Sign in / Sign up

Privacy Policy

Personal Data Privacy Policy

ECOMOBI MEDIA JOINT STOCK COMPANY – 4th Floor, 2nd Building, Times Tower, 35 Le Van Luong Road, Nhan
Chinh Ward, Thanh Xuan District, Hanoi, Vietnam

  1. Company Introduction
    ECOMOBI MEDIA JOINT STOCK COMPANY (hereinafter referred to in this Personal Data Privacy Policy as the “Company”) recognizes the importance for protecting personal information and other information about you (collectively, “Information”). The Company wishes to be transparent and responsible for its collection, use or disclosure of your information in accordance with the Personal Data Protection Act B.E.  2562 (“PDPA”) and other relevant laws. This Personal Data Privacy Policy (“Policy”) has been developed to inform you in detail about our collection, use and disclosure (collectively, the “process”) of personal data processed by the Company, including its officers and related persons acting on behalf of or for the Company.
  2. Scope of Policy Enforcement
    This policy applies to personal data of individuals (“Data Subjects”) who have a relationship with the Company at this time, and that might have a “relationship” with the Company in the future which is processed personal data by the company , its officers, contractual employees, business entities or other forms of entities operated by the Company and includes parties or third parties that process personal data on or on behalf of the  Company (“Data Processor ”) under products and services such as websites, systems, applications, documents or other forms of services maintained by the Company (collectively, the “ Services ”).

Relationship with the Company under the provisions of the first paragraph, include

    1. individual customers
    2. officers, or workers or employees
    3. partners and service providers who are natural persons
    4. directors, attorneys, representatives, shareholders, or other persons having a similar relationship of a legal entity, having a relationship with the Company.
    5. users of the company’s products or services
    6. visitors or users of the website https://passio.eco/vi/
    7.  including systems, applications, devices, or other communication channels controlled by the Company.
    8. other persons with whom the Company collects personal data such as job applicants, family of officers, guarantors, etc. Articles 1) to 6) are collectively referred to as “you”.

In addition to this Policy, the Company may issue a privacy notice (“Notice”) for its products or services to inform the Data Subject of any changes to this Policy and to inform the Data Subject of the purpose and legitimate grounds for processing the personal data and the period of retention of personal data collected. This includes the right to personal data that the Data Subject has in particular products or services. In the event of a material conflict between the terms of this Notice and this Policy, the terms of the Notice of that service or product will prevail.

  1. Definitions
    1. Company means Ecomobi Media joint stock company
    2. Personal Data means information about a natural person, which makes it possible to identify that person either directly or indirectly but does not include information of a deceased person
    3. Sensitive Personal Data means personal data as provided for in Section 26 of the Personal Data Protection Act B.E. 2562, such as, religion or sexual behavior, criminal records, health information, disability, union information, genetic data, biological data, or any other information which affects the owner of personal data in a similar manner as specified in the notification of the Personal Data Protection Committee.
    4. Data Processing means any processing of personal data, such as collecting, recording, copying, organizing, storing, updating, changing, using, recovering, disclosing, forwarding, disseminating, transferring, merging, deleting, destroying, etc.
    5. Data Subject means a living individual who owns personal data that the Company processes.
    6. Data Controller means a person or entity who has the authority to make decisions about the collection, use or disclosure of personal data.
    7. Data Processor means a person or a legal entity who performs the collection, use or disclosure of Personal Data on the order or on behalf of the Data Controller.

