In compliance with the organizational standards and policies for operations under service contracts, there may be instances where the service provider must provide data to the client, or the client provides information to the service provider. To maintain the confidentiality of such data and ensure data storage meets the organization's standards and prevents unauthorized disclosure or misuse, both parties must adhere to this Announcement and Guidelines.
Clause 1 This Announcement and Guidelines are called “Announcement of Data Storage and Protection Measures for Business Partners”.
Clause 2 The Data Storage and Protection Measures for Business Partners shall take immediate effect from the date of this announcement onwards.
Clause 3 In this Announcement
(a) “Data” means any information that conveys meaning, whether spoken, tangible, or intangible, in the form of text, narratives, facts, or any other form, regardless of the method of communication and the format in which it is presented, including any formulas, format, collected or compiled works, programs, methods, techniques, processes, or commercial and business information, financial statements, trade secrets, whether or not the data provider has indicated that it is confidential.
(b) “Data that must be kept confidential according to this announcement does not include the followings:
- Data that is already generally known or information that has been publicly disseminated.
- Data that the addressee can demonstrate they legally possessed before receiving it from the data provider.
- Data that the addressee can demonstrate was obtained from the third party who had the legal right or contractual authority to provide it and had no obligation to keep it confidential.
- Data that the addressee can demonstrate was developed or created independently in good faith without referencing or using the data provider's information.
(c) “Data Retention” means recording and storing data in various recording media such as data files, disks, flash drives, hard drives, computer memory, or internet-based memory systems. It also includes the maintenance and duplication of data to ensure future usability. Consideration should be given to the capacity, durability, and security of the storage media.
(d) “Data Replication” means creating or copying data to increase the number of data sets for the purposes of retention or distribution.
(e) “Data Security” means a set of procedures and security tools that protect the organization’s important data from misuse and unauthorized access. This includes physical and environmental security, access controls, and cybersecurity measures.
(f) “Transaction” means any act related to civil and commercial activities.
(g) “Electronics” means the application of methods involving electrons, electricity, electromagnetic waves, or any similar methods. It also includes the application of optical methods, magnetic methods, or devices related to these applications.
(h) “Electronic Transaction” means a transaction conducted using electronic methods, either in whole or in part.
(i) “Data Message” means information that is created, sent, received, stored, or processed by electronic means, such as electronic data interchange, electronic mail, telegram, telex, or facsimile.
(j) “Electronic signature” means any letters, characters, numbers, sounds, or other symbols created in an electronic format and associated with electronic data, in which signature is used to identify the individual who owns the electronic signature and to indicate that the person accepts the content of the electronic data.
(k) “Data System” means a process that uses electronic tools to create, send, receive, store, or process electronic data.
(l) “Authentication and identification” means the process of verifying and confirming the identity of an individual.
(m) “Digital Authentication and Identification System” means an electronic network that links information between individuals or government agencies for the purpose of verifying and confirming identity and conducting other transactions related to authentication and identification.
(n) “Automated Electronic Data Interchange System” means a computer program, electronic method, or other automated method used to perform actions or responses to electronic data or operations on an information system, in whole or in part, without review or intervention by a natural person each time an action is taken, or the system generates a response.
(o) “Electronic Data Interchange” means the dispatch or receipt of messages by electronic means between computer devices using predefined standards.
(p) “Originator” means a person who sends or generates a data message before data storage for sending under the method determined by such person. Such person may send or generate data message on one’s own or has sent or generated data message in the name of or on behalf of such person, but excluding an intermediary for that data message;
(q) “Addressee” means a person to whom the originator intends to send the data message and who has received such data message, but excludes an intermediary for that data message;
(r) “Intermediary” means a person who, on behalf of another person, sends, receives or stores a particular data message, including the provision of other services with respect to that data message;
(s) “Certificate” means a data message or any other record confirming the link between a signatory and electronic signature creation data;
(t) “Signatory” means a person that holds electronic signature creation data and creates such electronic signature either on his behalf or on behalf of other persons; (u) “Relying Party” means a person who may act on the basis of a certificate or an electronic signature. However, the addressee has been well aware of the definition according to the Definition in Clause 3 of this Announcement.
However, the addressee has been well aware of the definition according to the Definition in Clause 3 of this Announcement.
Clause 4 When the service provider provides data to the client or the client provides data to the service provider, both parties have the duty to retain and secure data received or sent for storage and retention. The said data shall be concealed to prevent leakage or publication to outside or public.
Clause 5 A caution shall be used in the storage, retention and security of the data received for storage separately from general data under Clause 3 (b) according to the data storage standards to prevent theft or leakage or disclosure by any means.
Clause 6 If data is disclosed or violated in any way, the addressee shall urgently notify the data provider for acknowledgement once he/she is aware that the said data is disclosed or violated and shall immediately manage and execute to safeguard and correct to prevent the potential damage from such disclosure or violation and find the preventive measures accordingly.
Clause 7 Disclosure of data is exempted for disclosure by legal order, notification or by authority of the government, or any acts requiring the disclosure according to legal authority or court authority. exempted if it is made under a lawful order, announcement, or authority of the state, or any action that requires disclosure under legal authority or the authority of the court.
Clause 8 The addressee promises that the addressee, the addressee’s employee and/or representative who is informed of the data provider’s data shall not use the data provider’s data either in whole or in part for the following activities unless written consent of the data provider.
8.1) Use for commercial purposes or development to be a product, invention, product design, computer program, or technology.
8.2) Refer or integrate into part of the invention, patent, patent application, or trade secret of the addressee.
Clause 9 The data provider aims for and emphasizes confidentiality, and data safety, and aims for continuous development of data safety.
Clause 10 Binding under this Announcement shall be in line with Electronic Transactions Law and Act.
10.1) When the addressee has declared the intention hereunder, it shall be deemed to immediately bind with the related laws and/or regulations.
10.2) The declaration of intention on binding hereunder shall be considered as the declaration of intention at the address of Knight Frank Chartered (Thailand) Company Limited, located at 33/4, The 9th Towers, Tower A, 31st Fl., Rama 9 Road, Huaykwang Subdistrict, Huaykwang District, Bangkok Metropolis.
In this regard, the recipient has read the content of the announcement in its entirety and understands it thoroughly. Therefore, the recipient hereby expresses their intention to be bound by the terms of the announcement
Last updated on 1 July 2027