นโยบายคุ้มครองข้อมูลส่วนบุคคล

During the course of its business operations, HANG PETCH THONG SAENGRAWEE COMPANY LIMITED. has always respected privacy rights and considered the potential impacts of personal data processing on customers, shareholders, employees, and other individuals associated with our company. Therefore, HANG PETCH THONG SAENGRAWEE COMPANY LIMITED. is announcing its personal data protection policy to establish clear guidelines, mechanisms, and measures for data processing. This is to ensure that the aforementioned individuals receive legal protection that complies with international standards.

1. Channels for Receiving Information

    • Personal data obtained directly from you: The company receives your personal data directly through one of the following methods:

        1. You contact or request information from the company.
        2. Service application forms, service request forms, additional service request forms, or service change request forms.
        3. You register by creating an account through the company’s website or application.
        4. You complete surveys or communicate with the company through various channels, such as telephone, email.
        5. The company’s application, other social media platforms of the company, or through the company’s employees.
        6. You perform transactions or provide information through the company’s website, application, or devices.
    • Personal data obtained from external sources: The company may receive your personal data from external entities/individuals, such as product/service/website/application providers, public sources, or government agencies. In such cases, the company will inform you of the purpose and details of data processing, and may seek your consent for personal data processing again if:
        1. The processing has a significantly new and different purpose.
        2. The processing may have severe impacts.
        3. The personal data to be processed is related to criminal records.

2. Personal Data Collected, Used, and Disclosed by the Company : Personal data processed by the company includes:

A. Data that can directly or indirectly identify the data subject, including:

    1. Personal Information: Name, surname, gender, date of birth, age, information on various documents such as national ID card, passport, residence certificate, alien registration card, work permit, social security card, driver’s license, vehicle registration manual, or house registration. Signature, tax identification number, family member information, facial photos, educational background, occupation, status, membership, employment history, other benefits not related to compensation from work, insurance-related information.
    2. Contact Information: Home address, document delivery address, email address, home phone number, mobile phone number, fax number, names or accounts for using applications or digital channels such as Line, Google, Facebook, YouTube, Twitter, Whatsapp, or Wechat. Contact information provided to the company.
    3. Communication with the Company: Phone, electronic or digital channels, social media, CCTV data, and off-site services. This information may appear or be recorded in written form, voice recordings, transaction records, photos, or videos.
    4. Technical Information: Computer or Internet Protocol (IP) address, Media Access Control (MAC) address, device ID, connection logs, application interface (API) connections, cookies, types and versions of plugins, browser, operating system and platform, Internet or mobile network system, geographic location data, device settings, and other technical data from using the company’s platform, application, and operating system.
    5. Usage Information: Username, password, search data, viewing statistics, menus used, duration of use on the website, platform, application, timestamp of last click, favorites, Q&A data, computer traffic data (log files), communication with the company.
    6. Behavioral Information: Information about personal interests or preferences, usage patterns, or services used.

B. Sensitive Personal Data: For which the company must obtain your consent before collecting, including religion, criminal records, health information, or any other information as determined by the Personal Data Protection Committee.

3. Purposes for Collecting, Using, and Disclosing Your Personal Data

The company will collect, use, and disclose your personal data based on the criteria set forth in the law, which includes:

    1. Contractual Necessity:  To fulfill a contract or request you have made with the company.
    2. Legal Obligation:  To comply with legal requirements that the company must follow.
    3. Legitimate Interests:  For the legitimate interests of the company or another individual or legal entity.
    4. Necessity to Prevent Harm:  To prevent harm to life, body, or health of individuals.
    5. Public Interest:  For public interest purposes, public benefit missions, or the exercise of state rights.
    6. Consent:  With your consent, in cases where the aforementioned criteria do not apply.

For the following purposes:

