Customers Privacy Policy
Toyobo (Thailand) Co., Ltd.
Toyobo (Thailand) Co., Ltd., (“the Company” “we” “us” or “data controller”) respects the privacy rights of our customers, suppliers, and potential customers (“customers” or “data subjects” or “you” or “your”) and the Company are dedicated to providing transparency around the ways that we interact with your data.
This Customers Privacy Policy (“Policy”) sets out the basis upon which the Company may collect, use, disclose or otherwise process personal data of customers in accordance with the Thai Personal Data Protection Act B.E.2562 (“PDPA”). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organizations which we have engaged to collect, use or disclose personal data for our purposes.
“Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
- Types of Personal Data Collected by the Company
In operating our business, we may have to collect, use, and/or disclose the Personal Data of our customers for certain purposes in relation to the business operation of the Company. The Company may collect the following types of personal data about you and other individuals that you inform us are connected to you:
-
- Identification data – such as your name, gender, photograph, date of birth, signature, any other personal details you provided to us;
- Contact details – such as postal address, delivery details , billing address, telephone number, fax number, email address, ID Line, Facebook account, or any other contact details you provided to us;
- National identifiers – such as your identification number, passport, social security number, immigration status and documentation.
- Financial information – such as bank account details, tax information, debit/credit card, debit/credit card number, payment details, invoice information and any other financial details;
- IT information – information required to provide access to the Company’s IT system and networks such as IP addresses, log files, and software/hardware inventories;
- Location data – such as the location of your device when you use our services, such as from the GPS, Wifi, compass, or other sensors in your device;
- Sales and marketing information – such as information about customer’s behavior and data supplied through the use of our services, social medial engagement.
- Website usage details – when you visit our website, we may collect your IP address, location data, browser type, operating system, web browsing behavior, referring website, interest and application usage through cookies and other tracking technologies.
The examples provided are not exhaustive, and the Company may undertake additional processing of personal data in line with the purpose set out above. The Company will update this Policy from time to time to reflect any notable changes in the purpose for which it processes your personal data.
The Company may collect certain sensitive personal data such as race, political opinions, religious beliefs, sexual behavior, health records, disabilities, labor union membership, and criminal convictions and offences, genetic data and biometric data. The Company shall collect and process your sensitive personal data if the Company shall obtain explicit consent from the data subjects. However, the Company shall not obtain explicit consent with the exceptions under the PDPA such as:
-
- The processing is necessary to protect the vital interests of the data subjects where the data subjects are physically or legally incapable of giving consent;
- The processing relates to personal data which is clearly made public by the data subjects;
- The processing is necessary for the conduct of legal claims or whenever courts are acting in their judicial capacity;
- The processing is necessary for public interest reasons in the area of public health, for example, protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care.
- The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with the PDPA.
In the case where you may provide personal data of any third parties (e.g., potential customers, referral and references) to us such as their name, surname, telephone number, email, please provide this Policy for their acknowledgement and/or obtaining consents where applicable for us.
- Grounds for Collecting, Using and Disclosing Your Personal Data
The Company shall apply for appropriate legal grounds for processing your personal data under PDPA. The following lawful bases may apply when processing your personal data:
-
- Consent
- Vital interest: It is for preventing or suppressing a danger to a Person’s life, body or health.
- Contractual Obligations: It is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal obligations: It is necessary for compliance with a law.
- Legitimate Interest: It is necessary for legitimate interests of the Data Controller or any other Persons, except where such interests are overridden by the fundamental rights of the data subject of his or her Personal Data.
- Public interest: It is necessary for the performance of a task carried out in the public interest or for the exercising of official authorities.
However, the Company may process the personal data without their consent where necessary, on the basis that it is necessary for the performance of a contract or other legal grounds.
- Purposes for the Collection, Use and Disclosure of Your Personal Data
The Company shall collect, use and disclose your personal data for one or more of the following purposes.
-
- Providing products and services to you – such as entering into a contract and manage our contractual relationship with you, to support and perform other activities related to such services including but not limited to after sale services, warranty processes, etc.
- To provide you with services or information that you may have requested
- To keep you informed and updated on relevant products or services you may be interested in;
- Facilitating business asset transactions (which may extend to any merger, acquisition or asset sale);
- Tax management such as an issuance of tax invoice etc.
- Protecting and enforcing our contractual and legal rights and obligations;
- Improving our business operation and services
- Any other purpose reasonably related to the aforesaid.
