SUMMARY OF PRIVACY POLICY

This summary Privacy Policy (“Summary Policy”) will provide you with a summary of the accompanied and detailed Privacy Policy (hereafter “Full Policy”, together "Summary and Full Policy"). Henley & Partners Group Holdings Ltd ("H&P" or "we", "us", "our") (Company registration C58006) and whose registered address is at Level 4, Aragon House, Dragonara Road, Saint Julian’s, Malta STJ 3140 is the Data Controller that is responsible for the data processing activities with respect to individually identifiable information ("Personal Data") about users of our website www.thailandelite-direct.com (the "Website") in order to participate in our visa application for the Thailand Elite Program (“Thailand Elite Program”).

Scope of applicability
This Summary and Full Policy applies to you if you are a user of our Website and/or a (future) member or applicant of our Thailand Elite Program.

Processing of your Personal Data (categories of Personal Data)
We process the following Personal Data of users which is collected during your start of new application for the Thailand Elite Program through our online portal: Your full name, nationality, gender, date of birth, email address, a copy of your passport page (including biometric data), passport number, passport issuing authority (including issue and expiry date), business and permanent address, passport photo, a copy of work permit (if applicable), and any other information necessary for your Thailand Elite Application and any other information relating to any individuals, who you are applying for the Thailand Elite Program on their behalf, which you have provided us or you may have submitted to us, online or via other forms of interaction with you. For more details see 1. “Categories of Personal Data” of the Full Policy or click here.

Processing purposes
We process your Personal Data for the following purposes: registering your Thailand Elite Application through our online portal and maintaining your account, administering your online Thailand Elite Application, security and fraud prevention, conducting market research and/or analysis for statistical, profiling or other purposes for us to review, develop and improve the quality of our products and service. For more details see 2. “Processing purposes” of the Full Policy or click here.

Legal justifications for the processing of your Personal Data
One of the key privacy law requirements is that any processing of Personal Data has to have a legal justification. We generally use the following legal justifications: The processing is necessary for (i) the performance of a contract to participate in the Thailand Elite Program (Art. 6(1)(b) GDPR; “Contract Justification”), (ii) compliance with a legal obligation (Art. 6(1)(c) GDPR; “Legal Obligation Justification”), or (iii) realizing a legitimate interest (Art. 6(1)(f) GDPR; “Legitimate Interest Justification”). For more details and the matching of purposes and corresponding legal justifications see 3. “Legal justification for processing of your Personal Data” of the Full Policy or click here.

Data transfers and recipients and legal justification for such transfers
We transfer your Personal Data to other H&P entities, the Tourism Authority of Thailand, Thailand Privilege Card Company Limited (a Thailand government entity), our IT service provider and in accordance with applicable law, other governmental authorities, courts, external advisors, and similar third parties, some of the aforementioned recipients located in jurisdictions outside the EU. For more details see 4. “Data transfers and recipients and legal justification for such transfers” of the Full Policy or click here.

Retention periods for and deletion of your Personal Data
Your Personal Data will be deleted once they are not any longer needed for the purposes of which they were originally collected or as required by applicable law. For more details see 5. “Retention periods for and deletion of your Personal Data” of the Full Policy or click here.

Your statutory rights
You have a number of rights granted by applicable laws with regard to the processing of your Personal Data, such as the right to have access to your data, to have them corrected, erased or handed over to you. Please refer any of your questions to our Data Protection Officer at: dpo@henleyglobal.com. For more details see 6. “Your statutory rights” of the Full Policy or click here.

Changes of this Summary and Full Policy as well as further notices
This Summary and Full Policy are subject to change. You will be notified adequately of any such changes. Further, you will be notified adequately through further relevant privacy notices (e.g. for specific purposes) in case such is not covered by this Summary and the Full Policy.

How to contact Us
If you wish to exercise your data subject rights or if you have any other questions concerning this Summary and/or Full Policy, please address your request to our Data Protection Officer who can be contacted at:

Mr Sorin Brici
Henley & Partners Austria GmbH
Linke Wienzeile 8/14
1060 Vienna
Austria
Email: dpo@henleyglobal.com



FULL POLICY

  1. Categories of Personal Data

    We collect Personal Data about you via our Website through the Thailand Elite Application online portal.