4.     Sources of Personal Information Collected by the Company. The Company collects or
acquires various types of Personal Information from the following sources:

    1. Personal data that the Company collects directly from the Data Subject through various service channels, such as the process of applying, registering, applying for jobs, signing contracts, documenting, completing surveys or using products, services, or other controlled service channels. maintained by the Company or when the subject of personal data communicates directly with the Company at the office, or by contacting the Company’s call center or through other communication channels supervised by the Company.
    2. Information that the Company collects from the Data Subject while they are accessing the website or using other products or services under contract or under the control of the company, or acquired through the use of cookies (Cookies) or from software on the device of the Data Subject, which collects such data as website behavior tracking, or browsing products or services of the Company etc.
    3. Personal data the Company collects from sources other than the Data Subject and provided that such sources have the authority and have legitimate grounds or the consent of the Data Subject to disclose the data to the company, for example linking government agencies’ digital services to provide comprehensive public benefit services to the Data Subject themselves. Receiving personal data from other government agencies as the company is obliged by its mission to establish a central information exchange center to support the operations of government agencies in providing digital services to citizens including out of necessity to provide contractual services in which personal data may be exchanged with contractual entities.

This also includes the case where you are a third party personal information provider to the Company as follows: You are responsible for notifying the details of this policy or announcements of products or services, as the case may be, to such parties. As well as obtaining consent from that person if it is a case where consent to disclose information to the Company is required.

However, in the event that the owner of the personal data refuses to provide information that is necessary to provide the Company ‘s services, it may result in the Company being unable to provide that service to the owner of such personal data in whole or in part.

  1. The Legal basis for personal data collection
    The Company has determined the legal basis for collecting your personal information as appropriate and in the context of providing services. The legal basis for collecting personal information that the company uses consists of

Legal basis for collection

Details

for carrying out missions for the public benefit or exercising the state powers that the company has received

To enable companies to exercise state power and carry out missions for the public benefit according to company missions , which are stipulated by law, such as
– Royal Decree establishing the Digital Government Development Agency (Public Organization) B.E.  2561 – Act on Administration and Providing Public Service through Digital System B.E.  2562 , including related rules, regulations, orders and Cabinet resolutions, etc.

for the performance of duties under the law

In order for the company to be able to comply with the laws that govern the company, such as
– Collection of computer traffic data according to the Computer Crime Act B.E.  2560 – Government Information Act B.E.  2540 – Act Public Organization 1999 – Tax Laws, including the execution of court orders, etc.

It is necessary for the legitimate interest.

For the legitimate interests of the company and others Such benefits are no less important than the fundamental rights of the data subject, such as for the security of the company’s premises or the processing of personal data for the company’s internal affairs.

It is necessary to prevent or suppress any harm to a person’s life, body or health.

To prevent or suppress a danger to a person’s life, body or health, for example, providing an application to monitor epidemics according to government policies, etc.

for the performance of the contract

to enable the company to perform its contractual duties or take any action necessary for entering into a contract with which you are a party to with the Company, such as employment, memorandum of cooperation or other forms of contract, etc.

for the preparation of historical documents Research or important statistics

To enable companies to prepare or support the preparation of historical documents. For the purpose of conducting research and collecting statistics on the use of digital public or private services, monitoring the implementation of digital government policies, etc.

your consent

For the collection, use or disclosure of personal information in cases where the Company requires your consent. The purpose of collecting, using, or disclosing personal data has been given to the Data Subject prior to requesting consent, such as collecting sensitive personal data for purposes that do not comply with the exemptions of Article 24 or 26 of the Personal Data Protection Act. 2019 or presentations that Promote products and services of the contracting party or business partner to you, etc.

  1. Data required by contract
    In the event that it is necessary for the Company to collect your personal data for the performance of a contract, performance of duties under the law, or for the necessity of entering into a contract, and should you refuse to provide personal information, or object to the processing for the purpose of the activity, it may result in the Company being unable to perform or provide the services you have requested,  in whole or in part.
  1. The types of personal data the Company collects  
    The Company may collect or obtain the following information. This may include your personal data, depending on the services you use or the context of your relationship with the company, as well as other considerations that apply to personal data collection. The types of information listed below are just the Company ‘s general framework for collecting personal data, and only information related to the products or services you use or have a relationship with will be applicable.

