Personal Data Protection Policy
AAPICO HITECH Public Company Limited and its Subsidiaries (collectively referred to as “Company”) recognize the importance of the protection of personal data. Therefore, we have issued our Personal Data Protection Policy (“Policy”) in order to prescribe the process of data collection, storage, usage and disclosure, also including other rights of the Data Subject. Company would like to announce this Policy with the following:
“Personal Data” means any information relating to a person which enables the identification of such Person, whether directly or indirectly, but not including the information of deceased Persons in particular.
“Sensitive Personal Data” means any information relating to a particular person which is sensitive and presents significant risks to the person’s fundamental rights and freedoms, which includes data regarding racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, or any data which may affect the Data Subject in the same manner, as prescribed by the Personal Data Protection Committee.
“Personal Data Protection Committee” means the Committee appointed under the Personal Data Protection Act B.E. 2562, in charge of the duties and authorities to govern, issue criteria or measures or provide any other guidance as prescribed by this Act.
2. Collection of Personal Data
Company shall collect personal data within the purpose, scope, and lawful and fair methods as is necessary which is defined in the scope of the Company’s objectives. Accordingly, Company will inform the Data Subject to gain acknowledgment and consent through electronic or other methods as specified by the Company. In case the Company needs to collect Sensitive Personal Data, the Company shall request explicit consent from the Data Subject before such collecting, except for when this is allowed by the Personal Data Protection Act B.E. 2562, or other laws.
3. Purpose of Collecting and Usage of Personal Data
Company shall collect or use Personal Data for the purposes or activities such as providing products and services to customer, marketing and communication, information technology management, protecting Company’s interests, fraud detection, the procurement process, contract execution, financial transactions, company activities, collaborations, or improvement of the Company’s processes; database preparation, process analysis and development, and/or any other purposes which are in compliance with the legal obligations or regulations to which the Company are subject. Company shall retain and use the Personal Data as long as necessary only for the above-mentioned purposes, or as prescribed by laws.
Company shall not conduct any processes which are different from the purposes as have previously been shared with the Data Subject except for when:
- the Data Subject has been informed of such a new purpose, and prior consent is obtained.
- it is necessary for Company to be in compliance with this Act or other laws.
4. Personal data disclosure
Company shall not disclose personal data of the Data Subject without the consent of the Data Subject and shall disclose it solely for the above-mentioned purposes. However, for the benefit of company operations and service provision to the Data Subject, Company may disclose personal data to Company’s subsidiaries or other required persons, domestically and internationally, such as service providers dealing with personal data, business partner and its affiliates. Company shall govern the above-mentioned persons to treat the personal data as confidential and not to use the data for purposes which are not covered in prior notifications.
Company may disclose personal data of the Data Subject as required by laws and regulations, such as disclosing it to a government agency, state enterprise, regulator. Also, the Company may disclose it by virtue of laws, such as requests for the purposes of litigation or prosecution, or requests made by the private sector or other persons involved in the legal proceedings.
5. Direction of Personal Data Protection
Company shall establish measures including for the security of personal data in accordance with the laws, regulations, rules, and guidelines regarding the personal data protection for employees and other relevant persons. Company shall promote and encourage employees to learn and recognize the duties and accountabilities in the collection, storage, usage, and disclosure of personal data. All employees are required to follow this policy and all guidelines regarding personal data protection in order for the Company to remain in compliance with this Act accurately and effectively.
6. Rights of Data Subject
The Data Subject is entitled to request any actions regarding their personal data as per the following:
6.1 Right to withdraw consent; however, any consent which was obtained earlier shall not be affected.
6.2 Right to access; to request access to and obtain a copy of the Personal Data related, including to request the disclosure of the acquisition of the Personal Data obtained without his or her consent.
6.3 Right to rectification
6.4 Right to erasure
6.5 Right to restriction of processing
6.6 Right to data transfer
6.7 Right to object
Data Subject may request these rights by sending a notice or submitting electronic form set by the Company to the channel following the Contact Information of this policy.
Company shall consider the right request received and inform the Data Subject not exceeding 30 days from the date of receiving such request. However, the Company may deny such a right subject to exception by applicable laws.
7. Personal Data Retention Period
The Company will retain your Personal Data only for the necessary duration, and will collect, use and disclose your Personal Data, as defined in this Policy, in accordance with the duration criteria, such as the period during which you are still related to the Company as a customer, business partner or employee, and may still retain your Personal Data as long as needed for legal compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and the internal regulations of the Company.
If it is not possible to specify the Personal Data retention period, the Company will retain the Personal Data as may be expected per each data retention standards in compliance with the relevant laws.
8. Contact Information
Enquires or questions on the Personal Data Protection can be addressed to the following channels:
AAPICO HITECH Public Company Limited
Address: 99 Moo 1 Hitech Industrial Estate, Tambol Ban lane, Amphur Bang Pa-in, Ayutthaya, Thailand 13160
Tel: (66 35) 350-880
9. Review and Changes of Policy
Company may review this policy to ensure that it remains in adherence to laws, any significant business changes, and any suggestions and opinions from other organizations. Company shall announce and review amended policies thoroughly before implementing all the changes.