top of page

Privacy Policy 

MEA WISE is a testing ground for innovation incubation by the Metropolitan Electricity Authority (MEA), aiming to promote the creation of new electricity-related services to enhance the efficiency and quality of life for the public. This website is the service platform for Powerlyze, one of the startup teams under the MEA WISE project, with the mission of providing smart electricity usage consultation. This is achieved by analyzing electricity consumption data from MEA to offer options that help users save on their electricity bills and improve energy usage efficiency.

To ensure that personal data owners, including employees, customers, and partners of the Metropolitan Electricity Authority, as well as those who have been authorized to work for or benefit the Metropolitan Electricity Authority or within its premises, understand the practices related to the collection, use, disclosure, and management of their personal data in accordance with the Personal Data Protection Act, B.E. 2562 (2019), this notice aims to foster confidence among data owners.

Definitions:

“Data" refers to facts or details that can be presented in the form of text, numbers, sound, images, or any other format that can convey meaning by itself or through any method.

“Person" refers to an individual.

“Data Owner" means an individual who can be identified from that data.

“Personal Data" means any data about an individual which can identify the data owner, either directly or indirectly, which distinguishes the data owner from other individuals, and can be used to track the behavior of the data owner or linked to other data sets that allow for identification of the data owner. This excludes data of deceased persons. For examples:

  1. Name and surname.

  2. Identification numbers such as National ID, passport number, driver's license number, taxpayer ID, bank account numbers, credit card numbers, and electric service account number (Contract Account: CA).

  3. Addresses, email addresses, and telephone numbers.

  4. Device or tool data and various logs used to track and monitor individual activities, such as IP addresses, MAC addresses, cookies, User IDs, and log files.

  5. Biometric data such as facial images, fingerprints, X-ray films, iris scan data, voice identity data, and genetic data.

  6. Asset identification data, such as vehicle registration numbers and land titles.

  7. Information that can be linked with other data, which can identify the data owner, such as date and place of birth, race, nationality, weight, height, location data, medical information, educational background, financial data, and employment details.

  8. Performance assessment data or opinions of employers about an employee’s performance.

  9. Information that can be used to search for other personal information on the internet or through other online channels.

“Data Controller" refers to the person responsible for making decisions regarding the collection, use, or disclosure of personal data.

“Data Protection Officer" (DPO) refers to the person assigned to provide advice, oversee, coordinate, and cooperate with the Office of the Personal Data Protection Committee.

1. Purpose of Collecting, Using, or Disclosing Personal Data

1.1 The Metropolitan Electricity Authority will collect, use, or disclose personal data of employees, service users, and business partners, including those who have consented to work or benefit the Metropolitan Electricity Authority or its premises, for the purposes of the Authority’s operations, studies, analysis, research, or statistical compilations. This also aims to enhance the quality of service to the data owners to increase effectiveness, utilizing methods that are legally compliant and equitable, and keeping personal data only as long as necessary.

For web services, the Metropolitan Electricity Authority will automatically log data entries and exits on the website for the purposes of analysis and monitoring of service usage, and for retrospective inspection in case of operational issues, retaining such data for the necessary period only. The Metropolitan Electricity Authority may also collect personal data from sources other than the data owners themselves when necessary to correct, update, or enhance the quality and efficiency of personal data and the services provided by the Metropolitan Electricity Authority. The data owners will be informed about the collection and accumulation of their personal data.

1.2 The Metropolitan Electricity Authority may transfer or disclose personal data to external individuals, agencies, organizations, or legal entities that have contracts with or are related to the Metropolitan Electricity Authority, both domestically and internationally, for the purpose of improving the quality and efficiency of services provided by the Metropolitan Electricity Authority.

1.3 The Metropolitan Electricity Authority will undertake actions as described in sections 1.1 - 1.2 only with the consent of the data owner, except in the following cases:

1.3.1 For the purpose of preventing or mitigating harm to life, body, or health:
Collection, use, or disclosure of personal data is permissible to prevent harm to the life or health of the data owner, such as transferring personal data to hospitals for emergency medical treatment when the individual is unable to consent personally, and no alternative means are available that avoid disclosing the data.

1.3.2 To fulfill contractual obligations:
Collection, use, or disclosure of personal data is necessary for the provision of services or to fulfill a contract between the data owner and the Metropolitan Electricity Authority. For example, a data owner who wishes to enter into an electricity supply contract with the Authority may need to provide their name, surname, and address to facilitate the service.

1.3.3 To perform state duties
It is necessary to process personal data for the performance of a task carried out for public benefit or in the exercise of official authority assigned to the Metropolitan Electricity Authority. The Authority will weigh the necessity of the task against the rights of the data owner. For instance, processing data may be justified under state tasks related to public welfare or state policies.

