Privacy Notice

2. Purposes for Which Your Personal Data are Collected, Used and Disclosed.

THAI will collect, use and disclose your personal data according to the conditions described by laws; namely (1) necessary for the performance of contract or request made by you to THAI (2) legal obligation as THAI is obliged to comply  (3) legitimate interest of THAI or other persons (4) vital interest of persons (5) necessary for public interest, public task or the exercise of the right by the public sector or (6) your consent in case the collection, use and disclosure are outside the scope as described in (1) to (5) above, for any of the following purposes;

2.1 to contact, communicate or provide information about the products or services that you use or will use;

2.2 to respond to your request or contract that you have with THAI or associated with the request or contract that you have made with THAI, for example, delivery of document, demand for debt payment including to comply with the contract that we have with other person and necessary and relating to provision of a service to you;

2.3 to manage relations between you and THAI and to prepare detailed or historical records about services provided to you for further service to you;

2.4 to manage information of corporate customers which your personal data may be involved;

2.5 to comply with laws, rules and regulations;

2.6 to perform any acts as the supervisory authorities may describe, request or recommend to comply;

2.7 to manage and administrate THAI’s internal businesses, e.g. compliance, improvement, or internal audit;

2.8 to administrate or manage all risks e.g.
     (1) to protect, handle or minimize risks arising from illegal acts which may occur to you, the customers, THAI’s personnel and THAI by using the data for improvement of security system through various service channels, working systems and safety and security systems for information technology operation of THAI;
     (2) for security purpose, e.g. photo recording of the person contacting or doing transaction with THAI via CCTV and the exchange of identification card when accessing the building for the security reasons within THAI areas;

2.9 to procure and offer products, services and alternatives of services to you, including communication, warning, deliver or offer privilege, benefits, awards or information about products or services of THAI, the companies in THAI group or business alliances which may of interest to you, or for sale promotion or lucky drawing activity;

2.10 to monitor the use of services or transaction according to your orders;

2.11 to manage all complains e.g. the investigation on the use of the services or transmission of data within or between THAI and other persons, the process for accepting of the complaint from you, compensation or as information for improving such services;

2.13 for strategic purpose, protecting interest or evaluation of the business result or services of THAI;

2.14 for evaluation, development and improvement of products or services or for execution of the rights by THAI;

2.15 for marketing promotion project or activity, meeting, seminar, entertainment or the site orientation;

2.16 for storage of data on cloud service and other system used for storing data;

2.17 for the performance of contract as THAI as the contractor or for execution of the right or enforcement of contract of THAI;

2.18 for connecting or facilitate the use of website, application and platform of THAI or other persons;

2.19 for application for a job or for the employment.

The collection, use and disclosure of your personal data including the cross-border transfer thereof shall be performed in accordance with the above principles.


3. Persons or organizations who the data may be disclosed to.

THAI may have to disclose your personal data to other persons or organizations within or outside the country to fulfill the purposes under this notice as follows:

3.1 Subsidiary Companies consisting of Thai Smile Airways Co., Ltd., Thai Flight Training Co., Ltd., Thai-Amadeus Southeast Asia Co., Ltd., Tour Euang Luang Co., Ltd. And WingSpan Services Co., Ltd.

3.2 Business Alliances for example, business alliance in air transport, tourism, hotel, car rent, marketing, financial institution, insurance or life assurance or any persons involving the promotion or loyalty program, data analysis, platform joint service provider or person whose name or trade mark appears on the contract, website or other service channels of THAI.

3.3 Persons Involving in the Services of THAI for example other airlines, ground handling agent providing check-in and baggage services, cargo accepting and delivery services, call center, person who perform the duty as the middle person for THAI, joint provider with THAI, outsourcing service provider, contractor or provision of goods or service to THAI or agent of THAI within and outside the country who THAI is a contracting party, for example, infrastructure development provider, technical infrastructure developer, electronic or information technology system developer, logistics and cargo terminal service provider, Cloud computing service provider, data analysis provider and event and activity organizers.

3.4 Person or Organization as Described by Laws THAI may have to disclose your personal data for the purpose of compliance with laws, rules, regulations or order of the government agency, state agency, supervisory agency or in case THAI believes that the disclosure is necessary for complying with laws to protect the right of THAI or other person, for the safety of person, to protect, investigate or manage the fraud, security or safety in various areas, for example, tax authority, fund administrator, social security authority or financial institution.

3.5 Advisors of THAI, for example, legal, financial, technical experts and auditor.

3.6 Right and Obligation Assignee or Novation Assignee including the person involving in the reorganization, business assignment, investment, merger, purchase or sell of properties, shares or businesses by a person involving such activities, shall be in accordance with this notice.