    1. For communication, contact, or providing information related to the products or services you use or will use with the company.
    2. To fulfill the agreements specified in your requests or contracts made with the company, or related to those requests or contracts, such as document delivery, including to comply with contracts between the company and other necessary parties related to providing services to you.
    3. To manage the relationship between you and the company and create details or service history for future services to you.
    4. To manage customer data of legal entities or asset funds, which may include your personal data.
    5. To comply with laws and related regulations.
    6. To verify and confirm your identity according to the company’s Know Your Customer (KYC) process, including verifying your information and conducting checks as required by law and company policies.
    7. To comply with requests or recommendations from regulatory bodies overseeing the company, such as protecting customers from certain restrictions, preventing elderly individuals from performing certain transactions themselves, and damage control.
    8. For internal management and administration of the company, such as supervision, improvement, and auditing of internal operations.
    9. To manage and mitigate risks, such as
        • Preventing, addressing, or reducing risks from illegal activities that may affect you, the company’s customers, personnel, and the company itself, using such information to improve security systems for various channels, operational systems, and IT security measures.
        • For security purposes, such as recording images of visitors or those conducting transactions with the company via CCTV and requiring ID cards before entering the premises to ensure internal security.
        • To manage business-related risks of financial institutions, such as credit risk, operational risk, legal risk, liquidity risk, and market risk.
    10. To procure and offer products, services, and service options to you, including publicizing, contacting, notifying, granting, or presenting privileges, benefits, rewards, or information about the company’s products or services and those of group companies.
    11. To procure and offer products, services, and service options to you, including publicizing, contacting, notifying, granting, or presenting privileges, benefits, rewards, or information about the company’s or business partners’ products or services that may meet your needs, or to organize promotional activities, sweepstakes, or prize draws.
    12. To review service usage or verify transactions as per your or your contractual partners’ orders.
    13. To manage service provision and handle complaints or internal and external data transfers or handle customer complaints, compensation, or use information to adjust work processes.
    14. To conduct statistical analysis or research related to the company’s business and group or affiliated companies.
    15. To adjust strategies, maintain benefits, or evaluate the company’s performance or service provision.
    16. To evaluate, develop, and improve products or services, enforce company rights, and conduct market surveys, and to provide the analyzed data to you for financial planning or service usage with the company, or to business partners.
    17. To organize projects or promotional activities, meetings, seminars, recreational events, and site visits.
    18. To store data in cloud storage and other systems used by the company.
    19. To fulfill duties under conditions where the company is a contracting party or to enforce rights under the law or binding contracts.
    20. To connect or facilitate access to the company’s or third-party websites, applications, and platforms.

Additionally, the collection, use, or disclosure of your personal data, including the transfer of your personal data abroad, is conducted according to these criteria.

4. Individuals or Entities That May Receive Disclosure of Your Personal Data from the Company

    1. Business Partners: Such as platform co-service providers or individuals/entities whose names or logos appear in contracts, websites, or other service channels of the company.
    2. Service-related Individuals/Entities: Such as external service providers (outsourcing), contractors, or vendors supplying goods or services to the company, including infrastructure developers, internet network providers, telecommunications and communication service providers, technical infrastructure providers, electronic system or IT developers, logistics and warehouse providers, cloud service providers, data analysts, communication service providers, survey service providers, event organizers, identity verification and authentication service providers, audit and identity confirmation service providers, individuals or entities as required by law.
    3. Legal Entities/Authorities: The company may need to disclose your personal data to comply with laws, regulations, rules, or orders of government agencies, public authorities, regulatory bodies, or when the company believes such action is necessary to comply with the law, protect the rights of the company or others, ensure the safety of others, prevent, investigate, or address fraud, security, or other threats.
    4. Various Advisors
    5. Other Related Individuals
    6. Associations, Organizations, Clubs, and Various Entities
    7. Websites and Social Media Platforms

5. Retention of Your Personal Data and Duration of Retention

    1. Retention of Your Personal Data: The company will ensure that data processing and retention procedures comply with legal requirements, taking into account the rights and potential impacts on individuals. The company will implement both technological and organizational measures to protect personal data and restrict unnecessary access. This aims to prevent and reduce the risk of data leaks or unauthorized use of your personal data. Security measures for personal data will be established in both paper and electronic formats to prevent loss, unauthorized access, use, alteration, or disclosure.
    2. Duration of Retention: The company will collect and retain your personal data for the purposes outlined in this document, as long as necessary under legal requirements, and up to a maximum of 10 years from the end of your relationship with the company, unless otherwise required by law or if technical limitations prevent deletion or destruction of the data.

6. Transfer of Your Personal Data to Foreign Countries

If it becomes necessary for the company to transfer your personal data to individuals located abroad, such as your or the company’s contractual partners, the company’s agents, foreign branches, affiliates, international agencies, or organizations, the destination country may have inadequate personal data protection standards as defined by law.

Nevertheless, in such cases, the company will implement appropriate processes to ensure that your transferred personal data remains secure.

7. Website Systems Used by the Company for Data Collection

When you access the company’s website systems, certain data from your usage will be collected automatically for the purposes specified in this document. For example, data recorded or collected by cookies and similar technologies will be used for statistical analysis or other website-related activities to help provide you with a better user experience. This also aids in improving the efficiency and quality of the company’s website services.

8. Rights of Personal Data Owners

    1. Right to Access and Obtain Copies of Personal Data:
      You have the right to access and obtain copies of your personal data under the company’s responsibility, or request the company to disclose the source of personal data that you did not consent to.
    2. Right to Receive, Send, or Transfer Personal Data to Another Data Controller:
      You have the right to receive your personal data that you have provided to the company, based on your consent or contractual necessity, or as defined by the Personal Data Protection Committee. If the company has made such data available in a format readable and usable by automated tools, you have the right to (1) request the company to send or transfer the data to another data controller by automated means, and (2) receive your personal data that the company has sent or transferred directly to another data controller, unless technically infeasible.
    3. Right to Object:
      You have the right to object to the collection, use, or disclosure of your personal data by the company in the following cases:

