Privacy Policy
Prospect REIT Management Company Limited (“Company”) is a REIT Manager of Prospect Logistics and Industrial Freehold and Leasehold Real Estate Investment Trust (“Trust”), has intentionally been running the business with the good governance, and emphasizing the privacy and safety of personal information, the company would control clearly all personal data processing activities.
This privacy policy (“Policy”) is designed to ensure trust and confidence on how the company manages your personal information, it will be keep safely under the personal information security measurements by law, and it is same international level.
For trust unitholder, you will be able to get more information about processing of your personal data, including using your right and channel for using your right from a notification letter of privacy policy for trust unitholder via Notice for processing of personal data (For Subscriber and Trust unitholder)
In addition, this privacy policy will be applied only when the company has the right to control the data information, in case the company runs personal data processing activities on behalf of a processor for other government or private organization who is the controller of all data, please directly check details of data processing in their privacy policy, or a notification letter of privacy policy of that government or private organization.
1. Collection and storage of your personal information
The company may collect and store your personal information in both direct and indirect ways;
- Your given information to the company
- Your given information to any persons involved with trust, such as trustee, underwriter, or property manager.
- Thailand Securities Depository (TSD) who is a trust registrar.
- Your information shared from the group companies.
- Your information shared from other company or organization that has cooperation with you (On behalf of committee or representative)
- Social network and/ or other public relations medias that you use for connecting with the company
- Other reliable sources of public information
2. Types of personal information collected by the company
The company may collect various types of information, depending on the objectives of information usage, and its user’s operation, the data collection may include;
- Personal identification such as name- surname, title, date of birth, nationality, occupation, identification number, tax identification number, phone number, email, address, copy of identification card, copy of passport, photo, voice, picture and video
- Personal characteristics such as age or sex.
- Personal information of trust investment such as subscription of trust unit, unitholder registration number, type and number of trust unitholding, brokerage account, chosen agent or broker, and info of trust registration number
- Financial information such as bank account, transaction information, withholding tax information, payment method, and other payment details.
- Data usage history such as website cookies, including website usage behavior, log info, interest, devices or IP address to access internet service, setting data, website customization, date or location.
- Other information such as your given personal information when contacting with the company, interest and type of investment, interaction with the company through Call Center, social network, other chatting channels, investment info, workplace, method for sending documents.
3. Data retention
The company determines appropriate time for storing your personal information based on concerned objectives, and your information will be later permanently deleted and destroyed. Unless, it is necessary to store your information according to relevant regulations, or it is under the right protection of the company. Generally, data must be stored for maximum 10 (Ten) years, except there may be another law or regulation for longer period of data retention, or it is for the right protection of the company.
Once the storage period is expired, the company will delete and destroy the given data, and ensure the data removal from the company’s server, or the data will be kept safely in a form of unidentifiable data subject.
4. Purpose of use and disclosure of personal information
The company will compile your personal information in order to (1) take action on behalf of counterparty, (2) comply with the laws, or (3) take the legal benefits. And, the company will disclose your personal information for the mentioned objectives, including the following purposes;
4.1 Purpose of trust management
- To process operation according to your request for subscription of trust units
- To manage and control trust internally, including creating and collecting records, registration related to trust unitholder, and disclosing the information to registrar and involved parties.
- To make a contract that the company do on behalf of trust with other company or person.
- To manage a meeting for trust unitholders
- To process a request for paying a debt
- To process a complaint and summary of all complaints.
- To report the situation or significant circumstance towards trust’s assets or trust.
- To report status or progress of the legal dispute, and summary of the dispute resolutions.
- To ensure that the website’s content will be effectively presented and shown on your electronic devices.
- To manage all information for trust unitholder, interested persons, analyzers, including various channels for sharing comments, inquiries, reactions and notification of benefits without marketing purpose.
- To provide campaigns, activities, trainings, or seminar arranged by the company.
4.2 Other purposes
- To follow the agreements of the company or trust in both direct and indirect operations.
- To process all necessary operations of the company and generate benefits under the relevant laws and fundamental rights of data subject.
- To ensure the security and safety of the company.
- To evaluate and proceed all of your requests.
- To ensure the protection and prevent any disguise.
- To verify, analyze and provide all concerned documents requested by government sector or other organizations.
- To comply with any law or concerned regulation.
