Privacy Policy

Personal Data Protection Policy

SNC FORMER PUBLIC COMPANY LIMITED (the “Company”) realizes the importance of the protection of Personal Data. The Company therefore has issued the Personal Data Protection Policy (the “Policy”) to describe the Company’s method on the treatment of the Personal Data such as data collection, storage, use and disclosure, including the rights of the Data Subject, etc. In this regard, to ensure that the Data Subject is aware of the Company’s Personal Data Protection Policy, the Company therefore announces its Policy as follows:

1. Definition

“Personal Data” means any information relating to a person which enables the identification of such person, whether directly or indirectly, but not including the information of deceased persons in particular, such as name, surname, phone number, address, email, identification number etc.

“Sensitive Personal Data” means any information relating to a particular person which is sensitive and presents significant risks to the person’s unfair discrimination, such as racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, or any data which may affect the Data Subject in the same manner, as prescribed by the Personal Data Protection Committee, which the Company must proceed with special precautions. The Company will collect, use, and/or disclose Sensitive Personal Data only if it receives the explicit consent from the Data Subject or is allowed by the laws.

“Data Subject” means natural person who is the owner of the Personal Data, which enables the identification of such person, whether directly or indirectly.

“Data Processing” means the process relating to the collection, use, disclosure, erasure, or destruction of Personal Data.

“Personal Data Controller” means a person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.

“Personal Data Processor” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Personal Data Controller, whereby such person or juristic person is not the Personal Data Controller.

“Personal Data Protection Committee” means the committee appointed with the duties and authorities to govern, issue criteria or measures, or provide any other guidance relating to the Personal Data protection as prescribed by the Personal Data Protection Act, B.E. 2562.

2. Collection of the Personal Data

The Company shall collect Personal Data with the purpose, scope, and lawful and fair methods. The collection will be done only if it is necessary for the operations under the Company’s objectives. Accordingly, the Company will inform the Data Subject to gain acknowledgment and consent through electronic or other methods as specified by the Company. In case the Company needs to collect Sensitive Personal Data, the Company shall request explicit consent from the Data Subject before or at the time of such collecting, except for when this is allowed by the Personal Data Protection Act, B.E. 2562, or other laws.

3. Purpose of Collecting and Using of Personal Data

The Company will collect or use the Personal Data for the benefit of the Company’s operations, such as the procurement process, contract execution, financial transactions, Company’s activities, collaborations, or for the improvement of the Company’s operation efficiency, such as database preparation, operational analysis and development, and any other purposes which are not prohibited under the laws, and/or for the compliance with the laws and regulations relating to the Company’s operations. The Company will retain and use Personal Data as long as necessary and only for the objectives as informed to the Data Subject or as prescribed by the laws.

The Company will not conduct any activities which are different from what have prescribed in the Purpose of Collecting and Using of Personal Data, except for when: -

(1) already informed a new purpose to the Data Subject and received a consent from the Data Subject.

(2) it is necessary to comply with the Personal Data Protection Act, B.E. 2562 or other relevant laws.

4. Disclosure of Personal Data

The Company will not disclose Personal Data of the Data Subject to other person without the consent and will disclose it merely under the purposes as informed. However, for the benefit of the Company’s operations and the provision of services to the Data Subject, the Company may have to disclose the Personal Data of the Data Subject to Company’s subsidiaries or other persons, domestically and internationally, such as service providers dealing with personal data. In disclosing the Personal Data to other persons, the Company will ensure that those persons will keep the Personal Data confidential and not use for other purposes beyond the scopes as prescribed by the Company.

In addition, the Company may disclose Personal Data of the Data Subject as required by laws, such as disclosing it to a government agency, state enterprise, regulator. This includes the case where there is a request to disclose Personal Data by virtue of laws, such as a request of data for the purposes of litigation or prosecution, or a request made by the private sector or other persons involved in the legal proceedings.

5. Collection of Personal Data

The Company will maintain Personal Data as long as necessary during the time that the Data Subject has a relationship with the Company, or as long as necessary to achieve the purposes of this Policy, but may be longer if allowed by the laws, such as maintain for the purposes of investigation for any disputes within the statute of limitations for the period no longer than 10 years.

The Company will erase or destroy Personal Data or make it becomes unidentifiable when it is no longer needed or at the end of the period.

6. Direction of Personal Data Protection

The Company will establish measures, including security protection measures of Personal Data in accordance with the laws, regulations, rules, and guidelines regarding the personal data protection for employees and other relevant persons, and will promote and encourage employees to learn and recognize the duties and responsibilities in the collection, storage, use, and disclosure of Personal Data of Data Subject. The Company’s employees must follow this Policy and all guidelines regarding personal data protection in order for the Company to be able to comply with the Policy and Personal Data Protection Act, B.E. 2562 accurately and effectively.

7. Rights of Data Subject

The Data Subject has the rights under the Personal Data Protection Act, B.E.2562 including the following rights:

7.1. Right to be informed

7.2. Right to withdraw consent on Data Processing that was previously provided. The withdrawal of consent will not affect the collection, use, or disclosure of Personal Data that the Data Subject has already given consent legally.

7.3. Right to request access to and obtain copy of the Personal Data, including to request to the disclosure of the acquisition of the Personal Data obtained without the Data Subject’s consent.

7.4. Right to rectification

7.5. Right to erasure

7.6. Right to restrict the use of Personal Data

7.7. Right to request the portability of Personal Data

7.8. Right to object the Data Processing

Data Subject may request to exercise the rights mentioned above by sending a written request to the Company by using and submitting the Company’s electronic form to the channel following the “Contact Information” below. The Company will consider the request and inform the result to the Data Subject within 30 days from the date of receiving that request. However, the Company may deny the right of the Data Subject, if allowed by the laws.

8. Cookies and the use of cookies

In accessing to the Company’s website, there will be a use of cookies to collect data automatically. Some cookies are necessary for the Company’s website to operate properly but some are for providing convenience to the website’s user. The user may visit the Company’s cookies policy for more information on cookies.

9. Contact information

If you have any questions concerning the Personal Data Protection Policy, please contact the Company’s Personal Data Protection Officer (DPO):

Personal Data Protection Policy