The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
- ASEAN Secretariat refers to the ASEAN Secretariat, members of the national administration teams (also referred to as “Members”) in ASEAN Member States and any other organisations affiliated with ASEAN Secretariat and the Members, who might be given administration rights to the Website.
- Service refers to the Website.
- User means the individual or a company accessing the Service, or other legal entity on behalf of which such individual or company is accessing or using the Service, as applicable.
- Website refers to ASEAN Access, accessible from www.aseanaccess.com
- Materials refers to any content, information, data and documents published or uploaded on the Website (referred to as either "Materials" or "Content" in this Disclaimer).
The ASEAN Secretariat aims to protect Website Users’ privacy and any personally identifiable information that may be collected from and/or provided by Users while visiting and using, as registered users, the Website (either on a computer, laptop or mobile). User data will never be transferred to anyone without the User's consent.
The Website is developed and managed by the creative digital agency Pimclick and operated with a base in Thailand.
The ASEAN Secretariat collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. This enables the ASEAN Secretariat to better understand how visitors use the Website. From time to time, the ASEAN Secretariat may release non-personally- identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
The ASEAN Secretariat also collects personally-identifying information like Internet Protocol (IP) addresses for logged in Users. The ASEAN Secretariat only discloses logged in Users’ IP addresses to third parties (such as anti-fraud agencies or law-enforcement agencies) under certain conditions outlined in law, if it is necessary and proportionate for lawful, specific purposes. The same circumstances apply to disclosure of personally-identifying information as described below.
Gathering of personally-identifying information
When registering on ASEAN Access, the information Users are asked to enter depends on their user category. All Users are asked to enter their full name, email address, country of residence, and optionally, their address and phone number. Users who are categorised as Service Providers (definition provided at the time of registration) are additionally asked for personal and company name, country of company, company registration number and the local business support network where users are coming from, as required fields, with organisation type, tax number and the number of employees as optional fields. The ASEAN Secretariat collects information from Users when Users register on the Website. Post-registration, Users categorised as Service Providers are asked to create a profile for the service they offer and they are required to enter the following information: name, type and description of the service, country where the company is registered, organisation name, email address, phone number and organisation logo.
The purpose of data processing is to enable the ASEAN Secretariat to (i) evaluate the number of Users interested in accessing restricted Content of the Website; (ii) as a publicly funded Website, the ASEAN Secretariat has set performance targets for the website, and Users’ registrations contribute towards the target; (iii) User data is needed to allow the visibility and contact information of the Users categorised as Service Providers on the Website (iv) generally deliver the Service of ASEN Access.
If a User registers on ASEAN Access and provides an email address or email addresses, the ASEAN Secretariat may use this email, from time to time, to contact some Users to ask for their feedback on ASEAN Access. The purpose of this is to improve the Service and the Content, and to prepare promotional materials for ASEAN Access. Users can always opt out of giving such feedback; participation is on a voluntary basis.
Time limit of data storing
User data will be stored on the Website servers for as long as the Website is in operation, or until the User asks for their data to be removed from the Website.
Users of the Website have the following rights:
(i) the right to be informed about the collection and use of their personal data.
(ii) the right of access to their personal data and the right to correct inaccurate or incomplete personal data.
(iii) the right to request their personal data to be deleted.
(iv) the right to restrict the processing of their personal data.
(v) the right to obtain data that the ASEAN Secretariat holds on them and to reuse it for their own purposes.
(vi) the right to object to the processing of their personal data at any time.
(vii) the right not to be subject to a decision based solely on automated processing, including profiling.
The security of Users’ Personal Information is a top priority of the ASEAN Secretariat. The collected Personal Information is stored on servers that abide by pertinent GDPR security rules and backups are generated regularly, to prevent the loss of Personal Information of Users. ASEAN Secretariat aims to prevent the misuse, interference, loss or unauthorised accessing, modification or disclosure of personal information; to detect privacy breaches promptly; and to be ready to respond to potential privacy breaches in a timely and appropriate manner.
