Article 1: Purpose of Personal Information Processing
① Teamplate processes personal information for the following purposes. The personal information being processed will not be used for any purposes other than those specified below, and if the purpose of use changes, the necessary actions will be implemented.
1. Member Information
• Personal information is processed for purposes such as membership registration, using membership services, limited identification of individuals, preventing misuse, unauthorized use prevention, confirming membership intention, record retention for dispute resolution, complaint handling, and delivery of notifications.
Article 2: Retention and Processing Period of Personal Information
① Teamplate processes personal information within the personal information retention and usage period or the retention and usage period agreed upon by the information subject at the time of collection.
② Each retention and processing period for personal information is as follows:
1. Member Information: Up to 90 days after membership termination.
Article 3: Procedures and Methods for Personal Information Disposal
① When personal information becomes unnecessary, such as when the retention period has expired or the processing purpose has been achieved, Teamplate will promptly dispose of the relevant personal information.
② If personal information must be retained despite the expiration of the retention period or the achievement of the processing purpose, it will be transferred to a separate database (DB) or stored in a different storage location.
③ The procedures and methods for disposing of personal information are as follows:
1. Disposal Procedure: Teamplate selects the personal information (or files) that needs to be disposed of and destroys the selected information.
2. Disposal Method: Personal information recorded and stored in electronic files is permanently deleted, and paper records are shredded or incinerated.
Article 4: Provision of Personal Information to Third Parties
① Teamplate processes personal information within the scope specified in Article 1 (Purpose of Personal Information Processing) and only provides personal information to third parties with the consent of the information subject.
Article 5: Criteria for Judging Continuous Use or Provision
① According to the laws of the Lao People’s Democratic Republic, Teamplate may use or provide personal information without the consent of the information subject.
② To proceed with additional use or provision without consent, the following considerations are taken:
• The provided personal information is related to the original purpose of collection.
• The information subject can reasonably expect the provision of personal information during the service agreement process.
• The provided information is necessary for providing the service as requested by the information subject and does not unfairly infringe on their interests.
• Measures to minimize the exposure of personal information, such as encryption, are in place.
Article 6: Measures for Ensuring the Safety of Personal Information Teamplate takes the following measures to ensure the safety of personal information:
1. Establishing and Implementing an Internal Management Plan: An internal management plan is established and implemented for safe handling of personal information.
2. Minimization and Training of Staff Handling Personal Information: Only essential personnel handle personal information, and they undergo training for safe management.
3. Regular Self-Audits: Annual self-assessments are conducted to ensure the safety of personal information management.
4. Access Control to Personal Information: Access to the system processing personal information is controlled by granting, changing, or deleting access rights, and unauthorized external access is blocked by a firewall.
5. Storage of Access Records: Records of access to the personal information processing system are stored and managed for at least one year. For systems processing the personal information of 50,000 or more subjects, unique identifiers, or sensitive information, records are stored for at least two years.
6. Encryption of Personal Information: Personal information is safely stored and managed through encryption. Additionally, important data is encrypted during storage and transmission.
7. Physical Access Control: The physical storage location of the personal information processing system is separately maintained, and access control procedures are established and implemented.
Article 7: Rights and Obligations of Information Subjects and Their Legal Representatives
① Information subjects can exercise rights such as viewing, correcting, deleting, suspending processing, and withdrawing consent for personal information at any time with Teamplate.
② Rights can be exercised via written request, email, or fax, and Teamplate will take prompt action.
③ Rights can also be exercised through an agent such as a legal representative or an authorized representative. A power of attorney is required in this case.
④ The right to view and suspend the processing of personal information may be limited.
⑤ If the collection of personal information is specified by law, the right to request deletion may not apply.
⑥ If automated decision-making is notified in advance or stipulated by law, the right to refuse automated decision-making may not apply, but requests for explanation and review are permissible. • Requests for refusal or explanation of automated decision-making may be denied if it could unjustly infringe on the rights of others.
⑦ Teamplate verifies that the person making a request for access, correction, deletion, or suspension is the information subject or their authorized representative.
⑧ Requests for access to personal information may be submitted to the following department at Teamplate, which will make every effort to process these requests promptly.