1.1. “Personal Data” means any information pertaining to a data Subject, which enables the identification of data Subject, whether direct or indirect.
1.2. “Sensitive Information” means any collection of Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner, as prescribed by the Committee.
- HOW WE COLLECT AND USE YOUR PERSONAL DATA
The purposes and lawful basis for collecting and using your personal data are as follows:
2.1. Our legal obligation
We are regulated by many laws, relevant rules and regulations. It is necessary to collect, use or disclose your personal data to fulfil our legal and regulatory requirements of competent governmental, supervisory or regulatory authorities for the following purposes, which include but not limited to:
a) Compliance with laws (e.g. Civil and commercial laws, Civil procedure and Criminal procedure laws, Tax laws, Businesses organization laws, Public Company Limited laws, Securities and Exchange laws, Maritime Transportation laws, Computer Crime laws, Electronic transaction Laws, Anti-Money Laundering laws, Consumer Protection laws, and other laws which we are subject both in Thailand and in other countries.
b) Compliance with regulations and/or orders of authorized persons (e.g. orders by any court, inquiry official, order of Department of Land Transport, and order of Office of The Consumer Protection Board, regulations of the Office of the Securities and Exchange Commission, Ministry of Commerce, Department of Internal Trade of Thailand, Immigration Bureau, the Customs Department, Port Authority of Thailand, and/or regulation or order of governmental, supervisory or regulatory authorities or authorized officers).
C) Compliance with the PDPA.
2.2. Contract made between you and the Company
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:
a) proceed as the purpose of the contracts made by you with us.
b) track or record your contract performance.
c) produce reports for you or the Company’s benefits as the purpose of the contracts.
d) payment notification.
2.3. Our legitimate interests
To take necessary steps for the Company’s legitimate interests or other individual or juristic person which are not overriding your reasonable expectations, which include but not limited to:
a) security purposes e.g. to maintain CCTV records, to register, and/or exchange identification card visitors before entering into the Company’s building.
b) conduct risk managements, audit, to monitor, prevent, and investigate fraud, terrorism, misconduct, other crimes, and/or any offence.
c) record images and/or voices relating to the meetings, trainings, seminars, recreations, exhibition or marketing activities.
d) conduct our relationship managements to serve customers (e.g. handle complaints, survey)
e) develop and improve our services and/or products including systems for the greatest benefits in fulfilling your needs.
f) in case of our corporate customer, we will collect, use and disclose personal data of directors, authorized persons, employees, attorneys, and/or visitors.
g) in case you inform us the misconduct or other crimes incurring in the Company.
h) for Data Subject’s benefit, and the consent cannot be made at that time.
2.4. Your consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximize your benefits or to enable us to provide services to fulfil your needs and/or to be consistent with regulations and/or laws for the following purposes, which include but not limited to:
a) collect and use your sensitive personal data as necessary (e.g. to use face recognition, finger scan or your identification card photo (which contains your sensitive personal data, namely religion and/or blood type) for the verification of your identity:
b) collect and use your personal data and any other data to conduct research, analyze, data base for the greatest benefits in developing products and services, or building your data base to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you though any method of the Company and/or of any our agent or any person related to the Company as well as any other purpose which is not prohibited by laws and/or to comply with the laws or regulations applicable to the Company, both now and in the future
c) send or transfer your personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed without obtaining consent)
d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent).
e) any other information that will be useful in the service, the Company will ask for your consent before collecting, using, disclosing your personal data.
Company will inform Data Subject to acknowledge and consent through any method such as electronic method, checkbox, opt-in/opt-out box, documents (by hand) and/or other methods as determined by the Company.
2.5. Other lawful basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics.
b) prevent or suppress a danger to a person’s life, body or health.
c) necessary to carry out a public task, or for exercising official authority.
- WHAT PERSONAL DATA WE COLLECT, USE AND DISCLOSE
- SOURCES OF YOUR PERSONAL DATA
we will collect your personal data directly from you regularly e.g. when you enter into any agreement with us, when you interact with us though any method, though using of Cookies (or Similar technologies) and/or when you submit your personal data to us for any reason. But we, sometimes may get it from other sources, in such case we will ensure the compliance with the PDPA.
