| This policy is to inform you, as a data subject, to be aware of the handling of personal data. For example: detail of the collection, usage and/or disclosure of your personal data as well as your legal rights in regard to your personal data. The company, therefore, has set out policy and regulation as below. |
|
|
| Definition of term |
|
| “Personal Data” means any information relating to person, which enables the identification of such person, whether directly or indirectly, but not including the information of deceased person in particular. |
|
| “Sensitive Data” is personal data regarding race, ethnic origin, political opinion, beliefs, religion, philosophical opinions, sexual orientation, criminal record, health, disability, labour union information, genetic features, biography, or other information which may affect the data subject in the same or similar way as to be prescribed by Personal Data protection committee. |
|
|
|
| Prioritizing data privacy |
|
| 1. The company prioritize your privacy, legal rights and personal data protection as well as being aware of your need for securing in the handling of your personal data. |
|
| 2. The collected data such as name, Age, address, contact information, ID number and financial information, which enables the identification of individual, shall be utilized only under the purposes provided in this privacy policy. The company shall also provide strict measure in protecting your personal data as well as preventing usage of personal data without consent from data subject. |
|
|
|
| Limitation on data collection |
|
| 1. For collecting and retaining personal data, the company shall collect and retain personal data within the lawful and fair method as is necessary which is defined in scope of the company’s objectives. |
|
| 2. The company shall not collect personal data regarding genetic features, sexual behavior or other information which can imperil the reputation of data subject or discriminate against an individual, unless: |
|
| (1) Written consent has been given from a data subject. |
|
| (2) Such collecting is allowed by the Personal Data Protection Act B.E. 2562, or other laws. |
|
| 3. The company shall not collect personal data from any other source, apart from the data subject directly, unless explicit consent is given by the data subject in order to keep personal data updated and to improve the Company’s processes |
|
|
|
| Purpose of collecting and usage of personal data |
|
| The company shall collect or use personal data for the purpose of activities such as procurement process, |
|
| contract execution, financial transactions, company activities, collaborations or improvement of the Company’s processes; database preparation, process analysis and development, and/or any other purposes which are in compliance with the legal obligations or regulations to which the Company are subject. The Company shall retain and use the Personal Data as long as necessary only for the above-mentioned purposes, or as prescribed by laws. |
|
| The Company shall not conduct any processes which are different from the purposes as have previously been shared with the Data Subject except for when: |
|
| (1) The data subject has been informed of such new purpose, and prior consent has been obtain |
|
| (2) It is necessary for the company to be compliance with this Act or other laws |
|
If there are any changes on purpose of collecting personal data, the company shall inform the data subject such new purpose and obtain prior consent.
|
|
In case of collection or the use of personal data is not compliance with previously notified purpose, the data subject can request to exercise any of rights of his/her personal data under personal data protection Act.
|
|
|
|
| Restriction of use and/or disclose personal data |
|
| 1. The company shall use or disclose personal data of data subject in accordance with consent of data subject and will be solely used for the company’s purpose. |
|
| 2. The company shall provide appropriate security measures in order to prevent employees to disclose personal data without consent of data subject or any of action which is considered to be the same, unless: |
|
| (1) Such disclosure is allowed by law. |
|
| (2) Explicit consent has been given from the data subject. |
|
| 3. The company may allow the third party to access or use personal data of data subject but shall be limited to the extent necessary in relation to the lawful purpose of the company. However prior consent from data subject is required. |
|
|
|
| Measure to secure personal data |
|
| The company is aware of importance of maintaining the security of data subject personal data. |
|
| Therefore the company has established appropriated measures to maintain the security of personal data and make data subject’s personal data confidential to loss , access, destruction, use, convention, modify or disclosure of personal data without right or unlawful in accordance with the company’s cyber security policy. |
|
|
|
| Rights of data subject |
|
| Data subject is entitled to request any actions regarding his/her personal data as per the following: |
|
(1) Right to withdraw consent; however, any consent which was obtained earlier shall not be affected
|
|
(2) Right to access; to request access to and obtain a copy of personal data concerning him or her, including disclosure of the acquisition of personal data obtained without his or her consent.
|
|
| (3) Right to rectification; |
|
| (4) Right to erasure |
|
| (5) Right to objection |
|
| (6) Right to data transfer |
|
| (7) Right of processing suspension |
|
| Data subject may request to exercise rights regarding his/her personal data in accordance with rule and procedure of the company. When receiving such request, the company shall inform an existence or detail of such personal data to data subject within appropriated period but not exceed 30 days from the date of receiving such request. |
|
| However, the company may reject requested right of data subject where it is permitted by law or such personal data has been completely disenabled the identification of data subject. |
|
|
| Disclosure of personal data to third party |
|
| The company shall disclose data subject’s personal data without consent and shall disclose it solely for the purpose which is informed beforehand. However, for the benefit of the company operation and service provision to the data subject, the company may disclose personal data to company’s subsidiaries or other required person, domestically and internationally, such as service provider relating to personal data. The company will govern above mention person to treat personal data as confidential and not to use the data for purposes of objectives which are not covered by the company specified scope. |
|
| The company may disclose personal data in accordance with laws and regulation, such as disclosing to government agency, state enterprise, and regulator. Besides, the company may be required to disclose personal data by legal authority, for instance, requests for purpose of litigation or prosecution, including request made by the private organization or other persons involved in legal proceeding. |
|
|
|
| Review and change of policy |
|
| The company may occasionally review this policy in order to assure that it conforms to the activities of organization and suggestions from data subject. The company will notify of amended policies or inform data subject directly before implementing all changes. |
|
|
|
| Contact information |
|
| Human resource and compliance department |
|
| Nishikawa Tachaplalert Cooper Ltd. |
|
| Suranaree Industrial Zone |
|
| 399, Village No. 3, Ratchasima-Chokchai Road, Nong Bua Sala |
|
| Sub-district, Mueang District, Nakhon Ratchasima Province, 30000 |
|
| Tel: 044-212974-6 |
|
| Fax: 044-212632 |
|