Types of data

Details and Examples

personal information

Your ID or information from official documents that identifies you personally, such as your first name, last name, middle name, nickname, signature, ID card number, nationality, driver’s license number, passport number, house registration information, any professional license number (for each occupation) insurance identification number, Social Security number, among others.

information about the characteristics of a person

Detailed information about yourself such as date of birth, gender, height, weight, age, marital status. military service status, photographs, spoken language(s), behavioral data, preferences, bankruptcy information, information on being incompetent or quasi-incompetent, etc.

contact information

Contact information such as your home phone number, mobile phone number, Fax number, e-mail address, home mailing address username in social networks (Facebook ID, WhatsApp ID, Line ID, MS Teams), location map of your accommodation, etc.

Information about work and education

Employment details including work history and educational background such as type of employment, occupation, rank, position, function, expertise, work permit status. Reference information like, Tax Identification Number, tenure history, work history, salary information, start date, end date, assessment results, benefits, and benefits Items in the possession of the worker, job description, bank account number(s), educational institutions, educational qualifications, educational results, graduation date, etc.

information about social relationships

information about your social relationships, such as political status, political office. Directorship, Relationship with the company ‘s workers, information on being a contractor with the company, information on being a stakeholder with the company, etc.

Information about the use of the company’s services

Details about the company’s products or services, such as account name, password, PIN number, Single Sign-on (SSO ID) information, OTP, computer traffic data. Geolocation data, photos, videos, audio recordings, usage behavior data, (Websites owned by the company such as https://passio.eco/vi or various applications) browsing history Cookies or similar technologies, Device ID (Device ID) Device type, Connection details, Browser information, Language used, operating system used, etc.

Sensitive Personal Data

Your sensitive personal data such as race, religion, disability information, political opinion information, Criminal records, biological data (photographic data), health information, etc.

  1. Cookies
    The Company uses cookies, as well as other similar technologies, on websites administered by the Company, such as https://passio.eco/vi/ or on your devices, depending on the services you use, for the purpose of operating the security of the Company’s services and for you, the user, to have a convenient and good experience in using the Company’s services. This information will be used to improve the Company ‘s website to better meet your needs. You can set or delete the use of cookies manually from the settings in your web browser.
  2. Minor personal information Incompetent and quasi-incompetent
    Where the Company learns that the personal data to be collected and requires consent, belongs to a Data Subject who is a minor, incompetent or quasi-incompetent, the Company will not collect information from that person until consent is given from the person exercising parental power, or a guardian, to act on behalf of the minor, incompetent or quasi-incompetent, in accordance with the conditions prescribed by law.

In the event that the Company did not know beforehand that the Data Subject was a minor, incompetent, or quasi-incompetent person and later discovered that the company had collected the information of the Data Subject without the consent from the person exercising parental power, or a guardian, of the minor, incompetent, or quasi-incompetent person the Company will promptly delete and destroy that personal data if the Company does not have any legitimate grounds other than consent for the Processing of such information.

  1. Purposes of Collection of Personal Information
    The Company collects your personal information for a number of purposes. This depends on the type of product or service or activity you use, as well as the nature of your relationship with the company and considerations are made for each context and depend on the importance of the purpose. The purposes stated below are a general framework for the Company’s use of personal data. Only the purposes related to the products or services you use or have a relationship with will apply to your information.
    1. To take the necessary actions to accomplish the public interest that the company has been entrusted with, or is necessary to exercise the legal power that the company has the authority to carry out its missions as shown in the decree establishing the Digital Government Development Agency (Public Organization) B.E.  2561 and related laws, rules, regulations, or orders
    2. To provide services and manage the services of the Company, including services under contract with you or according to the mission of the company
    3. for the conduct of the Company’s transactions
    4. Supervise, operate, monitor, and manage the Services to facilitate and meet your needs
    5. To maintain and update information about you including documents referring to you
    6. To keep Records Of the Processing of personal data (Activities) as required by law (ROPA)
    7. Analyze data in order to solve problems related to the company’s services
    8. To perform the necessary actions in the management within the organization including job applications, nomination of directors, or persons holding various positions, and assessment of qualifications
    9. Prevent, detect, and avoid fraud, security breaches, prohibited actions, or illegal actions that may cause damage to both the company and the Data Subject
    10. Verify your identity and verify information when you apply for any of the Company’s services or contact the service, or use any legal rights
    11. Improve the quality of the Company’s products and services and ensure they are updated
    12. Risk Assessment and Management
    13. Send notifications, order confirmations, communicate and notify you
    14. To create and deliver relevant and necessary documents or information
    15. Prevent spam, and unauthorized or illegal actions
    16. Examine how Data Subjects access and use the Company’s services, both collectively and individually and for research-related purposes and analysis
    17. Take the necessary actions to perform the duties the company has to the governing body, tax authority, law enforcement, or legal obligations of the company
    18. Take any necessary action for the legitimate interests of the company or that of another person or of other juristic persons related to the operation of the Digital Government Development Agency (DGA)
    19. Prevent or stop harm to life, body or health of persons including epidemic surveillance
    20. Provide historical documentation for the public interest, research or statistical preparation of the company
    21. For compliance with laws, notices, ordinances in force or proceedings relating to litigation, processing information under subpoenas including the exercise of rights relating to your information
  1. Types of persons that the company discloses your personal information to
    Subject to the purposes set out in Article 9 above, the Company may disclose your personal information to persons or companies (Data Processors) that will help the Company perform services required by the Company. Only personal information required by the Data Processor will be supplied to the Data Processor. Personal data that may be sent may include

