THE THAI SILK COMPANY LIMITED (the “Company”) realizes the importance and duties under The Personal Data Protection Act, B.E. by value the importance of the customer personal data including natural persons acting on behalf of the legal entity which owns personal data (hereinafter referred to as a “Customer”) and is strongly committed to protect your personal data secure in order to ensure that the customer's personal data will be protected as required by the Personal Data Protection Law and other relevant laws. Therefore, the Company has announced this privacy notice to inform customers of details of the collection, use and disclosure (collectively referred to as “Data Processing”), including your legal rights as the owner of personal data. The details are as follows.
To whom does this Privacy Notice apply?
This Privacy Notice covers all customer personal data, including natural persons who is acting on behalf of the legal entity which owns personal data, such as directors, consultants, executives, employees, agents, and any other person related to company's personnel.
“Customer” means an individual who is the target of product sales or services of the Company, including participants in the Company marketing campaigns or activities, individuals who express interest in the Company's products or services through various channels and/or users engaging with the Company via online and electronic media, as applicable. This also includes those who have the authority to act on behalf of customers, depending on the relevant laws.
Definition of Personal Data
“Personal Data” means any information about an individual that can be identified to such person whether directly or indirectly. This information excludes data of deceased individuals. However, the following information is not a personal data, such as business contact information which is not
specified to any person as a company name and address, a company registration number, business phone number, business group email address like info@company.co.th, an anonymous data, or other non-identifiable information by technical process (Pseudonymous Data), a dead person information, etc.
“Sensitive data” means personal data about race, ethnicity, political opinions, cult, religion or philosophy, sexual behaviour, criminal records, health information, disability, information of genetic data, biological data or any other information which affects the owner of personal data as specified in the notification of the Personal Data Protection Committee. Which the Company must be proceeded with cautious, by collecting, use and/or disclose sensitive personal data only with the customer express consent or if the Company is necessary to proceed as permitted by the law. Further in this Privacy Notice does not specify any “Personal Data” and “Sensitive Personal Data” in relation to the abovementioned users shall be collectively referred to as “Personal Data”. In the case that the Company receives a copy of customer identification card (“ID Card”) or the Company imports your information from the ID card by electronic methods for the purpose of identity verification of legal
binding and/or any other transaction with the Company which will include your religious information that is considered as a Sensitive Data. The Company does not have a policy to collect sensitive data from customer unless in the case where the Company got a customer consent. The Company will determine the management procedure according to the guidelines and as permitted by the law.
Personal data Collected by Company
The Company collects your personal data as necessary for the purpose of using the information which the Company will announce afterwards, the types of personal data that the Company stores are classified as follows:
- Personal Data
Such as title, name, surname, gender, photograph, date of birth, age, nationality, identification number, current address, residential address, e-mail address, telephone number. - Additional data
(a) Contact Data such as address, telephone number, e-mail address, LINE ID, Facebook ID and accounts on other social media sites, other information which can contact in emergency case.
(b) Financial Data for instance, bank account number.
(c) Company contact information (Communication Data), for instance, photo recording or audio recording when contact the Company.
(d) data of activities participation for instance, still images or video recordings;
Source of Personal Data
The Company collects customer personal data and sensitive data through process as follows:
- Directly provided data to the Company
for instance, information to register for services including supporting documents, modification of personal data or other data request, request for services or other information request of the Company products or services, complaint information of the product and/or services. Information to create an account or a profile with the Company for services both offline and online channels. Information that you contact with the Company, whether communicated by a hard copy form or electronic form, as well as information customer has provided to the Company by surveys, providing suggestions or comments through various channels, including a customer information using service at the Company head office or branch offices, customer service centre or at a showcase products or services, etc. - Automatically collected data by the Company
When customer accesses services through the Company's system or website via electronic devices for instance, mobile phone, computer, laptop, etc., with a technology called “cookies” or other technologies which function similarly. - Data which is from external sources or reliable public information
for instance, Department of Provincial Administration, Department of Business Development, Commercial Resources Websites, Applications, Social Media, Data Providers, entities or companies or associations or confederations in accordance to customer products or services, etc. - Customer contact data with the Company
Information about your contact with the Company, its personnel, employees, agents, the Company business partners or parties, attorney-in-fact or authorized person, or other persons or entities in accordance or assigned by the Company through website, application, social media, telephone, e-mail, meeting, interview, short message (SMS), fax, post, VDO Call Service or by any other means. The Company may collect information in text form as well as picture and sound recordings. - Customer participation data with the Company’s activities
In respect of any marketing activities, contests, sweepstakes, events or competitions organized by or on behalf of the Company and/or partners or alliances participating in activities with the Company, or has assigned or authorized by the company to do such activities.
