TCC Private Company Group (the “Company”) values great importance to the protection of personal data of customers, business partners, employees, officers, and persons from whom the Company collects personal data (collectively referred to as the “Data Subject”) and, essentially, gives close and thoughtful attention on emphasizing the significance on safeguarding personal data. With this objective in mind, we have arranged this Privacy Policy to sustain our commitment on the agenda according to the Personal Data Protection Act B.E. 2562 and other related laws.
Definitions
“Company” means Any company under TCC Private Company Group.
“Person” means Natural person.
“Personal Data” means Personal data is any information that relates to an identified or identifiable living individual.
“Data Controller” means A person, company, or other body that determines the purpose and means of personal data processing (collection, retention, implementation, or disclosure)
“Data Processor” means a person, company, or other body which processes personal data on the data controller’s behalf.
1. Persons that the Company collects personal information from
1.1 Customer means any person who purchases product(s) and/or receive service(s) from Company including those whose personal information appears in documents relating to or representing a juristic person in connection with any transaction made with Company.
1.2 Business Partner means any person who will sell or sell product(s) and/or provide service(s) to Company including those whose personal information appears in documents relating to or representing a juristic person in connection with any transaction made with Company.
1.3 Employee(s) means directors, personnel, staff, interns or workforce who perform duties in accordance with Company's policies or requirements.
1.4Other persons whom Company collects their personal data from, such as those related to Company's business operations or assets, visitors to or users of Company's website, job applicants, family members of employees, guarantors, beneficiaries of insurance policies, including guests and visitors who enter Company's area where it is necessary to collect personal data for the purpose of security etc.
2. Collection, Retention, Implementation or Disclosure of Personal Data
Company shall collect, retain, implement, and disclose personal data under and within lawful objectives and scopes, and in legitimate manners, solely to the extent necessary within proportion of the purpose(s) for which Data Subject has given consent to Company. In any event that Company wishes to collect, retain, implement, or disclose additional Personal Data or to change the purpose(s) for collecting, retaining, implementing, and disclosing, Company shall notify Data Subject prior to processing such Personal Data, except where it is required or permitted by law.
Consent for the collection, retention, implementation, and disclosure of Personal Data from Data Subject is not a requirement of accessing Company's services or communication channels. Assuming that any service, performance, or contractual obligation requires Company to process Personal Data which Data Subject does not give or later revoke its consent, such may cause limitation on services or communication channels, or cause restraint to Company from fulfilling its contractual obligations.
Company may collect, retain, implement, and disclose Personal Data without consent of Data Subject in the following case:
(1) To achieve objectives related to the preparation of historical documents or archives for the public interest, or related to research studies or statistics which have provided appropriate safeguard measures to protect the rights and freedoms of Data Subject as prescribed by Personal Data Protection Committee.
(2) To prevent or suppress danger to life, physique, or wellbeing of any person.
(3) To comply with obligations under any contract, which Data Subject is a party to, or to fulfill Data Subject's request prior to entering into such contract.
(4) To perform its duties in carrying out Company’s mission in respect of public interest or perform the duties under jurisdiction designated to Data Controller.
(5) For necessary legitimate interest of Company or of other person or entity, except otherwise it is deemed less significant than the fundamental rights of Data Subject.
(6) To comply with the law.
3. Data Collection
Collection of Personal Data can be done by requesting or inquiring directly from Data Subject, or from other sources or other relevant authorities. The Company collects the following Personal Data:
3.1 General Personal Data
(1) Personally Identifiable Information
(2) Contact Information
(3) Financial Information
(4) Communication Information with Company
(5) Information regarding educational record, work experience, training, expertise etc.
(6) Closed-circuit Camera (CCTV) recording
(7) Well-being and/or disability information
(8) Biological information such as facial recognition and fingerprint
(9) Health record regarding examination including prophylactic vaccine information.
(10) Vehicle
(11) Title deed
(12) Other information such as website log, IP Address, MAC Address, Cookie ID, sound, still images, movies, and any other information that is considered Personal Data under the Personal Data Protection Act.
3.2 Sensitive Data
Sensitive Data includes personal information about race, ethnicity, political opinion, beliefs in cult, religion or philosophy, sexual behavior, criminal records, health and disability information, trade union information, genetic data, biological data, or any other information which affects Data Subject in a similar manner as prescribed by Personal Data Protection Committee.
In the event that Company collects sensitive personal data, Company will expressively obtain a prior consent from Data Subject, unless Personal Data Protection Act B.E. 2562 or other laws stipulated otherwise.
In general, Company does not have any intention to collect, compile, and use information regarding religion and blood type displayed on identification card. Consequently, supposing that Data Subject has given copy of identification card to Company, it is suggested to conceal such information. Otherwise, it shall be deemed that Data Subject has authorized Company to conceal such information. However, if such information cannot be concealed due to certain restrictions, Company will collect and use a portion of the same for a specific purpose.
4. Duration for collecting and using Personal Data
Company will collect and use Personal Data only for a duration necessary for fulfilling purposes which Data Subject has been informed or as required by law.
