This Privacy Notice (“Notice”) sets out our privacy principles, our practices and/or the basis which Taiyo Gases Co., Ltd. *and its related entities (*[collectively] referred to herein as the “Company”, “we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data about the following persons in accordance with the [Personal Data Protection Act] in Thailand (“[PDPA]”) and any and all of the related applicable laws and regulations for personal data protection.
This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes, and personal data obtained by us from publicly available sources.
“personal data” means [data, whether true or not, about an individual (the “data subject” or “data owner”) who can be identified (a) from that data; or (b) from that data and other information to which the Company has or is likely to have access, excluding data of deceased persons]. References to you or “your” in this Notice are references to the data subject or data owner;
Examples of personal data are:
Name, national registration identity card number, passport or other identification number, telephone number(s), mailing address and email address
Your employment history, education background, and income levels;
Your payment-related information, such as your bank account or credit card information, and your credit history; and
Information about your usage of and interaction with our website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, traffic to and from our website cookies, IP address, subscription account details, and membership details, but only to the extent that the Company may identify you from such information.
[“sensitive personal data” means personal data relating to race, ethnics, political opinions, doctrinal, religious or philosophical beliefs, sexual behaviour, criminal records, health records, disability, labour union data, genetic or biometric data or any other data which may affect the individual in the same manner, as prescribed by the Personal Data Protection Committee.
2. COLLECTION OF PERSONAL DATA
Depending on your interaction with us, we may collect and/or receive your personal data in the following ways.
Information you provide directly to us:
When you establish an online account with us;
- When you order a product from us or engage our service or transact with us in any business area;
- When you submit a query on our products and/or services;
- When you request to be included in an email or other mailing list;
- When you respond to any of our promotions or marketing or related initiatives;
- When you interact with our staff (e.g., customer service officers) via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms or emails;
- When you respond to our job advertisement;
- When you provide feedback or submit a complaint to us;
- When you use our electronic services, or interact with us via our website or use any service on our website;
- When you or the entity you are acting on behalf of enter into any agreement or contract with us;
- When your images are captured by us via CCTV cameras while you are within our premises;
- When you submit your personal data to us for any other reason(s).
Information from third-party sources:
We may receive or obtain information about you from publicly and commercially available sources (where permitted by law), which we may combine with other information we receive from or about you. Further, we may receive or obtain information about you from third-party social networking services when you choose to connect with those services.
We may collect other information about you with your consent.
From time to time, we may do a verification exercise with you to update us on any changes to your personal data. Please update us if there are changes to your personal data by informing our *[Data Protection Officer] *[Compliance Manager] in writing or via email at the contact details provided below. Failure to do so on your part may result in our inability to provide you with products and services you have requested in a timely manner.
3. PURPOSES OF PERSONAL DATA COLLECTION
We hereby notify you that we may collect, use, store, disclose and/or process your personal data for any or all of the following purposes (the “Purpose”):
Performance of Contract/Service
- Administering, processing and/or dealing with any transactions between you and the Company and/or any of its Affiliates including but not limited to any application by you for employment or work with the Company;
- Executing agreements with customers, suppliers and Business Partners
- Performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
- Processing orders, payment or credit transactions;
- Verifying your identity;
- Responding to, handling, and/or processing queries, requests, applications, complaints, and/or feedback from you or on your behalf;
- Administering, facilitating, processing and/or dealing in any matters relating to your use of any of the Company’s website(s);
- Monitoring, processing and/or tracking your use of any of the Company’s website(s) in order to improve your experience in using such website(s);
- Creating reports with respect to our transactions with you;
- Executing agreements with customers, suppliers, Business Partners or Affiliates; and
- Recording and financially settling delivered services, products and materials to and from the Company.
Development and Improvement of Products/Services
- Conducting Market Research;
- Research and Development; and
- Market Testing.
Relationship Management and Marketing
- Managing your relationship with us;
- Sending you marketing information about our products and/or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;
- Maintaining and promoting contact with existing and prospective customers, suppliers and Business Partners (including but not limited to customer profiling in our database system);
- Informing you of changes and development to our policies, terms and conditions and other administrative information;
- Providing customer service and assistance (including but not limited to resolving complaints, handling requests and queries); and
- Development, execution and analysis of market surveys and marketing strategies
Legal, Risk Management and Compliance:
- Management of company assets;
- Conducting (internal) audits and investigations;
- Assessing creditworthiness;
- Implementing business controls;
- Management reporting and analysis;
- Safeguarding our properties and systems (including but not limited to carrying out CCTV surveillance and conducting security and safe management measures clearances);
- Carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us (whether Thailand or non-Thailand);
- Prevention or investigation of any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflicts of interest; or dealing with and/or investigating complaints
- Dealing with and/or facilitating any proposed or confirmed merger, acquisition or business asset transaction (potential or otherwise) involving any part of our organisation, or corporate restructuring process;
- Storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Thailand;
- Facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of the Company and/or its Affiliates
- Insurance purposes; and
- Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority (whether within or outside Thailand).
- Transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Thailand or abroad, for the aforementioned purposes;
- Any other purposes for which you have provided the information; and
- Any other incidental related to or in connection with the above items (a) to (e) as set out in this paragraph 3(1).
