Interpretation
The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
- Administrators refers to the members of the national administration teams in ASEAN Member States and any other organisations who are given administration rights.
- Service refers to the website: www.aseanaccess.com (can also be referred to as ‘Website’)
- User means the individual or a company accessing the Service, or other legal entity on behalf of which such individual or company is accessing or using the Service, as applicable. Only people of legal age and children who have opened and are running a business under the supervision of a legal guardian are to register.
- Materials refers to any content, information, data and documents published or uploaded on the Website (referred to as either "Materials" or "Content" in this Privacy Policy).
General
The Administrators aim to protect Website’s Users’ privacy and any personally identifiable information that may be collected from and/or provided by Users while visiting and using, as registered users, the Service (either on a computer, laptop or mobile). User data will never be transferred to anyone without the User's consent.
This Privacy Policy, together with the Terms and Conditions, explains the general rules and policies governing the use of the Service, as well as what information may be collected on the Website, how this information is used, and under what circumstances the information may be disclosed to third parties.
The Website is developed and managed by the creative digital agency Pimclick and operated with a base in Thailand.
Website Visitors
The Administrators collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. This enables the Administrators to better understand how visitors use the Service. From time to time, the Administrators may release non-personally- identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its Service.
For security and threat monitoring purposes, the Administrators also collect personally-identifying information like Internet Protocol (IP) addresses for logged in Users and visitors. The Administrators only disclose logged in Users’ IP addresses to third parties (such as anti-fraud agencies or law-enforcement agencies) under certain conditions outlined in law, if it is necessary and proportionate for lawful, specific purposes. The same circumstances apply to disclosure of personally-identifying information as described below.
Gathering of personally-identifying information
When registering on ASEAN Access as Service Providers (definition profiled at the time of registration), the information Users are asked to enter includes: full name, email address, country of residence, company name, country of company, company registration number, the local business support network where users are coming from, and how they heard about the Service, as required fields, with personal address and phone number, organisation type, tax number and the number of employees as optional fields. The Administrators collect information from Users when Users register on the Website. Post-registration, Users are asked to create a profile for the service they offer, and they are required to enter the following information: full name, gender, email and phone number of the contact person assigned to this particular service, name, type and description of the service, country where the company is registered, organisation name, email address, phone number and organisation logo.
NB! From February 29, 2024, post-registration personally-identifying information submitted when creating a Service Provider profile, will be visible to all visitors to the Website, without the requirement to register and log in in order to view the Service Provider contact information.
Data processing
The purpose of data processing is to enable the Administrators to (i) evaluate the number of Users interested in registering as a Service Provider; (ii) as a publicly funded Service, the Administrators have set performance targets for the Service, and Users’ registrations contribute towards the target; (iii) User data is needed to allow the visibility and contact information of Service Providers on the Website (iv) generally deliver the Service of ASEN Access.
If a User registers on ASEAN Access and provides an email address or email addresses, the Administrators may use this email, from time to time, to contact some Users to ask for their feedback on ASEAN Access or sent them relevant updates and information about different services of ASEAN Access. The purpose of this is to improve the Service and the Content, and to prepare promotional materials for ASEAN Access. Users can always opt out of giving such feedback; participation is on a voluntary basis.
Time limit of data storing
User data will be stored on the Website servers for as long as the Website is in operation, or until the User asks for their data to be removed from the Website.
User rights
Users of the Service have the following rights:
(i) the right to be informed about the collection and use of their personal data.
(ii) the right of access to their personal data and the right to correct inaccurate or incomplete personal data.
(iii) the right to request their personal data to be deleted.
(iv) the right to restrict the processing of their personal data.
(v) the right to obtain data that the Administrators hold on them and to reuse it for their own purposes.
(vi) the right to object to the processing of their personal data at any time.
(vii) the right not to be subject to a decision based solely on automated processing, including profiling.
Force Majeure
Neither Party will be liable for any failure or delay in performing an obligation under this Privacy Policy that is due to any of the following causes, to the extent beyond its reasonable control: acts of God, accident, riots, war, terrorist act, epidemic, pandemic, quarantine, civil commotion, breakdown of communication facilities, breakdown of web host, breakdown of internet service provider, natural catastrophes, governmental acts or omissions, changes in laws or regulations, national strikes, fire, explosion, generalised lack of availability of raw materials or energy.
