1. Principles and Objectives
Yamato Industry (Thailand) Corp., Ltd. is committed to implementing personal data protection in accordance with the Personal Data Protection Act B.E. 2562 (2019), and has created a Personal Data Protection Policy to ensure that the Company’s operations comply with the laws and international standards for the protection of personal data, as well as establish criteria for the protection of personal data of personal data holders and management measures. Effective and appropriate breach of the rights of the personal data holder.
2. Scope of Enforcement
For personal data collected before the Personal Data Protection Act B.E. 2562 (2019) is applicable, the Company shall continue to collect and use that personal data for its original purpose. By disclosing and taking actions other than the collection and use of the above personal data, comply with the Personal Data Protection Act B.E. 2562 (2019).
“Personal Data Protection Policy” means a policy established by the Company to inform the owner of the processing of the Company’s data and details as required by the Personal Data Protection Act B.E. 2562 (2019).
“Personal Data” means information about a person which makes it possible to identify that person. This does not include information specifically from the death victim.
“Sensitive data” means personal information about race, race, political opinions, cult beliefs, religion or philosophy. Sexual behavior, criminal record. Disability Health Information Labor union data, genetics, biological data, or any other information similarly affects the owner of personal data as required by the Personal Data Protection Board.
“Processing” means the collection, use, disclosure of personal data.
“Data Subject” means a natural person who owns personal data.
“Data Controller” means another person or entity who has the authority to make decisions regarding the collection, use or disclosure of personal data.
“Data Processor” means a person or entity who acts in regard to collecting, using or disclosing personal data in accordance with the instructions or on behalf of the data controller. The person or entity that performs such actions does not control personal data.
“YPC System” (Yamato production control system) means a process control program within Yamato Industry (Thailand) Corp., Ltd. to store the necessary temporary personal information on personal computers for the convenience and speed of working in Yamato Industry (Thailand) Corp., Ltd. only.
4. Collection of Personal Data
The Company collects personal information such as personal information. Personal life-related information or personal interests, financial information Sensitive personal data with the source and principles of collecting personal data. As follows.
4.1 Sources of Personal Information.
The Company may obtain personal information from 2 channels. As follows.
4.1.1 Collected directly from the owner of personal data, such as collecting personal information from personal information via the subscription form in both paper and online format. Responding to the Company’s survey or accessing the Company’s website through cookies.
4.1.2 Collected directly from sources other than the owner of personal data, such as searching for personal information through the website or asking from third parties. But not more than 30 days from the date of the Company. Collect personal data from such sources and seek consent to collect such personal data from the owner of the personal data, unless exempted from consent or notifying the owner of the personal data as required by law.
The Company may collect personal data such as:
Personal information : Name, date of birth, nationality, ID card number or passport number, or other identifiable official documents.
- Contact Information : Address E-mail Address Telephone number, fax number.
- Resume Information : Professional Status Position.
- Information relating to the use of the Website : Username and password for online services and applications IP address information.
- Sensitive Information : Religious Information, Health Information, Criminal History.
- Device information and device location information, such as GPS systems.
- CCTV Video Information.
- Conversations and telephone or electronic communications.
5 Principles of Collecting Personal Data
5.1 The Company will only collect personal information necessary for the Company’s operations. The Company may have different purposes for processing personal data on a case-by-case basis, such as:
- For entering into contracts and fulfilling contracts between the Company and the owner of personal data.
- To verify the identity or verify the person before serving or entering into a contract with the Company.
- To answer questions and provide assistance to customers.
- To develop and improve the Company’s products to meet the needs of customers.
- To provide information about products, services or marketing information through contact channels provided by customers.
- To comply with laws relating to the Company’s operations, such as collecting data for withholding tax purposes. To verify the facts about the customer in order to provide information to government agencies as required by law or as requested by government agencies.
- For audit purposes, analysis and documentation at the request of any other entity or organization involved or possibly related to the Company’s business operations, such as the Bank of Thailand.
- For the benefit of the Company’s internal management, such as for the payment of salaries and compensation to employees, employees and trainees of the Company for the entering into employment contracts with the Company for internal personnel management of the Company and providing welfare benefits to employees. Employees of the Company.
5.2 In the event that the owner of the personal data must provide personal data in order to comply with the law or contract, or it is necessary to provide personal information in order to enter into a contract, or to provide any other information. If the data subject does not provide such information, it may result in any transactions or other activities related to the personal data subject being suspended or paused until the Company receives the personal data.
5.2.1 The Company will collect personal data as necessary for the legitimate purposes that have been informed to the owner of the personal data before or while collecting personal data.
- To achieve the objectives of documenting history or archives for the public interest or related to research or statistical studies. The Company will provide appropriate safeguards to protect the rights and freedoms of personal data holders.
- To prevent or suppress life-threatening harm. It is necessary to comply with a contract in which the personal data owner is a party or to process the request of the owner of the personal data before entering into.