Types of data

Details and Examples

Personal information

Your ID or information from official documents that identifies you personally, such as your first name, last name, middle name, nickname, signature, ID card number, nationality, driver’s license number, passport number, house registration information, any professional license number (for each occupation) insurance identification number, Social Security number, among others.

Information about the characteristics of a person

Detailed information about yourself such as date of birth, gender, height, weight, age, marital status. military service status, photographs, spoken language(s), behavioral data, preferences, bankruptcy information, information on being incompetent or quasi-incompetent, etc.

Contact information

Contact information such as your home phone number, mobile phone number, Fax number, e-mail address, home mailing address username in social networks (Facebook ID, WhatsApp ID, Line ID, MS Teams), location map of your accommodation, etc.

Information about work and education

Employment details including work history and educational background such as type of employment, occupation, rank, position, function, expertise, work permit status. Reference information like, Tax Identification Number, tenure history, work history, salary information, start date, end date, assessment results, benefits, and benefits Items in the possession of the worker, job description, bank account number(s), educational institutions, educational qualifications, educational results, graduation date, etc.

Information about social relationships

information about your social relationships, such as political status, political office. Directorship, Relationship with the company ‘s workers, information on being a contractor with the company, information on being a stakeholder with the company, etc.

Information about the use of the company’s services

Details about the company’s products or services, such as account name, password, PIN number, Single Sign-on (SSO ID) information, OTP, computer traffic data. Geolocation data, photos, videos, audio recordings, usage behavior data, (Websites owned by the company such as https://passio.eco/vi or various applications) browsing history Cookies or similar technologies, Device ID (Device ID) Device type, Connection details, Browser information, Language used, operating system used, etc.

Sensitive Personal Data

Your sensitive personal data such as race, religion, disability information, political opinion information, Criminal records, biological data (photographic data), health information, etc.

