THANTAWAN INDUSTRY PUBLIC COMPANY LIMITED
1.1. “Personal Data” means any information pertaining to a Data Subject, which enables the identification of Data Subject, whether direct or indirect.
1.2. “Sensitive Information” means any collection of Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner, as prescribed by the Committee.
2. HOW WE COLLECT AND USE YOUR PERSONAL DATA
The purposes and lawful basis for collecting and using your personal data are as follows:
2.1. Our legal obligation
We are regulated by many laws, relevant rules and regulations. It is necessary to collect, use or disclose your personal data to fulfil our legal and regulatory requirements of competent governmental, supervisory or regulatory authorities for the following purposes, which include but not limited to:
a) Compliance with laws (e.g. Civil and commercial laws, Civil procedure and Criminal procedure laws, Tax laws, Businesses organization laws, Public Company Limited laws, Securities and Exchange laws, Maritime Transportation laws, Computer Crime laws, Electronic transaction Laws, Anti-Money Laundering laws, Consumer Protection laws, and other laws which we are subject both in Thailand and in other countries.
b) Compliance with regulations and/or orders of authorized persons (e.g. orders by any court, inquiry official, order of Department of Land Transport, and order of Office of The Consumer Protection Board, regulations of the Office of the Securities and Exchange Commission, Ministry of Commerce, Department of Internal Trade of Thailand, Immigration Bureau, the Customs Department, Port Authority of Thailand, and/or regulation or order of governmental, supervisory or regulatory authorities or authorized officers).
C) Compliance with the PDPA.
2.2. Contract made between you and the Company
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us in any platform, for the following purposes, which include but not limited to:
a) proceed as the purpose of the contracts made by you with us.
b) track or record your contract performance.
c) produce reports for you or the Company’s benefits as the purpose of the contracts.
d) assist and support your usage and/or access in placing orders on the Company’s site.
e) fulfill your orders
2.3. Our legitimate interests
To take necessary steps for the Company’s legitimate interests or other individual or juristic person which are not overriding your reasonable expectations, which include but not limited to:
a) security purposes e.g. to maintain CCTV records, to register, and/or exchange identification card visitors before entering into the Company’s building.
b) conduct risk managements, audit, to monitor, prevent, and investigate fraud, terrorism, misconduct, other crimes, and/or any offence.
c) record images and/or voices relating to the meetings, trainings, seminars, recreations, exhibition or marketing activities.
d) conduct our relationship managements to serve customers (e.g. handle complaints, survey)
e) develop and improve our services and/or products including systems for the greatest benefits in fulfilling your needs and facilitate your use of and/or access to the service, placing an order via the website.
f) customize your experience through the website service, showing content based on your interests and needs
f) in case of our corporate customer, we will collect, use and disclose personal data of directors, authorized persons, employees, attorneys, and/or visitors.
g) in case you inform us the misconduct or other crimes incurring in the Company.
h) for Data Subject’s benefit, and the consent cannot be made at that time.
2.4. Your consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximize your benefits or to enable us to provide services to fulfil your needs and/or to be consistent with regulations and/or laws for the following purposes, which include but not limited to:
a) collect and use your sensitive personal data as necessary (e.g. to use face recognition, finger scan or your identification card photo (which contains your sensitive personal data, namely religion and/or blood type) for the verification of your identity:
b) collect and use your personal data and any other data to conduct research, analyze, data base for the greatest benefits in developing products and services, or building your data base to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you though any method of the Company and/or of any our agent or any person related to the Company as well as any other purpose which is not prohibited by laws and/or to comply with the laws or regulations applicable to the Company, both now and in the future
c) send or transfer your personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed without obtaining consent)
d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent).
e) any other information that will be useful in the service, the Company will ask for your consent before collecting, using, disclosing your personal data.
Company will inform Data Subject to acknowledge and consent through any method such as electronic method, checkbox, opt-in/opt-out box, documents (by hand) and/or other methods as determined by the Company.
2.5. Other lawful basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics.
b) prevent or suppress a danger to a person’s life, body or health.
c) necessary to carry out a public task, or for exercising official authority.
