Privacy Notice for Customers, Business Partners, and Visitors

Smart ID Group Co., Ltd. and its affiliated companies, including individuals or entities involved in the processing of personal data under the instruction or on behalf of Smart ID Group Co., Ltd. (hereinafter collectively referred to as the “Company”), are committed to protecting the privacy of customers, users, business partners, and visitors.

This Privacy Notice explains how the Company collects, uses, and/or discloses personal data (collectively referred to as “Data Processing”) in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). It also describes your rights, our obligations, and the conditions under which your personal data is collected, used, and disclosed.

Definition of Personal Data

“Personal Data” means any information relating to an individual that enables the identification of that person, whether directly or indirectly, but does not include the data of a deceased person.

1. Personal Data Collected by the Company

The Company collects and retains personal data by lawful and fair means, limited only to what is necessary for operational purposes, including but not limited to:

  • Personal information: name, surname, date of birth, age, nationality, national ID number, signature
  • Contact information: address, telephone number, email address
  • Government-issued documents: copies of national ID card, house registration, passport, or other identifiable documents
  • Financial information: bank account details, credit card number
  • Automatically collected data: IP address, cookies, browsing behavior, purchase history, photographs, and CCTV footage recorded on Company premises

The Company will collect personal data only with the consent of the data subject, except in the following cases:

  • To perform a contract: where collection, use, or disclosure is necessary to fulfill an agreement between the data subject and the Company.
  • To prevent or mitigate harm to life, body, or health.
  • To comply with the law.
  • For legitimate interests of the Company, provided such interests are balanced against the rights and freedoms of the data subject (e.g., fraud prevention, network security, protection of rights).
  • For research or statistical purposes where appropriate safeguards are in place to protect personal rights and freedoms.
  • To perform a task in the public interest or to exercise official authority granted to the Company.

2. Sources of Personal Data

The Company may receive personal data from the following sources:

  • Directly from you — when participating in promotional activities, membership registration, newsletters, or marketing events.
  • Automatically — through Company systems such as CCTV cameras or online tracking technologies.
  • From other sources — such as public databases, business partners, or affiliated companies.

3. Purpose of Processing Personal Data

The Company may process personal data for the following purposes, or for any other purposes notified to you at the time of collection or upon your consent:

  • To enter into or perform contractual obligations with you or third parties for your benefit
  • To respond to inquiries and provide assistance
  • To improve and develop products, services, and offerings
  • To provide product recommendations, promotional information, or marketing communications in accordance with your consent
  • To conduct surveys, research, and statistical analysis for marketing and operational improvement
  • To manage and administer internal business operations for legitimate interests
  • To monitor and maintain security in Company premises (e.g., via CCTV)
  • To comply with legal obligations such as taxation or regulatory reporting
  • To provide information to lawful authorities (e.g., Royal Thai Police, Anti-Money Laundering Office, Revenue Department, or courts)
  • To conduct accounting, auditing, debt collection, taxation, and other legally required transactions
  • To support legitimate interests, such as recording complaint calls or CCTV surveillance
  • To investigate or comply with legal and regulatory obligations
  • To verify customer identity
  • For any other purposes for which explicit consent has been obtained

4. Disclosure and Transfer of Personal Data

The Company will not disclose or transfer your personal data to any third party without your explicit consent, except under the following circumstances:

  • To achieve the purposes stated in this Privacy Notice, the Company may share necessary information with partners, service providers, or external entities (e.g., IT services, data storage, auditing, payment processing, logistics, insurance, data analytics, research, and marketing services), under data processing agreements as required by law.
  • To affiliated companies, strictly within the purposes described in this Privacy Notice.
  • When disclosure is required by law, court order, or competent government authorities.

5. Cross-Border Data Transfer

The Company may transfer personal data to other countries or organizations, ensuring that the destination provides adequate levels of data protection in accordance with applicable laws.

6. Data Protection and Security

The Company implements appropriate technical and organizational measures to safeguard your personal data against unauthorized access, loss, misuse, or alteration. Data transmitted over the internet is encrypted, and access is limited only to authorized personnel for legitimate purposes.

7. Data Retention Period

Personal data will be retained only as long as necessary to fulfill the purposes described in this Notice, unless longer retention is required by law, dispute resolution, or audit purposes.

8. Amendments to This Privacy Notice

The Company may update or amend this Privacy Notice from time to time and will publish the revised version on its websites:
www.smartidgroup.com and www.anitechonline.com, indicating the most recent revision date.
By continuing to use the Company’s products or services after such updates, you acknowledge and agree to the revised Privacy Notice.

9. Data Subject Rights

You have the following rights under the PDPA:

  • Right of access: to request access to and a copy of your personal data, or disclosure of its source.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to data portability: to obtain or transfer your personal data to another data controller in a structured, commonly used format.
  • Right to erasure: to request deletion or anonymization of personal data when it is no longer necessary or when consent is withdrawn.
  • Right to restriction of processing: to request suspension of data processing under certain conditions.
  • Right to withdraw consent: to withdraw consent previously given.
  • Right to object: to object to data collection, use, or disclosure at any time.
  • Right to lodge a complaint: to file a complaint with the Personal Data Protection Committee if you believe your rights under the PDPA have been violated.

The Company reserves the right to consider and process your requests in accordance with applicable data protection laws.

10. Contact Information

Data Controller:
Smart ID Group Co., Ltd.
Address: No. 1 Soi Rattanathibet 17/1, Rattanathibet Road, Bang Krasor Sub-district, Mueang Nonthaburi District, Nonthaburi 11000, Thailand
Contact: (+662) 965-6545
Websites: www.smartidgroup.com, www.anitechonline.com

If you wish to inquire, correct, delete, or exercise any of your data rights, please contact us via the channels above.

Data Protection Officer (DPO):
Data Protection Committee, Smart ID Group Co., Ltd.
Address: Same as above
Telephone: (+662) 965-6545 (Mon–Fri, 8:30 AM–5:30 PM)
Email: [email protected]

Effective Date: June 16, 2021

© 2025 Smart ID Group
Scroll to Top