PDPA (Personal Data Protection Act 2019) is an act that was announced in the Royal Thai Government Gazette on 27 May 2019 and parts of the act were official on 28 May 2019. By 27 May 2020, this act was then fully official.
The reason that PDPA has become official is due to the development of technology. There are many more types of online platforms and communication channels that cause the violation of personal data to happen easier and, most of the time, it brings about problems and losses for the data’s possessors as well as affects the nation’s economy. Thus, there has to be a law regarding the protection of personal data to set the standard or measure to oversee the protection of personal data which includes the collection, usage, and disclosure of information.
Personal Data Protection Policy
Asahikasei Plastics (Thailand) Co., Ltd. (APT)
1. Objective
The objective of this Personal Data
Protection Policy (“Policy”) is to clarify the Company’s basic policy regarding
Personal Data Protection Act, B.E. 2562 (2019) (“PDPA”). In addition, this Policy is issued so that
the Personal Data is managed and processed suitably and provided sufficient
security measures to protect and secure the Personal Data of the Data Subject
which the Responsible Manager will be collecting, using and disclosing in
accordance with the PDPA and related laws and regulations.
2.
Definitions
2.1 “Company”
means Asahikasei Plastics (Thailand) Co.,Ltd
2.2 “Person” means a natural person.
2.3 “Data Subject” means an
identified or identifiable natural person, directly or indirectly by reference
to the Personal Data.
2.4 “Personal Data” means any
information relating to a Data Subject, which enables the identification of
such Data Subject, whether directly or indirectly, but not including the
information of the deceased Person in particular.
2.5 “Sensitive Personal Data” means
any Personal Data pertaining to racial, ethnic origin, political opinions,
cult, religious or philosophical beliefs, sexual behaviour, criminal records,
health data, disability, trade union information, genetic data, biometric data,
or of any data which may affect the data subject in the same manner as prescribed by PDPA.
2.6 “Data Processor” means a Person
or a juristic person who operates in relation to the collection, use, or
disclosure of the Personal Data pursuant to the orders given by or on behalf of
the Company.
2.7 “Company Staff” means all
employees and directors of the Company.
2.8 “Responsible Manager” means heads
of any department in the Company that collects, uses or discloses the Personal
Data and/or Sensitive Personal Data. For example, in HR department, HR general
manager is the Responsible Manager.
2.9 “MD” means the managing
director of the Company.
2.10 “Data Protection Officer”
means the person appointed by the Company for the purpose according to Clause
7.
2.11 “Office” means the Office of
the Personal Data Protection Committee.
3.
Collection of Personal Data
3.1 Purposes of Personal Data
Collection
The Responsible Manager shall
collect Personal Data within the limitation to the extent necessary in relation
to the l awful purpose of the Company. The purposes for which the Company
processes Personal Data can be exemplified as follow:
(1) To
enter into an agreement and comply with an agreement between the Company and Data
Subject, Company’s customers and/or suppliers;
(2) To
answer questions and provide assistance to Company’s customers;
(3) To
develop and improve the Company's products whether the current products or
future products;
(4) For
the purpose of marketing to Company’s customers;
(5) To
comply with laws relating to the operations of the Company, e.g., to collect Personal
Data for the purpose of tax requirements;
(6) To
apply for all licenses, permits, applications, forms submitted to government
agencies, e.g., work permit, visa;
(7) To
provide information to government agencies as required by law or by public
authority, e.g., the Royal Thai Police, the Social Security Office
(8) For
the purposes of audit, analysis and preparation of documents as requested by
other agencies or organizations that are involved with or may be relevant to
the Company's business operations, such as the Board
of Investment of Thailand, the Department of Industrial Works; and
(9) For
the benefit of the Company’s internal management, e.g., to recruit employees,
to pay salaries and compensation to its Company Staff, to enter into an
employment agreement, to internally manage personnel of the Company, to comply
with Company’s work rule.
3.2 Subject
to the exception of collection of Personal Data under the PDPA or other relevant
laws or exception in Clause 3.3, Responsible Manager shall, before collecting
Personal Data, request the Data Subject’s acknowledgement and consent through a
form in writing, electronic or other methods as specified by the Company.
