PRIVACY POLICY

THANTAWAN INDUSTRY PUBLIC COMPANY LIMITED

Thantawan Public Company Limited. (“Company” or “We”) is seriously committed to safeguarding and respecting the privacy rights. We, therefore, set out this privacy policy to inform of our policy in relation to the collection, use and disclosure of the personal data of individual person in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”), relevant laws and regulations.

This privacy policy informs you of how we collect, use or disclose the personal data, what and why we collect, use or disclose the personal data, sources of the personal data, how long we hold it, who we disclose it to, the rights of the data subject, what steps we will take to make sure the personal data stays secure, and private and how to can contact us.

1. INTRODUCTION

1.1. “Personal Data” means any information pertaining to a Data Subject, which enables the identification of Data Subject, whether direct or indirect.

1.2. “Sensitive Information” means any collection of Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner, as prescribed by the Committee.

1.3. This privacy policy will be applied to customers who are individual placing an order on the website, application, or other provided platform of the Company investors, suppliers, business partner, and/or any individual person related to the Company, including corporate customers which are their directors, shareholders, ultimate beneficial owners, employees, and legal representatives of and other individuals authorized to act on their behalf. (“you”)

1.4. By visiting the website or using apps of the Company, registering and creating the user with the Company, to clicking or tapping on “I AGREE TO THANTAWAN’S PRIVACY POLICY” or “similar statements available at the Thantawan’s registration page, place order page or other related part of the website’s pages or apps, you acknowledge that you have been notified of and understood the terms and this Privacy Policy and that you have agreed and consented to the collection, use and/or disclosing of your personal date as described under the terms herein. We may update our Privacy Policy from time to time. Any changes to this Privacy Policy we will post it on our webpage or other appropriate pages or notify to you via an e-mail, whereupon your continued use of the website, including placing orders on the website, shall constitute your acknowledgment and acceptance of the changes we make to this Privacy Policy excluding in case it is required your agreed and consent again, the Company will inform Data Subject to acknowledge and consent through any method such as electronic method, checkbox, opt-in/opt-out box, documents (by hand) and/or other methods as determined by the Company.

1.5. This privacy policy may apply and/or use with other notices, regulations, contractual clauses, consent form, and/or any electronic method that apply in relation to the collection, use and disclosure of your personal data by us.

Please carefully read the Policy. If there is any question about the information contained in this privacy policy, please contact the Company. Contact details for inquiries are at the end of this privacy policy.

2. HOW WE COLLECT AND USE YOUR PERSONAL DATA

To providing your personal information, it must be voluntary and by your consent. The data collection and storage under this privacy policy will be conducted only where it is necessary within the purpose, scope and lawful methods or a lawful basis for collecting and using it justly under the PDPA, relevant rules and laws including,

The purposes and lawful basis for collecting and using your personal data are as follows:

2.1. Our legal obligation

We are regulated by many laws, relevant rules and regulations. It is necessary to collect, use or disclose your personal data to fulfil our legal and regulatory requirements of competent governmental, supervisory or regulatory authorities for the following purposes, which include but not limited to:

a) Compliance with laws (e.g. Civil and commercial laws, Civil procedure and Criminal procedure laws, Tax laws, Businesses organization laws, Public Company Limited laws, Securities and Exchange laws, Maritime Transportation laws, Computer Crime laws, Electronic transaction Laws, Anti-Money Laundering laws, Consumer Protection laws, and other laws which we are subject both in Thailand and in other countries.

b) Compliance with regulations and/or orders of authorized persons (e.g. orders by any court, inquiry official, order of Department of Land Transport, and order of Office of The Consumer Protection Board, regulations of the Office of the Securities and Exchange Commission, Ministry of Commerce, Department of Internal Trade of Thailand, Immigration Bureau, the Customs Department, Port Authority of Thailand, and/or regulation or order of governmental, supervisory or regulatory authorities or authorized officers).

C) Compliance with the PDPA.