      • When the company collects personal data due to necessity for public interest or exercising state rights, or for legitimate interests of the company or another person or legal entity.
      • When the company collects, uses, or discloses your personal data for direct marketing purposes.
      • When the company collects, uses, or discloses your personal data for scientific, historical, or statistical research purposes, unless necessary for public interest tasks.
    4. Right to Request Deletion or Destruction of Personal Data:
      You have the right to request the company to delete or destroy your personal data, or make it anonymous, in cases where:

      • The personal data is no longer necessary for the purposes for which the company collected it.
      • You withdraw your consent, and the company has no legal grounds to continue collecting, using, or disclosing the data.
      • You object to the collection, use, or disclosure of your personal data for public interest tasks or exercising state rights, or for legitimate interests, and the company cannot deny your objection.
      • You object to the collection, use, or disclosure of personal data for direct marketing purposes, or the personal data was unlawfully collected, used, or disclosed.

      However, this does not apply if the company needs to retain your personal data to comply with the law, establish legal claims, or protect the company’s legal rights.

    5. Right to Suspend Use of Personal Data:
      You have the right to request the suspension of the use of your personal data in cases where:

      • The company is verifying your request to correct inaccurate or outdated personal data.
      • The company has unlawfully collected, used, or disclosed your personal data.
      • The company no longer needs to collect, use, or disclose your personal data for any purpose, but you request the company to retain it for your benefit under the law or you request the company to suspend the use of your personal data while the company verifies or checks your objection to the personal data.
    6. Right to Request Correction of Personal Data:
      You have the right to request the company to correct your personal data to be accurate, up-to-date, complete, and not misleading.
    7. Right to Withdraw Consent:
      You have the right to withdraw your consent to the company to collect, use, and disclose your personal data at any time.
    8. Right to Revoke Consent:
      You have the right to revoke your consent for personal data collected by the company before the Personal Data Protection Act B.E. 2562 came into force by submitting a revocation request to the main branch or unit of the company where you use or have used services.
    9. Right to File Complaints:
      You have the right to file complaints to the legal authorities in case the company, personal data processors, employees, or contractors of the company violate or fail to comply with personal data protection laws.

If you wish to exercise any of the rights outlined in items 1 to 9 above, you may submit a request to the company through the company’s branch offices or other designated channels. Once the company receives your request, it will review your request according to the criteria and conditions specified by law and will fulfill your request and notify you of the outcome within 30 days from the date the company receives your completed request and supporting documents.

Exercising these rights might temporarily restrict your access to certain services provided by the company while your request is being reviewed or processed. The company will not charge you any fees for exercising these rights unless it deems that your request is excessive or without reasonable cause, in which case the company may charge a fee as specified in its published rates.

You may exercise your rights as a personal data owner starting from the effective date of the Personal Data Protection Act B.E. 2562 (2019).

9. Changes to This Privacy Notice

As there is currently no clear legislation regarding the content of this privacy notice, this policy may be updated to better suit actual conditions and services provided. The company will announce any updates on this website. Therefore, we recommend that you regularly check to ensure that you understand the changes to the terms.

10. Contact Information

If you wish to contact us or need additional information or explanations regarding the collection, use, and disclosure of your personal data, including exercising your rights as a personal data owner as described in this notice, you can contact the company at: 62/1-2 Thung Song - Huai Yot Road, Pak Phraek Subdistrict, Thung Song District, Nakhon Si Thammarat Province 80110.

Additionally, you can contact the Data Protection Officer or the Data Protection Unit at the phone: 093 853 3274 or at the head office address:
62/1-2 Thung Song - Huai Yot Road, Pak Phraek Subdistrict, Thung Song District, Nakhon Si Thammarat Province 80110.

11. Definitions and Scope

To ensure clear understanding by all parties, the company provides the following definitions, which are referenced from the Personal Data Protection Act B.E. 2562 (2019):

    1. Personal Data: Refers to information about an individual that can identify that person, whether directly or indirectly, excluding information about deceased individuals and legal entities.
    2. Sensitive Data: Refers to personal data that is sensitive, private, and has a high risk of being used for unfair discrimination.
    3. Processing of Personal Data: Refers to any operation performed on personal data, such as collection, transfer, use for the company’s target research, direct marketing, transfer of data, as well as deletion, destruction, or anonymization of the data.
    4. Deletion of Data: Refers to the removal, destruction, or any other action that renders the data irretrievable, at any time.
    5. Transfer of Data: Refers to the movement of personal data to another organization, including both domestic and international transfers.
    6. Data Breach: Refers to the unauthorized disclosure or security breach of personal data, which may affect rights or result in damage, loss, alteration, or unauthorized disclosure.
    7. Data Processor: Refers to a person responsible for processing data according to instructions or agreements made between the data processor and the data controller, including any agents of the data processor.
    8. Data Controller: Refers to a person with the authority to decide on the processing of personal data, including any agents of the data controller.
    9. Company: Refers to HANG PETCH THONG SAENGRAWEE COMPANY LIMITED, which may act as both a data processor and a data controller.

ความคิดเห็น

แสดงความคิดเห็น

โพสต์ยอดนิยมจากบล็อกนี้