Privacy Notice

Thai Airways International Public Company Ltd. (THAI), which includes its subsidiary companies, consisting of Thai Smile Airways Co., Ltd., Thai Flight Training Co., Ltd., Thai-Amadeus Southeast Asia Co., Ltd., Tour Euang Luang Co., Ltd. and WingSpan Services Co., Ltd. aims at provision of services with quality to respond to your expectation. THAI realizes the importance of personal data protection and the compliance with laws and regulations. This Privacy Notice is provided to you to inform you how we protect your personal data and your rights as the Data Subjects.

THAI as the “Controller” has the authority to determine the collection, use and disclosure of personal data in compliance with the Personal Data Protection Act B.E.2562 (2019) (PDPA) (“the Act”), the General Data Protection Regulation of the European Union (GDPR) and other related laws (“the applicable privacy laws”)

THAI hereby informs you as the Data Subject who may be (1) the person who has contacted THAI either be, has been or may further be a customer of THAI or (2) employee, personnel, staff, representative, shareholder, director, contact person, agent or person associated with juristic person or natural person under (1) above or party of persons who has contacted THAI either be, has been or may further be a customer of THAI, of how we protect your personal data obtained or may obtain from the business conduction and the provision of services through various channel e.g. website, telephone, electronic channel, application, social media or other sources, to ensure that THAI will protect your personal data and will collect, use or disclose your personal data only in the case necessary, lawful and appropriate, and also to inform you the rights you may have as the Data Subject, as more detailed in this Privacy Notice.

  1. to manage or administrate all risks e.g.
    • Personal Data consisting of name, last name, sex, date of birth, age, contact details, data in various documents such as identification card, passport, residential card, alien card, work authorization, social security card, driving license, car registration book, house registration, signature, tax identity, data concerning member of family, facial photo, educational background, occupation or status.
    • Contact Details consisting of address as appeared on the house registration, address for delivery of documents, postal address, email address, house telephone number, mobile telephone number, fax number, name or account for application through digital channel e.g. Line, Google, Facebook, YouTube, Instagram or Twitter and contact information provided to THAI
    • Financial and Transaction Information consisting of bank account number, credit card number, debit card number, type of credit or debit card, information from the analysis of personal data, payment information or other information about the use or application for the use of the service with THAI.
    • Contact Information consisting of information received through branch offices, telephone, electronic or digital channel, social media, information from CCTV and mobile service which information may appear in written form, voice or video record, transaction record, photograph or motion pictures.
    • Information Technology Technical Data consisting computer serial number or internet protocol (IP address), Media Access Control (MAC), address code or serial number of the equipment conning to the network (MAC Address), Transaction Log, device ID, connecting information through application connecting channel (API), Cookies, type and version of Plug-In, Browser, operating system and platform, mobile internet or network, setting information on device and other technical data from the use of platform, application and operating system of THAI.
    • Usage Information consisting of username or code for the service, password, searching information, browsing history, viewing history, menu accessed, time period for using the website, platform, application, favorite menu, question & answer, log file, communication and suggestion to THAI.
    • Behavioral Information consisting of information about personal interest, service usage behavior.
    • Work Information consisting of start date, department, years of service, job position, job bibliography, job certification and reference, personnel ID, salary, wages, benefits, salary adjustment history, working record, disciplinary record, date of termination, type of termination, time in-out record, leave of absence history, bank details, emergency contact details, details of beneficiaries of an insurance.
    • (if any), educational background and reports, training and development information, photo, work history, other non-financial benefits, insurance information, family information, meeting records and opinions.
    • Medical Record consisting illness information, medical conditions.
    • Scorings and Testing Results.

  2. Sensitive Personal Data where THAI shall obtain your consent prior to the collection consisting of biometric data (e.g. Facial recognition, finger scan, retinas and voice recognition data), religious, criminal record, health or any other information as may be published by the Data Protection Board may announce.

In some case, provision of personal information is necessary for the legal obligation or performance of contract or necessary for entering into the contract. If you do not provide the information, this may result in THAI will be unable to comply with the legal or contractual obligation that THAI has with you.