    1.1 When you apply for the Thailand Elite Program via our online Website portal

    We process the following Personal Data about you: full name, nationality, gender, date of birth, email address, a copy of your passport (including biometric data), passport number, passport issuing authority (including issue and expiry date), business and permanent address, passport photo, a copy of work permit (if applicable), and in some instances Sensitive Visa Data (as defined below) (collectively referred to as “Application Personal Data”).

    The Application Personal Data categories that we process consist of normal Personal Data about you and certain special categories of Personal Data about you, for example, data that reveals your race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data (including photographs and fingerprints), data concerning your health or data concerning your sex life or sexual orientation (collectively referred to as "Sensitive Visa Data").

    We also process the following information about you: confirmation of at least three blank pages, no previous overstay on a visa in Thailand, and at least six month validity of your current passport, the application form for the respective program populated by you (containing e.g. your address and contact information), a copy of your marriage certificate (if applicable), a copy of your birth certificate, copies of any other visas for Thailand (if applicable) and a proof of payment for the Thailand Elite Program. Note, while these documents are not necessary classified as Sensitive Visa Data, they may contain information which may incidentally happen to reveal Sensitive Visa Data.

    In addition, we may process the following Sensitive Visa Data about you, if you provide this information as part of the Thailand Elite Application:

    • Blood type;
    • Religious affiliation;
    • Allergies; and
    • Fingerprints of minors (if required)

    1.2 Generally, we collect your Personal Data in the following ways:

    (i) when you submit a Thailand Elite Application form;

    (ii) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our Website;

    (iii) when you interact with our customer service representatives, for example, via telephone calls and emails;

    (iv) when you use our electronic services, or interact with us via our Website;

    (v) when you request that we contact you or request that you be included in an email or other mailing list;

    (vi) when you respond to any request for additional Personal Data;

    (vii) when you are contacted by, and respond to, our customer service officers;

    (viii) when we receive references from business partners, relevant government agencies and third parties, for example, where you have been referred by them;

    (ix) when you fill up surveys administered by our third party surveying service providers;

    (x) when we seek information from third parties about you in connection with the services you have applied for; and/or

    (xi) when you submit your Personal Data to us for any other reason.

  2. Processing purposes

    We process your Personal Data to the extent permitted or required under applicable law, for the following purposes in each of the two steps:

    2.1 When you provide your details on our Website

    (i) Providing your contact details for the purposes of the complimentary assisted application service, (ii) responding to your queries, feedback, complaints and requests, and (iii) managing your account or application on our Website,

    2.2 When you apply through the Thailand Elite Application via our online portal on our Website

    • Processing your online Thailand Elite application for the purposes of sending the application to the Government of Thailand; and

    • (i) Requesting feedback or participation in surveys, (ii) conducting market research and/or analysis for statistical, profiling or other purposes for us to review, develop and improve the quality of our products and services, and (iii) testing and improving our systems, and preventing the misuse or improper use of our services ("Quality Enhancement Purposes").

  3. Legal justification for the processing of your Personal Data

    In general, you are required to provide your Personal Data (e.g. due to Thailand Elite Application requirements), except in limited instances when we indicate that certain information is voluntary or optional and their processing is based on your consent (e.g. in connection with user satisfaction surveys following submission of your application). However, if you do not provide your Personal Data that is mandatory for the Thailand Elite Application then your application will be marked as incomplete and we will be unable to submit it to the Government of Thailand.