Once the Customer agreed and given consent to provide any personal data related to third parties to the Company which such third parties is including but not limited to a person who related to customers using the service whether in business or others way, for instance, family members, such customer represents and warrants the accuracy of such personal data and has fully informed them of this Privacy Notice.
Objective for data collection, use and disclose of personal data
The Company collects, uses or discloses customer personal data with objectives as follows:
- To proceed the Customer request prior entering the contract or to perform the contract.
To sell products and/or services to the Customer or to perform any contracts which the Customer is a party, managing account, subscription information, delivery of accounting and financial, After-sale service and return of products and to take any actions for the Customer to receive products and/or services or as the Customer requested. - For the governance of advertising and public relations.
Public relations, marketing campaigns performance, product development analysis, contact customers to offer recommendations or products, including to manage of advertising media public relations which the Customer is a presenter or appearing as a part of the Company's advertising media. - For Operation management and after-sale services.
To review and analyze personal data.
To develop online service channels for the Customer to receive services with quality, immediately and most convenient.
To be able to access or transfer information of the Customer account, membership number or various personal passwords which the Company has provided through a computer and/or other electronic devices which can enable more than one device and to enable the Company to monitor the Customer account access, membership number or other personal passwords to prevent unauthorized use or access by another person or fraudulent use or in a wrong way including to improve the Company's service to be more suitable and efficient. - For Information Technology Management
Implement an information system to collect and process data and connect with customers and agents.
Prepare and provide information technology systems to process customer data from the use of Company's websites, applications and social media such as Facebook, Line, etc. - To be able to manage develop and take any action to be able to run the business more efficiently Management of goods
in order to be able to run the business more efficiently Management of goods and/or services (including websites and applications), fraud detection and prevention. or other crimes, managing customer and potential customer relationships Maintenance and use of IT systems
To Measure the effectiveness of a company's marketing policy and to measure the effectiveness of Company's advertising through various channels - Work Management Complaints, disputes and litigation, and risk management
To investigate into fraudulent behavior, fraud or acts that are against the law or public order.
any action to investigate, investigate, investigate, prosecute, or take any measures to exercise contractual and legal rights; Settlement of disputes or disputes that may arise between Company and you in connection with the provision of Company's services.
Disclosure of personal data
To carry out the purposes stated in this Privacy Notice. The Customer personal data may be disclosed or delivered to various departments within the Company and individuals, or external entities as follows:
Internal usage
The Customer personal data may only be disclosed or submitted to various departments within the Company that are relevant and are necessary roles and duties for the purpose by these people or teams of Company will be allowed to access your personal data as necessary and appropriate.
External usage
The Customer personal data may be disclosed or delivered to external organizations as follows:
- Government agencies, regulators or other agencies as required by law, such as the Revenue Department, Department of Business Development, Ministry of Commerce, auditors, governments, courts, the Legal Execution Department, or any other agency by virtue of law.
- Organizations or third parties, the Company may disclose the Customer information to organizations or third parties contacted the Company for a purpose of verifying your transactions and to provide services or products according to your needs.
Request for Consent and Possible Consequences of Consent Withdrawal
In case of the Company collects, uses or discloses personal data based on the Customer given consent, such Customers have rights to withdraw Content given to the Company at any time. Withdrawal of consent will not affect the collection, use or disclose of personal data that the Customer has given consent.
In case the Customer is a minor in accordance with the Civil and Commercial Code, before giving Consent, please inform of parental power user for the Company to request consent such user.
The Customer may revoke consent for the collection, use, or disclosure whether in whole or in part of your Personal Data as stated in this Privacy Notice by informing the Company.
In case the Customer has revoked consent to the Company to collect, use, or disclose your personal data for reasons or purposes other than marketing purposes. The Company may not be able to process any procedures or services and/or to manage any products or merchandise, or the Customer relationships and/or account in relation with the Company. This may result in the Customer loss of benefits to use the Company's services as same as giving consent to collect, use or disclose personal data to the Company.
Transmitting or Transferring of Personal Data outside cross-boarder
The Company may transmit or transfer the Customer personal data to other parties both domestically and internationally which is necessary to perform the contract as the Customer is the party, or as to act under a contract between the Company and other person or entity for the Customer benefits, or to perform the Customer requests prior to enter a contract, or to prevent or suppress any danger to life, body or health of the Customer or others to comply with the laws or as necessary to carry out missions for public interest.
