Business Online Public Company Limited and its subsidiaries (collectively, the “Group” or “we”) are Thai leading provider of business information and analytics tools to provide comprehensive and unique information services through the Group’s products (the “Products”) that assist our customers or users (the “Customers”) in a fast and effective critical commercial decisions making. Our database contains business records in which some information may be classified as personal information under various laws such as information relating to an individual (e.g. a company director and authorized director, a beneficial owner, a shareholder, a professional contact). This quality information serves as the foundation of our global solutions that Customers rely upon.
We provide solutions that meet a diverse set of global customer needs. The Customers use our Products to mitigate credit risk, increase cash flow, drive increased profitability, and more effectively manage their suppliers and service providers, including strengthen their marketing initiatives and increase revenue from new and existing customers.
It is our responsibility to safeguard the information within our care and we are committed to managing our data in a secure and responsible manner. We provide the Products and services based on information about millions of businesses worldwide derived from government database and credible sources.
INFORMATION WE COLLECT
We collect information on businesses and business professionals. This includes information we collect from businesses’ owners and principals, creditors, vendors, third parties and suppliers, and from public records such as business registrations, Stock Exchange of Thailand filings and bankruptcy filings. We publish processed information on businesses that is available in public sources and may be a factor in the Customers’ decision making involving credit, insurance, marketing and other activities. The information that we collect includes the following:
1) Company and business professional information, including business contact information such as name, title, address, phone number, fax number, and e-mail address, domain names, and registration, financial and tax records;
2) Detailed company profiles and statistics, including number of employees;
3) Background information regarding company management, such as beneficial ownership or persons of significant control, the educational and career histories of company principals, adverse media history including but not limited to any history of criminal acts or misconduct;
4) Company operational histories, including territories, subsidiaries, affiliates, and lines of business;
5) Detailed trade and business credit information, including payment histories and patterns;
6) Summary business information regarding profitability, debts, assets, net worth, and business relationships;
7) Business compliance information from public source government and professional records, media and business publications;
8) Educational institutional profiles and statistics, including educational subject matter specialties and number of employees;
9) IP addresses, geolocation, and comments on social media;
10) Credit and debit card information in order to process certain customer payments;
11) Non-business personal information on business individuals (such as a personal, non-business email address, shareholders, directors and authorized directors of companies); and
12) [Other data].
2. Website visitors and Customers
1) Personal information provided through websites of the Products includes name, address, telephone number, social media handle, email address, employer, job title;
2) Personal information collected in the scope of marketing activities upon participation in promotions or campaigns, and similar events in order to establish a profile;
3) Information collected automatically through computer tracking includes IP address, browser type, or operating system, areas of the website visited and the website from which a visitor came; and
4) Precise location data, including the real-time geographic location of mobile devices or computers. Where available, location-based services may use GPS, Bluetooth, and IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine a device’s approximate location.
3. Sensitive Personally Identifiable Information
We may collect sensitive personally identifiable information associated with the Customers or the Customers’ clients, such as nationalities, genders, social security numbers and dates of birth in order to fulfill certain product orders or provide services, or only when voluntarily provided by the Customers. We will only use this kind of information for the limited and permissible purposes for which it is collected and we will take commercially reasonable steps to adequately secure the information. We may also share this information with trusted third parties for the limited, permissible purpose of fulfilling the associated product orders.
PURPOSE FOR COLLECTING AND PROCESSING OF INFORMATION
We collect and uses the information that we collect to operate our websites, analyze trends regarding the Products and services and increase accuracy of our business data sets, as well as to assist us in matching IP addresses to business contact information.
We analyze information of visitors to our websites and match business information from our various databases and received from third parties against the information to learn more about what types of businesses are visiting our websites and the browsing preferences of such businesses on our websites for the continued improvement of the Products, websites, and our business.
Aggregated website visitor data may be used to determine usage patterns or interests of visitors to the website and users of the Products, or for purposes related to technical support or security of the websites, Products and computer systems. Usage information, such as number of reports, types of reports and functions accessed by a particular User ID, may be tracked within the Products to monitor authorized usage of the Products, respond to questions from the Customers, for market research, and to improve the design and functionality of the Products. We also aggregate corporate or industry information accessed by all of the Customers to appreciate the types of companies and industries for which the Customers require information, which in turn improves the quality of the Products.
