Privacy Policy
of
HAZAMA ANDO CORPORATION
HAZAMA ANDO (THAILAND) CO., LTD.
We, HAZAMA ANDO CORPORATION and HAZAMA ANDO (THAILAND) CO., LTD respect and place importance to the rights of our customers, suppliers, subcontractors, employees, etc. with regard to their Personal Data. This Privacy Policy aims to discuss our management systems with respect to the Personal Data protection and to establish how we, as the Data Controller, handle the Personal Data of data subjects according to the Personal Data Protection Act B.E. 2562 (2019) and the subordinate regulations and notifications issued thereunder.
1. Definitions
The following terms used in this Privacy Policy shall have the meaning as follows:
“Data Controller” means a natural person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data;
“Data Processor” means a natural person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of the Data Controller, whereby such natural person or juristic person is not the Data Controller;
“PDPA” means Thailand’s Personal Data Protection Act B.E. 2562 (2019), including its amendments (if any) and the subordinate regulations and notifications issued thereunder;
“PDPC” means the Personal Data Protection Committee;
“PDPC Office” means the Office of the Personal Data Protection Committee;
“Personal Data” means any information relating to a natural person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular. The Personal Data shall include the Sensitive Data; and
“Sensitive Data” means the Personal Data pertaining to race, ethnic origin, political opinions, belief in cults, religions or philosophy, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner as prescribed by the PDPC.
2. Collection of Personal Data
The collection of the Personal Data of the data subjects by us will be limited to the extent necessary in relation to our lawful purposes only and in compliance with the PDPA in all respects.
We will collect the Personal Data for the use and/or disclosure to the extent necessary to accomplish the purposes notified to the data subjects and in accordance with the lawful basis for collection as provided by the PDPA. In the event of collection of the Personal Data without lawful basis, we will proceed to obtain prior consent from the data subjects as required by the PDPA.
In addition, we will notify the data subjects of the following information as required by the PDPA before or during the collection of the Personal Data:
(1) the purposes of the collection for use or disclosure of the Personal Data;
(2) the notification of the case where the data subject must provide his/her Personal Data for compliance with a law or contract, including notification of the possible effects where the data subject does not provide such Personal Data;
(3) the Personal Data to be collected and the period for which the Personal Data will be retained;
(4) the categories of persons or entities to whom the collected Personal Data may be disclosed;
(5) our contact information; and
(6) the rights of the data subject under the PDPA.
We will collect the Personal Data directly from the data subjects only. In case that it is necessary for us to collect the Personal Data from other sources, we will inform the data subjects of the collection of the Personal Data from other sources within 30 days upon the date of the collection and will obtain the consent from the data subjects, unless it is the Personal Data which is exempted from the requirement of consent from the data subjects as provided by the PDPA.
3. Use and Disclosure of Personal Data
We will collect, use, or disclose the Personal Data according to the purposes notified to the data subjects prior to or at the time of the collection.
The collection, use, or disclosure of the Personal Data will not be conducted in a manner that is different from the purposes previously notified to the data subjects prior to or at the time of the collection, unless:
(1) the data subject has been informed of such new purpose, and the consent is obtained prior to the time of collection, use, or disclosure; or
(2) it can be done by the provisions of the PDPA or by other laws.
We will not use or disclose the Personal Data of data subjects without obtaining prior consent from the data subjects, except for the cases where the consent is not required by the PDPA.
In order to fulfil the purposes for which the Personal Data is collected, we may disclose the Personal Data to third parties. In this case, we will take action to prevent those third parties from using or disclosing the Personal Data unlawfully or without authorization as required by the PDPA. In special cases, we may disclose your Personal Data to third parties, including but not limited to,
(1) if this becomes necessary to comply with legal requirements due to court orders or other orders by government or enforcement authorities;
(2) in connection with a group event, such as a merger, transfer, restructuring or sale of all or part of our business operations, in which we are obliged to disclose information to a potential buyer and its professional advisors;
(3) to enforce our contractual rights, to take precautions against liability, to investigate suspected or actual illegal acts or to defend ourselves against claims or allegations by third parties; or
(4) to protect the rights, personal safety or property of our customers or the public.
4. Retention Period for Personal Data
We will retain the Personal Data in our possession to the extent necessary to achieve the purposes of use of such Personal Data. To determine appropriate retention periods for the relevant Personal Data, we will consider the volume, nature, sensitivity, potential risks of unauthorized use or disclosure, purposes of use and applicable legal requirements of the Personal Data.
When the retention period ends, or when the Personal Data becomes irrelevant or is beyond the purpose necessary for which it has been collected, or when the data subject has requested for erasure or destruction of the Personal Data, or when the data subject has withdrawn the consent, we will erase or destroy such Personal Data unless otherwise provided by the PDPA or other laws.
5. Transfer of Personal Data outside of Thailand
If we send or transfer the Personal Data outside of Thailand, the destination country or international organization that receives the Personal Data shall have in place adequate data protection standards, and shall be carried out in accordance with rules for the Personal Data protection as prescribed by the PDPC, unless certain exemptions as provided by the PDPA apply.
