🔒 Sécurisé✅ Paiement après approbation

    Privacy Policy

    Last updated: February 2026

    This Privacy Policy describes how Dreamond ("we", "us", "our"), acting as authorized General Sales and Service Agent (GSSA) for Thailand Privilege Card Co., Ltd., collects, uses, stores, and shares personal data when you use this portal or apply for a Thailand Elite membership.

    By registering and using this portal, you consent to the data practices described in this policy.

    1. Data Controllers

    Your personal data is processed by two data controllers:

    • Dreamond — responsible for collecting, organizing, and transmitting your application data to TPC, and for managing your portal account and communications.
    • Thailand Privilege Card Co., Ltd. (TPC) — a state enterprise of the Kingdom of Thailand, responsible for processing your membership application, conducting background verification, and issuing your membership. TPC processes your data in accordance with Thai law (PDPA — Personal Data Protection Act B.E. 2562).

    2. Personal Data We Collect

    We collect the following categories of personal data through this portal:

    • Identity data: Full name, date of birth, gender, nationality, place and country of birth.
    • Passport data: Passport number, issue date, expiry date, issuing authority, Machine Readable Zone (MRZ) data, passport bio-data page image, embedded photograph.
    • Contact data: Email address, phone number (with country code).
    • Address data: Full residential address, country, accommodation type.
    • Professional data: Occupation, industry, income range.
    • Biometric-adjacent data: Your handwritten signature (drawn digitally or captured from documents) used for identity verification.
    • Profile photo: A passport-style photograph.
    • Signed documents: Application form, consent form, PDPA form, terms and conditions acknowledgement.
    • Technical data: IP address at registration, browser language preference.
    • Communication data: Messages exchanged with our team via the portal.

    3. AI-Assisted Processing of Your Data

    This portal uses artificial intelligence (AI) technology to assist in processing your application. You are informed of and consent to the following AI processing activities:

    • Passport OCR (Optical Character Recognition): When you upload your passport, an AI model reads and extracts data from the bio-data page — including your name, date of birth, passport number, expiry date, nationality, and MRZ lines. This reduces manual entry errors and speeds up your application. You are given the opportunity to review and correct all extracted data before submission.
    • Signature Verification: An AI model compares your digital signature with the signature detected on your passport image to assist our team in assessing consistency. This is an advisory tool only — the final verification decision is always made by a human agent.
    • Document Quality Assessment: AI evaluates the quality and completeness of your uploaded documents (focus, lighting, completeness, MRZ visibility) and flags potential issues for human review.

    AI processing is performed via secure, encrypted API calls to certified third-party AI service providers. Your document images are transmitted solely for the purpose of extraction and analysis, and are not stored by these providers or used to train AI models. All providers are contractually bound by data processing agreements that meet GDPR-equivalent standards.

    No fully automated decision-making (in the legal sense) is made about your application based solely on AI. All AI outputs are reviewed by our team before any consequential decision is taken.

    4. How We Use Your Data

    • To create and manage your portal account
    • To process and submit your Thailand Elite membership application to TPC
    • To verify your identity and document authenticity
    • To communicate with you about your application status
    • To provide customer support via the portal messaging system
    • To comply with legal obligations (Thai PDPA, anti-money laundering checks)
    • To send transactional emails (status updates, reminders) related to your application
    • To detect fraud or misrepresentation

    We do not use your personal data for marketing purposes without your separate explicit consent.

    5. Data Sharing

    Your personal data is shared only with the following parties and only to the extent necessary:

    • Thailand Privilege Card Co., Ltd. (TPC) — your complete application data and documents are transmitted to TPC for membership processing, background verification, and membership issuance.
    • Thai Immigration Bureau — where required by TPC as part of visa processing.
    • AI Document Processing Provider — document images are transmitted for automated OCR, quality assessment, and signature comparison as described in Section 3. Data is processed under a GDPR-compliant data processing agreement and is not retained or used for training.
    • Transactional Email Provider — your email address and relevant application information are shared solely to deliver application status notifications and account communications. The provider is SOC 2 Type II certified and does not use your data for any other purpose.
    • Cloud Infrastructure Provider — your portal data is stored in encrypted databases hosted on certified cloud infrastructure (ISO 27001 / SOC 2 Type II compliant) in EU/US regions, governed by a data processing agreement in compliance with GDPR.

    We do not sell, rent, or share your personal data with any other third parties.

    6. Data Retention

    We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

    • Active applications: For the duration of your application process and for 7 years after membership activation or rejection (legal compliance requirement).
    • Abandoned applications (draft): Up to 12 months after last activity, then deleted.
    • Account data: Until account deletion is requested, subject to legal obligations.

    You may request deletion of your account and data at any time (see Section 8), subject to our legal retention obligations.

    7. Data Security

    We implement appropriate technical and organizational security measures:

    • All data transmissions are encrypted using TLS
    • Document files are stored in private, access-controlled storage buckets
    • Row-Level Security (RLS) ensures each user can only access their own data
    • Document download links expire after 1 hour and cannot be shared
    • API access to your data requires authenticated, scoped tokens
    • Admin access is restricted by role and logged for audit purposes

    8. Your Rights

    Under applicable data protection laws (including GDPR where applicable and Thai PDPA), you have the following rights:

    • Access: Request a copy of your personal data
    • Rectification: Correct inaccurate or incomplete data
    • Erasure: Request deletion of your data (subject to legal retention requirements)
    • Restriction: Request that we limit how we use your data
    • Portability: Receive your data in a structured, machine-readable format
    • Withdraw consent: Withdraw consent to AI processing at any time (note: this may prevent completion of your application)

    To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

    9. Cookies

    This portal uses essential cookies required for authentication and session management. We do not use advertising or third-party tracking cookies. Analytics (if activated) are configured in a privacy-preserving manner. You can manage cookie preferences in your browser settings.

    10. Contact & Complaints

    For questions, data requests, or concerns about this Privacy Policy, contact us:

    Dreamond — Data Privacy Contact
    [email protected]

    If you believe your data has been processed unlawfully, you have the right to lodge a complaint with your local data protection authority or, for Thai-law matters, with the Personal Data Protection Committee (PDPC) of Thailand.