SAWASDEE by AOT Application processes personal data of Users of SAWASDEE by AOT Application with the reasonable measures to act in compliance with the Thailand’s Personal Data Protection Act B.E. 2562 (“PDPA”). You can see our full detailed Privacy Policy through the attached QR code. However, the summary of our Privacy Policy is shown below.

What data do we process?

We process collected personal data including but not limited to ID Data, Identity Data, Address / Contact, Financial Data, Profile Data, IT Data.

How do we use those data?

We process personal data according to the purpose and scope of Airports of Thailand Public Company Limited, with the legal bases as explained in our Privacy Policy.

Who do we transfer information to? 

In some circumstances, we may be required to transfer personal data to third-party organizations, which are stated in our vendors/partners list.

What are your rights as a data subject?  

As a data subject, you are entitled to the data subject rights which include but not limited to right to access, right to rectification and right to erasure.

1. Purpose and Scope

This Privacy Policy applies to all SAWASDEE by AOT Application Users. GFIN-SKY Consortium acts as the Data Processor, who has the role and responsibility in processing and ensuring the security and privacy of all personal data in accordance with Personal Data Protection Act B.E. 2562 (“PDPA”), under the scope and purpose determined by Airports of Thailand Public Company Limited as the Data Controller.

Data Controller Contact Information:

Airports of Thailand Public Company Limited
333 Cherdwutagard Road, Srikan, Don Mueang, Bangkok 10210, Thailand
Tel.: 0 2535 1192

Fax: 0 2535 3864, 0 2535 5685
AOT Contact Center 1722 Tel.: 0 2535 1192

Website: www.airportthai.co.th
E-mail: [email protected]

This Privacy Policy covers data subjects who are SAWASDEE by AOT Application Users, including SAWASDEE by AOT Application members, PT Max Card members, bank customers.

As used in this Privacy Policy, the following terms shall have the meanings set forth below:

‘Processing’ means anything done with SAWASDEE by AOT Application Users’ personal data, including but not limited to collection, storage, use, disclosure, and deletion.

‘Legal Bases’ means justifiable reasons to process personal data in accordance with Article 24 and Article 26 of PDPA.

‘Anonymization’ means the process of creating anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. (GDPR, Recital 26)

‘Pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. (GDPR, Article 4 (5))

This policy may be revised to reflect our service/business or any significant change. Users will be notified through appropriate channels.

2. What Personal Data Do We Process?

SAWASDEE by AOT Application processes these groups of personal data specified hereunder.

• ID Data including but not limited to Identification number, Passport number
• Identity Data including but not limited to Full name, Name title (excluding biometric data)
• Address / Contact including but not limited to Email, Phone number, Address
• Profile Data including but not limited to Sex, Country of residence
• IT Data including but not limited to GPS location, User ID, Transaction ID
• Financial Data including but not limited to Credit card detail, Transaction details
• Property Data including but not limited to Lost property detail

3. How Do We Collect Your Personal Data?

In general, SAWASDEE by AOT Application will directly collect Users’ personal data through these processes (or channels) including but not limited to online forms on SAWASDEE by AOT Application.

However, Company may collect additional data through third-party organizations which include

1. 2C2P (Thailand) Company Limited Group of PIIs: Identity Data, Financial Data, IIT Data Group of Activities: Payment features

2. Krungthai Bank Public Company Limited Group of PIIs: Identity Data, Financial Data, IIT Data Group of Activities: Payment features, Payment QR, Payment Transaction Monitoring

4. How Does SAWASDEE by AOT Application Use Your Personal Data?

As the data processor, SAWASDEE by AOT Application uses Users’ personal data to carry out tasks, operated by GFIN-SKY Consortium per Airports of Thailand Public Company Limited’s scope and purpose of providing group of activities, including but not limited to:

SAWASDEE by AOT Application will process Users’ personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes unclarified above, SAWASDEE by AOT Application would ask for new consent to process Users’ personal data on such uses.

5. Usage of Personal Data with External Third-party Organization

SAWASDEE by AOT Application may be required to pass on personal data to external third-party organizations and process personal data in accordance with the contract or the legal obligation of SAWASDEE by AOT Application.

These organizations may include:

• Google Firebase
• Indoor Atlas
• Commercial banks including but not limited to Siam Commercial Bank, Krungthai Bank, Bangkok Bank

For the case where personal data is being passed on the external third-party organizations, SAWASDEE by AOT Application will ensure that the minimum amount of personal data is being sent and consider anonymization and pseudonymization techniques for greater security. Nevertheless, external third-party organizations who will process Users’ personal data for SAWASDEE by AOT Application will be required to have an appropriate privacy policy. SAWASDEE by AOT Application does not permit these external third-party organizations to use the Users’ personal data in a way that diverge from the agreed scope and purpose.