1.3.4 For legitimate interests:
In its operations, the Metropolitan Electricity Authority will consider the rights of the data owner as a priority, such as to prevent fraud, ensure network security, and protect the rights and benefits of the data owner, among other things.

1.3.5 For research or statistical purposes:
In cases where historical documents or archives are compiled for the public benefit or related to research or statistics, appropriate protective measures will be implemented to safeguard the rights and freedoms of the data owner.

1.3.6 To comply with legal obligations:
In cases where it is necessary to fulfill a duty mandated by law or an order from a competent governmental authority, it must not be a case where the data controller has discretion over the collection, use, or disclosure of personal data, or where there are alternative means available. For example, the Metropolitan Electricity Authority may disclose personal data to the Revenue Department or provide personal data in accordance with orders from prosecutors or the courts, and store Log Files as specified in the Computer Act.

1.4 The Metropolitan Electricity Authority will not collect personal data related to racial or ethnic origin, political opinions, philosophical or religious beliefs, sexual behavior, criminal records, health information, disabilities, trade union membership, genetic data, biometric data, or any other information similarly affecting the data owner, unless explicit consent is obtained from the data owner or exceptions are provided by law.

2. Rights of the Data Owner

Once the Personal Data Protection Act is fully enforceable, personal data owners have the right to request that the Metropolitan Electricity Authority act according to the following data owner rights:

2.1 Right to Access Personal Data
Data owners can file requests to access their personal data or to obtain explanations about how their personal data was acquired without their consent.

The Metropolitan Electricity Authority will prepare or produce copies of the personal data and related information as specified by the Authority. However, the Metropolitan Electricity Authority reserves the right to deny requests if so, mandated by law, court orders, or if access to such personal data could harm the rights and freedoms of others.

2.2 Right to Correct Personal Data
Data owners have the right to request corrections to their personal data to ensure it is accurate, up-to-date, complete, and does not lead to misunderstandings. Evidence or relevant documents must be provided to support such requests. If the Metropolitan Electricity Authority finds the request for data correction to be unreasonable, it will deny the request and record the reasons for such denial.

2.3 Right to Delete, Destroy, or Anonymize Personal Data
Data owners may request the deletion, destruction, or anonymization of their personal data, and the Metropolitan Electricity Authority will process these requests under the following conditions:

(1) When it is no longer necessary to retain the personal data for the purpose for which it was collected.

(2) If the data owner withdraws consent and there is no legal basis for the Metropolitan Electricity Authority to collect, use, or disclose the personal data.

(3) If the data owner objects to the collection, use, or disclosure of their personal data for the performance of a task carried out for public interest or legitimate interests, and the Metropolitan Electricity Authority cannot override the objection.

(4) If the personal data has been collected, used, or disclosed unlawfully. The Metropolitan Electricity Authority reserves the right to refuse such requests in cases where:

(a) Retention is necessary for exercising the right of freedom of expression.

(b) Retention is necessary for historical documentation or archival purposes.

(c) Retention is necessary for the performance of a task carried out for the public interest or in the exercise of official authority vested in the Metropolitan Electricity Authority.

(d) Retention is necessary for compliance with legal obligations in the field of preventive medicine, occupational medicine, public health, and other purposes as prescribed by law.

(e) The data is used for establishing, exercising, or defending legal claims or whenever courts are acting in their judicial capacity.

2.4 Right to Withdraw Consent
If a data owner has previously given consent to the Metropolitan Electricity Authority, they have the right to withdraw that consent at any time. The Authority will process such withdrawal requests, but this does not affect any actions that were taken before the right to withdraw consent was exercised. The Metropolitan Electricity Authority reserves the right to deny a withdrawal request if legal restrictions on the right to withdraw consent exist.

2.5 Right to Data Portability
Data owners have the right to request the receipt or transfer of their personal data to another data controller in an electronic format that is commonly used and machine-readable. They also have the right to check the status of the data transfer under the following conditions:

(1) The data must be personal data for which the data owner has given consent for its collection, use, or disclosure.

(2) The collection, use, or disclosure of the personal data is necessary for the provision of services or the execution of a contract between the data owner and the Metropolitan Electricity Authority.

The Metropolitan Electricity Authority may deny requests for data receipt or transfer if it is necessary to perform a task for public interest or in compliance with legal obligations, or if it impinges on the rights or freedoms of others. The Authority will record the reasons for any such denial as evidence.

2.6 Right to Restrict the Use of Personal Data
Data owners have the right to request that the Metropolitan Electricity Authority restrict the use of their personal data under the following conditions:

(1) While a correction is under review: If the Metropolitan Electricity Authority is processing a correction request as per section 2.2 and finds the data to be accurate and complete, it may deny the request to restrict the use of the data.

