“Personal Data” means any information relating to a person which enables the identification of such Person, whether directly or indirectly, but not including the information of deceased Persons in particular.
“Sensitive Personal Data” means any information relating to a particular person which is sensitive and presents significant risks to the person’s fundamental rights and freedoms, which includes data regarding racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, or any data which may affect the Data Subject in the same manner, as prescribed by the Personal Data Protection Committee.
“Personal Data Protection Committee” means the Committee appointed under the Personal Data Protection Act B.E. 2562, in charge of the duties and authorities to govern, issue criteria or measures or provide any other guidance as prescribed by this Act.
2. Collection of Personal Data
Company shall collect personal data within the purpose, scope, and lawful and fair methods as is necessary which is defined in the scope of the Company’s objectives. Accordingly, Company will inform the Data Subject to gain acknowledgment and consent through electronic or other methods as specified by the Company. In case the Company needs to collect sensitive data, the Company shall request explicit consent from the Data Subject before such collecting, except for when this is allowed by the Personal Data Protection Act B.E. 2562, or other laws.
3. Purpose of Collecting and Usage of Personal Data
Company shall collect or use personal data for the purposes or activities such as the procurement process, contract execution, financial transactions, company activities, collaborations or improvement of the Company’s processes; database preparation, process analysis and development, and/or any other purposes which are in compliance with the legal obligations or regulations to which the Company are subject. Company shall retain and use the Personal Data as long as necessary only for the above-mentioned purposes, or as prescribed by laws.
Company shall not conduct any processes which are different from the purposes as have previously been shared with the Data Subject except for when:
the Data Subject has been informed of such a new purpose, and prior consent is obtained;
it is necessary for Company to be in compliance with this Act or other laws.
4. Personal data disclosure
Company shall not disclose personal data of the Data Subject without the consent of the Data Subject and shall disclose it solely for the above mentioned purposes. However, for the benefit of company operations and service provision to the Data Subject, Company may disclose personal data to Company’s subsidiaries or other required persons, domestically and internationally, such as service providers dealing with personal data. Company shall govern the above-mentioned persons to treat the personal data as confidential and not to use the data for purposes which are not covered in prior notifications.
Company may disclose personal data of the Data Subject as required by laws and regulations, such as disclosing it to a government agency, state enterprise, regulator. Also, the Company may disclose it by virtue of laws, such as requests for the purposes of litigation or prosecution, or requests made by the private sector or other persons involved in the legal proceedings.
5. Direction of Personal Data Protection
Company shall establish measures including for the security of personal data in accordance with the laws, regulations, rules, and guidelines regarding the personal data protection for employees and other relevant persons. Company shall promote and encourage employees to learn and recognize the duties and accountabilities in the collection, storage, usage, and disclosure of personal data. All employees are required to follow this policy and all guidelines regarding personal data protection in order for the Company to remain in compliance with this Act accurately and effectively.
6. Rights of Data Subject
The Data Subject is entitled to request any actions regarding their personal data as per the following:
6.1 Right to withdraw consent; however, any consent which was obtained earlier shall not be affected.
6.2 Right to access; to request access to and obtain a copy of the Personal Data related, including to request the disclosure of the acquisition of the Personal Data obtained without his or her consent.
6.3 Right to rectification
6.4 Right to erasure
6.5 Right to restriction of processing
6.6 Right to data transfer
6.7 Right to object
Data Subject may request these rights by sending a notice to the channel following the Contact Information of this policy.
Company shall consider the right request received and inform the Data Subject not exceeding 30 days from the date of receiving such request. However, the Company may deny such a right subject to exception by applicable laws.
7. Review and Changes of Policy
Company may review this policy to ensure that it remains in adherence to laws, any significant business changes, and any suggestions and opinions from other organizations. Company shall announce and review amended policies thoroughly before implementing all the changes.