Privacy Policy
Melchers & Co. (Thailand) Co., Ltd. (the “Company”) recognizes the importance of personal data protection, monitoring, and management in accordance with personal data protection law and related laws, and therefore prepared and published the Privacy Policy (“Policy”), which is made available to the public related to the Company and is effective for all executives, employees, and third parties who work for the Company to follow. All executives are responsible for supporting, pushing, and monitoring operations in strict accordance with personal data protection policy and laws, as follows:
- Personal data collection shall be limited to the information necessary in accordance with the Company’s policy and privacy notice.
- Objectives for the collection, use, or disclosure of personal data in accordance with the law, and the data shall be processed solely for the purposes specified. Personal data shall not be disclosed to any third party except as follows:
2.1 Research or Statistics
2.2 Vital Interest
2.3 Contract
2.4 Public Task
2.5 Legitimate Interest
2.6 Legal Obligation
2.7 Consent
- Personal data quality collection, the Company shall consider the accuracy, appropriateness, and measures to maintain the security of personal data including raising awareness of responsibility for personal data security.
- To publicize and disseminate policies, including personal data protection practices and privacy notice, through the Company’s website, as well as other operations required by law such as measuring for supporting the rights of the Data subjects, defining the duties of the Data Controller, Data Processor and appointing the Data Protection Officer (DPO).
- Every employee is responsible for and secures the personal data of those involved as if it were their own.
The policy’s objective is to inform all sectors about personal data collection, use, and disclosure, including the transfer of personal data abroad, as well as measures for personal data management and security in accordance with the Personal Data Protection Act B.E. 2562 (“Personal Data Protection Act”), related laws, and international personal data protection standards. The Company makes every effort to ensure that only necessary personal data is collected and solely used for the specified objectives in the Personal Data Protection Act, related laws, and international personal data protection standards.
1. Scope
The policy applies to the Company’s collection, use, disclosure, or transfer of personal data abroad as follows:
1.1 Business partners, Contract partner as follows:
1.1.1 Person who has been a business partner or contract partner with the Company in the past, present, or future.
1.1.2 Employee, agent, authorized person acting on behalf of the juristic person, director, visitor, and any other person acting on behalf of the juristic person as a business partner or contract partner of the Company.
1.2 Visitors and outsiders who enter the Company’s responsible area, personal data must be collected for the objective of security.
1.3 Candidates and employees, including family members and referrals.
This personal data protection policy is enforced across multiple channels between the Data subject and the Company that the Company received or collected personal data whether electronic communication channels, websites and other channels of the Company.
This personal data protection policy described the types of personal data that the Company stored, as well as the methods, sources, and objectives for which the Company collected, used, disclosed, and transferred personal data abroad. Persons who may be disclosed or transferred personal information from the Company, the retention of personal data storage and the rights of the Data subjects in accordance with the Personal Data Protection Act. including security in personal data with appropriate measures.
2. The policy’s definition
“The Company” refers to C. Melchers and Co. (Thailand) Co., Ltd., including an authorized representative of the Company.
“Personal Data” refers to information that identifies the person whether directly or indirectly, that the Company has collected as stated in this policy, such as name, surname, nickname, address, telephone number, ID card number, Passport number, Social Security card number, Driver’s license number, Tax ID number, Bank account number, Credit card number, Education’s history, Finance information, Health history, Work history, Criminal history, E-mail address, Car registration, Title deeds, IP address, Cookie id, log file etc.
Note: The following information is not “Personal data”, such as information for business dealings that does not personally identify an individual, such as Company name, Company address, Company registration number, Company phone number, Company’s e-mail address, Company group’s e-mail address, Anonymous data or Pseudonymous data, Deceased information, etc.
“Sensitive Personal Data” refers to personal data defined as sensitive information by the Personal Data Protection Act., which the Company shall collect, use, disclose or transfer sensitive personal data abroad when the Data subject has given consent. Sensitive personal data such as race, ethnicity, political opinions, cult beliefs, religion, sexual behavior, Criminal history, health information, disability, genetic information, biometric information such as facial image data, iris simulation data, audio identity information or fingerprint image data for purposes of identity verification including any other information that similarly affects the Data subject as announced by the Personal Data Protection Committee.
“Data Subject” refers to a person who owns the Personal Data, but not in case that the person has ownership, creator or collector. The Data subject shall refer to Ordinary person only and shall not include “Juristic person” established by law such as Company, Association, Foundation or other organization.