The Server used to host the Website is CloudAccess.net LLC, owned by the Cloud Equity Group located in New York, New York in the United States. CloudAccess.net headquarters are in the United States but they have employees all around the world - all of which are mandated to follow this data privacy and handling policy according to the GDPR regulations.
Links to external websites
Protection of certain personally-identifying information
The ASEAN Secretariat discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organisations that (i) need to know that information in order to process it on the ASEAN Secretariat’s behalf or to provide Material available on the Website, and (ii) that have agreed not to disclose it to others. The ASEAN Secretariat will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organisations, as described above, the ASEAN Secretariat discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when the ASEAN Secretariat believes in good faith that disclosure is reasonably necessary to protect the property or rights of the ASEAN Secretariat, third parties or the public at large.
The “Members” only have access to User data from the country where they are located (with exceptions* as described below). Members who will be handling User data from their own country are as follows:
- Brunei Darussalam: 1) Darussalam Enterprise (governmental business support agency) 2) Young Entrepreneur Association Brunei (non-governmental association).
- Cambodia: 1) Ministry of Industry, Science, Technology and Innovation (governmental organisation) 2) Young Entrepreneurs Association of Cambodia (non-governmental organisation) 3) Cambodia Women Entrepreneurs Association (non-governmental organisation).
- Indonesia: 1) Ministry of Cooperatives and SMEs (governmental organisation) 2) SMESCO Indonesia (public service agency for SME support).
- Lao PDR: 1) Department of SME Promotion (public SME support organisation) 2) Lao National Chamber of Commerce and Industry (non-governmental organisation).
- Malaysia: 1) Ministry of Entrepreneur Development and Cooperatives (governmental organisation) 2) SME Corporation Malaysia (Malaysian national SME support agency).
- Myanmar: 1) Ministry of Industry (governmental organisation) 2) Secure Link Co.,Ltd (private business in the ICT sector; offers technical support to the Ministry of Industry in using the back end of ASEAN Access).
- The Philippines: 1) Department of Trade and Industry (governmental organisation) 2) Philippine Exporters Confederation ((non-governmental organisation for exporters)
- Singapore: 1) Enterprise Singapore (governmental organisation).
- Thailand: 1) The Federation of Thai Industries (non-governmental organisation) 2) Federation of Thai SMEs (non-governmental organisation) 3) Board of Trade of Thailand (non-governmental organisation).
- Vietnam: Ministry of Planning and Investment (governmental organisation).
Of the Members, Office of SMEs Promotion (OSMEP) in Thailand (governmental organisation), as the lead project partner for ASEAN Access in charge of monitoring and guiding the use of the portal, has access to data from all countries.
The ASEAN Secretariat itself as an entity, located in Indonesia and as the central agency for facilitating communication between all ASEAN countries, also has access to data from all countries.
Pimclick Co. Ltd., web agency based in Bangkok, is the Website developer, and offers all back-office technical support services. Therefore, they also have access to the data from all countries.
External consultant contracted to support OSMEP and other Members in delivery of the Service and monitoring of the performance targets outlined in the section “Data Processing”, also has access to data from all countries.
In order to improve the Service and User experience, the ASEAN Secretariat generates reports with the numbers of registered Users. These reports include the name, username and country of the User, and are visible to all in the ASEAN Secretariat in all 10 ASEAN Member States.
The ASEAN Access takes all measures necessary to protect against the unauthorised access, use, alteration, or destruction of potentially personally identifying and personally identifying information.
In case of a data breach on the Website, the ASEAN Secretariat will notify the Users via email within 72 hours.
Updates to this document will be changed/updated as the Service evolves. Users are advised to take a copy for their own purpose. The ASEAN Secretariat will communicate updates on the website as and when the updates become effective.
The Office of SMEs Promotion
21 TST Tower, FL.G,17,18,23 Viphavadi-Rangsit Rd.,
Chomphon, Jatujak, Bangkok 10900, Thailand
September 23, 2021