Chavanaphat.co.,Ltd (“the Company”) is committed to provide the best focus on producing and selling the best products to our valued customers, which has earned the trust and belief from you as our business partner of the Company. The Company recognizes the importance of personal data protection thus has a system to safeguard the informative data in order to prevent unauthorized access, disclosure, use or alteration of such information. Therefore, the Company has formulated this notice to clarify the details relating to the collection, use or disclosure of personal data in accordant to personal data protection policy as follows:
1. Data that the Company collects, uses or discloses and the sources of data
The Company collects the following personal data:
1.1 Identity Data refers to the data of an individual person that can identify such business partner of the company whether directly or indirectly, such as name/surname, identification card number, passport number, date of birth as well as sensitive data such as biometrics (fingerprint, facial recognition) or personal health data.
1.2 Contact data such as addresses, e-mails and phone numbers.
1.3 Financial and transaction data such as commercial registration number, ID card, name of directors etc.
1.4 Technical data such as website browsing history via cookies or history of connections to other websites that the partners have searched or visited.
1.5 Communication Data such as recordings in the contact center which could be voice or video recording as well as the information the Company has received or accessed from other reliable sources such as government authorities, companies within the financial group of the Company and /or business alliances or advisors of the Company
2. Objective for collecting, using or disclosing personal data of customers
The Company collets information for benefit in conducting transactions and/or use service of the Company in order to comply with the relevant laws and regulations and /or for any other benefit that partners have given consent to the Company which the Company shall safeguard your information in accordance with the safety standard of the Company. The details are as follows:
- Comply with the agreement between the partners and the Company such as the use of the various products and services by the partners, compliance with the internal processes of the Company and the sending and receiving of documents between the Customer and the Company.
- Comply with the relevant laws such as the prevention and detection of unusual transactions that could lead to violation of law, reporting of partners’ data to the Revenue Department, reporting of personal data to government authorities such as the Office of the Securities and Exchange Commission, the Anti-Money Laundering Office or the Revenue Department or when receiving court subpoena or seizure order from government authorities or court.
Rightful interests of the Company such as:
- The prevention, handling, mitigation of risk that may arise from various violations of law that are criminal offenses including the sharing of Personal Data in order the improve the work standard of companies in the same business so as to prevent, handle and mitigate the abovementioned risk.
- Video recording of the people who contact and conduct transactions via CCTV
- Risk management/ compliance/internal management including the sending of information the group companies for such reasons.
- Checking of the sending/receiving of e-mails or the use of internet of employees with the partners in order to prevent the disclosure of confidential information of the Company to external parties.
- Analyzing information to offer the same type of products that the partners have with the company and other products of the Company to partners that suit the needs of the partners and/or conducting marketing survey for the development of the Company’s products.
- Maintaining relationships with the partners such as handling of complaints and offering of special benefits to the partners which is not for marketing purposes. If the partners do not give their Personal Data to the Company, it may result in the partners not receiving the products/services convenience or receiving treatments as specified in the agreement and the partners may incur a damage/loss of opportunity and may affect the compliance with any law which the partners or company is required to comply and may be subject to applicable punishments.
3. Disclosure of personal data
The Company shall disclose information to external parties for the following cases:
- It is a disclosure of personal data to companies within the business partners.
- Disclose information to external parties in accordance with the consents of the partners.
- Disclose information in order to conduct transactions and /or use service as per the wish of partners of the company.
- Disclose to the outsource service providers that are counterparties of the Company, both local and overseas, such as cloud computing, registrars, outsource marketing companies, outsource analysis and outsource IT companies.
- Disclose the information on the beneficial owner to the offshore management company in order to comply with the law of the overseas’ country.
- Disclose to government authorities or regulators in order to comply with the law or as instructed by the government authorities such as the Revenue Department, the court and the auditors.
4. Rights of partners of the company relating to personal Data
The Company recognizes the rights of the partner of the company of which referred herein are the legal rights to personal data protection that partners should know as follows:
4.1 Right to withdraw consent
Customer, partner, or business partner of the company have the right to withdraw consents given to the Company to collect, use or disclose personal data of the partner of the company whenever they wish to. If the Company has no other legitimate right to collect, use or disclose such data, it shall erase/delete the related personal data.