2.2. Contract made between you and the Company

We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us in any platform, for the following purposes, which include but not limited to:

a) proceed as the purpose of the contracts made by you with us.

b) track or record your contract performance.

c) produce reports for you or the Company’s benefits as the purpose of the contracts.

d) assist and support your usage and/or access in placing orders on the Company’s site.

e) fulfill your orders

2.3. Our legitimate interests

To take necessary steps for the Company’s legitimate interests or other individual or juristic person which are not overriding your reasonable expectations, which include but not limited to:

a) security purposes e.g. to maintain CCTV records, to register, and/or exchange identification card visitors before entering into the Company’s building.

b) conduct risk managements, audit, to monitor, prevent, and investigate fraud, terrorism, misconduct, other crimes, and/or any offence.

c) record images and/or voices relating to the meetings, trainings, seminars, recreations, exhibition or marketing activities.

d) conduct our relationship managements to serve customers (e.g. handle complaints, survey)

e) develop and improve our services and/or products including systems for the greatest benefits in fulfilling your needs and facilitate your use of and/or access to the service, placing an order via the website.

f) customize your experience through the website service, showing content based on your interests and needs

f) in case of our corporate customer, we will collect, use and disclose personal data of directors, authorized persons, employees, attorneys, and/or visitors.

g) in case you inform us the misconduct or other crimes incurring in the Company.

h) for Data Subject’s benefit, and the consent cannot be made at that time.

2.4. Your consent

In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximize your benefits or to enable us to provide services to fulfil your needs and/or to be consistent with regulations and/or laws for the following purposes, which include but not limited to:

a) collect and use your sensitive personal data as necessary (e.g. to use face recognition, finger scan or your identification card photo (which contains your sensitive personal data, namely religion and/or blood type) for the verification of your identity:

b) collect and use your personal data and any other data to conduct research, analyze, data base for the greatest benefits in developing products and services, or building your data base to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you though any method of the Company and/or of any our agent or any person related to the Company as well as any other purpose which is not prohibited by laws and/or to comply with the laws or regulations applicable to the Company, both now and in the future

c) send or transfer your personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed without obtaining consent)

d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent).

e) any other information that will be useful in the service, the Company will ask for your consent before collecting, using, disclosing your personal data.

Company will inform Data Subject to acknowledge and consent through any method such as electronic method, checkbox, opt-in/opt-out box, documents (by hand) and/or other methods as determined by the Company.

2.5. Other lawful basis

Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:

a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics.

b) prevent or suppress a danger to a person’s life, body or health.

c) necessary to carry out a public task, or for exercising official authority.

3. THANTAWAN WILL COLLECT THESE PERSONAL DATA

Types of Data Examples
Personal Details given name, middle name, surname, date of birth, age, nationality
Contact details address, receipt delivery address, shipping address, address for tax invoice, phone number, facsimile number, email address, social media account
Identification and authentication details ID card photo, Passport information (base on inevitable necessary cases), Identification number, driving license (private automobile license, motorcycle license) or, any other identification card, signatures
System usage information username and password, buy orders, your interest, setting, responding
financial information payment notification, payment history, payment methods, bank account number, credit & debit card information
Information about your relationship with the Company products you used, relationship status between you and the Company, history of your attendance in any activities
Technical information IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other information and technology on the device you use.
Market research, marketing and sales information survey
Information concerning security visual images detection of any suspicious and unusual activity CCTV images or recordings, video recordings
Sensitive personal data religion blood type (Receive from any channel such as your id photo), criminal records, biometric information, (e.g. face recognition, fingerprint)
Other information records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, instant messages and social media communications / Information about insurance policy and claim for compensation /Information that you provide to us through any method

You must only submit personal data which is accurate and not misleading and you must keep it up to date. The Company have the right to request for documentation to verify the personal data provided by you as part of our customer verification processes.

4. SOURCES OF YOUR PERSONAL DATA

4.1. We will collect your personal data directly from you regularly including but not limited to;

a) When you create an account and/or purchase any products with the Company (There will be a message, in any part on the website or apps, asking you to accept this policy before doing so)

b) When you submit any form, including application forms or other forms relating to any of our job posting whether online application form or hard copy document.

c) When you make any agreement or provide documents or other information relating to the contact between you and the Company.

d) When you interact with the Company, such as via cellphone calls (which may be recorded), letter, fax, social media and e-mail etc.

e) When you make any transaction with the Company.

f) When you provide any feedback or complaint to the Company.

g) When you use or request to use the provided service by external service providers of the Company on the website such as making a payment or logistic services etc.

h) When you submit your personal data to the Company for any reason.