6. Transferring Personal Data to Foreign Countries

SAWASDEE by AOT Application may be required to pass on personal data to foreign countries, including, but not limited to

1. Finland

Group of Activities: Home-to-Gate Navigation, GPS Detection

2. United States

Group of Activities: HGroup of Activities: Account Creation (OTP via SMS / Email), Application Usage Analytics, Newsletter and Promotion, SMS Promoting

For these cases, SAWASDEE by AOT Application will pass on Users’ personal data only when these requirements have been met.

These include:

• Receiving foreign country has a substantial personal data regulation in place
• Receiving organization has a substantial privacy policy in place and certified by the Personal Data Committee
• Receiving organization is obligated to follow a substantial privacy policy with a sufficient remedial measure in accordance with the procedures identified by the Personal Data Committee (including, but not limited to, standard contract, vendor process agreement)
• A necessary task to exercise legal rights
• Consent has been received from appropriate individuals agreeing to the pass on of Users’ personal data to a foreign country that does not have a substantial privacy policy
• A necessary task to carry out contractual agreements of the Users
• A necessary task to carry out under a contractual agreement between two entities for the benefit of the Users
• To ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time
• A necessary task for the good of the public

7. Security Measures for Personal Data Protection

SAWASDEE by AOT Application has implemented security measures to ensure the security of Users’ personal data. External third-party organizations must carry out the processing of personal data in accordance with SAWASDEE by AOT Application’s policy and agrees to ensure the security of Users’ personal data
(More details are available at www.airportthai.co.th/privacy-policy)

8. Time Period of Personal Data Storage

SAWASDEE by AOT Application will store Users’ personal data throughout for the appropriate period according SAWASDEE by AOT Application’s scope and purpose including other important matters such as legal requirements, accounting, and auditing purposes.
(More details are available at www.airportthai.co.th/privacy-policy)

9. Users’ Personal Data Rights

Your personal data rights include:

• Right to Withdraw Consent – you have the right to withdraw the consent at any time during which your personal data is held by SAWASDEE by AOT Application, unless there is right restriction by law or there is a contract which is beneficial to you which remains valid. The collection, use or disclosure of your personal data which was undertaken before the withdrawal of your consent shall not be affected. However, the withdrawal of your consent related to and required for the service request may prevent SAWASDEE by AOT Application from providing services to you, or may cause the transaction or any other related activities to be suspended or temporarily discontinued, or may affect your knowledge of products and / or services, For your own benefit, you should determine and inquire about the potential impacts before deciding to withdraw your consent.
• Right of Access – you have the right to request a copy of all your personal data and assess if the company is processing your personal data in accordance with the law or not
• Right to Data Portability – for the case where a company has an automated platform allowing you to access your personal data automatically:
  • You have the right to ask for your personal data to be transferred automatically to other organizations
  • You have the right to ask for your personal data to be directly transferred to other organization, with the exceptions of cases where there is a technological limitation
• Right to Object – you have the right to object to any data process activity of your personal data for the legal bases, including:
  • Public task or legitimate interest
  • Direct marketing purposes
• Right to Erasure – you have the right to request data deletion or anonymization, in accordance with the following cases:
  • Expiration of data processing required terms
  • Consent has been withheld
  • Objections raised on the data processing activity
  • The processing activity is not in accordance with the law
• Right to restrict processing – you have the rights to restrict any data processing activities, in accordance with the following cases:
  • During the process of personal data assessment as requested
  • For cases related to personal data which has initially asked for deletion and erasure but was followed by an additional request of processing restriction instead
  • For cases when the data processing terms have passed, but you have requested for processing restriction due to legal reasons
  • During the process of personal data processing objection verification
• Right to Rectification – You have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, the company might not edit this themselves.

In the cases where SAWASDEE by AOT Application may not be able to carry out and exercise your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the rights to retract your consent by emailing to all related parties. SAWASDEE by AOT Application will be required to terminate all processes as soon as possible. However, the retraction only is carried out to all data processing after the retraction. Any data process activity carried out before the retraction will not be reversed.

Please be informed that SAWASDEE by AOT Application does record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available at: https://www.mdes.go.th/law/detail/3577-Personal-Data-Protection-Act-B-E--2562--2019

In the case where you have the intention to exercise your personal data protection rights, please contact AOT Contact Center 1722 or (+66) 2535 1192. SAWASDEE by AOT Application will process this request in a secure and timely manner. Also, in case that SAWASDEE by AOT Application fails to preserve your rights under PDPA, you can file complaint to Office of the Personal Data Protection Commission (‘PDPC’)

10. Policy Revision

This Privacy Policy applies to all SAWASDEE by AOT Application Users and was last updated on 7/6/2022. SAWASDEE by AOT Application holds the rights to review and edit the policy periodically if there is any change in activities or any significant change. Any revision made will be notified to all related parties regarding the changes in data processing activity procedures.