Personal data we collect from other sources may include but not limited to:
a) any person who related to you e.g. representatives, attorneys, proxies.
b) Information obtained by us from corporate customers as you are director, authorized person, attorney, representative or contact person
c) Information obtained by us from Stock Exchange of Thailand, Thailand Securities Depository Company Limited, government sectors, financial institution and/or Service Provider (e.g. Public domain information)
- RESTRICTION OF USE AND/OR DISCLOSE PERSONAL DATA
5.1. our business group companies, business partners and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors.
5.2. lawyer, court, inquiry official, anti-corruption sector, Immigration and customs, the office of the consumer protection board, Stock Exchange of Thailand, ThaiCERT and/or other governmental authorities including authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data.
5.3. suppliers, agents and other entities (e.g. external auditors, Thailand Securities Depository Company Limited, depositories, document warehouses, overseas financial institutions) where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures.
5.4. any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer their rights to: any persons with whom we are required to share data for a proposed sale, reorganization, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business.
5.5. third parties providing services to us (e.g. market analysis including but not limited to agents and subcontractors acting on our behalf, the companies which deliver any document or things to you) security providers.
5.6. social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services.
5.7. other persons that provide you with benefits or services associated with your products or services (e.g. insurance company).
5.8. your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.
- MEASURES TO SECURE AND PROTECT YOUR PERSONAL DATA
6.1. The Company recognizes the importance of maintaining the security of Data Subject personal data. Therefore, the Company has established measures to maintain the security of personal data appropriately and consistency, and make Data Subject’s personal data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of personal data without rights or unlawful.
6.2. We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.
6.3. The Company will destroy or anonymize your personal data when we have reasonably determined that (1) the purpose for which that personal data was collected is no longer being served by the retention of such personal data: (2) retention is no longer necessary for any legal or business purposes.
6.4. The Company may use third party IT Service providers in order to retain personal data as our Data Processor, which such Service provider must have security measures by prohibiting the collection, use or disclosure of personal data other than those specified by the Company.
- YOUR RIGHTS
You can exercise your rights under the PDPA upon the effectiveness of the provisions in relation to rights of data subjects.
Should you intend to exercise your rights under the PDPA, please inform your intention to our Data Protection Officer as the contract detail in section 12, our Legal Department will contract you back to inform you of the procedures.
7.1. Right to access and obtain copy
You have the right to access and obtain copy of your personal data holding by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals. The Company will process your request within 30 days from the date of receipt of the request.
7.2. Right to rectification
You have the right to rectify your inaccurate personal data and to update your incomplete personal data.
7.3. Right to erasure
You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.
7.4. Right to restrict
You have the right to request us to restrict the use of your personal data under certain circumstances, e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary.
7.5. Right to object
You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request, e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests.
7.6. Right to data portability
You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.
7.7. Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal.
7.8 Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Committee or their office in the event that we do not comply with the PDPA.
- INTERNATIONAL TRANSFER OF PERSONAL DATA
The nature of the modern business is global and under certain circumstances, it is necessary for us to send or transfer your personal data internationally. When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method in order to maintain and protect the security of your personal data, which includes the following circumstances:
a) comply with a legal obligation.
b) inform you the inadequate personal data protection standards of the destination country and obtain your consent.
c) perform the agreement made by you with us or your request before entering into an agreement.
d) comply with an agreement between us and other parties for your own interest.
e) prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time.
f) carry out activities relating to the substantial public interest.
- RETENTION PERIOD OF PERSONAL DATA
We will maintain and keep your personal data while you are our customer and once you has ended the relationship with us (e.g. after you transferred your securities, or in case of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.
The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Civil and commercial laws, Accounting laws, Tax laws, Labour laws and other laws to which we are subject both in Thailand and in other countries).
- COOKIES (OR SIMILAR TECHNOLOGIES)
- USE OF PERSONAL DATA FOR ORIGINAL PURPOSES
We are entitled to continue collecting and using your personal data, which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes. If you do not wish us to continue collecting and using your personal data, you may notify us to withdraw your consent at any time.
- CONTACT INFORMATION
Thantawan Industry Public Company limited
123 Suntowers Building A, 39th Vibhavadi-Rangsit Road, Jomphol, Jatujak District, Bangkok, Thailand 10900
hours: Monday – Friday 8:00 A.M.- 5:30 P.M.
Email: [email protected]
In the event that you use an email or letter to submit your complaint, please specify at the heading that it is a complaint regarding Privacy Law. This will help the Company process your complaint urgently by forwarding it to the relevant staff of the organization for further action. For instance, you may insert text “Complaint about privacy” in the subject head line.