4.2 Right to access
Partners of the company have the right to know and request for copies of their personal Data which are under the responsibility of the Company.
4.3 Right to rectification
Partners of the company have the right to request the Company to amend the information to be up-to-date, complete and not misleading.
4.4 Right to data portability
Partner of the company have the right to request for the information relating to themselves from the Company in case the Company has prepared such information in the format that can be read or used generally by using office tools or devices automatically and can be used or disclosed automatically as well as having the right to request the Company to send or transfer data in such formats to other Data Controllers when it can be done automatically; or requesting to receive the data that the Company has sent or transferred in such formats to other Data Controllers directly unless it is not possible due to technical limitation.
4.5 Right to erase or right to be forgotten
Partners of the company have the right to request the Company to erase/delete or destroy or make the personal data be a data that cannot be identified as the partner of the company’s for the following cases:
- Such personal data is no longer necessary for the purpose of collecting or data processing of personal data.
- The personal data owner has withdrawn the consent for the processing of personal data and the Company has no legal right to process such data.
- The personal data owner objects to the processing of personal data for direct marketing purposes.
- The processing of personal data is illegal.
- The personal data owner objects to data processing (other than relating to the processing of personal data for direct marketing purposes) and the Company cannot claim that such data processing is rightful.
4.6 Right to restriction of processing
Partners of the company have the right to restrict the processing of their personal data under the following conditions:
- The data processing is no longer necessary but the keeping of personal data is still required for legal claims.
- The processing of personal data is illegal but the personal data owners wish to restrict the data processing instead of erasing or destroying their personal data
- When it is during the process of checking the accuracy of personal data as requested.
- When the Company is in the process of proving that its legitimate interest is more important.
4.7 Right to object
Partner of the company have the right object the collection, use or disclosure their information for the following cases:
- In case it is a collection, use or disclosure of personal data for direct marketing purposes.
- In case it is a collection, use or disclosure of persona data for the purpose of scientific, historical or statistic research except it is necessary for accomplishing public interest tasks of the Company.
- In case it is a collection of information due to necessity for public interest of the Company or necessity for legitimate interest of the Company except if the Company can show more importance of legitimate interest or it is for establishing legal claim, complying with or using legal claim or raising of legal rights under applicable laws.
4.8 Right to lodge a complaint
Partner of the company have the right to file complaints to the relevant government authorities in case the Company, employees or contractors o the Company have violated or have not complied with the Personal Data Protection Act.
5. Personal data protection measures
The Company has policies, handbooks and standards for personal data protection as well as organizational measures and technical measures to prevent unauthorized access or violation of personal data such as system for strict safety measures and policies for protecting personal data of the partner of the company. The Company also regularly amends its policies, handbooks and minimum standards in compliance with the law. Moreover, the employees, part-time employees and outsource service providers of the Company have the responsibility to protect the Personal Data of the customer, partner, or business partner of the company in accordance with the agreements signed with the Company.
In case the Company is required to send or transfer personal data of its partners of the company to a foreign country that has lower data protection standards the Thailand, the Company will proceed as deemed necessary which shall at least be in accordance with the data protection standard of the particular country such as having a Data protection agreement with the counter party in such country.
6. Period for keeping persona data
In case a partner of the company has ended a business relationship with the Company, the Company shall keep the partner of the company personal data in accordance with the law and different policies/handbooks for keeping and destroying various documents of the Company. For example, the Anti-Money Laundering Act stipulates that such documents shall be kept for at least 10 years and when the time is due, the Company shall destroy such personal data.
7. Review and amendment of this notice
The Company specifies that this Notice shall be regularly reviewed and/or in case of a significant change to the Company which would have an effect on the Notice, it shall amend the content of the Notice to be in line with such change while retaining the completeness of the Notice.
8. Effective date
In order to comply with the Personal Data Protection Act B.E. 2562 and other relevant laws, the
Company has formulated this Policy which will take effect on 1 June 2021
9. Contacting the company
Should any partner wishes to contact or has inquiry or needs additional information on the collection, use or disclosure of Personal Date, rights of partners or has any complaint, please contact the Company through the following channels:
Data protection officer Tel. 02-592-9200
The Company’s website: www.roscela.co.th