The activities provided above are not all-inclusive, and the Company also may collect similar or related information consistent with the relevant laws and regulations.
- How do we collect your personal data ?
The Company may collect personal data about customers, suppliers or potential customers in a variety of ways. We will collect your personal data from you directly and indirectly. We may receive your personal data through a third party, business partners, association, foundation, service providers or relevant government officials.
- Accuracy of Personal Data
The Company generally relies on personal data provided by you. In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing the Company in writing or via email at the contact details provided below.
- Disclosing or Sharing Your Personal Data
We may disclose or Sharing your personal data in the following ways:
-
- With other companies in the group company: We may need to share your person data with other affiliated or related companies whether in Thailand or foreign countries in order to manage and administer our services including but not limited to sales and marketing.
- With third party service providers and agents : We may also make certain personal data available to third parties who provide services to us. When we share with these third parties, we do so on a need-to-know basis and under clear contractual terms and instructions for the processing of personal data.
In the course of providing such services, the service providers may have access to your personal data. However, we will only provide our service providers with the personal data that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. - With business partners: Personal data may be disclosed or transferred to another party in the event of a change in ownership of, all or a part of the Company through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Policy.
We may transfer your personal data to our business partners in the business of logistics, warehouse, shipping, customs broker etc. - With Associations or Organizations : The Company may transfer your personal data to the Associations or Organizations, such as Thai Authorized Customs Brokers Association, Thai Transportation and Logistics Association, Thai Federation on Logistics etc.
- With professional advisors: This includes but not limited to auditors, lawyer, logistics consultant etc.
- Transfer of Personal Data Outside Thailand
The Company may transfer your personal data outside Thailand. These outside countries may have different data protection laws. However, the Company shall transfer your data to another country (including to a company within the Group Company) in accordance with applicable privacy laws, and where there are adequate level of protection.
Furthermore, the Company may transfer your data outside Thailand which is in accordance with the exceptions under the PDPA as follows:
-
- The transfer is conducted pursuant to the applicable law;
- The data subjects have been informed of such inadequate protection and given consent to such transfer;
- It is necessary for the performance of a contract to which the data subjects are a party, or in order to take steps at the request of the data subjects prior to entering into a contract;
- The transfer is necessary for the tasks operated for significant public interest.
- Where it is to prevent or suppress a danger to the life, body, or health of the data subject or other Persons, when the data subject is incapable of giving the consent at such time.
The Company may transfer the personal data to the Group Company outside Thailand engaged in a joint economic activity having binding corporate rules. Such rules shall include all general data protection principles and enforceable rights to ensure appropriate safeguards for data transfers.
We take steps and measures to ensure that your personal data is securely transferred and that the receiving parties have in place an appropriate level of protection standards.
- Data Retention
The Company shall retain your personal data for as long as it is necessary to fulfill the purposes for which they were collected, or as required or permitted by applicable laws.
The Company shall cease to retain your personal data, or remove the means by which the data can be associated with your, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes.
- Rights of the Data Subjects
The PDPA sets out the following rights applicable to data subjects.
-
- Right to access – The data subjects have the right to receive a copy of the personal data we hold about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
- Right to rectification – The data subjects have the right to require the Company to rectify any of their personal data that is inaccurate or incomplete.
- Right to erasure – The data subjects have the right to request the Company to erase or destroy the personal data, or anonymize the personal data to become the anonymous data which cannot identify the data subject, except the Company is not obligated to do so if the Company needs to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
- Right to restriction of processing – The data subjects have the right to request the data controller to restrict the use of the personal data in certain cases.
- Right to data portability – The data subjects have the right to request the Data Controller to send or transfer the Personal Data in the format which is readable or commonly used by ways of automatic tools or equipment to other Data Controllers.
- Right to withdraw consent – For the purposes you have consented to our collecting, using or disclosing of your personal data, you have the right to withdraw your consent at any time.
- Protection of Personal Data
The Company shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorized third party service providers and agents only on a need-to-know basis.
- Contact
If the data subjects have any questions about this Policy or how we handle your personal data, please contact email address: info@toyobo.co.th
If there are any updates or changes in your personal data, please notify the Company so that the Company can maintain its accuracy.
- Changes to this Privacy Policy
The Company may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated. The updated Policy will be posted on the Company’s website. Your continued use of this website indicates your acceptance of the Policy.
On some occasions, the Company may also actively advise you of specific data handling activities or significant changes to this Policy, as required by applicable law.
This Policy was last updated on 15th June 2022