Further, we may put in place a Personal Data Protection policy regarding the sending or transferring of Personal Data to another Data Controller or Data Processor who in a foreign country and is in the same affiliated business or is in the same group of undertakings in order to jointly operate the business or group of undertakings. If such Personal Data protection policy has been reviewed and certified by the PDPC, we will send or transfer the Personal Data to a foreign country in accordance with such reviewed and certified Personal Data protection policy even though the destination country or international organization that receives the Personal Data does not have adequate data protection standards as provided by the PDPC.
Nonetheless, we may send or transfer the Personal Data to a foreign country in exemption to compliance with the PDPA if we provide suitable protection measures which enable the enforcement of the data subjects’ rights including effective legal remedial measures according to the rules and methods as prescribed and announced by the PDPC.
6. Respect for the Rights of the Data Subject
We acknowledge and respect the rights of the data subjects as provided by the PDPA and we will respond to the requests of the data subjects with regard to the Personal Data in good faith, without delay, and in accordance with the PDPA.
The data subject has the following rights, subject to certain exemptions as provided by the PDPA:
(1) right to withdraw consent given to us at any time; however, the withdrawal of consent will not affect the collection, use, or disclosure of the Personal Data that the data subject has already given the consent legally;
(2) right to request to access to and obtain copy of the Personal Data related to the data subject, which is under our responsibility, or to request the disclosure of the acquisition of the Personal Data obtained without the data subject’s consent;
(3) right to receive the Personal Data concerning the data subject in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by right to receive the Personal Data concerning the data subject in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. The data subject is also entitled to:
(i) request us to send or transfer the Personal Data to other Data Controllers; and
(ii) request to directly obtain the Personal Data that we have sent or transferred to other Data Controllers;
(4) right to object the collection, use, or disclosure of the Personal Data concerning the data subject, at any time under certain circumstances;
(5) right to request us to erase or destroy the Personal Data, or anonymize the Personal Data to become the anonymous data which cannot identify the data subject under certain circumstances;
(6) right to request us to restrict the use of the Personal Data under certain circumstances;
(7) right to request us to keep the Personal Data relating to the data subject accurate, up-to-date, complete, and not misleading; and
(8) right to file a complaint in the event that we, including our employees or contractors, violate or do not comply with the PDPA.
7. Implementing Security Measures
In order to ensure the accuracy and security of the Personal Data, any Personal Data collected by us will be protected by the measures which should consist of the administrative, technical and physical safeguards with the appropriate tracking system to trace the access, alteration, deletion, or transfer of the Personal Data in accordance with the minimum standards specified and announced by the PDPC.
Our security measures will be reviewed when it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety.
8. Notification of Personal Data Breach
In the event of the Personal Data breach, we will notify the PDPC Office of any Personal Data breach without delay and, where feasible, within 72 hours after having become aware of it, unless such Personal Data breach is unlikely to result in a risk to the rights and freedoms of the persons. If the Personal Data breach is likely to result in a high risk to the rights and freedoms of the persons, we will also notify the Personal Data breach and the remedial measures to the data subjects without delay.
9. Maintenance of Personal Data Records
We will maintain the records regarding the collection, use and disclosure of the Personal Data, which can be either in a written or electronic form, in order to enable the data subjects and the PDPC Office to check upon as required by the PDPA.
We will ensure that the Personal Data in our possession remains accurate, up-to-date, complete, and not misleading.
10. Hyperlinks and Cookies
Our website may include hyperlinks to third party websites. We have no control over the content, accuracy, expressed opinion and links provided at those websites of the third parties or how those third party websites deal with the Personal Data. You should visit those third party websites for details of their privacy policies in relation to handling the Personal Data.
Cookies are small text files that are automatically stored on your computer’s browser and can be viewed by our website. Cookies help our website to recognize you and your preference, such as language when visiting the website. The data collected by cookies are customization of anonymous data. In other words, there are no data concerning your name, address and other Personal Data. However, you may block the use of cookies by customizing your browser setting, but blocking our cookies may affect your usage on our website.
11. Changes to this Privacy Policy
We reserve the right to amend the terms of this Privacy Policy at our discretion without informing you in advance to be in accordance with the PDPA.
12. Contact Channel
In case that you have any question, please contact us by using the following information:
| Name: | HAZAMA ANDO CORPORATION HAZAMA ANDO (THAILAND) CO., LTD. |
| Contact Address: | 159 Serm-Mit Tower Building, 15th Floor, Sukhumvit 21 Road (Soi Asoke), North Klongtoey, Wattana, Bangkok 10110, Thailand |
| Telephone No: | +66 2 665-2980-82 , +66 2-665-7041-44 |
| E-mail: | adhzm.dpo@ad-hzm.co.th |
| Contact Person: | Data Protection Officer |
If you contact us, we will process the information you provide for the purpose of individual communication with you and exclusively for processing your request.