Privacy Policy and Notice on the Processing of Personal Data Concerning Website Visitors
of
THAI NISSHIN SEIFUN COMPANY LIMITED
Thai Nisshin Seifun Company Limited (the “Company”) gives importance to the protection of personal data relating to its website visitors, and the Company is well aware of its duties under the Thailand’s Personal Data Protection Act B.E. 2562 (as may be amended and/or supplemented from time to time) including all rules, regulations, announcements, and notifications issued thereunder (together, the “Data Protection Law”). Therefore, the Company has prepared this Privacy Policy and Notice on the Processing of Personal Data Concerning Website Visitors (“Policy”) as to notify the Company’s website visitors of the Company’s collection, use and disclosure of the personal data concerning the website visitors as well as their rights as data subjects as follows:
1.Definitions
2.Types of Personal Data concerning website visitors collected by the Company
- 2.1.The Company collects the following Personal Data concerning its website visitors:
- name-surname, phone number, email address, company’s name, and messages of a website visitor who contacts the Company through its website, including any other information provided by the website visitor through the Company’s website; and
- IP address.
- 2.2.In addition, the Company collects certain Personal Data concerning website visitors by using cookies. For further information on the Company’s use of cookies, please see paragraph 7 below.
- 2.3.Moreover, the Company may further collect additional Personal Data concerning a website visitor if such website visitor enters into or continues to have other relationship(s) with the Company, such as:
- 2.3.1.The Company may further request for and collect additional Personal Data concerning a website visitor who requests for job application through the Company’s website as to proceed with the job application and recruitment process; and
- 2.3.2.The Company may further collect additional Personal Data concerning a website visitor who is or becomes a potential or existing customer of the Company for further business relationship.
In such cases, the Company will further notify the data subject of such additional Personal Data that the Company will collect, the purposes for processing such Personal Data, and other information required to be notified to the data subject, in accordance with the Data Protection Law.
3. Sources of Personal Data
The Company may collect Personal Data concerning its website visitors from the following sources:
- (1)The website visitor provides his/her Personal Data to the Company directly: The Company collects the Personal Data filled in by the website visitors in the ‘Contact Us’ section in the Company’s website.
- (2)Personal Data concerning website visitors that the Company automatically collects from the relevant website visitor: The Company may automatically collect certain technical information about the website visitors’ equipment (e.g. IP address), browsing actions and patterns by using cookies and other similar technologies. For further information on the Company’s use of cookies, please see paragraph 7 below.
4. Collection, use, and disclosure of Personal Data concerning website visitors, and the purposes and the legal basis thereof
- 4.1 The Company will duly collect, use and/or disclose Personal Data concerning website visitors on a limited basis pursuant to the purposes and the lawful basis set out below, and the procedures pursuant to the Data Protection Law.
- 4.2 The Company collects Personal Data concerning website visitors to use and/or disclose the same for the following purposes and any other related or associated purposes:
- (1)assisting the website visitors with their enquiries and/or requests submitted through the Company’s website;
- (2) conducting continued business negotiations, whether online or face-to-face, with the website visitors as initiated/requested by the website visitors.
- (3)obtaining feedbacks from the website visitors;
- (4)sending information about the products and/or services of the Company or its affiliates as requested by website visitors;
- (5)conducting direct marketing activities, only to the Company’s corporate existing or potential customers which contact the Company through the website, including, among others, sending information on the products and services and sales promotion of the Company and/or its affiliates, etc.;
- (6)enabling the proper function of the Company’s website and handling the connection between the devices used by the website visitors and the Company’s website; and
- (7)providing the website visitors with more visitor-friendly website.
- 4.3The Company may use Personal Data to contact its website visitors for the above purposes via e-mail or telephone.
- 4.4The legal basis for the Company’s use of Personal Data concerning its website visitors is one of the following:
- (1)The processing is necessary for proceeding in accordance with the requests of the website visitors as data subject before entering into contracts/agreements with the Company; and
- (2)The processing is necessary for the purposes of the legitimate interests pursued by the Company or the Company’s affiliate(s)in Thailand or other person(s), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects.
5. Retention of Personal Data concerning website visitors
- 5.1.The Company retains Personal Data concerning website visitors in electronic/soft copy form in the Company’s computer system and in cloud with its server located in Thailand. Password is required before access, both in the computer system and in cloud.