5. Disclosure of your personal information
The company will not disclose your personal information without lawful basis for processing, in case the company will have to share your personal information to third party, the company will manage it appropriately in order to ensure the security and no unauthorized access to the information, including unauthorized usage, modification or disclosure. The company may disclose your personal information to the following parties;
- Thailand Securities Depository (TSD)
- Trustee, agent, representative, underwriter, property manager that are contracting partners for the purposes of trust management.
- External service providers or group of companies that serve the company, such as information technology service provider, cloud service provider.
- Government sector and regulator, such as Securities and Exchange Commission
- Auditor, lawyer, and other company’s consultants.
- Individual or legal entity who are involved with the company's restructure, merger, sale, company acquisition, or other group companies restructure, or other possibility in the future.
- Other regulators upon your request for information allocation.
6. Disclosure of your personal information to overseas.
The company will disclose your personal information to any oversea receiver as permitted by privacy law and/ or relevant regulations, and the company may allocate the information to overseas under international data transfer agreement or other concerned data protection law. The company may share or allocate the information to any receiver who agrees to follow all right protection regulations, that will prevent breaking a contract or other authorized mechanism when allocating personal information to overseas.
7. Data security and protection measures
The company has been served by other group companies who has their own policy for information and technology protection as same level of information security standards system or ISO 27001. It is the high cyber security and essential protection system for the access, use, modification, correction, unauthorized disclosure of personal information, and also identity phishing. The company has invested and spent times and men-power to ensure the high standard security and protection management. Your personal information is safe under the company’s cyber controls system. In addition, the data security and protection policy of the other group companies is also applied when cooperating with the company, including maintaining the physical and environmental security, controlling both input and output operations, information access, important data backup, confidentiality, and data protection. Moreover, the company and other group companies who provide information and technology services will review all protection measures properly according to relevant laws.
The company will delete or conceal your personal information immediately after storing your information is reasonably no longer required. In addition, the company may appropriately destroy your data without prior notice.
Despite the company exerts and attempts to maintain the high standard data protection by using technical equipment together with administrative management to control all data security and unauthorized access to personal information or confidentiality, but it may not prevent all mistakes, such as computer virus attacks or access of hackers. It is highly recommended to always be up-to-date with computer news, install effective software, i.e. Personal Firewall to protect your computer from any attacks, or information phishing, and always check and keep confidentiality of your account statement, such as account balance, date of transaction, including privacy data collection, and financial condition.
8. Rights of the personal data subject
Regarding the data protection law, you as the data subject have your rights by law to modify or edit your information under all personal data protection regulations.
- Right to access your personal data
- Right to edit your personal data
- Right to request for deleting or destroying your personal data.
- Right to restrain the use of your personal data
- Right to object the collection, process, and allocation of your personal data
- Right to request for data portability.
- Right to withdraw your consent.
In addition, you have the right by law to make a request a government regulator or Personal Data Protection Committee through Ministry of Digital Economy and Society, in order to control the company when breaking the data protection regulations occurred.
In case you have given the consent to the company (Which is not related to any consent by other laws), you are able to withdraw your consent at any times, but it may affect to some provided services, the company will inform you once your consent withdrawal has been received.
In addition, the right for this request will be considered and proceeded only when the company is a controller of the processing of your given personal information. In case you claim for your right on your given information that the company is only a processor of other controller, the company will be able to send a concerned notification to that controller, in order to request for being a controller of your personal data and later support your right.
9. Contacting
In case you have any inquiries, suggestions, or concerns related to the above regulations, or you may have questions or queries about the use of personal information, you may contact the company through these following channels.
Compliance and Risk Management Department
Prospect REIT Management Company Limited
Address: No. 345, 345 Surawong Building, 5th Floor Surawong Road, Suriyawong, Bangrak,
E-mail: compliancerm@prospectrm.com
Tel: 02-697-3793
Remarks:
- Please specify your contact details when requesting or claiming for your right, the company will get back to you as soon as possible.
- In case of contacting of personal information issues, no charge will be applied by the company, but there may be some expenses for processing an extra request of your personal data modification according to the personal data protection laws.
10. Modification policy
In case there is any modification of data protection principles, the company will adjust and update the letter of policy notification on the company’s website, therefore you will be able to reach all conditions of personal data collection, disclosure, management, and data protection.
This privacy policy is effective from 01 June 2022.