII to the storage service providers on cloud (that may be located in Thailand or abroad); provided that for the utilization of this particular services, RBSC assure to set the high confidential configuration and setting to assure the security in your PII at the level that reflects the level of confidentiality and risk exposure;
3. To disclose the User’ PII to third party in the legal proceedings to protect RBSC’s legitimate rights or to detect and prevent any fraud on the system or the services of RBSC that may impact the third party’s rights; provided that such disclosure shall be done on the limited and specific purposes as defined.
4. In case that RBSC is obliged under the applicable laws, court judgment or administrative order to disclose any PII of any particular users, RBSC would need to do so only on the necessary basis.
5. Other entity whom you may give consent to RBSC explicitly to disclose your PII to.
Cookies that RBSC use on Website
Cookies are text files stored on the user’s computer browser directory or program data subfolder in order to keep data log of the user’s internet usage and the User’s behavior or interaction on the Website. For the performance of the Website, RBSC need to use 2 types of Cookies for various purposes as defined below:
1. Strictly Necessary Cookies are essential for the User to browse the Website and use its features, such as accessing secure areas of the Website; and
2. Other Cookies that may include Functionality Cookies used to record information about choices that the User have made in the Website such as personal settings, languages, and fonts so this would allows RBSC to tailor our Website features that would match the User’s preference setting; Performance Cookies used to assess the performance in any part of the Website; and Advertising Cookies used to record the User’s on-site behavior and history of the Website visited and this would allow RBSC to provide the User the services and products that suit the User’s preferences and to assess the success of each function of the Website.
For the use of Strictly Necessary Cookies, RBSC needs to use this cookies for the performance of the Website in full capacity and without this type of cookies, RBSC shall not be able to provider the designated services to the User. For other types of cookies, RBSC will only use those cookies upon the receipt of the User’s consent.
Representation on the Appropriate Information Security of the PII
RBSC represents and guarantees that RBSC shall use the most appropriate security measures to prevent the unauthorized access, amendment or disclosure of the PII in any form or in any circumstance by either internal or external persons and RBSC commits to review those measures on the regular basis with the strong commitment to use the best industrial practice and to be in strict compliance with the applicable laws. Those measures may include the following measures:
1. RBSC will use and store the PII in the anonymized form as much as possible by separating the PII from other information in order to reduce and mitigate the risk that any person receiving any piece of information may be able to use those information to identify the relevant individual;
2. RBSC will encrypt most of the PII (if necessary) and shall limit the access control both physical and on the system and shall keep logs for all the PII access;
3. RBSC shall adopt the inspection and monitoring scheme to monitor any threat, attack or any other unauthorized access to the PII. In this regards, RBSC shall configure and review the measures set on a regular basis as appropriate and RBSC shall establish a proper emergency response plan that include the process of reporting the incident to the relevant Personal Data Protection Committee and the relevant data subject pursuant to the timeline set under the applicable laws; and
4. In case of any PII exchange or disclosure to any third party outside RBSC’s environment, RBSC shall enter into the data processing agreement with the applicable receiving party in writing in order to set a clear scope of the rights and obligations of each party and shall establish a proper monitoring and management mechanism between the disclosing party and the receiving party; provided that such mechanism shall also include reporting obligations between the parties in case of incident or breach.
Data Subject Rights
RBSC acknowledges and accepts the User’s rights as the data subject over their PII as defined under the applicable laws that include the following rights:
1. Right to access; to request for the copy of all the PII; and to rectify or update their own PII;
2. Right to request for the PII that RBSC has processed in the readable forms by the tools or automatic mechanics and to request for the data portability to other data controller;
3. Right to object to the PII process being undertaken;
4. Right to request for the erasure or de-identification of any PII that does not have any necessary basis to process, i.e. after the consent withdrawal;
5. Right to request for the PII process suspension in case that request for erasure is being exercised or when such PII is not necessary;
6. Right to withdraw consent that has been given for the PII process for specific purpose.
The User can contact RBSC in order to make the request to exercise any defined rights through the defined channel without any charge and RBSC will consider and notify the User of RBSC’s determination within 30 days after the receipt of the User’s valid request.
Name: The Royal Bangkok Sports Club
Address: 1 Henri Dunant Street, Pathumwan Bangkok 10330, Thailand
Telephone: +66 (0) 2028 7272