Privacy Policy

Announcement

No. Por. 009 / 2564

Re: Policy and Procedure on Personal Data Protection

The company realizes the importance of security of personal data of all customers, suppliers or visitors. To ensure strictness and highest safety of collection, use, disclosure, transfer, and rights of all customers, suppliers or visitors, the Policy and Procedure on Personal Data Protection of customers, suppliers or visitors are hereby issued appropriately and in compliance with Personal Data Protection Act, B.E. 2562 (2019) as follows:

  1. Scope of application
    1. This Announcement shall apply to all Data Subject including customers, suppliers, visitors, and other persons whose personal data is collected, used and disclosed by the company.
    2. This Announcement shall apply to all activities related to the Company’s operations in connection with personal data of customers, suppliers or visitors such as data collection channels, types and forms of data to be collected, objectives of the company for personal data usage, sharing or transfer of personal data to other people, disclosure or provision of personal data to the agencies as required by the law.
    3. This Announcement covers the personal data obtained or collected by the company from visitation, purchase of products and services, subscription, or provision of suggestions, feedback, complaints, making of other transactions via the company website, mobile application, social media platforms, and the company’s dealers but excluding any usage which requires links to website, mobile application, social media platforms of the third party linked to the company website and excluding the shops which are not under the company’s supervision.
  2. Definitions
    “Company” means Thai Parkerizing Company Limited.
    “Data Controller” means the company having the power to make a decision on collection, use, or disclosure of personal data of customers, suppliers, or visitors and also includes the persons assigned or appointed to act on the company’s behalf.
    “Data Processor” means the person or juristic person who carries out the collection, use or disclosure of personal data under the order or on behalf of the company.
    “Data Subject” include
    Customer means any general person who purchases the products or uses the services of the company.
    Supplier means the company, business, shop, person who sells the products or services to the company.
    Visitor means the outsider who contacts, visit the work or place or inspects any activities aside from sale and purchase of the products and services, including visitors to the company through online channels and subscribers (if any).
    “Personal Data” means the data related to a person which can be used to identify the person directly or indirectly, excluding the data of a dead person.
    “Website” means www.thaiparker.co.th Personal Data to be collected or obtained and identifiable which are protected under this policy include:
    • 1) Personal Data e.g. name-surname, sex, date of birth, personal identification number, passport number, taxpayer identification number, nationality, etc.
    • 2) Contact information e.g. telephone number, email, current address, address on the identification card, address used for issuance of receipts, tax invoices, delivery of products and services, etc.
    • 3) Financial information e.g. product and service payment channels, debit/credit card data, etc.
    • 4) Product and service purchase transaction information e.g. payment and product and service purchase history, product warranty, complaints, and other information about product and service purchase, etc.
    • 5) Membership information e.g. membership details such as member card number, type of membership, membership period, and transaction record of members
    • 6) Behavioral information e.g. product and service purchase behaviors through the company channels, information about satisfaction of products and services of the company including issuance of electronic withholding tax certificate through the company website as well as data collection by Cookie, etc.
    • 7) Sensitive information e.g. race, religion, fingerprint, facial recognition system, necessary genetic data, etc.
  3. Collection, compilation, use, and disclosure of personal data of customers, suppliers, and visitors
    1. The company realizes and fully respect the personal rights of customers, suppliers, and visitors.
    2. The company shall store, retain and use the personal data of customers, suppliers, and visitors as necessary to conduct mutual business or as required by the law or the competent authorities.
    3. The company shall collect, use or disclose the information directly obtained from customers, suppliers or visitors who are Data Subject only. If the data is obtained from other sources, the company shall not use such data unless the consent has been obtained from customers, suppliers, or visitors or as permitted by the law to collect, use or disclose.
    4. The company shall collect several types of data of customers, suppliers or visitors for the business purposes only.
    5. The company shall arrange the personal data collector, personal data processor, user, approver, as well as the clear procedures to ensure that the Personal Data shall be protected and kept confidential as required by the law.
    6. In the case that the data is required to be disclosed to the government agencies or inspection agencies such as the auditor and quality system inspector, the company shall disclose it carefully and declare the data ass confidential and recorded for further verification.
    7. Personal Data stored by the company shall be deemed as the important business data which shall be maintained by the company as if it were the company’s property. Access, disclosure or destruction without approval from the authorized person shall result in the punishment to the maximum extent permitted by the law.
    8. The company shall issue the measures to protect Personal Data to ensure safety of collection, use and disclosure.
    9. The company may collect, use, or disclose the Personal Data of customers, suppliers, or visitors in any activities of the company such as CSR or public relations media or training or other activities under the company’s objectives.
    10. The company shall use the contact information for communication and giving information related to the products and services, promotional programs or campaigns of the company, special deals or privileges for the benefits of customers, suppliers, or visitors through the permitted channels, as well as for delivery of products and services and for necessary business contact only.
    11. The company shall use the financial information and purchase data for management of the payment related to e-commerce.
    12. The company shall use the behavioral information to analyze and process the nature of Website usage, marketing research for model analysis and selection of products and services of customers, visitors, and members, opinion survey, statistic planning and analysis, and market trends for the business purposes of the company only.
  4. Access, verification, amendment, withdrawal of consent, and destruction of Personal Data of customers, suppliers, or visitors who are Data Subject