2. Providing the Products and services
We supply and offer the Products and a variety of services about organizations, including personal information of natural persons relating to such organizations, to the Customers for performance of our obligations under certain contacts relevant to each Product. Our purpose is to enable the Customers to (i) manage their business opportunities, business credit, financial risks, (ii) make risk management, and marketing decisions, (iii) carry out transactions, (iv) protect against fraud and dishonesty, (v) know who they are doing business with, and (vi) meet their compliance and regulatory obligations and better understand organizations, industries and markets. Our processing of information is for the purposes of the legitimate interests pursued by the Customers, which shall not be overridden by the Customers’ interests or fundamental rights and freedoms.
3. Marketing purpose
We also use the information derived from analytical activities, which may be combined with non-personally identifiable behavioral information received from third parties, to better model and refine our general marketing activities and may, from time to time and to the extent permitted by applicable laws, directly market the Products and services to businesses and/or the Customers.
We may use professional business contact information to match it with other public and private sources in order to create anonymous segments of information (this is non-personally identifying information, such as demographic, behavioral and technical information, extracted from the underlying data) for use by us and/or third parties to target advertising messages to the Customers on third party sites and services. Such segments do not reveal or contain the personal information. Any Customer may opt-out from certain targeting advertising by following the instructions provided.
4. Statistic purpose
From time to time, we compile some online and offline transaction and registration information for internal analyses for statistic purpose only, which shall not be included in the Products or services provided to the Customers.
5. Compliance with court orders or applicable laws
When necessary or appropriate, we may disclose information in response to a court order, subpoena, law enforcement proceeding, regulatory inquiry or when otherwise legally required. Also, be advised that we sometimes receive requests (e.g. court order, subpoena, law enforcement proceeding) for personal information from public authorities to meet national security or law enforcement requirements. In responding those requests, our response will be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements or (b) by statute, government regulation or case law that creates obligations or explicit authorizations.
6. Sharing and transfer of information
We share information with the recipients described below in order to support our websites and business operations. We contractually require that these recipients only use the information for the intended purpose of the disclosure and that they destroy or return the information when it is no longer needed. We may also disclose the information as required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving our assets or businesses. In the event that we are purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred to any potential purchasers.
We also comply with cross border transfer requirements by entering into standard contractual clauses or using other mechanisms available under applicable data protection laws. We also use data transfer agreements or other approved mechanisms for global transfers of personal information.
The categories of third parties to whom we share personal information
We share personal information to the following third parties:
Employees and contractors whose roles require access to personal information;
Service providers who process personal information on our behalf;
Credit card processors, our customers for credit, sales and marketing, supply and compliance decisions;
Customers or users who can access to personal information collected from public sources and provided by each data subject;
Our worldwide network partners with across the world;
Our strategic partners who incorporate our data into their own solutions;
Our auditors, attorneys and consultants;
Live help/chat providers and contractors;
Competent courts and governmental authorities;
Third parties whom data subjects have asked us to share information with; and
KEY LEGAL BASES TO PROCESSING OF INFORMATION
Consent by use of our Products
By using the Products, the Customers hereby consent to our collection, use, management, retention, and disclosure of their information as described in this Policy, privacy notice and terms and conditions relevant o each Products.
Legitimate interest of the Customers
Our main purpose of processing of information is for the legitimate interests pursued by the Customers, including to (i) manage their business opportunities, business credit, financial risks, (ii) make risk management, and marketing decisions, (iii) carry out transactions, (iv) protect against fraud and dishonesty, or (v) know who they are doing business with, without prejudice to any third parties’ interests or fundamental rights and freedoms.
When the Customers select one of our Products or services, register for a newsletter or e-mail alert, fill out an online form, or complete a survey, we may try to identify the Customers’ browser and combine information from cookies, and other information collected online with other data that we maintain.
Third Party Advertisers
We use third party advertising companies to serve our ad banners on our websites. The use of third party cookies and other tracking technologies is not covered by this Policy, and we do not have access to or control over any third party’s activities. A third party may place a cookie on the Customers’ computers or use a web beacon to access a cookie that they previously placed on such computers, and track online usage and behavior patterns. These companies may use information about visits to our websites in order to provide advertisements on the websites about goods and services that may be of interest to the Customers, and then accordingly customize the advertising content served to the Customers when visiting other websites.
We sometimes use web beacons to gather statistics about usage on our website. Some of our websites use web beacons in conjunction with cookies. Some of our e-mails may also contain pixels or code to gather information regarding e-mail behavior and analytics. We may share this encrypted information with third parties for e-mail analytics purposes.