THAI will proceed to collect, use, or disclose your personal data according to the conditions described by laws; namely (1) contractual basis, for THAI’s initial or fulfillment of a contract or request made by you to THAI (2) legal obligation imposed on THAI as required by the law (3) legitimate interest of THAI or other persons or juristic persons (4) vital interest of persons (5) necessary for a public interest, public task or the exercise of the right by the public sector or (6) your consent in case the collection, use, or disclosure that are outside the scope as described in (1) to (5) above, for any of the following purposes;

  1. to contact, communicate or provide information about the products or services that you use or will use;

  2. to fulfill your request or contract that you have with THAI or associated with the request or contract that you made with THAI, for example, delivery of document, demand for debt payment, subscription and allocation of shares, verification of type and amount of debt obligations under THAI rehabilitation plan for debt conversion into capital, verification of the number of common shares that you are obligated, entitled, or may exercise from debt conversion into capital under THAI rehabilitation plan including to comply with the contracts that we have with third parties which are necessary and related to the provision of a service to you;

  3. to manage relations between you and THAI, and to prepare detailed or historical records of services provided to you for provision of services to you in the future;

  4. to manage information of corporate customers in which your personal data may be involved;

  5. to comply with laws, rules, and regulations;

  6. to perform any acts as the supervisory authorities may describe, request or recommend to comply;

  7. to manage and administrate THAI’s internal businesses, e.g. compliance, improvement, or internal audit including compliance with THAI regulations or requirements;

  8. to manage or administrate all risks e.g.
  • to prevent, handle, or minimize risks arising from illegal acts that may occur to you, the customers, THAI’s personnel, and THAI by using the data for improvement of the security system through various service channels, working systems, and safety and security systems for information technology operation of THAI;
  • for security purposes, e.g. photo recording of the person contacting or involving in a transaction with THAI via CCTV and the exchange of identification card when accessing the building for security reasons within THAI areas;
  • to disclose and transfer your personal data to third parties as part of a business transaction such as sale, transfer, merger & acquisition, organizational restructuring, implementation of THAI Rehabilitation Plan or similar transactions;

  1. to procure and offer products, services, and alternatives of services to you, including communication, notice and warning, delivery or offer of privilege, benefits, awards or information about products or services of THAI, the companies in THAI group or business alliances which may be of interest to you, or for sale promotion or lucky draw activity;

  2. to authenticate and verify the identity, and examine the use of services or transactions according to your orders;

  3. to manage all complaints e.g. the investigation on the use of the services or transmission of data within or between THAI and third parties, the process of accepting your complaints, compensation or use of information for improving such services;

  4. for statistical analysis or research in connection with business operation of THAI and its subsidiaries;

  5. for strategic purposes, protecting interest or evaluation of the business result or services of THAI;

  6. for evaluation, development, and improvement of products or services or for execution of the rights by THAI;

  7. for marketing promotion project or activity, meeting, seminar, entertainment or site visit;

  8. for storage of data on cloud service (Cloud Storage) and other systems used for storing data;

  9. for the performance of the contract to which THAI is the contracting party or for enforcement of the rights under the law or contracts binding THAI;

  10. for connecting or facilitating the use of the website, application, and platform of THAI or other persons;

  11. for application for a job or employment, recording of working hours, payment of remuneration and other benefits, performance evaluation, audit, and record of the use of information technology services, operation management, disciplinary action, learning, and self-development;

  12. for occupational health and safety purposes, severance pay, and insurance claims;

  13. for the submission of the meeting agenda, meeting attendance, date and time, meeting minutes and comments;

  14. for use of data and photographs for THAI internal and external communications

  15. for specific purposes related to criminal records in collecting personal data relating to criminal records, such as:
  • for the purpose of verifying and assessing qualifications, checking prohibited characteristics, and characteristics indicating fitness to be entrusted with the management of THAI’s affairs, and considering the suitability for holding a position, including granting permission, endorsement, certification, approval, and providing opinions in the consideration of election or appointment, to enable THAI to select appropriate individuals to hold positions of THAI and perform their duties efficiently in compliance with laws and orders of authorized officials;
  • for the purpose of allowing THAI to collect, retain, use, and/or disclose criminal record for more than six months from the date the related activities are completed, for the purposes and to the extent necessary for the collection, use, and/or disclosure of personal data, for the necessary management of THAI.
    The collection, use, or disclosure of your personal data including the cross-border transfer thereof shall be performed in accordance with the above principles.

 THAI may be required to disclose your personal data to other persons or organizations within or outside the country in order to fulfill the purposes under this notice as follows:

  1. Subsidiary Companies consisting of Thai Smile Airways Co., Ltd., Thai Flight Training Co., Ltd., Thai-Amadeus Southeast Asia Co., Ltd., Tour Euang Luang Co., Ltd., and WingSpan Services Co., Ltd.

  2. Business Alliances for example, business alliance in air transport, tourism, hotel, car rent, marketing, financial institution, insurance or life assurance or any persons involving the promotion or loyalty program, data analysis, joint platform service provider, or person whose name or trademark appears on the contract, website, or other service channels of THAI.