    1. Customers, suppliers, or visitors have the right to know about their Personal Data stored by the company by notifying their intention to the company and follow the procedures determined by the company.
    2. Customers, suppliers, or visitors shall submit the documents or Personal Data as requested by the company within the specified period for the mutual benefit of business operation.
    3. Customers, suppliers, or visitors shall update their Personal Data in case of the change of first name – last name, taxpayer identification number, or location of business establishment by sending the company a notice within 30 days from the date of change.
    4. Customers, suppliers, or visitors may request the company to withdraw their consent and destroy their Personal Data which is collected, used and/or disclosed by the company upon termination of the mutual business or the end of mission. However, the company may keep the Personal Data in the case that it is necessary for exercise of the right to claim or in accordance with the law or for safety reason.
  5. Use and modification of data
    To ensure that the collection, use and retention of Personal Data of customers, suppliers, or visitors are in compliance with the policy or the relevant law, the managers of the departments which are directly involved with customers, suppliers, or visitors shall perform as follows:
    1. Explain the rationale behind this policy to Data Subject and notify their rights and duties under this policy.
    2. Provide information in good faith and on the need-to-know basis as deemed appropriate for the relevant work. In case of any change, addition, deletion, or if any further information is required, the managers of departments which are directly involved with customers, suppliers, or visitors to make available or update the information without taking any action arbitrarily or without permission.
    3. In case of the change of position, replacement or resignation of the employees related to the Personal Data of customers, suppliers, or visitors, Data Subject shall be notified without delay to prevent false claims or use of Personal for personal purposes or unauthorized disclosure which may cause damage to Data Subject.
    4. The use and retention of Personal Data shall be recorded for verification to ensure compliance with this policy or the relevant laws.
  6. Data Controller and persons related to Personal Data
    The company, as the Data Controller, shall determine the roles and responsibilities of all employees whose works are related to Personal Data of customers, suppliers, or visitors to ensure compliance with the policy as follows:
    1. Appoint the working group on protection of Personal Data of customers, suppliers, or visitors which shall consist of managers/heads of the relevant sections to determine the data to be collected, used, disclosed, or verify whether the use of data is in accordance with the law, as well as Data Protection Officer of the company (if any).
    2. Review and approve the use, transfer, control of the new data which is beyond the power of the appointed Data Controller.
    3. Review the measures on retention, collection, use, and disclosure of data at least once a year or as necessary.
    4. Order or appoint the persons to take care of emergencies in case of leakage or breach of Personal Data.
  7. Transfer of Personal Data
    1. The company may transfer Personal Data of customers, suppliers, or visitors to other countries provided that the destination countries or international organizations receiving the data shall have appropriate standards of personal data protection or as equivalent to the law on personal data protection hereunder.
    2. The company may transmit Personal Data of customers, suppliers, or visitors to the parent company, or subsidiaries, or other affiliates, or other customer companies, including the persons or juristic persons having relationships with the company to enhance the effectiveness of service provision to customers, suppliers, or visitors.
  8. Personal Data security
    1. The company ensures appropriate security standards to prevent loss, access, use, change, modification, or disclosure of Personal Data without authorization or illegally.
    2. The company shall review the measures on retention, collection, use, and disclosure at least once a year or as necessary to ensure that Personal Data control of the company is safe and legal.
    3. The company shall be responsible for damage incurred because of the company’s fault unless such damage is caused by the use or disclosure of Personal Data to the third party, as well as ignorance or negligence to sign out from the database or computer system of the company made or consented to be made by customers, suppliers, or visitors.
    4. The company inspects and assesses the efficiency of Personal Data security system, and Personal Data shall not be used for other purposes except for mutual business operation.
  9. Notification of Personal Data Breach
      In case of violation of security measures of the company, leading to Personal Data breach or leakage of data to the public, the company shall notify Data Subject as soon as possible and inform the remedy plan in case of high-risk data.
  10. Destruction of Personal Data
    The company shall arrange the measures to ensure that the Personal Data in possession of or under control of the company shall be destroyed and/or anonymized at appropriate time when;
    1. The stored Personal Data is not useful for the objectives any longer.
    2. Storage of such Personal Data is not necessary for the legal or business objectives of the company any longer.
  11. Breaches and punishments
    1. Any employees who collect, use, disclose, or breach Personal Data of customers, suppliers, or visitors for personal interest without approval of the company shall be deemed as committing misconduct and intentionally causing damage to the company or other persons, which is a serious offence that may result in dismissal without any compensation.
    2. The employees assigned by the company to control, collect, use, disclose Personal Data shall have specific duties. If they are in breach, more serious punishment shall be imposed.
    3. Any employees who ignore, breach, fail to comply with this notification, in case of any damage, shall compensate all damages by themselves and in full as required by the law. Also, the company may file a suit to demand damages to take legal actions to the fullest extent.
  12. Contact and complaints
    Customers, suppliers, or visitors who wish to contact or complain about management of Personal Data may contact the company at No. 570 Moo.4, Bangpoo Industrial Estate, Soi.12B, Prakasa Sub-district, Muang District, Samutprakan Province 10280 by addressing Mr. Satit Phutthasakul, Human Resources Department or call 02-324-6600 ext. 6122 or email: satit@thaiparker.co.th. The company shall investigate and find the best solutions to the complained issued promptly and fairly.
The company truly hopes that all employees will understand and comply strictly with the above policy and procedure to ensure that Personal Data of customers, suppliers, or visitor is collected, used, or disclosed in accordance with appropriate Personal Data Protection measures.
This Announcement shall into effect on 12 January 2021.

Announced on 12 January 2021.