3. THANTAWAN WILL COLLECT THESE PERSONAL DATA
|Types of Data||Examples|
|Personal Details||given name, middle name, surname, date of birth, age, nationality|
|Contact details||address, receipt delivery address, shipping address, address for tax invoice, phone number, facsimile number, email address, social media account|
|Identification and authentication details||ID card photo, Passport information (base on inevitable necessary cases), Identification number, driving license (private automobile license, motorcycle license) or, any other identification card, signatures|
|System usage information||username and password, buy orders, your interest, setting, responding|
|financial information||payment notification, payment history, payment methods, bank account number, credit & debit card information|
|Information about your relationship with the Company||products you used, relationship status between you and the Company, history of your attendance in any activities|
|Technical information||IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other information and technology on the device you use.|
|Market research, marketing and sales information||survey|
|Information concerning security||visual images detection of any suspicious and unusual activity CCTV images or recordings, video recordings|
|Sensitive personal data||religion blood type (Receive from any channel such as your id photo), criminal records, biometric information, (e.g. face recognition, fingerprint)|
|Other information||records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, instant messages and social media communications / Information about insurance policy and claim for compensation /Information that you provide to us through any method|
You must only submit personal data which is accurate and not misleading and you must keep it up to date. The Company have the right to request for documentation to verify the personal data provided by you as part of our customer verification processes.
4. SOURCES OF YOUR PERSONAL DATA
4.1. We will collect your personal data directly from you regularly including but not limited to;
a) When you create an account and/or purchase any products with the Company (There will be a message, in any part on the website or apps, asking you to accept this policy before doing so)
b) When you submit any form, including application forms or other forms relating to any of our job posting whether online application form or hard copy document.
c) When you make any agreement or provide documents or other information relating to the contact between you and the Company.
d) When you interact with the Company, such as via cellphone calls (which may be recorded), letter, fax, social media and e-mail etc.
e) When you make any transaction with the Company.
f) When you provide any feedback or complaint to the Company.
g) When you use or request to use the provided service by external service providers of the Company on the website such as making a payment or logistic services etc.
h) When you submit your personal data to the Company for any reason.
4.2. Personal data we collect from other sources may include but not limited to:
a) any person who related to you e.g. representatives, attorneys, proxies.
b) Information obtained by us from corporate customers as you are director, authorized person, attorney, representative or contact person
c) Information obtained by us from Stock Exchange of Thailand, Thailand Securities Depository Company Limited, government sectors, financial institution and/or Service Provider (e.g. Public domain information)
The Company will only be able to collect your personal data if you voluntarily submit the personal data to the Company. However, if you choose not to submit your personal data to the Company or subsequently withdraw your consent to our use of your personal data, the Company may not be able to provide you with the services or let you placing an order.
5. RESTRICTION OF USE AND/OR DISCLOSE PERSONAL DATA
5.1 our business group companies, business partners and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors.
5.2 lawyer, court, inquiry official, anti-corruption sector, Immigration and customs, the office of the consumer protection board, Stock Exchange of Thailand, ThaiCERT and/or other governmental authorities including authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data.
5.3 suppliers, agents and other entities (e.g. external auditors, Thailand Securities Depository Company Limited, depositories, document warehouses, overseas financial institutions) where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures.
5.4 any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer their rights to: any persons with whom we are required to share data for a proposed sale, reorganization, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business.
5.5 third parties providing services to us (e.g. market analysis including but not limited to agents and subcontractors acting on our behalf, the companies which deliver any document or things to you) security providers.
5.6 social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services.
5.7 other persons that provide you with benefits or services associated with your products or services (e.g. insurance company).
5.8 your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.
5.9 Third parties may unlawfully intercept, or access personal data transmitted to or contained on the website, technologies may malfunction or not work as anticipated, or someone might access, abuse or misuse information through no fault of ours. We will nevertheless deploy reasonable security arrangements to protect your personal data as required by the Privacy Laws; however, there can inevitably be no guarantee of absolute security such as when unauthorized disclosure arises from malicious and sophisticated hacking by malcontents through no fault of the Company.
6.MEASURES TO SECURE AND PROTECT YOUR PERSONAL DATA?
6.1 The Company recognizes the importance of maintaining the security of Data Subject personal data. Therefore, the Company has established measures to maintain the security of personal data appropriately and consistency, and make Data Subject’s personal data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of personal data without rights or unlawful.
6.2 We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.
6.3 The Company will destroy or anonymize your personal data when we have reasonably determined that (1) the purpose for which that personal data was collected is no longer being served by the retention of such personal data: (2) retention is no longer necessary for any legal or business purposes.
