Customer’s Privacy Policy

This document is Privacy Policy applies to all customers (hereinafter referred to as "You" and “Your”) of Octagon Interactive Company Limited (hereinafter referred to as "Company"). As a personal data controller according to the Personal Data Protection Act B.E. 2562, This Privacy Policy will notify all concerned about how the company collects and processes customer’s personal data in accordance with the purposes and scope of the company.

1) Purposes and Scope of the Privacy Policy

This privacy policy covers data subjects who are the company's customers including: customer, user, payer, resident, tenant, representative, agent, guest, visitor and individual being involved with the company's customers.

This privacy policy may be revised at any given time and the company may notify you through appropriate channels.

2) Personal Data The Company Process

The company collects the following categories of your personal data;

5) How The Company Process Your Personal Data

The company will collect, use, and disclose your personal data for the following, but not limited to, purposes.
 1. Performance of the contract (Contractual Basis)
For the performance of the contract in order to enable you to use company's products and/or services for the purposes of which your representative/service provider are a party to the company or to fulfill your request before using the company's products and/or services, such as
 (1) Providing products and/or services, including delivering company's products and/or services.
 (2) Any action related to the use of products and/or services, such as processing, contacting, notifying, assigning tasks to third party service providers; Implementing coordinated and communicating to provide effectively deliver services, including the notification of any information related to or due to the usage of the company's product or service.

 2. Legal Obligation
In order to perform duties in accordance with relevant laws or applicable (Legal Obligation), such as
 (1) Compliance with legal, regulation, the order of the legal authority or government agencies, such as compliance with subpoenas, injunction, and otherwise authorized by law.
 (2) Compliance with other necessary laws, including announcements and regulations issued under such laws.

 3. Legitimate Interest
To carry out operations necessary under the legitimate interests of the company or of another person or entity without exceeding the scope that you can reasonably expect (Legitimate Interest), such as
 (1) Image recording, CCTV recording, identity document verification, identity document data extraction, identity document exchange before entering this premises
 (2) Owner/agent’s identity verification of the property ownership, property data recording before entering this premises
 (3) Prevention, coping, and reduction of risks through deliberate actions that may cause loss of life, injury, other health impacts or property damage (eg: common property, personal property and personal safety); illegal activities; offenses relating to property, life, body, liberty or reputation, which include sharing personal information to raise the standard of work of companies and service providers in preventing, coping, and reducing the aforementioned risks.
 (4) Customer relations, such as handling complaints, satisfaction assessment, customer care by service providers, processing and displaying data for service improvement, and offering new products and/or services that are beneficial to you.
 (5) Risk management, supervision and internal management
 (6) For the purpose of accounting and finances, such as audit, payment validation and refunding
 (7) Making personal information as non-personally identifiable information (Anonymous Data)

The following are the groups of activities in which the company utilizes your personal data to carry out all activities in accordance with the aforementioned purposes:


Company will process your personal data according to the stated purposes and scope. If there came upon a case where personal data were to be processed for other purposes, and it is unlikely to rely on other legal bases, through this policy, the company will provide additional information about the processing's purpose and legal basis.

6) Disclosure of Personal Data

Company may disclose and/or transfer your personal data to third-party organizations and process personal data in accordance with agreements with the company and/or legal obligations. These organizations may include;
 1. Organization
 Company may disclose your personal data within our organization to provide and develop our products or services. Company may combine information internally across the different products or services covered by this privacy policy to help us be more relevant and useful to you and others.
 2. Service Providers, Vendors & Business Partners
 Company may use service providers and vendors to help us provide our services as payments and development of products or services, such as Kasikorn Bank (KBANK), auditors, legal and financial advisors, security services agency and others as related. Please note that service providers and vendors have their own privacy policy.
 In relation with our business partners, the company may disclose certain personal data to them in order to coordinate and provide our products or services to you and provide necessary information about the availability of our products or services, such as juristic persons and real estate development companies.
 3. Law Enforcement
 Under certain circumstances, the company may be required to disclose your personal data if required to do so by law or in response to valid requests by government authority such as courts, government authorities.

7) Data Subject Rights

Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:
 1. Right to withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
 2. Right to access: You have the right to access your personal data that is under our responsibility; to request us to make a copy of such data for you; and to request us to reveal as to how the company obtains your personal data.
 3. Right to data portability: You have the right to obtain your personal data if the company organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
 4. Right to rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
 5. Right to restriction of processing: You have the right to restrict any data processing activity in accordance with the following cases:  6. Right to objection: You have the right to object to collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
 7. Right to erasure/destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or retention of the data by us is no longer necessary in connection with related purposes under this privacy policy; or when you request to withdraw your consent or to object to the processing as earlier described.
 8. Right to lodge a complaint: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.

You can exercise these rights as the data subject or to file a complaint against your personal data processing by contacting our Data Protection Officer as mentioned below or you can apply the request form to the company by click: Data Subject Rights Request form. The company will notify the result of your request within 30 days upon receipt of such request. If the company denies the request, the company will inform you of the reason via SMS, email address, telephone, registered mail (if applicable).

8) Time Period of Personal Data Storage

Company will keep your personal information for a period of 120 days or throughout the appropriate period according to the purposes and scope of this privacy policy to process such data still stand or/and for service, for inspection, for supervision, for safety and risk management, for preventing loss of life and property, for legal obligation, and for others as related. Company will keep your payment and transaction information for a period of 10 years for the purpose of proving and verifying cases that may arise within the statute of limitations.

Company will delete or destroy your personal information or make it non-personally identifiable information when it is no longer necessary or at the end of the said period.

9) Personal Data Security

Company endeavors to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls. Company has implemented security measures to ensure the security of your personal data in accordance with the company's information security policy.

10) Personal Data Breach Notification

Company will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, the company will also notify the personal data breach and the remedial measures to you without delay through company website, SMS, email address, telephone or registered mail (if applicable).

11) Changes to this Privacy Policy

Company holds the rights to review and edit this privacy policy as the company see appropriate. Any changes of this privacy policy, the company encourages you to frequently check on our websites and web applications. Company also notifies you to understand this privacy policy by scanning QR code on a notice at the entrance of this premises.

This privacy policy was last updated and effective on August 5,2022

Through the showing and/or exchanging of your identity document including by entering this premises, you are hereby accepting the terms stipulated within this privacy policy. If you do not agree to this privacy policy, please do not enter this premises.

12) Links to Other Sites

Any websites from other domains found on company websites and web applications are subject to their privacy policy which is not related to us.

13) Contact Information

If you have any questions about this privacy policy or would like to exercise your rights, you can contact us by using the following details: