Data Privacy Policy

Logman International Co., Ltd. and Affiliated Companies is committed to protecting the personal data of our employees, staff, job applicants, customers, and other related persons, ensuring transparency and compliance with the Personal Data Protection Act B.E. 2562.

LOGMAN Company Limited (hereinafter referred to as the “Company” or “we” or “us”) recognizes the importance of personal data protection as a fundamental right under the law. This policy establishes rules for setting up a system to strictly control and supervise the security of personal data and its processing, including collection, use, or disclosure, in a transparent manner and in compliance with standards set by governmental agencies.

1. Definitions

  • Company: Logman International Co., Ltd. and Affiliated Companies.
  • Person: A natural person.
  • Personal Data: Any information relating to a person that enables their identification, directly or indirectly, excluding data of deceased persons.
  • Sensitive Data: Data that may lead to unfair discrimination, such as racial, religious beliefs, sexual behavior, criminal records, health data, disability, genetic data, biometric data, or other data classified by law.
  • Incompetent Person: A minor, incompetent, or quasi-incompetent person under the Thai Civil and Commercial Code.
  • Data Protection Officer: A person appointed by the Company to act as a data protection officer under the Personal Data Protection Act B.E. 2562.
  • Data Subject: A natural person, including personnel, staff, employees, job applicants, customers, service users, website visitors, mobile application visitors, executives, or any person with a legal relation to the Company.
  • Website: The Company’s website or those of its service providers.
  • Application: Any applications provided by the Company, including updates or supplements.
  • Data Controller: The Company, with the power or duties to decide on personal data obtained from the Data Subject, service provider, or contractual obligations.
  • Data Processor: A person or juristic person operating in relation to the collection, use, or disclosure of personal data under the orders of a Data Controller.
  • Collection: Acquisition of personal data.
  • Data Processing: Any action on personal data, such as collecting, recording, organizing, storing, using, disclosing, changing, compiling, or destroying.

2. Objectives

This policy aims to protect the personal data of Data Subjects transacting with or using the Company’s services, with the following objectives:

  1. Define roles and duties of organizations, executives, and personnel involved in personal data.
  2. Determine procedures, security measures, or other measures to protect personal data pursuant to the law.
  3. Establish performance guidelines for personnel related to data processing or other operations.
  4. Build confidence in the security of personal data for persons, customers, partners, and service users.

3. Collection of Personal Data

The collection, use, or disclosure of personal data adheres to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and integrity and confidentiality. Details include:

3.1 Purposes

The Company collects personal data for:

  • Providing and improving services, marketing, education, data analysis, and enhancing service quality.
  • Offering privileges based on Data Subject interests.
  • Personnel procurement activities.
  • Legal obligations.

Any change in objectives will be promptly communicated to the Data Subject.

3.2 Types of Data

Collected data may include name, surname, address, date of birth, gender, education, phone number, email, identification number, payment information, IP address, cookies, MAC address, service usage data, and communication records. Data is retained only as necessary and destroyed legally when no longer needed.

3.3 Legal or Contractual Requirements

If personal data is required by law or contract, the Company will notify the Data Subject of the consequences of not providing it.

3.4 Disclosure

Personal data may be disclosed to entities as required by law, for security, or service provision, only to the extent necessary.

3.5 Collection Methods

Data is collected directly with consent via:

  • Service request forms or rights exercise requests.
  • Questionnaires or email correspondence.
  • Company website or mobile application.
  • SMS.
  • Other Company-provided communication channels.

3.6 Cookies

The Company has a separate Cookies Policy.

3.7 Sensitive Data

Sensitive data (e.g., racial, religious, health, or criminal records) requires express consent unless collected for education, research, public interest, legal compliance, or other exemptions.

3.8 Third-Party Data

If a Data Subject provides third-party data (e.g., spouse or emergency contact), they must warrant consent for its collection, use, and disclosure.

3.9 Consent

Consent is obtained expressly in writing or electronically, clearly stating objectives, using simple language, and avoiding deception. Consent can be withdrawn at any time unless restricted by law or contract.