  1. Sending or Transferring Personal Data Overseas
    In some cases, the Company may need to send or transfer your Personal Data overseas for the purposes of providing services to you, for example, to send personal information to the Company’s computer system with a platform or server (Server) located abroad or in a Cloud environment (Cloud), in order to support information technology systems located outside Thailand, and depending on the services of the  companies you use or are involved in on a case-by-case basis. The Personal Data Protection Committee has not yet announced a list of destination countries that have adequate personal data protection standards as follows:
  2. When the Company has a need to transmit or transfer your personal data to another country, the Company will proceed to provide the data. Personal data sent or transferred will have adequate personal data protection measures in place that are in accordance with international standards, or the Company will take the required action to ensure the conditions to transmit or transfer that information are in accordance with the law, including:
    1. It is in compliance with the law that requires companies to send or transfer personal information abroad.
    2. has informed you and obtained your consent in the event that the destination country has insufficient standards for personal data protection in accordance with the announcement of the list of countries announced by the Personal Protection Board
    3. it is necessary to perform a contract to which you are a party to the Company or to fulfill your request prior to entering into that contract.
    4. it is the act of contracting a company with another person or entity, for your benefit
    5. to prevent or suppress harm to your life, body, or health or that of another person when you are unable to give consent at that time
    6. it is imperative to carry out missions for the benefit of the public.
  1. Period for collecting your personal information
    The Company will retain your personal information only for as long as it is necessary for the purpose for which it was collected, as detailed in the Policy or in accordance with relevant laws. However, after the expiration of the period and your personal information is no longer necessary for the said purpose, the company will delete, destroy your personal information, or make your personal information unidentifiable in accordance with the forms and standards for the destruction of personal data that the committee or law will announce, or in accordance with international standards. In exercising any right or lawsuit in connection with your personal data, the Company reserves the right to keep that information until the dispute has been finalized by order or judgment.
  2. Providing services by third parties or subcontractors
    Company may assign or procure third parties. (Data Processors) to process personal data on behalf of the company to which such third parties may offer services in various ways, such as web hosting (hosting), outsourcing service, or is a cloud service provider (Cloud computing service/provider), etc.

By entrusting third parties to process personal data as Data Processors, the Company will provide an agreement stating the rights and obligations of the Company as the Data Controller and of persons entrusted by the Company as a Data Controller.  Processing of personal data includes defining in detail the types of personal data the Company is entrusting to the third party which may include, objectives of the processing and scope of processing of personal data. There may be other related agreements which the processor of personal data has the duty of processing but only to the extent specified in the agreements and in accordance with the instructions of the Company, without processing for other purposes.

In the event that a Data Processor assigns another party as a sub-processor the Company will direct the Data Processor to provide a documentary agreement between the Data Processor and the Data Sub-Processor and ensure that Data Processing is in the same range, format and standard not lower than the agreement between the Company and the Data Processor.

  1. To maintain the security of personal information
    The Company has measures to protect personal information. By limiting the right of access to personal data so that it can be accessed only by specific officers, authorized or designated persons, who have the need to use such information for the purposes for which the data subject has been notified and consented. Such persons must strictly adhere to and comply with the Company ‘s personal data protection measures.  As well as having a duty to maintain the confidentiality of personal information that they know from the performance of their duties. The company has measures in which secure information both organizational or technical that meet international standards and are in accordance with the notification of the Personal Data Protection Committee.

In addition, when the Company transmits, transfers, or discloses personal information to third parties, whether for the provision of mission, contract, or other form of agreement, the Company will determine personal data security and confidentiality measures that are appropriate and in accordance with the law, to confirm that personal information collected by the Company will always be safe and secure.

