HOME          CONTACT          TH   :    EN
follow us :              

Personal Data Protection Policy

This Personal Data Protection Policy was last updated on May 8, 2020.


Intouch Holdings Plc. (“the Company”) collects personal data and is committed to protecting it in accordance with the related laws. This Policy applies to everyone who interacts with the Company in order to manage the personal data of natural persons. Please read this Policy carefully, as it explains how the Company processes personal data and informs you (the data subject) about your privacy rights.


In this Policy, the following definitions have the meanings below:

(1) “Personal data” means any information about a natural person, which enables the identification of that person, whether directly or indirectly.

(2) “Personal Data Protection Laws” means all laws and regulations related to data privacy protection in Thailand, including the Personal Data Protection Act, B.E. 2562 (and any future amendments).

(3) “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


Intouch Holdings Plc. will take care of and is responsible for the processing, usage and control of all the personal data it has collected, in accordance with the Personal Data Protection Laws. In addition, the companies in INTOUCH Group have also drawn up personal data protection policies, and each company is the data controller for the personal data that it processes for its own activities.

Should you have any questions or need to contact the Company about the processing of your personal data, please use one of the following channels:

• email at PDPAnotice@intouchcompany.com or

• post to Legal Department, Intouch Holdings Plc., SJ Infinite One Business Complex, 29th Floor, 349 Vibhavadi-Rangsit Road, Chompol, Chatuchak, Bangkok 10900


The Company will collect and process personal data permitted under the Personal Data Protection Act, B.E.2562 (“the Legal Basis”), as initially set out below.

(1) ARCHIVES / RESEARCH / STATISTICS FOR PUBLIC INTEREST: for the achievement of the purpose relating to the preparation of historical documents or the maintenance of archives for the public interest, or for the purpose relating to research or statistics, for which suitable measures are necessary to safeguard the data subject’s rights and freedoms;

(2) VITAL INTERESTS: for preventing or suppressing danger to a person’s life, body or health;

(3) CONTRACTUAL OBLIGATIONS: where it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject before entering into a contract;

(4) PUBLIC TASKS: where it is necessary for the performance of a task carried out in the public interest by the data controller, or in order to exercise the official authority vested in the data controller;

(5) LEGITIMATE INTERESTS: where it is necessary to protect the legitimate interests of the data controller or related persons, except when these are overridden by the fundamental rights of data subjects with respect to their personal data;

(6) LEGAL OBLIGATIONS: for compliance with any laws to which the data controller is subject; and

(7) CONSENT: when the data subject has given the data controller permission to process personal data for one or more specific purposes.

The Company’s collection and processing of personal data generally falls under the Legal Basis of contractual obligations, legitimate interests, and/or legal obligations. If there is any matter that is not covered by the Legal Basis, the Company will ask you for consent before collecting and processing your personal data.


The Company’s processing of your personal data may involve different methods, depending on the various activities in which you are engaged and the relationship between you and the Company, such as shareholders, investors and business contacts. The methods the Company uses to process personal data in each activity and relationship (i.e. the categories of personal data the Company collects, the purposes of its use, and the legal basis for processing, retention, sharing and disclosure) can be found at [ link ].

The data retention period will comply with the provisions under related laws. The Company will only retain your personal data for as long as necessary to fulfill the processing purposes (for which the Company will notify you or obtain your consent) or as permitted under the aforementioned Legal Basis. After this period, your personal data will either be deleted, destroyed, annonymized, or access to it will be blocked.


The Company has put in place appropriate security measures to protect your personal data from loss or unauthorized use, access, alteration or disclosure, and reviews these measures on a regular basis to ensure that they are appropriate. Moreover, access to your personal data is limited to authorized persons who have a justified need to know the details. These persons will only process your personal data on the Company’s instructions, and are subject to a duty of confidentiality.

The Company may engage standardized and trusted third-party service providers to process your personal data on its behalf. All the Company’s third-party service providers are required to implement appropriate security measures to protect your personal data in line with the Company’s policies. They are not permitted to use your personal data for their own purposes, and can only process it for specified purposes in accordance with the Company’s instructions and data processing agreements.

If a problem arises regarding the security of your personal data, please contact the Company as soon as possible via the channels set out in Section 3. The Company has put in place procedures to deal with any suspected personal data breach, and will notify you and the relevant regulator if a breach has occurred and it is legally required to do so.


The Company acknowledges your rights under Personal Data Protection Laws, namely your right to withdraw consent, right to access your data, right to data portability, right to object to the processing of your data, right to restrict the processing of your data, right to erasure of your data, and right to rectification of your data. If you wish to exercise any of these rights, you should contact the Company via the channels set out in Section 3. The Company will respond to every reasonable request within 30 days from receiving it, except in a force majeure event; if this occurs, the Company will inform you as soon as it is able to.

In order to prove your ownership and ensure the security of your personal data, the Company may ask you to verify your identity before responding to a request. If you have any queries about how your personal data is managed or the exercise of your rights, please contact the Company via the channels set out in Section 3.


This Policy may be revised from time to time in order to improve the Company’s management of personal data and its security. The date at the top of this Policy will be amended, and the revised version will apply from then. If the Company makes any material changes to this Policy, you will be notified in accordance with the applicable law.




We are the leading and sustainable value creation asset management company in Telecom, Media and Technology.

 Corporate Governance
   349 SJ Infinite One Business Complex, 29th and 30th Floors, Vibhavadi-Rangsit Road, Chompol, Chatuchak, Bangkok, 10900

  +662-118-6953 ( T )
     +662-118-6957 ( F )
Intouch Holdings. All Rights Reserved.