(2) When data is collected, used, or disclosed unlawfully: If personal data has been collected, used, or disclosed unlawfully and the data owner has not exercised their right to deletion, destruction, or anonymization as per section 2.3, but instead requests a restriction on use. The Metropolitan Electricity Authority may deny this request if there is another legal basis for collecting, using, or disclosing the personal data.

(3) When retention of the data is unnecessary: If there is no need to retain the personal data but the data owner requests that it be maintained for the establishment, exercise, or defense of legal claims.

(4) While verifying to reject an objection: If the Metropolitan Electricity Authority is in the process of verifying to reject a data owner's objection as per the rights outlined in section 2.7

2.7 Right to Object
Data owners have the right to object to the collection, use, or disclosure of their personal data under the following conditions:

(1) For the performance of tasks carried out for public interest or in the exercise of official authority vested in the Metropolitan Electricity Authority: The objection can be denied if it is proven that there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data owner, or for the establishment, exercise, or defense of legal claims.

(2) For purposes related to scientific, historical research, or statistical purposes: The Metropolitan Electricity Authority may deny the objection if the processing is necessary for the performance of a task carried out for the public interest. The reasons for denying the objection will be documented as evidence. However, if the grounds for denial do not apply, the Metropolitan Electricity Authority will not continue to collect, use, or disclose the personal data and will segregate it from other data clearly, once the data owner has communicated their objection to the Metropolitan Electricity Authority.

2.8 Right to Be Informed
Data owners have the right to be informed about their data, whether the Metropolitan Electricity Authority has obtained it directly from them or from third parties through the communication channels of the Metropolitan Electricity Authority.

3. Reservation of Rights

The Metropolitan Electricity Authority reserves the right to deny requests made under Section 2 under the following circumstances:

(1) Legal Allowance: The law allows the action to be carried out.

(2) Anonymized Data: The personal data has been anonymized, so it does not reveal or indicate any traits that could identify the data owner.

(3) Lack of Proof: The requester does not provide evidence to confirm they are the data owner or are authorized to make the request.

(4) Unreasonable Requests: Such as those where the requester does not have a legal right or the data is not in the possession of the Metropolitan Electricity Authority.

(5) Frivolous Requests: Such as repetitive requests with the same characteristics or content without a valid reason.

4. Data Security Measures

The Metropolitan Electricity Authority is committed to maintaining the confidentiality and security of personal data to prevent loss, unauthorized access, use, alteration, or disclosure. This is achieved by implementing appropriate technical and administrative measures, practices, and access rights in compliance with legal standards and international norms. The Authority has established various measures to protect personal data effectively and securely as required by law:

4.1 Conditions for Accessing Personal Data
This includes setting confidentiality levels, methods of access, and restrictions on data access.

4.2 Physical Data Storage Processes
Suitable and secure storage facilities for physical documents and data are provided, along with processes for the deletion or destruction of data and equipment when no longer needed or upon request from the data owner.

4.3 IT System Data Storage Processes
Measures such as pseudonymization, anonymization, and encryption are employed to safeguard data integrity and privacy.

4.4 Incident Response and Remediation Plan
A plan is in place to address and rectify any data breaches or security incidents involving personal data.

4.5 Technical and Administrative Security Measures
The Authority implements comprehensive management and technical measures to maintain security in operations involving personal data, aligning with international risk management standards.

5. Amendments to the Privacy Notice

The Metropolitan Electricity Authority may modify this Privacy Notice due to changes such as technological advancements or legal requirements. Any amendments will be published on the website https://www.mea.or.th and the effective date will be indicated. Personal data owners are encouraged to review the updated notice to be informed about the new provisions before disclosing their personal data to the Authority.

By continuing to use the services after amendments have been posted, users acknowledge and accept the revised terms. Users who do not agree with the amended terms should cease using the services immediately.

6. Contact Information

Data subjects can contact the Metropolitan Electricity Authority’s Data Protection Officer for further information via email at meadpo@mea.or.th Alternatively, inquiries can be directed to the head office at Watthanawipat Building, 1192 Rama IV Road, Klong Toey, Klong Toey, Bangkok 10110, through the website https://www.mea.or.th or by calling the Call Center at 1130, or at any Metropolitan Electricity Authority district office.

Source: https://www.mea.or.th/privacy-policy


Please click here to read/download "MEA's Personal Data Protection Policy".

Powerlyze by MEA WISE

Business Development Department
Metropolitan Electricity Authority Ploenchit

30 Soi Chidlom, Ploenchit Road

Lumphini Subdistrict, Pathumwan District, Bangkok 10330

02 256 3386

powerlyze@gmail.com

  • Facebook

Website Policy

Privacy Policy

Personal Data Protection Act (PDPA)

© 2025 MEAWISE.COM  All rights reserved.

bottom of page