With respect to cookies, please see paragraph 7 below. - 5.2.The Company will retain Personal Data concerning website visitors for the following periods:
Type of Data | Period |
---|---|
Name-surname, telephone/mobile phone number, email address, company’s name, and messages of the website visitors, including any other information provided by the website visitor through the Company’s website | 12 months from the date on which the relevant website visitor contacts the Company through its website. |
IP address | 3 months from the date on which the relevant website visitor contacts the Company through its website. |
With respect to cookies, please see paragraph 7 below.
- 5.3.Except as provided in paragraph 5.4, the Company will ensure to erase or destroy or anonymize Personal Data concerning website visitors upon the end of the relevant retention period set out above, or erase or destroy or anonymize the Personal Data that is irrelevant or unnecessary as per the purpose of collection of such Personal Data or as requested by the relevant website visitor as the data subject who is entitled to such request.
- 5.4.If a website visitor enters into or continues to have other relationship(s) with the Company (see paragraph 2.3 above for examples), the Company may continue to retain certain Personal Data concerning such website visitor, in which case, the Company will further notify such website visitor as data subject of the relevant retention periods of Personal Data concerning him/her.
6. Transfer and/or disclosure of Personal Data concerning website visitors
- 6.1.The Company may disclose or transfer the Personal Data concerning website visitors collected through the Company’s website to service provider(s) that manages and operates the Company’s website pursuant to the orders given by or on behalf of the Company and/or may have the service provider(s) process the same.
- 6.2.The disclosure mentioned above will be made on a limited basis and the Company will disclose only the Personal Data that are necessary to achieve the lawful purpose of the disclosure.
- 6.3.In the event that the Company must obtain consent from the relevant website visitor as data subject pursuant to the Data Protection Law for disclosing any of his/her Personal Data to service provider(s) set out in paragraph 6.1, the Company will request for such consent and must duly obtain such consent from the relevant website visitor before disclosure.
7. The Company’s Use of Cookies
- 7.1.What are cookies?
Cookies are text files that are stored in a computer or mobile device via an internet browser. When visiting the Company’s website, the website sends the cookie to the visitor’s computer/mobile device which stores the cookie in a file located inside the visitor’s web browser.
Many internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited internet sites and servers to differentiate the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.
- 7.2.How does the Company use cookies and the purposes for the use of cookies
The Company collects Personal Data concerning its website visitors (e.g. browsing actions and patterns) through cookies or other similar technology(ies). The Company’s website also uses cookies to make the Company’s websites operational and gather analytics data (about website visitors’ behaviors).
Through the use of cookies, the Company can provide the visitors of the Company’s website with more visitor-friendly services that would not be possible without the cookie setting. By means of a cookie, the information and offers on the Company website can be optimized with the visitor in mind to make it easier for visitors to utilize the Company’s website.
The website visitor that uses cookies does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the visitor’s computer system.
In addition, the Company also uses cookies to establish anonymized statistics of website visitors about the browsing experience on the Company’s website.
- 7.3.Types of cookies that the Company uses
- (1)Necessary Cookies: These are cookies that are necessary for the website to properly function. These include cookies that enable basic functions like page navigation and cookies that enable the visitors to log into secure areas of the website, etc. These cookies placed on visitors’ devices do not store any personally identifiable information and will generally be session cookies – see paragraph 7.4 below for further information. Visitors can set their browsers to block or alert them about these cookies, but then some parts of the Company’s website will not work.
- (2)Statistics Cookies or Performance Cookies:These cookies collect information about the number of website visitors and how visitors use the Company’s website – as an anonymous visitor. None of this information can be used to identify the website visitors. These cookies are used to improve website functions and to aggregate statistics on how the Company’s website visitors reach and browse the Company’s websites.
- 7.4.Duration
Certain types of cookies are session cookies which are temporary and will be deleted after the visitor closes the browser.
Certain types of cookies are persistent cookies which encompasses all cookies that remain on the visitor’s hard drive until they are erased by the visitor or the visitor’s browser, depending on the expiration date of each cookie. All persistent cookies have an expiration date written into their code, but the duration may vary. The persistent cookies that the Company’s website uses will last no longer than 12 months, but the visitor can erase them prior to the expiration date.
- 7.5.Consent
The Company’s website visitors will be requested to provide their consent for Statistics Cookies/Performance Cookies. The visitors may have seen a pop up to this effect on his/her first visit to the Company’s website. Although the said pop up will not usually appear on subsequent visits, the website visitors may withdraw their consent at any time – please see paragraph 7.6 below for further information.