The Company may keep the Customer personal data on a computer, a server or cloud service which provided by other person and may use third-party programs or applications in a form of platform package services to process the Customer personal data. However, the Company does not allow unrelated parties to access the personal data, and the Company will require such parties to have appropriate personal data security protection measures.
In the event that it is necessary to transmit or transfer the Customer personal data to other countries, the Company will comply with the Personal Data Protection Act and use reasonable measures to ensure that such personal data is protected and that the Customer is entitled to exercise the rights of personal data as legislated by the law. Including the Company will require those who receives such personal data to take appropriate measures to protect the information and only process personal data as necessary and to prevent other people from unauthorized use or disclose of personal data wrongfully.
Data Retention and Retention Period of Personal Data
The Company will keep the Customer personal data for as long as necessary by considering necessity and purpose which the Company shall collect, use and process, including complying with the requirements of applicable laws.
The Company will continue to collect, use and disclose such personal data, although the Customer has terminated a relationship with the Company, as necessary by provisions of laws for legitimate interest or to collect in a form of non-identifiable data, whether directly or indirectly, such as “anonymous data” or “Pseudonymous Data”.
The Company may keep the personal data as long as it is necessary for achieving purposes of processing the Customer personal data as set forth in this Privacy Notice. The Company will keep the Customer personal data for no more than 10 years from the date of relationship termination or from a last contact with the Company which the Company may keep such personal data for longer than required as the law permitted.
The Company will investigate to delete or destroy personal data, to make it non-identifiable of the owner of personal data permanently or otherwise to limit all personal data after the retention period has expired or unrelated or beyond the necessity for the purpose of collecting such personal data, or as the Company perform the Customer request to delete such personal data.
How the Company protect the Customer personal data.
The Company prioritizes the security of the Customer personal data such as encryption, limitation of personal data access. To ensure that the Company personnel and third parties acting on behalf of the Company have complied with appropriate standards for personal data protection, including responsibility to prevent data leakage and the Company to take appropriate security measures in relation to the data processing.
The Company will keep the Customer personal data in accordance with the Technical Measures and Organizational Measure to secure the processing of personal data and to prevent breaches of personal data which the Company has set policies, rules and regulations for personal data protection, including measures to prevent recipients of information from the Company to use or disclose information other than the purposes or wrongfully. and the Company updates the policy, rules and regulations from time to time as necessary and appropriate. In addition, the Company's executives, employees, contractors, agents, consultants and recipients of information from the Company are obliged to keep personal data confidentiality in accordance with the confidentiality measures set by the Company.
The Company periodically update, review, and amend personal data security procedures, in order to maintain a level of security of personal data to balance with the risk, and to ensure the confidentiality of personal data, integrity, availability and flexibility of processing of personal data is continuous, including protection of loss and collection, access, use, modification, alteration or unauthorized disclosure of personal data. However, the Company will apply the measures to maintain the security of the Company's personal data with all types of data processing, whether such data processing is in electronic form or hard copy format.
Rights of Data Subject
The Customer has rights to exercise as follows:
- Right to Withdraw Consent
In case the Customer has given consent to the Company to collect, use and/or disclose a personal data (whether the provided consent is prior or after the date of the Personal Data Protection Act become effective), the Customer is entitled to withdraw the consent at all times during the personal data is being kept with the Company, unless there is a limitation on such right by law or an existing contract that is beneficial the Customer.
However, the withdrawal of consent may affect the Customer from product usage and/or services such as the Customer will not be able to receive benefits, promotions or new offers, products or services that is better and match with the Customer interests, or unable to receive useful information etc. For the Customer benefits, please review and inquire of the impact before withdrawing the consent. - Right to Access Personal Data
The Customer is entitled to access their personal data and request the Company to make a copy of such personal data, including to disclose the acquisition of personal data in the Company's possession. The Company may refuse such request if accessing and obtaining a copy of the personal data affect rights and freedom of others or as the Company must comply with the law or a court order prohibiting the disclosure of such personal data. - Right to Transfer Personal Data
The Customer is entitled to obtain their personal data in the event that the Company has provided such personal data in a format which is readable or usable by means of a device or device that works automatically and be able to use or disclose by automatic means. And is also entitled to request the Company to transmit or transfer personal data in such form to other personal data controllers (“Data Controller”) whenever possible by automated means, and is entitled to receive personal data which the Company transmit or transfers the personal data in such form to other data controllers directly unless it is unable to operate due to technical reasons.