The purposes listed above may continue to apply even in situations where your relationship with us or the relationship of the company you are acting on behalf of (for example, pursuant to a contract) has been terminated or altered in any way for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
If you have provided us with your consent to receive marketing or promotional information via your Thailand telephone number(s), we may contact you with information on our products and services via voice calls, text, fax and/or other means.
4. STORAGE OF THE PERSONAL DATA AND PERIOD OF RETENTION
We shall store/keep the personal data in the form of paper and/or soft files as appropriate.
We shall retain the personal data for as long as it is necessary, taking into account the above Purpose, or as required or permitted by applicable laws.
5. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We may disclose your personal data to third parties, whether located within or outside Thailand, for one or more of the above Purpose, as such third parties, would be processing your personal data for one or more of the above Purpose. In this regard, you hereby acknowledge, agree and consent that we may be/are permitted to disclose your personal data to such third parties (whether located within or outside Thailand) for one or more of the above Purpose and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above Purpose. Without limiting the generality of the foregoing or of paragraph 3 setting out the Purpose, such third parties include:
The term ‘Affiliates’ refers to (i) direct and indirect holding companies of the Company, (ii) subsidiaries of any such direct or indirect holding company, and (iii) subsidiaries of the Company.
Service providers who include any of our agents, contractors or third-party service providers that process or will be processing your personal data on our behalf (including but not limited to those which provide administrative or other services to us such as telecommunication companies, information technology companies and data centres).
We may share your information with trusted business partners. These entities may use your information to provide you with services you request, make predictions about your interests and may provide you with promotional materials, advertisements and other materials.
Government Agencies and Industry Associations
We may disclose your information to government agencies and industry associations that request for and/or require your information.
Other Parties When Required by Law or as Necessary to Protect Our Services
We may disclose your information to other parties to comply with the law or respond to compulsory legal process (such as a search warrant or other court order); to verify or enforce compliance with the policies governing our services; and to protect the rights, property, or safety of the Company, or any of our respective Affiliates, Business Partners, customers, or third parties whom we work with.
Other Parties in Connection with Corporate Transactions
We may disclose your information to a third party as part of a merger or transfer, or in the event of a bankruptcy.
Third parties, service providers, agents and other organisations for any of the Purpose set out in paragraph 3 above.
In addition to the disclosures described in this Notice, we may share information about you with third parties when you consent to or request such sharing.
Where your personal data is to be transferred out of Thailand, we will comply with the [PDPA] in doing so. In this regard, this includes us taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the [PDPA]. This may include us entering into an appropriate contract (whether via a standalone contract or included as part of a main transaction) with the foreign recipient organisation dealing with the personal data transfer or permitting the personal data transfer without such a contract if the [PDPA] or law permits us to.
6. REQUESTS FOR ACCESS, CORRECTION AND/OR WITHDRAWAL
Data owners/subjects may request for the following:
Withdrawal of Consent [and Right of Erasure].
The consent that you provide for the collection, use, processing and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using, processing and/or disclosing your personal data for any or all of the Purpose listed above by submitting your request in writing or via email to our *[Data Protection Officer] *[Compliance Manager] (as applicable) at the contact details provided below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within a reasonable time from our receipt of your request.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you or to continue our purchase of your goods or services (as applicable) or to complete any of the Purpose set forth in paragraph 3 above or otherwise notified to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in paragraph 6(a)(i) above.
[You have a right to request for erasure of your personal data where your consent has been withdrawn and when we have no legal ground to collect, use, store, process, disclose or transfer your personal data, or the personal data is no longer necessary for the purpose for which it was collected.]
Please note that withdrawing consent does not affect our right to continue to collect, use, process and/or disclose personal data where such collection, use, processing and/or disclosure without consent is permitted or required under applicable laws.
Access to and Correction of Personal Data.
If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our *[Data Protection Officer] *[Compliance Manager] at the contact details provided below. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
For a request to access personal data, once we have sufficient information from you to deal with the request, we will respond to your request as soon as reasonably possible within thirty (30) days. Where we are unable to respond to your request within the said thirty (30) days, we will notify you of the soonest possible time within which we can provide you with the information requested.
For a request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within thirty (30) days. Where we are unable to do so within the said thirty days, we will notify you of the soonest practicable time within which we can make the correction.
If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the [PDPA]).
7. PROTECTION OF PERSONAL DATA
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced reasonable administrative, physical and technical measures, and disclosing personal data both internally and to our authorised third-party service providers and agents only on a need-to-know basis. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure.
8. EFFECT OF NOTICE AND CHANGES TO NOTICE
This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use, processing and disclosure of your personal data by us.
We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated on the Company’s website. Your continued use of our services or continued dealing with us constitutes your acknowledgement and acceptance of such changes.
You may contact our Data Protection Officer or Compliance Manager if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
Data Protection Officer or Compliance Manager
Taiyo Gases Co., Ltd.
Address : 17F. Serm-Mit Tower, 159 Sukhumvit 21 (Asoke), North Klongtoey, Wattana, Bangkok, 10110
Email Address : firstname.lastname@example.org
Effective Date: January 20th, 2022