3.3 The Responsible Manager may
collect Personal Data without requesting consent:
(1) To
fulfill purposes relating to the preparation of historical documents or
archives on public interest grounds or relating to research studies or
statistics;
(2) To
prevent or to avoid danger to an individual’s life, body or health;
(3) To
comply with a contract, only to the extent that it is necessary to do so, to
which the Data Subject is a party or in order to take steps requested by the Data
Subject prior to entering into a contract;
(4) To
carry out tasks, only to the extent that it is necessary to do so, for the
public interest or in the exercise of official authority vested in the Company;
(5) For the
purposes of legitimate interests pursued by the Company or by third parties or
by other juristic persons, except where such interests are overridden by the
fundamental rights and freedoms of Data Subject; and/or
(6) To
comply with laws such as the law relating to social security.
3.4 Subject to the exception of
collection of Sensitive Personal Data under the PDPA or other relevant laws, in
case where the Company needs to collect Sensitive Personal Data, the Responsible
Manager shall request explicit consent
from the Data Subject before such collecting.
The consent form for the Clause 3.2
and 3.4 are prescribed in the Appendix A Consent Form attached hereto.
3.5 In collecting the Personal Data, the Responsible
Manager shall inform the Data Subject, prior to or at the time of such
collection, of the following details, except the case where the Data Subject
already knows of such details:
3.5.1
the purpose of the collection for use or disclosure of the Personal Data,
including the purpose which is permitted under the PDPA for the collection of
Personal Data without the Data Subject's consent;
3.5.2
notification of the case where the Data Subject must provide his or her
Personal Data for compliance with a law, or contract, or where it is necessary
to provide the Personal Data for the purpose of entering into the contract,
including notification of the possible effect where the Data Subject does not
provide such Personal Data;
3.5.3 the
Personal Data to be collected and the period for which the Personal Data will
be retained. If it is not possible to specify the retention period,
the expected data retention period according the data retention standard shall be
specified;
3.5.4 the
categories of Persons or entities to whom the collected Personal Data may be
disclosed;
3.5.5
information, address, and the contact channel detail of the Company, where
applicable, of the Company's representative or Data Protection Officer; and
3.5.6 the
rights of the Data Subject under the PDPA.
3.6 Sources of Personal Data
The Responsible Manager may collect
the Personal Data from the following sources:
(1) Personal
Data received directly from the Data Subject, for example, collection of
Personal Data from filling out personal information in application forms, either in paper form or online, responses to surveys conducted by the Company,
or access to the Company’s website using cookies; and/or
(2) Collection
from sources other than the Data Subjects, for example, collects the Personal
Data from the Company’s group company, subsidiaries, searches for Personal Data
via a website or inquiries made by third parties. In these cases the Responsible
Manager will notify Data Subject of the Personal Data collection without delay,
but not more than thirty (30) days from the date the Responsible Manager
collects the Personal Data from such sources, and request consent to collect
the Personal Data from the Data Subjects, except where exempted by law from the
need to request consent from or notify the Data Subject.
4. Use or
Disclosure of Personal Data
4.1
The Responsible Manager shall inform the Data Subject to consent through
a written form and/or electronic or other methods as specified by the Company
before such using or disclosing.
4.2 The Responsible Manager may use
or disclose the Personal Data without requesting consent if such use or
disclosure falls under the exemption in Clause 3.3.
4.3 In
the event that the Responsible Manager uses or discloses the Personal Data pursuant to Clause 4.2, the Responsible
Manager shall maintain a record of such use or disclosure in the Record Form as
prescribed in Appendix B Record of Collection, Use and Disclosure of Personal
Data attached hereto.
5. Data Processor
The Responsible Manager shall not
engage the Data Processor to perform work
related to the collection, use or disclosure of personal data of the Data
Subject, unless the Data Processor has agreed, in writing, to keep the personal
data confidential and secure, and to prevent the collection, use or disclosure
of such Personal Data for any purposes other than specified in the scope of
engagement or for any unlawful purposes.
6. Processing Personal Data
6.1 The Responsible
Manager shall maintain, at least, the
records in order to enable the Data Subject and the Office to check upon, which
can be either in a written or electronic form. The Record form is prescribed in
Appendix B Record of Collection, Use and Disclosure of Personal Data attached
hereto.