  3. Persons Involving in the Services of THAI for example, other airlines, business partners, ground handling agents providing check-in and baggage services, cargo accepting and delivery services, call centers, person who performs as intermediary in transactions for THAI, joint provider with THAI, outsourcing service provider, contractor or seller of goods or service to THAI or domestic and international agent of THAI for when THAI is a contracting party, for example, infrastructure development provider, technical infrastructure developer, electronic or information technology system developer, logistics and cargo terminal service provider, cloud computing service provider, data analysis provider and event and activity organizers.

  4.  Person or Organization as Described by Laws THAI may be required to disclose your personal data in order to comply with laws, rules, regulations or orders of the government agency, state agency, supervisory agency or in case THAI believes that the disclosure is necessary for complying with laws to protect the right of THAI or other persons, for the safety of a person, to protect, investigate, or manage fraud, security or safety in various areas, for example, tax authority, fund administrator, social security authority, or financial institution. THAI may be required to disclose the personal data to the Royal Thai Police, the Office of the Securities and Exchange Commission, or other relevant agencies involved in the collection of personal data relating to criminal records, for verifying qualifications and for checking characteristics indicating fitness to be entrusted with the management of THAI’s affairs as required by law.

  5. Advisors of THAI, for example, legal, financial, technical experts and auditors.

  6. Right and Obligation Assignee or Novation Assignee, including the person involved in company restructuring, business assignment, investment, merger and acquisition, purchase or sale of properties, shares or businesses by a person involving in such activities, shall be in accordance with this notice.

  7. Other Related Persons, for example, beneficiary, person authorized to act on behalf of another, or guarantor.

  8. Association, Organization, Club and Other Bodies, for example, Thai Airways Employee Saving Cooperation, Thai Airways Employee Club.

  9. Websites and Other Social Media, for example, THAI Websites, Facebook, Google, or Instagram

THAI shall inform the person or organization whom the data has been disclosed to comply with THAI’s policy and laws for the security of your data. THAI shall allow the use of your personal data for the intended purposes and according to instruction of THAI only.

  1. Storage of Your Personal Data

    2. THAI has established security measures to protect your personal data both in document and electronic form to prevent loss, unauthorized access, use, alteration, modification, or disclosure of personal data without rights or unlawfully.

  2. Duration for Storage Your Personal Data

    3. THAI will collect your personal data for the purposes specified in this notice, as required by laws, and for a maximum of 10 years from the date you end your relationship with THAI, except when it is otherwise necessary by laws or such personal data are unable to be erased or destroyed due to the technical limitation.

    For the personal data relating to criminal records, THAI may collect, retain, use, and/or disclose criminal record for more than six months from the date the related activities are completed, for the purposes and to the extent necessary for the collection, use, and/or disclosure of personal data.

In case THAI is required to transfer your personal data to other persons or juristic persons in other countries, for example, your contracting party or THAI’s contracting party, THAI’s representatives, THAI’s overseas branches, the subsidiary companies, international agencies or organizations, and data protection measures in the destination country may not be equivalent to those required by laws. THAI will take appropriate measures to ensure that your personal data is transferred safely

 Personal data may be shared to individuals involved in providing services on behalf of THAI for the purposes identified above. In this case, we use additional safeguards to protect your personal data such as the “Data Processing and Transfer Agreement” and “Standard Contractual Clauses” for transferring personal data to the business operator outside the EU/EEA or Thailand (as the case may be). We process your data mainly within the Kingdom of Thailand and the EU. If you use services that involve data transfer to other countries which may have data protection measures equivalent to or different from those in the Kingdom of Thailand or the EU, such as international flight connections, we will transfer your data to those countries. In this respect, please refer to the general privacy policy of the International Air Transport Association (IATA) https://www.iatatravelcentre.com/privacy.htm

 

When you are an individual in the EU and processing your personal data falls under GDPR, in some cases when we transfer your data to destinations countries outside the EU or EEA, we will use additional safeguards to protect your personal data according to the “Standard Contractual Clauses” as stipulated by Applicable Privacy Laws and endorsed by the European Commission. A copy of the clauses can be provided for your review upon request to the contact details provided in section 10.

When accessing the website system of THAI, THAI will automatically collect certain data from your usage for the purposes detailed in this notice, for example, THAI will use the data recorded or collected by cookies and similar technologies for statistical analysis or other activities related to the website system or business of THAI. This helps THAI provide you with a better website experience, including the improvement of efficiency and quality of THAI’s website services.

  1. Right of Access and Request a Copy
    You have a right to access and obtain a copy of your personal data which is under our responsibility, or to request THAI to disclose the acquisition of such personal data that you did not consent to.

  2. Right of Data Portability
    You have a right to obtain personal data we hold about you, where we rely on consent basis or necessary for the performance of the contract basis, by a request you have made to THAI, or as announced by the Personal Data Protection Committee. If THAI has made such personal data available in a readable format that can be used generally by automated tools or devices and can be used or disclosed by automated means, you also have the right to: (1) request THAI to send or transfer such personal data to another data controller when it can be done by automated means; and (2) receive the personal data that THAI has sent or transferred in such format directly to another data controller, unless it is technically unfeasible.