4.2. Personal data we collect from other sources may include but not limited to:

a) any person who related to you e.g. representatives, attorneys, proxies.

b) Information obtained by us from corporate customers as you are director, authorized person, attorney, representative or contact person

c) Information obtained by us from Stock Exchange of Thailand, Thailand Securities Depository Company Limited, government sectors, financial institution and/or Service Provider (e.g. Public domain information)

The Company will only be able to collect your personal data if you voluntarily submit the personal data to the Company. However, if you choose not to submit your personal data to the Company or subsequently withdraw your consent to our use of your personal data, the Company may not be able to provide you with the services or let you placing an order.

5. RESTRICTION OF USE AND/OR DISCLOSE PERSONAL DATA

The Company will use or disclose Data Subject personal data in accordance with the purposes and lawful basis in collecting, using, or disclosing your personal data as specified in this privacy policy The Company will supervise its employees, officers or operating staffs from using and/or disclosing Data Subject’s personal data in any way other than the purpose of service or to a third party except these following parties under the provisions of the PDPA:

5.1 our business group companies, business partners and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors.

5.2 lawyer, court, inquiry official, anti-corruption sector, Immigration and customs, the office of the consumer protection board, Stock Exchange of Thailand, ThaiCERT and/or other governmental authorities including authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data.

5.3 suppliers, agents and other entities (e.g. external auditors, Thailand Securities Depository Company Limited, depositories, document warehouses, overseas financial institutions) where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures.

5.4 any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer their rights to: any persons with whom we are required to share data for a proposed sale, reorganization, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business.

5.5 third parties providing services to us (e.g. market analysis including but not limited to agents and subcontractors acting on our behalf, the companies which deliver any document or things to you) security providers.

5.6 social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services.

5.7 other persons that provide you with benefits or services associated with your products or services (e.g. insurance company).

5.8 your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.

5.9 Third parties may unlawfully intercept, or access personal data transmitted to or contained on the website, technologies may malfunction or not work as anticipated, or someone might access, abuse or misuse information through no fault of ours. We will nevertheless deploy reasonable security arrangements to protect your personal data as required by the Privacy Laws; however, there can inevitably be no guarantee of absolute security such as when unauthorized disclosure arises from malicious and sophisticated hacking by malcontents through no fault of the Company.

6.MEASURES TO SECURE AND PROTECT YOUR PERSONAL DATA?

6.1 The Company recognizes the importance of maintaining the security of Data Subject personal data. Therefore, the Company has established measures to maintain the security of personal data appropriately and consistency, and make Data Subject’s personal data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of personal data without rights or unlawful.

6.2 We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.

6.3 The Company will destroy or anonymize your personal data when we have reasonably determined that (1) the purpose for which that personal data was collected is no longer being served by the retention of such personal data: (2) retention is no longer necessary for any legal or business purposes.

6.4 The Company may use third party IT Service providers in order to retain personal data as our Data Processor, which such Service provider must have security measures by prohibiting the collection, use or disclosure of personal data other than those specified by the Company.

7. VISITING, DOWNLOADING CONTENTS AND ADVERTISING

When you visit the website through your device and also view contents and advertisements and accessing other software on the Company’s website. Such information that you have visited will be transmitted to the Company (including, but not limit to, IP address or operation system) which the system will send information about content, advertising that you visit, time and/or software installed to the Company.

8. SURVEYS

The Company may receive personal data from you through various surveys. Participating in these surveys depends entirely on your consent. Therefore, you can choose whether to share your personal date with the Company. These personal data may include contact information (such as an e-mail address) and demographic data (such as interest or age). The received data from the survey will be used for investigating and improving monitor and improve usability and satisfaction in service and selling and it will not be sent to third parties.