6.2 During the operation, if the Company
Staff receive any contact or request from
the Data Subject regarding his/her Personal Data, such Company Staff shall immediately
report to the Responsible
Manager who is his/her direct line supervisor, and shall follow such Responsible
Manager’s instruction to comply with this
Policy.
6.3 The Responsible
Manager shall monitor and supervise his/her Company’s Staff to comply with this
Policy all the time.
6.4 If the Responsible Manager has any question or doubt as
to whether or not any processing of Personal Data is in compliance with this
Policy or PDPA, he/she shall contact and consult with the Data Protection Officer,
and shall follow such Data Protection Officer’s instruction.
7. Data Protection Officer
The Company shall officially appoint the Data Protection
Officer, and the roles and responsibilities of the Data Protection Officer are
as follows:
7.1 to give advices to the Responsible Manager, the Data Processor, Company Staff with
respect to compliance with PDPA;
7.2 to monitor and investigate the performance
of the Responsible
Manager or the Data Processor, including the Company Staff with respect to the
collection, use, or disclosure of the Personal Data for compliance with PDPA;
7.3 to coordinate and cooperate with the Office
in the circumstance where there are problems with respect to the collection,
use, or disclosure of the Personal Data undertaken by the Company or the Data
Processor, including the Company Staff with respect to the compliance with
PDPA;
7.4 to handle a notification to the Office in
case of personal data breach;
7.5 to report to MD in case of Personal Data
breach or possible Personal Data breach and give advices to the Responsible Manager and/or MD for the solution, mitigation and
protection of such breach.
7.6 to be
a center for keeping the Record of Collection, Use and Disclosure of Personal
Data of Responsible
Manager
The Data Protection Officer shall keep
confidentiality of the Personal Data known or acquired in the course of his or
her performance of duty under this Policy.
8. Security Measures
8.1 The Company shall provide appropriate security measures
for preventing the unauthorized or unlawful loss, access to, use, alteration,
correction or disclosure of Personal Data.
8.2 In
case of processing Personal Data in electronic method, IT department of the Company
or the like shall provide appropriate IT security measures for preventing the
unauthorized or unlawful loss, access to, use, alteration, correction or
disclosure of Personal Data, and such measures must be reviewed when it is
necessary, or when the technology has changed in order to efficiently maintain
the appropriate security and safety. It shall also be in accordance with the
minimum standard specified and announced by PDPA and its relevant laws.
9.Transferring or Sending Personal Data
overseas
In the event, the Company has to transfer or
send the Personal Data oversea, the Company will determine the standard of
covenants with organization which will
receive the Personal Data to have an acceptable standard for data protection
and to coordinate with the law. This is to ensure that the personal data will
be secured i.e. In the event, the Company
has the necessity to store and/or transfer Personal Data for storing such as processing
of Personal Data in the Cloud; The Company shall consider the organization
which has international standard for security and shall store the data by
entering the password or by any other means which will not identify the
personal data.
10. Policy Enforcement With respect to Personal Data collected prior
to the establishment date of this Policy, the Responsible Manager can continue collecting and using the Personal Data for the
initial purposes. Any disclosures and acts other than the collection and use of
Personal Data must be in compliance with this Policy.
11. Penalty In the case of any violation of this Policy,
the Responsible
Manager and/or Company Staff
may be subject to penalty in accordance with the internal disciplinary rules of
the Company.
Established
as of March 1st , 2022 (Mr. Tetsuya Hoshino) Managing Director
Privacy Notice for CCTV footage
Asahikasei Plastics (Thailand) Co., Ltd. (APT)
Asahikasei Plastics (Thailand) Co.,Ltd
would like to notify your Personal Data processing.
This notice will describe how the company handle your Personal Data and
Sensitive Data as you are our customer, including collection, storage,
use, disclosure and your rights relating to your Personal Data and Sensitive
Data. The details are as follows:
1. Personal or Sensitive Data Processing
1.1 For the
purpose of activities regarding your visit or event participation with the
company, the company will collect, use and disclose your personal data and sensitive data
(“Processing”). Below are details of our processing activities:
Activity | Detail | Basis for Processing |
CCTV footage | CCTV footages installed at various places of the company for the purpose of security measures, harmful protection against people in the company or causing damage to the company | Legitimate Interest and Legal Obligation |
2.Sources of Personal Data
2.1 The
company shall directly collect your personal data/sensitive data.