  3. Right to Object
    You have a right to raise an objection to the collection, use or disclosure of your personal data by THAI in the following cases: (1) THAI collects your personal data due to the necessity of performing a task for THAI’s public interest, the exercise of right by the government sector, or for the legitimate interest of THAI, other persons or juristic persons; (2) THAI collects, uses, or discloses your personal data for the purpose of direct marketing; or (3) THAI collects, uses, or discloses your personal data for the purposes of scientific, historical or statistical research, unless it is necessary for THAI to perform a task for the public interest.

  4. Right to Erasure or Destroy Personal Data
    You have a right to request THAI to erase, destroy, or anonymize your personal data in the following cases: (1) your personal data is no longer necessary for the purposes for which it was collected; (2) you withdraw your consent and THAI has no other legal grounds to continue collecting, using, or disclosing such personal data; (3) you object to the collection, use, or disclose of your personal data collected by THAI due to the necessity of performing a task for the public interest of THAI, the exercise of the right by the public authority, or for the legitimate interest of THAI, other persons or juristic persons, and THAI has no overriding legitimate grounds to refuse such objection; (4) you object to the collection, use, or disclosure of personal data for direct marketing purposes; or (5) your personal data are unlawfully collected, used or disclosed, except when it is necessary for THAI to collect your personal data for compliance with legal obligations or for the establishment, exercise, or defense of legal claims or the use or protection of the right of THAI.

  5. Right to Restriction
    You have the right to restrict the use of your personal data in the following cases: (1) THAI is in the process of verifying your request for accuracy of your personal data and to ensure it is up-to-date; (2) THAI unlawfully collects, uses, or discloses your personal data; (3) THAI no longer needs to collect, use, or disclose the personal data for any purposes, but you wish THAI to retain your personal data for your benefits according to the laws; or (4) you wish THAI to suspend he use of your personal data pending investigation or verification of your objection to your personal data.

  6. Right to Rectification
    You have the right to request THAI to rectify your personal data to be accurate, complete and not misleading.

  7. Right to Withdrawal of Your Consent
    Where you have consented to the collection, use, or disclosure of your personal data, you have the right to withdraw your consent to THAI at any time. Withdrawal of consent may cause inconvenience for you or you may not receive special offers/services related to such personal data for which you have withdrawn consent.

  8. Right to Cancellation of Your Consent
    You have the right to cancel your consent for personal data that THAI has collected before the Act came into force by submitting a request to withdraw consent to THAI’s department where you are or have been receiving the services.

  9. Right to Complaint
    You have the right to lodge your complaint to the relevant agencies or authorities if THAI or a data processor, including THAI’s employee or contractor, violates or fails to comply with personal data protection laws.

If you wish to exercise any of the rights mentioned in sections 7.1 to 7.8 above, you can contact the THAI’s officer to submit a request to exercise those rights (as detailed in section 10). Once THAI receives your request, it will consider your request according to the criteria and conditions prescribed by law and will complete the request and notify you of the decision and actions within 30 days from the date THAI receives the request and the accompanying documents are complete.

Exercising your personal data rights may result in you being unable to receive certain services from THAI while THAI considers or processes your request.

THAI will not charge you any fees for exercising these rights. However, if THAI deems that your request to exercise your rights is excessive or without reasonable grounds, THAI may charge a fee for processing your request as permitted by law.

You can exercise your personal data rights from the date the Act comes into force.

If you wish to exercise the rights you can fill out the form here.

This Privacy Notice complies with the requirements of the Act. In some countries, there may be local laws that impose additional or different requirements from the Act. In such cases, THAI may issue local announcements or policies which supplement or amend this Privacy Notice from time to time to fully comply with such laws.

THAI may update this Privacy Notice from time to time as appropriate. THAI will inform you through our websites and applications, and it is recommended that you read and review the details in the new privacy notice whenever such changes are updated.

     If you have any concerns about how we process your personal data or would like to exercise your rights according to this Privacy Notice, you can send your request to;

    Data Protection Officer or Privacy Office

    Thai Airways International Public Company Ltd.

    89 Vibhavadi Rangsit Road, Bangkok 10900, Thailand

    Email: privacy@thaiairways.com

    THAI has appointed EU representative for the purposes of the GDPR. If you are in EU and would like to contact us, you can also send your request to;

    Thai Airways International Public Company Limited

    ZEIL 127

   60313 Frankfurt

   Germany

   Email: privacy@thaiairways.com

  Previous Privacy Notice (On 25 October 2024)