9. DISCLAIMER REGARDING SECURITY AND THIRD-PARTY SITES

9.1. The Company do not guarantee the security of personal data and/or other information that you provide on third party sites. The Company do implement a variety of security measures to maintain the safety of your personal data that is in our possession or under our control. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the personal data confidential. When you access your personal data, we offer the use of a secure server.

9.2. The Company may choose various third-party websites to link to, and frame within the website. The Company may also participate in brand development or other relationships in order to offer e-commerce transactions and/or services and other features for you. These linked websites have separate and independent privacy policies as well as security arrangements. Even if the third party is affiliated with us, the Company have no control over these linked sites, each of which has separate privacy and data collection practices independent of us.

9.3 The Company therefore have no responsibility or liability for the content, security arrangements (or lack thereof) and activities of those linked websites. These linked websites are only for your convenience and you therefore access them at your own risk.

10. YOUR RIGHTS

You can exercise your rights under the PDPA upon the effectiveness of the provisions in relation to rights of data subjects.

Should you intend to exercise your rights under the PDPA, please inform your intention to our Data Protection Officer as the contract detail in section 14, our Legal Department will contract you back to inform you of the procedures.

10.1. Right to access and obtain copy

You have the right to access and obtain copy of your personal data holding by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals. The Company will process your request within 30 days from the date of receipt of the request.

10.2. Right to rectification

You have the right to rectify your inaccurate personal data and to update your incomplete personal data.

10.3. Right to erasure

You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.

10.4. Right to restrict

You have the right to request us to restrict the use of your personal data under certain circumstances, e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary.

10.5. Right to object

You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request, e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests.

10.6. Right to data portability

You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.

10.7. Right to withdraw consent

You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal.

10.8. Right to lodge a complaint

You have the right to make a complaint with the Personal Data Protection Committee or their office in the event that we do not comply with the PDPA.

11. INTERNATIONAL TRANSFER OF PERSONAL DATA

The nature of the modern business is global and under certain circumstances, it is necessary for us to send or transfer your personal data internationally. When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method in order to maintain and protect the security of your personal data, which includes the following circumstances:

a) comply with a legal obligation.

b) inform you the inadequate personal data protection standards of the destination country and obtain your consent.

c) perform the agreement made by you with us or your request before entering into an agreement.

d) comply with an agreement between us and other parties for your own interest.

e) prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time.

f) carry out activities relating to the substantial public interest.

12. RETENTION PERIOD OF PERSONAL DATA

We will maintain and keep your personal data while you are our customer and once you has ended the relationship with us (e.g. after you transferred your securities, or in case of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.

The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Civil and commercial laws, Accounting laws, Tax laws, Labour laws and other laws to which we are subject both in Thailand and in other countries).

13. COOKIES (OR SIMILAR TECHNOLOGIES)

The Company may collect and use cookies and similar technologies when you use our services. This includes when you use our websites or applications.

The collection of such cookies and similar technologies helps us recognize you, remember your preferences and customize how we provide our services to you. We may use cookies for a number of purposes (e.g. helping us understand how you interact with our websites or emails, or ensure that online adverts displayed to you will be more relevant to you and of your interests).

14. CONTRACT INFORMATION

14.1 If you have any questions or concerns about our privacy practices, the Company welcome you to contract us immediately:

                            Legal Department

                            Email: PDA@thantawan.com

                            Tel : 02-273-8333

14.2 In the event that you use an email or letter to submit your complaint, please specify at the heading that it is a complaint regarding Privacy Law. This will help the Company process your complaint urgently by forwarding it to the relevant staff of the organization for further action. For instance, you may insert text “Complaint about privacy” in the subject head line.

The Company will ensure and try to handle any complaints or concerns that you are experiencing by fairness and as soon as possible.

15. USE OF PERSONAL DATA FOR ORIGINAL PURPOSES

 We are entitled to continue collecting and using your personal data, which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes. If you do not wish us to continue collecting and using your personal data, you may notify us to withdraw your consent at any time.

16. CHANGES TO THIS PRIVACY POLICY

We may change or update this privacy policy from time to time and we will inform the updated privacy policy at our website https://thantawan.com/ or any other platform of the Company.