5. Disclosure of Personal Data
Company may disclose Personal Data to its affiliates under TCC Private Company and/or its Data Processors and/or government agencies and/or private sectors for purpose of complying with the law and/or for the purposes for which Data Subject has given consent.
6. Rights of Data Subject Data Subject is entitled to the following rights:
6.1 Right to withdraw consent for collection, retention, implementation, and disclosure of Personal Data
6.2 Right to request access or obtain a copy of Personal Data, or to demand Company to declare the acquisition of Personal Data which consent has not been given by Data Subject.
6.3 Right to obtain, send or transfer Personal Data that has been provided to Company to other Data Controller.
6.4 Right to object to collection, retention, implementation, or disclosure of Personal Data
6.5 Right to request for deletion or destruction or rendering into unidentifiable data.
6.6 Right to request Company to suspend the use of Personal Data.
6.7 Right to request for the processing of Personal Data to be accurate, current, complete, and to not cause misunderstandings. If Company does not follow the request of Data Subject, Company shall document such request with description for assessment in due course.
6.8 Right to file a complaint in relation to violations of Personal Data Protection Act.
Under regulations stipulated by Personal Data Protection Act, in the event that Data Subject wishes to exercise the above rights, please contact Data Protection Officer of TCC Private Company Group, as specified in Clause
7. Security Measures
Company has established superior safeguarding system to protect Personal Data from any unauthorized access, alteration, and destruction. In an effort to collect, retain, implement and/or disclose Personal Data, whether in whole or in part, Company undertakes to proceed in accordance with competent rights and obligations under Personal Data Protection Act.
8. Authorized Personnel
Company permits access to Personal Data specifically to authorized personnel or assigned individuals who have roles and responsibilities related to the purposes of implementing Personal Data or to comply with the law. Company shall strictly supervise that only authorized personnel of Company or individuals assigned by Company may have access to Personal Data.
9. Privacy Policy Updates
Company reserves the right to update this Privacy Policy from time to time to comply with relevant guidelines, laws, and regulations. An updated Privacy Policy shall be announced or published on Company’s website or other communication channels.
10. Governing Law
This Privacy Policy is governed by law of Thailand. The courts of Thailand have jurisdiction to settle any dispute arising out of or in connection with this Privacy Policy.
11. Contact
If Data Subject wishes to make any inquiries, comments or declare its intention of exercising its rights under clause 6 (Rights of Data Subject), please contact Company at:
TCC Private Company
Data Protection Officer
Address: 288-288/1-9 Thai Charoen Building, 5th Floor, Surawong Road, Si Phraya Sub-district, Bang Rak District, Bangkok 10500
Telephone: 02-237-7700
E-mail: [email protected]
Definitions
“Company” means Any company under TCC Private Company Group.
“Person” means Natural person.
“Personal Data” means Personal data is any information that relates to an identified or identifiable living individual.
“Data Controller” means A person, company, or other body that determines the purpose and means of personal data processing (collection, retention, implementation, or disclosure)
“Data Processor” means a person, company, or other body which processes personal data on the data controller’s behalf.
1. Persons that the Company collects personal information from
1.1 Customer means any person who purchases product(s) and/or receive service(s) from Company including those whose personal information appears in documents relating to or representing a juristic person in connection with any transaction made with Company.
1.2 Business Partner means any person who will sell or sell product(s) and/or provide service(s) to Company including those whose personal information appears in documents relating to or representing a juristic person in connection with any transaction made with Company.
1.3 Employee(s) means directors, personnel, staff, interns or workforce who perform duties in accordance with Company's policies or requirements.
1.4Other persons whom Company collects their personal data from, such as those related to Company's business operations or assets, visitors to or users of Company's website, job applicants, family members of employees, guarantors, beneficiaries of insurance policies, including guests and visitors who enter Company's area where it is necessary to collect personal data for the purpose of security etc.
2. Collection, Retention, Implementation or Disclosure of Personal Data
Company shall collect, retain, implement, and disclose personal data under and within lawful objectives and scopes, and in legitimate manners, solely to the extent necessary within proportion of the purpose(s) for which Data Subject has given consent to Company. In any event that Company wishes to collect, retain, implement, or disclose additional Personal Data or to change the purpose(s) for collecting, retaining, implementing, and disclosing, Company shall notify Data Subject prior to processing such Personal Data, except where it is required or permitted by law.
Consent for the collection, retention, implementation, and disclosure of Personal Data from Data Subject is not a requirement of accessing Company's services or communication channels. Assuming that any service, performance, or contractual obligation requires Company to process Personal Data which Data Subject does not give or later revoke its consent, such may cause limitation on services or communication channels, or cause restraint to Company from fulfilling its contractual obligations.
Company may collect, retain, implement, and disclose Personal Data without consent of Data Subject in the following case:
(1) To achieve objectives related to the preparation of historical documents or archives for the public interest, or related to research studies or statistics which have provided appropriate safeguard measures to protect the rights and freedoms of Data Subject as prescribed by Personal Data Protection Committee.