Choices regarding Cookies
We respect the Customers’ privacy preferences and offer the following ways through which the Customers may control how we contact our Customers and disclose the information. We will honor our Customers’ requests accordingly.
E-mail Telemarketing, Texting or Calling
To opt out of receiving our promotional e-mails, newsletters, and updates about new features, products and services or telemarketing calls, our customer can manage notifications and communications at www.bol.co.th or may follow the unsubscribe instructions in any of our promotional emails. Any Customer can also reach our Customer Service at 02 657 3999 or send an email to firstname.lastname@example.org. The preferences may be changed at any time.
By providing a phone number to us, it shall be deemed that we have been expressly consented and authorized to contact any Customer who provided the phone number in any lawful manner, including the use of automatic and/or computerized dialing systems, text messages and pre-recorded message and call technologies for any lawful purpose, including marketing the Products and third party services.
It should be noted that we may continue to contact our Customers by sending transactional or service-related e-mails or calling despite the desire to not receive promotional or marketing e-mail messages or telemarketing calls.
Third Party Marketing
Any Customer who has provided any contact information may request to be excluded from our professional contacts database, by calling us at 02 657 3999 or emailing email@example.com.
While we may remove the business contact information from our professional contacts database, please be aware that we will continue to provide the company’s or educational institution’s contact information. It should be noted that if a professional contact information is in a different third party’s marketing directory, a request for removal shall be submitted to such third party directly.
DATA PROTECTION RIGHTS
To help ensure transparency, data quality and accuracy, we provide the Customers with the following rights:
Right to access and request for copies of personal data;
Right to data portability;
Right to object to processing;
Right to erasure;
Right to restrict processing;
Right to rectification; and
Right to lodge a complaint with a supervisory authority.
If any Customer would like to exercise any of these rights, please contact our customer service at 02 657 3999 or send an email to firstname.lastname@example.org and we will respond to the Customer within have [one (1) month]. We may charge the Customer a small fee for this service at our own discretion.
To the extent permitted by any applicable laws, we will promptly investigate the issue, confirm the information in question, correct verified inaccuracies or delete any personal information within such business information, and respond to the original inquiry. In such a case, we shall stop a distribution order regarding the relevant business report, as well as ancillary products that may be affected by the verified inaccuracy, until the matter is properly resolved. When the investigation is complete, we will also send a correction notice to businesses or others whom we know to have received the inaccurate data, as appropriate and practicable. However, some third parties and their sites may continue to display inaccurate data until their databases are refreshed in accordance with their update schedules.
We may deny the request if retaining the information is necessary for us or our service providers to:
Complete the transaction for which we collected the personal information, provide a good or service that the Customer requested, take actions reasonably anticipated within the context of our ongoing business relationship with the Customer, or otherwise perform our contract with the Customer;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug Products to identify and repair errors that impair existing intended functionality;
Ensure the right of another consumer provided by law;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair such achievement, if the Customer previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on relationship with us and that are compatible with the context in which the Customer provided it; and
Comply with legal obligation under relevant laws and regulations.
We will do our best to resolve any complaints or issues as quickly as possible.
We also apply appropriate technical, physical, and administrative data security measures to protect data against unauthorized access and disclosure and that are consistent with our business operations and generally accepted standards. We require our employees to complete privacy and security training. We also implement a third party service provider due diligence program to ensure that our vendors likewise employ adequate data collection, processing, transfer, management and security measures in carrying out their services on our behalf. In this regard, we will review and update such measures where necessary to implement appropriate measures to ensure that our processing of the data is performed in accordance with the national standards and relevant regulations.
Policies and procedures for securely managing information and protecting data against unauthorized access implemented by us are as follows:
Establishing policies and procedures for securely managing information and as may be further addressed in our contractual relationship with a customer;
Limiting employee access to personal information;
Protecting against unauthorized access to Customers’ data by using data encryption, authentication and virus detection technology, as required;
Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements;
Monitoring our websites through recognized online privacy and security organizations;
Conducting background checks on employees and providing data privacy training to our team members; and
Continually assessing our data privacy, information management and data security practices.
CHANGES TO THE POLICY
If we make material changes to our data privacy practices, this Policy will be updated and posted on our website in order to keep the Customers informed of how we collect, use, manage, disclose, and protect information. The effective date of the Policy will be updated accordingly.
Effective Date of this Policy: May 23, 2020
This Privacy was previously updated: May 23, 2020