3.7 Other Related Persons, for example, beneficiary, person has the authority to perform the duty for or guarantor.

3.8 Association, Organization, Club and Other Bodies, for example, Thai Airways Employee Saving Cooperation, Thai Airways Employee Club.

3.9 Websites and Other Social Media, for example, Facebook, Google, Instagram

THAI shall inform the person or organization who the data has been disclosed to treat the data in a safe manner according to THAI’s policy and laws. THAI shall allow the use your personal data for the intended purposes and order of THAI only.


4. Storage of Your Personal Data and Duration.

4.1 Storage of Your Personal Data

     THAI takes security measure to your personal data both in document and electronic form to protect the data from loss or unauthorized or unlawful access, use, amendment, revision or disclosure.

4.2 DatDuration for Storage Your Personal Data

     THAI will collect your personal data as it is needed for the respective purposes as informed in this notice as necessary as specified by laws at the maximum period of 10 years from the date your relation with THAI shall cease, except that it is otherwise necessary by THAI as specified by laws or such personal data are unable to be erased or destroyed due to the technical limitation.


5. International Transfer of Your Personal Data.

     In case THAI is necessary to transfer your personal data to other persons in other countries, for example, your or THAI’s contracting party, branch office of THAI in other countries, the subsidiary companies, authority or organization in other countries, the destination country where data protection measures are not sufficient as required by laws. In such case, THAI will take appropriate measure to ensure that your personal data will be transferred safely.

     Personal data may be shared with related third party service providers who will process it on behalf of THAI for the purposes identified above. In this case, we use additional safeguards to protect your personal data such as “Data Processing and Transfer Agreement” and “Standard Contractual Clauses” for sharing to the processor outside EU/EEA or Thailand, as the case may be. We process your data mainly within the Kingdom of Thailand and EU. If you acquire services that involve the transfer of your data to other countries, with equivalent or non-equivalent data protection measures with the Kingdom of Thailand or the EU, such as international flight connections, we will also transfer your data to these other countries. In this respect we also refer to the general privacy policy of the International Air Transport Association (IATA) https://www.iatatravelcentre.com/privacy.htm

     When you are under GDPR, in some cases when we transfer your data to countries outside of the EU or EEA, we use additional safeguards to protect your personal data, such as the EU Commission approved “Standard Contractual Clauses”. A copy of the clauses can be provided for your review on request to the contact details provided in section 10.


6. Website System used for collecting the Data.

     When access to the website system of THAI, THAI will automatically collect some data from your usage for the purposes detailed in this notice, for example, THAI will take the data that Cookies and other similar technologies has recorded or collected for statistical analysis or other activities of the website system or business of THAI to help THAI to provide best experience for the use of website to you including the improvement of efficiency and quality of website system service of THAI.


7. What rights do you have?

     As the data subject, you may exercise the following rights;

7.1 Right of access and Request a Copy
     You have a right of access to your personal data and request for a copy which are under our responsibility or request for the disclosure of the collection of personal data that you have not consented.

7.2 Right of Data Portability
     Where your personal data are provided to THAI by consent or necessary for performance of contract or by a request you have made to THAI or as announced by the Data Protection Committee, and in case THAI has made data, and those data are in machine-readable format, you the right to request the transmit those machine-readable data to another controller, where technically feasible.

7.3 Right to Object
     You have a right to raise objection to collect, use or disclose your personal data in case (1) THAI collects your personal data for necessary reason for the public task, the exercise of right by the government sector or for the legitimate interest of THAI, person or juristic person (2) THAI collects, uses or discloses your personal data for the purpose of direct marketing or (3) THAI collects, uses or discloses your personal data for the purposes of scientific, historical or statistical research, except as necessary for the purposes of public task of THAI.

7.4 Right to Erasure or Destroy Personal Data
     You have a right to request to erase, destroy or to make your personal data unidentifiable in case (1) your personal data are no longer necessary in relation to the purposes for which they were collected (2) you have withdrawn your consent and THAI does not have the authority by other legal ground to collect, use or disclose such personal data (3) you have objected to the collection, use or disclose of your personal data collected by THAI for the reasons of necessity to perform the public task of THAI, the exercise of the right by the public authority or for the legitimate interest of THAI or other person or juristic person and THAI has no overriding legitimate grounds to refuse such objection (4) your personal data are unlawfully collected, used or disclosed, except in case it is necessary for THAI to collect your personal data for legal obligation or for the establishment, exercise or defence of legal claims or the use or protection of the right of THAI.