(2) To prevent or suppress danger to life, physique, or wellbeing of any person.
(3) To comply with obligations under any contract, which Data Subject is a party to, or to fulfill Data Subject's request prior to entering into such contract.
(4) To perform its duties in carrying out Company’s mission in respect of public interest or perform the duties under jurisdiction designated to Data Controller.
(5) For necessary legitimate interest of Company or of other person or entity, except otherwise it is deemed less significant than the fundamental rights of Data Subject.
(6) To comply with the law.
3. Data Collection
Collection of Personal Data can be done by requesting or inquiring directly from Data Subject, or from other sources or other relevant authorities. The Company collects the following Personal Data:
3.1 General Personal Data
(1) Personally Identifiable Information
(2) Contact Information
(3) Financial Information
(4) Communication Information with Company
(5) Information regarding educational record, work experience, training, expertise etc.
(6) Closed-circuit Camera (CCTV) recording
(7) Well-being and/or disability information
(8) Biological information such as facial recognition and fingerprint
(9) Health record regarding examination including prophylactic vaccine information.
(10) Vehicle
(11) Title deed
(12) Other information such as website log, IP Address, MAC Address, Cookie ID, sound, still images, movies, and any other information that is considered Personal Data under the Personal Data Protection Act.
3.2 Sensitive Data
Sensitive Data includes personal information about race, ethnicity, political opinion, beliefs in cult, religion or philosophy, sexual behavior, criminal records, health and disability information, trade union information, genetic data, biological data, or any other information which affects Data Subject in a similar manner as prescribed by Personal Data Protection Committee.
In the event that Company collects sensitive personal data, Company will expressively obtain a prior consent from Data Subject, unless Personal Data Protection Act B.E. 2562 or other laws stipulated otherwise.
In general, Company does not have any intention to collect, compile, and use information regarding religion and blood type displayed on identification card. Consequently, supposing that Data Subject has given copy of identification card to Company, it is suggested to conceal such information. Otherwise, it shall be deemed that Data Subject has authorized Company to conceal such information. However, if such information cannot be concealed due to certain restrictions, Company will collect and use a portion of the same for a specific purpose.
4. Duration for collecting and using Personal Data
Company will collect and use Personal Data only for a duration necessary for fulfilling purposes which Data Subject has been informed or as required by law.
5. Disclosure of Personal Data
Company may disclose Personal Data to its affiliates under TCC Private Company and/or its Data Processors and/or government agencies and/or private sectors for purpose of complying with the law and/or for the purposes for which Data Subject has given consent.
6. Rights of Data Subject Data Subject is entitled to the following rights:
6.1 Right to withdraw consent for collection, retention, implementation, and disclosure of Personal Data
6.2 Right to request access or obtain a copy of Personal Data, or to demand Company to declare the acquisition of Personal Data which consent has not been given by Data Subject.
6.3 Right to obtain, send or transfer Personal Data that has been provided to Company to other Data Controller.
6.4 Right to object to collection, retention, implementation, or disclosure of Personal Data
6.5 Right to request for deletion or destruction or rendering into unidentifiable data.
6.6 Right to request Company to suspend the use of Personal Data.
6.7 Right to request for the processing of Personal Data to be accurate, current, complete, and to not cause misunderstandings. If Company does not follow the request of Data Subject, Company shall document such request with description for assessment in due course.
6.8 Right to file a complaint in relation to violations of Personal Data Protection Act.
Under regulations stipulated by Personal Data Protection Act, in the event that Data Subject wishes to exercise the above rights, please contact Data Protection Officer of TCC Private Company Group, as specified in Clause
7. Security Measures
Company has established superior safeguarding system to protect Personal Data from any unauthorized access, alteration, and destruction. In an effort to collect, retain, implement and/or disclose Personal Data, whether in whole or in part, Company undertakes to proceed in accordance with competent rights and obligations under Personal Data Protection Act.
8. Authorized Personnel
Company permits access to Personal Data specifically to authorized personnel or assigned individuals who have roles and responsibilities related to the purposes of implementing Personal Data or to comply with the law. Company shall strictly supervise that only authorized personnel of Company or individuals assigned by Company may have access to Personal Data.
9. Privacy Policy Updates
Company reserves the right to update this Privacy Policy from time to time to comply with relevant guidelines, laws, and regulations. An updated Privacy Policy shall be announced or published on Company’s website or other communication channels.
10. Governing Law
This Privacy Policy is governed by law of Thailand. The courts of Thailand have jurisdiction to settle any dispute arising out of or in connection with this Privacy Policy.
11. Contact
If Data Subject wishes to make any inquiries, comments or declare its intention of exercising its rights under clause 6 (Rights of Data Subject), please contact Company at:
TCC Private Company
Data Protection Officer
Address: 288-288/1-9 Thai Charoen Building, 5th Floor, Surawong Road, Si Phraya Sub-district, Bang Rak District, Bangkok 10500
Telephone: 02-237-7700
E-mail: [email protected]