2.2 The company may collect your personal data
that the company may receive from other sources and may request your consent
(in case consent required by law) for abovementioned purpose.
3.Personal Data
Processing
3.1 Prior to
processing your personal data, the Company shall obtain your consent through a
form in writing, electronic or other methods as specified by the Company.
3.2 The
company may collect Personal Data without requesting consent:
(1) To fulfill purposes
relating to the preparation of historical documents or archives on public
interest grounds or relating to research studies or statistics
(2) To prevent or to avoid danger to an
individual’s life, body or health
(3) To comply with a contract, only to the extent that it is necessary to
do so, to which you are a party
or in order to take steps requested by you prior to entering into a contract
(4) To carry out tasks, only to the extent that it is necessary to do so,
for the public interest or in the exercise
of official authority vested in the company
(5) For the purposes of legitimate interests
pursued by the Company or by third parties or by other juristic persons, except
where such interests are overridden
by the fundamental rights and freedoms of Data Subject; and/or
(6) To comply with laws such as the law
relating to social security
3.3 Subject to the exception of collection of sensitive personal data
under the Personal Data Protection Act or other relevant laws, in case where
the Company needs to process your sensitive personal data, the company shall request explicit consent from the Data
Subject before such processing. The company will use the consent form as
prescribed in Clause 3.1.
4.Duration of
Collecting Your Personal Data
(A) Your
personal data will be kept for the periods stipulated by laws specifically
relevant to retention of personal data such as the Act on Commission of
Offences Relating to Computer, B.E. 2550 (2007) and the Revenue Code.
(B) In cases
where the retention period for your Personal Data is not specified by relevant
laws, your Personal Data will be kept for as long as is reasonably necessary to
fulfil the purpose for which we have obtained it.
5.Whom Your Personal Data will be used or disclosed
- Asahi
Kasei Group Company, parent company, subsidiary, affiliated company in Thailand
and outside Thailand
- Data
Processor, service providers and business partners
- Third
parties required by law
6. Your Rights
You have the
rights for your personal data collected by the Company as prescribed in the
Appendix I attached hereto.
7. Our Contact
Details
If you wish to contact us to exercise the rights relating to your personal
data or if you have any queries about your personal data under this consent
form, please contact with the following details:
Cookies Policy
Asahikasei Plastics (Thailand) Co., Ltd. (APT)
General
This cookies policy
provides information on various types of cookies and similar technology
(cookies) used on websites and in electronic transaction services (hereinafter
known collectively as the “Website”) controlled and managed by the Asahikasei
Plastics (Thailand) Co., Ltd. (Asahi). This policy explains how and why Asahi
uses cookies and how you can accept and deny the use of cookies.
1. What are Cookies?
Cookies are small data files stored as text files. Asahi website sends
cookies to your browser and cookies may be recorded on your computer or the
device used by you to access the website. Cookies are important and have the
benefit of making the website remember settings on your device. You can search
for more information on cookies at www.allaboutcookies.org
2. How does Asahi use cookies?
Asahi uses cookies
and other similar technologies for the following purposes:
To memorize your
browser data and settings, facilitate your ongoing use of website services and
improve your experience and satisfaction with these services.
To assess website
efficiency and results from website services which remain poor and need
improvement.
To collect and
analyze website visits and service utilization data in order to help Asahi
understand peoples’ interests and how Asahi services are used.
To enable Ashai to
deliver better website service experiences to you and help it deliver services
and advertisements that meet your interests.
Ashai services may be
provided on different websites. Each website may use cookies for one or
multiple purposes, which you can see from details on the types of cookies used
on that website.
3. What cookies are used by Asahi?
Asahi website uses its own cookies (first party cookies) and third-party
cookies determined and set by outside service providers such as external
companies whose services are used by Asahi in order to enhance the Asahi
website’s working properties.
Cookies used by Asahi may be divided into the following two types based
on storage:
Session cookies are temporary cookies to remember when you visit Asahi website. For
example, session cookies monitor your language settings and selections, etc.
Session cookies are deleted from your computer or device when you leave a
website or turn off your web browser.