Contracts are necessary to carry out their duties in the public interest or to carry out the duties of the state authority assigned to the Company.
It is necessary for the legitimate interests of the Company or that of other persons or juristic persons, unless such benefits are less important than the basic rights of the personal data of the personal data holder.
To comply with laws such as the Credit Information Business Act B.E. 2559 (2016), civil and commercial code or criminal code, etc.
5.2.2 The collection of sensitive personal data, the Company shall first obtain express consent from the owner of the personal data or while collecting such sensitive personal data in accordance with the rules prescribed by the Company without contravening the law.
6. Use and Disclosure of Personal Data
Use and Disclosure of Personal Data of the Company The Company may disclose personal data as necessary to entities or third parties under the consent of the owner of that personal data, unless it is done within the framework authorized by law. The location is perfect. Personal information may be disclosed to third parties, organizations or government agencies. As follows.
Subsidiaries or group companies.
The Company’s contracting parties, service providers and business partners, such as insurance companies.
The organization unit that performs the credit information task.
Government agencies with statutory authority, such as the Anti-Money Laundering Office Office of the National Anti-Corruption Commission Office of the Drug Enforcement Administration Social Security Office Revenue Department Department of Law Enforcement Court.
Any other organizations involved in or related to the Company’s business operations, such as the Bank of Thailand.
7. Retention period
The Company will retain personal data for the following periods:
7.1 According to the period specified by law regarding the retention of personal information, such as the Accounting Act B.E. 2543 (2000) Anti-Money Laundering Act B.E. 2542 (1999) Computer Related Crime Act B.E. 2550 (2007) Revenue Code.
7.2 In the event that the law does not specifically set a period of retention of personal data, we will not be required to provide personal information. The Company will determine the storage period according to the appropriate requirements for the Company’s operations.
After the retention period is over, the Company will remove, destroy or make personal data that cannot be identified by the person who owns the personal data.
8. Sending or transferring personal data abroad
In the event that the Company Send or transfer personal data abroad The Company will ensure that the destination country has adequate standards of personal data protection. However, in the event that the destination country does not have adequate personal data protection standards, the destination country will not be protected. The submission or transfer of such personal data shall be subject to exceptions in accordance with the company’s regulations. Set it without breaking the law.
9. Rights of Personal Data Holders
This policy is in place to ensure that the owner of the personal data can exercise the following rights contained under the Personal Data Protection Act B.E. 2562 (2019).
- Right to withdraw consent: The owner of the personal data has the right to withdraw his/her consent to the processing of personal data that the personal data owner has consented.
- Right of access: The personal data owner has the right to access the personal data of the personal data holder and ask the Company to Make a copy of such personal data and ask the Company Disclosure of the acquisition of personal data that the personal data owner has not given consent to the Company to the personal data owner.
- Right to rectification: The owner of the personal data has the right to ask the Company. Correct invalid data or add incomplete data.
- Right to erasure: The owner of the personal data has the right to ask the Company to delete the personal data for certain reasons.
- Right to restriction of processing: The owner of the personal data has the right to suspend the use of personal data for certain reasons.
- Right to data portability: The personal data owner has the right to transfer the personal data of the personal data holder provided to the Company. Go to another personal data controller or the owner of the personal data for some reason.
- Right to object: The owner of the personal data has the right to object to the processing of personal data for certain reasons.
However, the Company may refuse to exercise the above rights of the personal data subject in accordance with the rules set forth by the Company. The Company will provide a channel for the owner of personal data to contact us through the contact channels specified in this policy in order to process the request for the above rights. In the event that the Company rejects the above request, the Company will notify the personal data owner of the reasons for the refusal.
The owner of the personal data has the right to complain to the Personal Data Protection Commission in the event that the Company Personal Data Processor Employees or contractors of the Company Breach of the Personal Data Protection Act B.E. 2562 (2019) or notice issued under the Act.
10. Security for Personal Information
The Company requires appropriate personal data security measures. To prevent loss Access, use, change, correction or disclosure of personal data without authority or contrary to the law, in accordance with the Company’s information security policies and practices.
In the event that the Company has hired an agency or third party to carry out the collection. The Company shall require such authorities or third parties to Keep personal data confidential and secure such personal data, and prevent personal data from being collected, used or disclosed for any other purpose that does not comply with the scope of employment or is against the law.
11. Policy Review and Improvement
The Company will review and update this Policy at least once a year or when there are significant policy changes.
12. Contact Us
Personal Data Controller Details.
Company Name : Yamato Industry (Thailand) Corp., Ltd.
Address : 398 Bangplee IEAT, Moo 17, Tepharak Rd., Tambon Bangsaothong, Amphur Bangsaothong, Samutprakarn 10570
Telephone : 02-315-3209
Website : https://www.yit.co.th