4. Use and Disclosure of Personal Data

Personal data is used or disclosed only for the stated purposes or necessary benefits, and may be shared with authorities (e.g., Department of Labor Protection, Legal Execution Department) as required by law.

5. Objectives of Personal Data Processing

5.1 Contract Basis

Data is processed for service provision, contract performance, communication, and personnel management (e.g., recruitment, salary, benefits).

5.2 Consent Basis

Sensitive data (e.g., religion on ID documents) may be processed with consent for identification or emergency assistance. Consent can be withdrawn.

5.3 Legitimate Interest

Data is processed for business administration, invoicing, audits, tax, risk management, and internal reporting.

5.4 Legal Obligation

Data is processed to comply with laws (e.g., Labor Protection Act, Student Loan Fund Act) or legal investigations.

6. Security of Personal Data

  1. Authentication, authorization, and activity logging measures are implemented per the Company’s Information Security Policy.
  2. Data transferred or stored internationally adheres to equivalent protection measures, unless required by law or consented.
  3. In case of a data breach, the Company will notify the Data Subject and detail remedies, except for damages due to Data Subject actions.
  4. Access to personal data is restricted to personnel with necessary duties (e.g., HR or contract managers).
  5. Computer systems are regularly reviewed for data security.

7. Roles and Responsibilities

7.1 Board of Directors

Establishes and supervises personal data protection policies.

7.2 Executives

Set rules, assign responsible personnel, and ensure standardized data protection for third-party processors.

7.3 Data Collectors/Users/Disclosers

Operate and control data processing, ensure security, delete expired data, and report breaches.

7.4 PDPA Working Group

Advises on compliance, examines operations, coordinates with authorities, and maintains confidentiality.

7.5 Data Protection Officer

Advises, supervises, and coordinates with authorities on data protection issues.

8. Rights of Data Subject

Data Subjects can exercise the following rights:

  1. Access and request copies of their personal data or disclosure of unconsented data acquisition.
  2. Request data portability to another controller, if technically feasible.
  3. Object to collection, use, or disclosure.
  4. Request erasure, destruction, or de-identification.
  5. Restrict data processing.
  6. Request rectification for accuracy and completeness.

The Company may refuse requests if not against the law.

9. Policy Updates

The Company may update this policy to align with laws, regulations, or operations, with amendments posted accordingly.

10. Policy Enforcement

This policy applies to all personal data collected, used, or disclosed by the Company, including current and future data, per the stated scope and objectives.

11. Hiring of Data Processors

  1. Assess service providers’ data protection systems before hiring.
  2. Specify objectives, retention, notification, and data handling in contracts.
  3. Sign a Data Processing Agreement (DPA) per regulations.
  4. Control processor operations per hiring objectives.
  5. Ensure deletion or de-identification of data after retention expires.

12. Training

The Company provides mandatory training to executives and personnel on personal data protection compliance, with supervisors ensuring participation and follow-up.

13. Other Websites

This policy applies only to the Company’s services and website. The Company is not liable for other websites’ content or operations, even if accessed via the Company’s site.

14. Personal Responsibility

Personnel or agencies handling personal data must comply with this policy. Violations may lead to disciplinary action, legal penalties, or further legal action by the Company.

15. Contact Us

For concerns, complaints, or to exercise Data Subject rights under this policy or the Personal Data Protection Act B.E. 2562, contact:

Head of Working Group on Personal Data Protection Act
Phone: (+66) 95 594 4714
Email: hr@logman.co.th

For further inquiries, reach out to our support team.

hr@logman.co.th

Head Office

Address: Logman Building

Phone: +66 (0)2-539-9696

Sales

Email: sales@logman.co.th

Address: Panna Living Building, 2nd Floor, Zone B

Customer Service & Operation

Email: cs@logman.co.th

Address: Panna Living Building, 2nd Floor, Zone B

Group Corporate Human Resources

Email: hr@logman.co.th

Address: Panna Living Building, 2nd Floor, Zone A

Phone: +66 (0)2-539-8899

Home
News & Community
Services
Network
Partners
People and Culture
About
Contact
Channel Complaints
Data Policy
© 2025, Logman International Co.,Ltd.,. All rights reserved.
|
Terms and conditions