Persistent cookies are cookies that remain
for a specified period or until you delete them. This type of cookie enables Asahi
website to remember you and your settings when you return to use the website’s
services in order to facilitate your use of its services.
Based on the purposes for using cookies, Asahi
uses the following four types of cookies:
1. Strictly Necessary This type of cookie
is necessary for service provision via the Asahi website to allow you to use
website functions in addition to remembering data provided by you via the
website. Ending the use of this type of cookies will prevent you from using
main Asahi services that need cookies.
2. Performance This type of cookie enables Asahi to view
user interactions when using Asahi website services, including preferences for
any page or area of the website including data analysis in other areas. Asahi
also uses this data to improve website performance and to understand user
behavior. However, data collected by performance cookies cannot identify users
and are used only for statistical analysis. Turning off this type of cookies
will prevent Asahi from knowing the number of website visitors and prevent Asahi
from analysing service quality.
3. Functional This type of cookie enables the Asahi website
to remember your settings and help the website to deliver additional properties
and content to suit your uses. For example, functional cookies remember your
user account or changes to font sizes or other page settings that you can
modify. Turning off this type of cookies may prevent the website from
functioning completely.
4. Targeting (Targeting Cookies) This
type of cookie is from connections to third party websites that collect data on
uses and websites visited by you to present goods or services on other non-Asahi
websites. Turning off this type of cookie will have no effects on the use of
the Asahi website. However, this may cause the presentation of goods or
services on other websites to be inconsistent with your interests.
As stated above, Asahi services may be provided on separate websites.
Therefore, each website may have different types of cookies based on
suitability and needs in providing that service. Asahi will display information
with details of each type of cookie including the names of cookies used on the
first webpage of each service on banner messages informing you about the use of
cookies in addition to providing links (settings) for you to click and read
details on each type of cookie used on that service.
4. How can you manage cookies?
Most browser settings automatically accept cookies.
However, you can choose to accept or refuse cookies from Asahi services at all
times by determining the settings on your browser.
The link below will take you to support services of
popular browsers currently in service. You can search for information on cookie
management on your browser.
Please be aware that, if you choose to turn off
cookies on your browser or device, you may find that parts of the Asahi website
cannot function or provide services normally.
For more
information on this topic, please see
https://www.aboutcookies.org/how-to-delete-cookies.
Asahi is
not liable for or has any involvement in the abovementioned website including
the content in them.
5. Connection to websites of outside parties
The Asahi
website may have links connected to websites or social media belonging to
outside parties and may have embedded content or videos from social media such
as YouTube, Facebook, etc., in order to help you access content and interact
with other people on social media from the Asahi website. Websites or social
media belonging to outside parties have cookie settings which Asahi cannot
control and is not liable for. Asahi advises you to read and study the cookie
policies or announcements of those outside parties.
6.Changes to this policy
This policy may be revised occasionally for
suitability and consistency with situations that may have potential changes.
Policy will announce revisions on this website and advises you to visit this
website regularly.
7.Contact channel
If you have questions
or concerns regarding this announcement or if you have recommendations about
the Asahi’s cookies policy, please contact us at theat the following address:
Asahikasei Plastics
(Thailand) Co., Ltd.
77 Moo-2 Hitech Industrial Estate, Banlain, Bangpa-In,
Pranakornsriayutthaya 13160, Thailand
Tel. 035-350720 # 222
Asahikasei Plastics (Thailand) Co.,Ltd would like to notify your Personal Data processing. This notice will describe how the company handle your Personal Data and Sensitive Data as you are our customer, including collection, storage, use, disclosure and your rights relating to your Personal Data and Sensitive Data. The details are as follows:
Click for learn more.Asahikasei Plastics (Thailand) Co.,Ltd would like to notify your Personal Data processing. This notice will describe how the company handle your Personal Data and Sensitive Data as you are our visitors or event participants, including collection, storage, use, disclosure and your rights relating to your Personal Data and Sensitive Data. The details are as follows:
Click for learn more.created with
Joomla Page Builder .Cookies are used on our website to improve the effectiveness and user experience. If you continue to use this website without rejecting it, we will collect your cookies for the purposes stated above. You can also learn more about cookie usage at Cookies Policy.
Accept