  1. Links to Third-Party Websites or Services
    The Company’s services may contain links to third-party web sites or services. The website or service may have a personal information protection policy that is different from this policy. We recommend that you consult the privacy policy of that website or service so as to understand the differences. The Company is not associated and has no control over the privacy protection measures of such websites or services and cannot be held responsible for the content, policies, damage, or actions caused by the website or service of a third party
  2. Personal Data Protection Officer
    The Company has appointed a Personal Data Protection Officer to perform audit duties, supervise and advise on the collection, use or disclosure of personal data. including coordinating and cooperating with the Office of the Personal Data Protection Commission so that the Company can comply with the Personal Data Protection Act B.E.  2562
  3. Rights of the Data Subject under the Personal Data Protection Act B.E.  2562
    The Personal Data Protection Act B.E.  2562 provides the Data Subject with certain rights, the details of the various rights are as follows:
    1. Right to request access to personal data – You have the right to request access, receive a copy and request the Company to disclose the origin of personal data collected by the Company without your consent.  The company has the right to refuse your request if there are legal grounds or a court order or in the event that the exercise of your rights will have an effect that may cause damage to the rights and freedoms of others.
    2. Right to request correction of personal data – If you find that your personal information is inaccurate, incomplete, or not current, you have the right to request that the company make amendments so that the data collect is accurate, current, complete and not misleading.
    3. Right to delete or destroy personal data – You have the right to request the Company to delete or destroy your personal data or make your personal data unidentifiable. The exercise of the right to delete or destroy this personal data shall be subject to the conditions prescribed by law.
    4. The right to request the suspension of the use of your personal data – You have the right to request the suspension of the use of your personal data in the following cases.
      1. During the period when the Company conducts an audit at the request of the Data Subject to correct or update the Personal Data.
      2. Personal data of the Data Subject is collected or disclosed by unlawful means
      3. When the personal data of the Data Subject no longer needs to be retained for the purposes for which the company was granted access to collect, use, and disclose, but the owner of the personal information wishes the company to keep that information for the purpose of exercising its legal rights.
      4. When the Company is proving the legitimate grounds for collecting the personal data of the Data Subject or investigating the need for collecting, using or disclosing personal information for the public interest, due to the Data Subject exercising the right to object to the collection, use or disclosure of their personal data.
    5. The right to object to the processing of personal data – The Data Subject has the right to object to the collection use or disclosure of their personal information, unless the Company has lawful grounds for refusing the request (e.g., the Company can demonstrate that the collection, use or disclosure of your personal data has more legitimate grounds or will be used for the establishment of legal claims, compliance or exercise of legal claims or for the public interest of the company )
    6. The right to withdraw consent – In the event that you have given consent to the Company to collect, use or disclose personal information (Whether that consent was given before or after the Personal Data Protection Act B.E.  2562 came into force), you have the right to withdraw your consent at any time.  Unless there is a legal reason that prevents the Company from not honoring your request, or if there is an active contract between you and the company that benefits you.
    7. The right to request to send or transfer personal information – You have the right to obtain your personal data from the Company in a readable or generally usable form with automated tools or devices and to be able to use or disclose personal data by automated means. You may also ask the company to send or transfer these data in such form to another personal data controller.
  4. Penalties for non-compliance with the Privacy Policy
    Failure to comply with the policy may result in an offense and subject to disciplinary action in accordance with the Company ‘s rules (for its officers or operators ) or according to personal data processing agreements (for processors of personal data) as the case may be and your relationship with the Company and may be subject to penalties as prescribed by the Personal Data Protection Act B.E. 2562
  5. Complaints to supervisory authorities
    In the event that the Data Subject finds that the company has not complied with the data protection laws, the Data Subject should first complain to the company and seek a resolution. In the event that there can be no resolution the Data Subject has the right to complain to the Personal Data Protection Committee or the supervisory authority appointed by the Personal Data Protection Committee or consider taking legal action.
  6. Updates to the Privacy Policy The company may consider improving, amending, or changing this policy at its discretion and will notify Data Subjects via their website https://passio.eco/vi/. The effective date of each revised version will be indicated. The Company encourages Data Subjects to check regularly for new versions of this Policy especially before the Data Subjects disclose personal information to the Company

Access to the Company ‘s products or services after the enforcement of the new policy is deemed to be an acknowledgment of the terms of the new policy. Please stop accessing if you do not agree with the details in this policy and please contact the company for further clarification.

  1. Contact for inquiries or use of rights If you have any questions, suggestions or concerns about the Company’s collection, use, and disclosure of personal information or about this policy or you want to exercise your rights under the Personal Data Protection Law You can contact us at
    1. Data Controller
      1. Name:Ecomobi Media joint stock company.
      2. Contact:4th Floor, 2nd Building, Times Tower, 35 Le Van Luong Road, Nhan Chinh Ward, Thanh Xuan District, Hanoi, Vietnam
      3. Contact: info@ecomobi.com
    2. (DPO)
      1. Name: Ecomobi Media joint stock company.
      2. Address :4th Floor, 2nd Building, Times Tower, 35 Le Van Luong Road, Nhan Chinh Ward, Thanh Xuan District, Hanoi, Vietnam
      3. Contact: partners@ecomobi.com 
passio