    Furthermore, we rely on the following legal justifications for the processing of your Personal Data:

    YOUR DATA

    Processing purposes

    Categories of your Personal Data involved

    Legal basis

    When you apply for Thailand Elite via our Website

    Thailand Elite Application
    Purposes

    Application Personal Data
    Sensitive Visa Data

    Contract Justification

    Quality Enhancement
    Purposes

    Application Personal Data

    Legitimate Interest
    Justification

  4. Data transfers and recipients and legal justification for such transfers

    4.1 Recipients

    (i) Other group companies: We transfer your Personal Data to other H&P group companies, as permitted under applicable data protection laws pursuant to Legitimate Interest Obligation for the legitimate interests of H&P to facilitate your visa application within the Thailand Elite Program. These recipients are most likely our offices in Austria, United Arab Emirates, Thailand and South Africa. More offices may be involved case-by-case on a need-to-know basis and in accordance with applicable data protection laws, including the EU General Data Protection Regulation 2016/679 (the “GDPR”).

    (ii) Third parties: We may transfer your Personal Data to governmental agencies and regulators, courts and government authorities, all in accordance with applicable data protection laws (including GDPR) based on Legal Obligation Justification and to external advisors acting as controllers (e.g. lawyers, accountants, auditors etc.) based on Legitimate Interest Obligation.

    (iii) Service providers: We contract with third party service providers as part of our normal business operations to carry out your visa application process (e.g. our IT provider TOWA in Austria and the Thailand Privilege Card Company Limited in Thailand being a subsidiary of the Immigration Bureau of Thailand).

    (iv) A list of data recipients containing the identity, short description of the processing activity and location of the relevant data recipients can be requested from us under the contact details further below.

    4.2 Cross-Border Data Transfers

    (i) We may transfer your Personal Data outside of the country you are located. Some recipients of your Personal Data are located in another country for which the European Commission has not issued a decision that this country ensures an adequate level of data protection, namely: Thailand, South Africa, United Arab Emirates.

    (ii) By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the GDPR or other adequate means, you are able to obtain a copy by contacting our Data Protection Officer at dpo@henleyglobal.com. We have established that all recipients located outside the EEA will provide an adequate level of data protection for your Personal Data and that appropriate technical and organizational security measures are in place to protect your Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer is subject to appropriate onward transfer requirements as required by applicable data protection laws (including the GDPR).

  5. Retention periods for and deletion of your Personal Data

    5.1 Your Personal Data processed for the purposes hereunder will be stored only to the extent necessary during the term of your participation in the Thailand Elite Program, during a transition period (e.g. for the compliance of our obligations regarding data retention as established under applicable laws). If a judicial or disciplinary action is initiated, your Personal Data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable laws.

    5.2 In principle we will retain your Personal Data as long as required or permitted by applicable laws. Afterwards, we will remove or delete your Personal Data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.

  6. Your statutory rights

    Under the conditions set out under applicable law (i.e. the GDPR), you have the following rights:

    6.1 Right of access: You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to the Personal Data. The access information includes – inter alia – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed. You have the right to obtain a copy of the Personal Data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.

    6.2 Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

    6.3 Right to erasure (right to be forgotten): You have the right to ask us to erase your Personal Data.

    6.4 Right to restriction of processing: You have the right to request the restriction of processing your Personal Data. In this case, the respective data will be marked and may only be processed by us for certain purposes.

    6.5 Right to data portability: You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those Personal Data to another entity (or Controller) without hindrance from us.

    6.6 Right to object:

    You have the right to object or withdraw your consent at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by us. Exercising this right will not incur any costs. Such a right to object may not exist, in particular, if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

    Please note that any such withdrawal shall not affect the lawfulness of any processing carried out prior to you notifying us that you are objecting or withdrawing your consent. Please note should you object or withdraw your consent to us processing all or some of your Personal Data and which is required for the Thailand Elite Application, then we may be unable to submit your incomplete application to the Government of Thailand.

    Please note that the aforementioned rights might be limited under the applicable data protection laws, however, we remain committed to universally providing users and applicants these fundamental EU data protection rights and freedoms (including the GDPR) irrespective of your geographical location.

    Please refer any of your questions to our Data Protection Officer at dpo@henleyglobal.com.

    In case of complaints you also have the right to lodge a complaint with the competent supervisory authority, in particular in the member state of your habitual residence or alleged infringement of the GDPR.

    ***