6.4 The Company may use third party IT Service providers in order to retain personal data as our Data Processor, which such Service provider must have security measures by prohibiting the collection, use or disclosure of personal data other than those specified by the Company.
7. VISITING, DOWNLOADING CONTENTS AND ADVERTISING
When you visit the website through your device and also view contents and advertisements and accessing other software on the Company’s website. Such information that you have visited will be transmitted to the Company (including, but not limit to, IP address or operation system) which the system will send information about content, advertising that you visit, time and/or software installed to the Company.
The Company may receive personal data from you through various surveys. Participating in these surveys depends entirely on your consent. Therefore, you can choose whether to share your personal date with the Company. These personal data may include contact information (such as an e-mail address) and demographic data (such as interest or age). The received data from the survey will be used for investigating and improving monitor and improve usability and satisfaction in service and selling and it will not be sent to third parties.
9. DISCLAIMER REGARDING SECURITY AND THIRD-PARTY SITES
9.1. The Company do not guarantee the security of personal data and/or other information that you provide on third party sites. The Company do implement a variety of security measures to maintain the safety of your personal data that is in our possession or under our control. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the personal data confidential. When you access your personal data, we offer the use of a secure server.
9.2. The Company may choose various third-party websites to link to, and frame within the website. The Company may also participate in brand development or other relationships in order to offer e-commerce transactions and/or services and other features for you. These linked websites have separate and independent privacy policies as well as security arrangements. Even if the third party is affiliated with us, the Company have no control over these linked sites, each of which has separate privacy and data collection practices independent of us.
9.3 The Company therefore have no responsibility or liability for the content, security arrangements (or lack thereof) and activities of those linked websites. These linked websites are only for your convenience and you therefore access them at your own risk.
10. YOUR RIGHTS
You can exercise your rights under the PDPA upon the effectiveness of the provisions in relation to rights of data subjects.
Should you intend to exercise your rights under the PDPA, please inform your intention to our Data Protection Officer as the contract detail in section 14, our Legal Department will contract you back to inform you of the procedures.
10.1. Right to access and obtain copy
You have the right to access and obtain copy of your personal data holding by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals. The Company will process your request within 30 days from the date of receipt of the request.
10.2. Right to rectification
You have the right to rectify your inaccurate personal data and to update your incomplete personal data.
10.3. Right to erasure
You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.
10.4. Right to restrict
You have the right to request us to restrict the use of your personal data under certain circumstances, e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary.
10.5. Right to object
You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request, e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests.
10.6. Right to data portability
You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.
10.7. Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal.
10.8. Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Committee or their office in the event that we do not comply with the PDPA.
11. INTERNATIONAL TRANSFER OF PERSONAL DATA
The nature of the modern business is global and under certain circumstances, it is necessary for us to send or transfer your personal data internationally. When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method in order to maintain and protect the security of your personal data, which includes the following circumstances:
a) comply with a legal obligation.
b) inform you the inadequate personal data protection standards of the destination country and obtain your consent.
c) perform the agreement made by you with us or your request before entering into an agreement.
d) comply with an agreement between us and other parties for your own interest.
e) prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time.
f) carry out activities relating to the substantial public interest.
12. RETENTION PERIOD OF PERSONAL DATA
We will maintain and keep your personal data while you are our customer and once you has ended the relationship with us (e.g. after you transferred your securities, or in case of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.
The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Civil and commercial laws, Accounting laws, Tax laws, Labour laws and other laws to which we are subject both in Thailand and in other countries).
13. COOKIES (OR SIMILAR TECHNOLOGIES)
14. CONTRACT INFORMATION
14.1 If you have any questions or concerns about our privacy practices, the Company welcome you to contract us immediately:
Tel : 02-273-8333
14.2 In the event that you use an email or letter to submit your complaint, please specify at the heading that it is a complaint regarding Privacy Law. This will help the Company process your complaint urgently by forwarding it to the relevant staff of the organization for further action. For instance, you may insert text “Complaint about privacy” in the subject head line.
The Company will ensure and try to handle any complaints or concerns that you are experiencing by fairness and as soon as possible.
15. USE OF PERSONAL DATA FOR ORIGINAL PURPOSES
We are entitled to continue collecting and using your personal data, which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes. If you do not wish us to continue collecting and using your personal data, you may notify us to withdraw your consent at any time.