- 7.6.How to manage/disable cookies?
The data subject may, at any time, prevent the setting of cookies through the Company’s website by means of a corresponding setting of the internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an internet browser or other software programs. This is possible in all popular internet browsers. Please be aware that if the data subject deactivates the setting of all cookies in the internet browser used (including Necessary Cookies), functions of the Company’s website may not be entirely usable.
8. Security Measures of Personal Data Concerning Website Visitors
The Company will implement appropriate measures to secure Personal Data concerning website visitors to prevent unauthorized or undue loss, access, use, change, amendment, or disclosure of Personal Data concerning website visitors by using technologies and other methods including the followings:- (1)The Company will classify the types of Personal Data concerning website visitors and clearly establish on who has the right to access each type of such data.
- (2)The Company will store Personal Data concerning website visitors securely.
- (3)The Company will set up a system to check and erase, destroy, or anonymize Personal Data concerning website visitors as specified in paragraph 5.2 above by appropriate means.
- (4)The Company will ensure that the Company’s personnel must enter their individual username and/or password before accessing and using the Company’s computer system. Such username and password will be strictly kept confidential.
- (5)The Company will take steps to prevent other persons to whom the Company disclose Personal Data concerning website visitors from unauthorized or undue use or disclosure of such data.
- (6)The Company will notify any data breach incident with respect to Personal Data concerning website visitors to the Office of the Personal Data Protection Committee without delay within the period specified by the Data Protection Law. If such data breach has a high risk of affecting the rights and freedoms of an individual, the Company will promptly notify the relevant data subject(s) of the incident with a plan to remedy the damage resulting therefrom without delay.
9. Data Subject’s Rights
A data subject is entitled to the rights in relation to the Personal Data concerning him/her as prescribed in the Data Protection Law as follows:
- (1)Right to Withdraw Consent In case the Company relies only on a data subject’s consent as its lawful basis to collect, use and/or disclose the Personal Data, the data subject may, at any time, withdraw his/her consent. The Company will notify such data subject that withdraws his/her consent of the effects that may occur as a result of his/her consent withdrawal at the time of withdrawal.
- (2)Right of Access A data subject has the right to access and request a copy of Personal Data concerning him/her which are under the responsibility of the Company or request the Company to disclose its acquisition of such Personal Data for which he/she did not give consent.
- (3)Right to Data Portability A data subject has the right to receive the Personal Data concerning him/her from the Company in case the Company has made such Personal Data in the format that is commonly used and readable by automatic machine and can be used and disclosed by automatic means. A data subject also has the right to request the Company to send or transfer the Personal Data in such format to other data controller(s) if it can be done by automatic means and/or request to obtain the Personal Data in such format that the Company sends or transfers to other data controller(s), unless it is technically unfeasible.
- (4)Right to Object A data subject has the right to, at any time, object to the collection, the use or the disclosure of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
- (5)Right to Erasure A data subject has the right to request the Company to erase or destroy or anonymize Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
- (6)Right to Restriction of Processing A data subject has the right to request the Company for restriction of its use of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.
- (7)Right to Rectification A data subject has the right to request the Company to rectify inaccurate Personal Data concerning him/her and ensure that the Personal Data concerning him/her is up-to-date, complete and not-misleading.
- (8)Right to Lodge Complaint A data subject has the right to lodge a complaint with the competent authority or committee under the Data Protection Law in the event that the Company including its employee(s) or contractor(s)/service provider(s) violate or fail to comply with the Data Protection Law.
The data subject can submit his/her application to the Company to exercise the rights under subparagraphs (1) – (7) above as per any channel set out in paragraph 12 below.
10. This Policy Does Not Cover Third Party Websites
Please note that this Policy does not apply to, and the Company is not responsible for, the privacy practices of third-party website(s) which may be linked to this Company’s website.
11. Modification of Policy
The Company may review and revise this Policy on a regular basis as to ensure its consistency with the relevant guidelines and the Data Protection Law. The Company will notify the website visitors of such changes to this Policy by publicizing the updated Policy on the Company’s website as soon as possible.
12. Information about the Company and contact details
If a data subject has any question or suggestion in relation to the Company’s protection of Personal Data or wishes to exercise a right as data subject, please contact the Company as per the following contact details:
This Policy is last updated on 1st January 2023.