Security
The security of Users’ Personal Information is a top priority of the Administrators. The collected Personal Information is stored on servers that abide by pertinent GDPR security rules and backups are generated regularly, to prevent the loss of Personal Information of Users. Administrators aim to prevent the misuse, interference, loss or unauthorised accessing, modification or disclosure of personal information; to detect privacy breaches promptly; and to be ready to respond to potential privacy breaches in a timely and appropriate manner.
The server
The Server used to host the Website is CloudAccess.net LLC, owned by the Cloud Equity Group located in New York, New York in the United States. CloudAccess.net headquarters are in the United States but they have employees all around the world - all of which are mandated to follow this data privacy and handling policy according to the GDPR regulations.
‘Cookies’
Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognise your browser and capture and remember certain information. The Administrators, through the Website, use cookies to understand User’s preferences based on previous or current site activity. The Administrators may also use cookies to compile aggregate data about Website traffic and Website interaction.
Links to external websites
The Service may contain links to external sites that are not operated by the Administrators. If Users click on a third-party link, Users will be directed to that third party's site. It is strongly advised to review the Privacy Policy and Terms and Conditions of those websites. The Administrators have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites, products or services.
Protection of certain personally-identifying information
The Administrators disclose potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organisations that (i) need to know that information in order to process it on the Administrators’ behalf or to provide Material available on the Website, and (ii) that have agreed not to disclose it to others. The Administrators will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organisations, as described above, the Administrators disclose potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when the Administrators believe in good faith that disclosure is reasonably necessary to protect the property or rights of the Administrators, third parties or the public at large.
The Administrators who will be handling User data from their own country are as follows:
- Brunei Darussalam: 1) Darussalam Enterprise (governmental business support agency) 2) Young Entrepreneur Association Brunei (non-governmental association).
- Cambodia: 1) Ministry of Industry, Science, Technology and Innovation (governmental organisation) 2) Young Entrepreneurs Association of Cambodia (non-governmental organisation) 3) Cambodia Women Entrepreneurs Association (non-governmental organisation).
- Indonesia: 1) Ministry of Cooperatives and SMEs (governmental organisation) 2) SMESCO Indonesia (public service agency for SME support).
- Lao PDR: 1) Department of SME Promotion (public SME support organisation) 2) Lao National Chamber of Commerce and Industry (non-governmental organisation).
- Malaysia: 1) Ministry of Entrepreneur Development and Cooperatives (governmental organisation) 2) SME Corporation Malaysia (Malaysian national SME support agency).
- Myanmar: 1) Ministry of Industry (governmental organisation) 2) Secure Link Co.,Ltd (private business in the ICT sector; offers technical support to the Ministry of Industry in using the back end of ASEAN Access).
- The Philippines: 1) Department of Trade and Industry (governmental organisation) 2) Philippine Exporters Confederation ((non-governmental organisation for exporters)
- Singapore: 1) Enterprise Singapore (governmental organisation).
- Thailand: 1) The Federation of Thai Industries (non-governmental organisation) 2) Federation of Thai SMEs (non-governmental organisation) 3) Board of Trade of Thailand (non-governmental organisation).
- Vietnam: Ministry of Planning and Investment (governmental organisation).
Additionally: - The ASEAN Secretariat, located in Indonesia as the central agency for facilitating communication between all ASEAN countries.
- Pimclick Co. Ltd., web agency based in Bangkok, is the Website developer, and offers all back-office technical support services.
- GIZ Staff member in Thailand and an external consultant contracted to support OSMEP and other Administrators in delivery of the Service and monitoring of the performance targets outlined in the section “Data Processing
In order to improve the Service and User experience, the Administrators generate reports with the numbers of registered Users. These reports include the name, username and country of the User, and are visible to all Administrators in all 10 ASEAN Member States.
The Administrators takes all measures necessary to protect against the unauthorised access, use, alteration, or destruction of potentially personally identifying and personally identifying information.
Data breach
In case of a data breach on the Website, the Administrators will notify the Users via email within 72 hours.
Privacy policy changes
Updates to this document will be changed/updated as the Service evolves. Users are advised to take a copy for their own purpose. The Administrators will communicate updates on the Service as and when the updates become effective.
Contact
In case of any questions about the Privacy Policy, please contact the Administrators by email: info@aseanaccess.com or write to:
The Office of SMEs Promotion
21 TST Tower, FL.G,17,18,23 Viphavadi-Rangsit Rd.,
Chomphon, Jatujak,
Bangkok 10900,
Thailand
January 11, 2024