The Customer personal data above must be a data which the Customer has given consent to the Company to collect, use and/or disclose, or is a personal data that the Company needs to collect, use and/or disclose in order for the Customer to use the Company's products and/or services according to desires of which the Customer is a party to the Company, or to use in a processing per your request prior the Company's products and/or services usage or is another personal data as required by the laws. - Right to Object of Data Processing
The Customer is entitled to object the collection, use and/or disclosure the personal data at all times. In the condition that the collection, use and/or disclosure of your personal data is made for the purpose of carrying out necessary operations under the Company's legitimate interests or of another person or entities without beyond a scope which the Customer could reasonably expect or to carry out missions for public interests. In case the Customer objected the processing, the Company will continue to collect, use and/or disclose such personal data only parts which the Company can reasonably demonstrate by the law, that the processing is more important than the Customer fundamental rights, or in order to assert legal rights in compliance with the laws or any legal prosecution as the case may be.
Furthermore, the Customer is entitled to object the collection, use and/or disclosure of such personal data for marketing-related purposes or for educational research in scientific, history or as well as statistics. - Right to Request For Personal Data Erasure
The Customer is entitled to request for erasure or destruction of such personal data, or to make the personal data non-identifiable. In case there is a reasonable belief that such personal data has been unlawfully collected, used and/or disclosed in accordance with applicable laws, or deems that the Company is no longer requires to maintain such personal data for the purposes stated in this Privacy Notice, or once the Customer has exercised the right to withdraw the consent or to object as stated above unless the Company requires to comply by the law or to use rights of claim by the applicable laws to keep such data. - Right to Request a Suspension of Personal Data Usage.
The Customer is entitled to request for a temporarily suspension of the personal data usage in the event that the Company is in the process of reviewing the Customer request to correct the personal data or request for an objection, or in other cases where the Company is no longer necessary and requires to delete or destroy such personal data in accordance with relevant laws but the Customer request to suspend the use instead. - Right to Amend the Personal Data
The Customer is entitled to request the Company to correct such personal data to be accurate, current, complete and without causing misunderstandings. - Right to Complain
The Customer is entitled to lodge a complaint with the relevant legal authority. In condition the Customer believes that the collection, use and/or disclosure of such personal data is in a manner that violates or fails to comply with applicable laws,
In case there is any concerns or questions about the Company's guidelines of the Customer personal data, please contact the Company by contact details pursuant to Clause 14 of this Privacy Notice. However, if there is any reasonable belief that the Company violates the Personal Data Protection Act, the Customer is entitled to lodge a complaint with specialist committee appointed by the Personal Data Protection Committee in accordance with the rules and procedures prescribed by the Personal Data Protection Act.
In condition that the Customer submits a request to exercise their rights under the Personal Data Protection Act, once the Company received such request, the Company will complete the request within the period specified by the law. In addition, the Company reserves the right to refuse or abstain upon such request if it is required by law.
11.2 the Company reserve all rights and its sole discretion to accept to perform the Customer request or to reject such request.
The Customer’s exercise of rights under section 11.1 may be restricted under applicable law, and there may be cases where it is necessary for the Company to refuse or fail to perform of such request to exercise the above rights, such as to comply with the applicable laws or a court order, for public interest, exercise of such rights may infringe upon the rights or liberties of others etc. in case the Company refuses the above request, the Company will inform the reason of the refusal.
Linking with Third Party Websites
By using the Company's web service, there may be links to other social networks, platforms and websites operated by third parties. The Company attempts to link to websites that standardized for personal data protection only. However, the Company cannot be responsible for the content or standards of personal data protection of other websites, unless otherwise specified. Any personal data the Customer provided to third-party websites will be collected by such individual and is subject to Notices/policies regarding the protection of personal data of such third parties (if any). In such cases, the Company inquires the customer to review and to comply with the notices/policy regarding personal data protection appearing on such website separately from the Company.
Changes to Customer Privacy Notice
The Company will regularly review the Privacy Notice for customer to ensure the compliance with applicable practices, laws, and regulations. If there is any change to the Privacy Notice for the Customer, the Company will notify any important changes to this Privacy Notice together with the revised Privacy Notice through appropriate channels.
Contact Point
In case the Customer deems that the processing of such personal data is inconsistent with the Personal Data Protection Act B.E. 2562 (2019), the Customer is entitled to lodge a complaint to the Data Protection Officer.
Data Protection Officer
The Thai Silk Company Limited
Legal Department, Data Protection Division
96 Soi Puengmee 29, Sukhumvit 93 Road, Bangchak, Prakanong, Bangkok 10260 THAILAND
Email DPO@jimthompson.com
Telephone number 02-700-2000 ext. 2472-2473
Announced 31 May 2022
