Supalai Public Company Limited is well aware of the privacy of the customers or stakeholders being in touch with the company and its website, and therefore has put together this Personal Data Protection Policy for that cause. This Policy serves as a guideline for the collection, use, disclosure, alteration or any other processing of personal information in a manner that is in conformity with related law, as well as the protection of all customers’ or stakeholders’ privacy under the company’s supervision from the pursuance of unlawful benefit. Details of the policy are as follows:


“Personal Data” means any information relating to an identified or identifiable natural person, directly or indirectly, as according to the Personal Data Protection Law.

“Customers or stakeholders” means the customers or stakeholders of the company.

“Company” refers to Supalai Public Company Limited and its subsidiaries.

“Policy” refers to the Personal Data Protection Policy.

“Information system” refers to the computer system, communication network system, internet connection system, data collection system, E-mail system and communication system involving all kinds of information including those on communication devices, computer devices, peripheral devices or any other related devices owned by the Company.

Scope of Enforcement

This Personal Data Protection Policy is written to provide guidelines on how to manage and protect the personal data of the customers or stakeholders being in touch with the Company directly or via its information system, and enforced with the collection, use, disclosure, alteration or any other processing of the personal data under the supervision of Supalai Public Company Limited. The customers or stakeholders acknowledge its enforcement for the protection of their privacy and agree to the Company’s right for the storage and use of the current and future customers’ or stakeholders’ personal data as in relation with this Policy’s objectives.

Storage and Collection of Personal Data

The Company uses various technologies to collect data including cookies which are small pieces of information stored in the customers’ or stakeholders’ devices allowing the website to remember each access or usage. The data (personal data) collected by the Company consists of:

Data given directly by the customers or stakeholders: is the data that the customers or stakeholders have given to the Company such as subscription information, activity participation, survey answers, account details, account revisions, and the details provided by the customers or stakeholders for Company’s or staff’s contact which are not limited only to those appearing on the pages with user history and service applications. Such data includes full name, company address, contact address, date of birth, sex, age, race, nationality, religion, health record, blood type, photo, E-mail address, bank account number, credit card number (if any), identification card number, passport number, telephone number, together with the details of the user account with recorded interest and feedbacks, all for the Company’s information storage.

Data acquired from the customers’ or stakeholders’ use of the service: is the data relating to the customers’ or stakeholders’ usage of the website and how they actually use it. This set of data includes, but is not limited to, the information on the device used to access the website, computer log, intercommunication and that obtained from usage tracking such as IP address, device passcode, type of device, mobile network, connection record, geographical location, type of browser used, entry and exit log, referring website, usage history log, login log, transaction log, customer behavior, number of visits, access time, search history, web function usage and the data collected through cookies or similar or related technology. Meanwhile,

  1. The Company will collect and store personal data that is necessary to carry out this Policy’s objectives, within an appropriate length of time only.

  2. Upon collection of such data, the Company will proceed only with consent from the customers or stakeholders.

  3. The Company will not collect the customers’ or stakeholders’ personal data from other sources which are not its direct owner.

  4. The Company might record the conversations, in audio or any other forms, when the customers or stakeholders make contact with it acknowledging and agreeing with the terms and conditions under this Policy.

Use and Disclosure of Personal Data

  1. The Company guarantees to not use the stored personal data of the customers or stakeholders for other purposes unless they serve for lawful objectives or for the Company’s business in various aspects such as:


    For carrying out the programs / activities involving the Company’s business operation for the benefit in research, study, statistics tracking, service development, marketing, public relations, product newsletter distribution, and the promotion of products, services and occasional CSR activities.


    For the improvement and development of company website.


    For receiving complaints from the customers or stakeholders.


    For contacting the customers or stakeholders via phone calls, messages, E-mails, posts or any other channels to inquire, inform, investigate or confirm the information relating to their accounts, or to ask for their feedbacks as deemed necessary.


    For reviewing the usage data of the customers or stakeholders to ensure the Company’s compliance with related law, rules and regulations that are currently in effect as well as those to be amended or added in the future.

    The Company will not dispose of, transfer or distribute such data to any other party unless a consent is received from the data owner.

  2. The Company may disclose personal data of the customers or stakeholders if such information is lawfully made public or the action is done by court or authority order for the benefit of legal investigation or trial.

  3. In the event that the Company hires a third party to conduct any work relating to the use of the personal data, the Company will ensure that the hired party is obliged to the confidentiality and security of information while also being prohibited to use the data outside the objectives contained by the Company.

Rights of Data Control

In case where the data owner (the customer or stakeholder) requires to see, delete, modify or review his/her personal data or not to receive any of the Company’s marketing message, he/she can have a request with self identification in written form sent to the Company. With the arrival of request, the Company will inform the data owner of the presence or details of the information within an appropriate time frame.

If the customer or stakeholder does not agree to the Company’s usage or demands for it to delete his/her personal data, he/she might not be able to receive efficient service, or any service at all, from the Company

Storage Security

To ensure a safe and proper data management, the Company has set up a system to store personal information with applicable mechanism and technique. Access to the customers’ or stakeholders’ data is also made limited for directors, executives, staff, temporary employees and agents to prevent any unauthorised use, disclosure, destruction or access.


Should the customers or stakeholders have any questions about this Policy, please contact our agents at Smart Center tel. 1720 or visit our website at

Review of Policy

The Company might modify or amend this Policy without prior notice to the customers or stakeholders for the purpose of proper and efficient service provision. The customers and stakeholders are advised to read this Policy every time they pay a visit or receive service from the Company’s website at