“Data Controller” refers to a person or juristic person who has the authority to make decisions about the collection, use or disclosure of personal data.
“Data Processor” refers to a person or Juristic person who collects, uses or discloses personal data on the order or on behalf of the Data Controller in accordance with the law.
“Data Protection Officer” (DPO) refers to a person who is responsible for personal data by providing advice, consulting, inspecting, coordinating, and supervising the use of personal data in accordance with the personal data protection Act.
3. Cookies
When visiting the Company’s website, cookies may be placed on the visitor’s device while data is collected automatically. Some cookies are required for the website’s proper operation. Some cookies are designed to facilitate website visitors.
4. Privacy Policy updates
The Company may review, update and change this Privacy Policy from time to time in accordance with the Guideline, Privacy notices, laws, rules, and regulations relevant to this. If this Privacy policy is updated, the Company will publish the updated Policy on the Company’s website and other channels.
5. Retention and Security measures
The Company will maintain personal data for as long as it is reasonably necessary to achieve the objectives stated in this policy. The Company will consider the appropriate period of personal data retention from the contract period, legal age, including retaining personal data for the period required by law. Internal and external audits for the assessment and exercise of legal claims. In case the retention period for personal data cannot be specified, the Company will collect in accordance with the general legal period of up to 10 years.
The Company will maintain and store personal data to ensure appropriate security, whether in the form of a document, computer system or electronic system including various tools used to secure personal data and to be ensure that the Company’s personal data security measures are appropriate in accordance with international standards to prevent the loss, access, use, alteration, correction or disclosure of personal data or acting without lawful powers.
The Company has limited access and uses technology to secure personal data to prevent unauthorized access to computer systems or electronic systems, including when personal data is disclosed to third parties who process it or to data processors. The Company shall adhere to the policies.
6. Rights of the Data Subject
Consent granted by the Data subject to the Company for the collection, use and disclosure of personal data. It is valid until the Data subject revokes the use or disclosure in writing consent. The Data subject has the right to revoke or suspend the use or disclosure of personal data for any purpose by submitting the request in writing or via e-mail to the Company at PDPAcenter@melchers.co.th
Furthermore, under the Personal Data Protection Act, the Data subject has the following legal rights:
- Right of access
The Data subject has the right to request access to or a copy of the personal data in order to ensure that authorized data is used for the intended purpose.
- Right to rectification and erasure
The Company makes every effort to keep personal information accurate and up to date in order to keep information complete and avoid misunderstandings. The Data subject has the right to request corrections, change inaccurate personal data or add incomplete personal data as well as delete, destroy, or convert such personal data into non-personally identifiable information using any method.
- Right to restriction of processing
The Data subject has the right to suspend the restriction on processing personal data.
- Right to data portability
The Data subject has the right to obtain personal data in a format that is organized by the Company and can be read in electronic format, including the right to request information to be sent to a person or a juristic person.
The Company may collect expenses if the request or exercise of that right is unreasonably redundant, or the Company requires excessive technical or managerial effort.
- Right to object
The Data subject has the right to object to the collection, use, or disclosure of personal data.
- Right to complain
The Data subject has the right, under the Personal Data Protection Act, to request to the Personal Data Protection Committee. when personal data is infringed.
However, the Company sincerely hopes that if you have any concerns about personal data, you will contact the Company first before contacting the Personal Data Protection Committee.
- Right to be informed
If you have any questions or concerns about the Personal Data Protection Act, please contact the Personal Data Protection Officer (DPO) mentioned in this Policy.
- Right to withdraw consent
The Data subject has the right to withdraw consent to the processing of personal data at any time, unless prohibited by law or contract. However, withdrawal of consent has no effect on the processing of personal data for previously lawfully provided consent to the Company.
7. Guidelines
Executives and employees of the Company should always check themselves in order to operate properly in accordance with the Policy, Privacy notices, handbooks, and laws that their operations related to personal data or not, and how to operate in accordance with the policy, including
7.1 Endeavor to understand the subject matter of the Rules, Regulations, Policies, and accompanying Privacy Notice which is part of the Policy.
7.2 Endeavor to understand the laws, rules, regulations both internally and externally related to the operation and protection of personal data.
7.3 If you discover any inconsistent practices, please report them to the Company’s contact information.
8. Contact information
If you have any questions about this privacy notice or wish to exercise the rights of the Data subject, please contact at
Data Protection Officer : DPO
Email: PDPAcenter@melchers.co.th
Address: 15th Floor, Sorachai Building, 23/38-39 Sukhumvit 63 Klongton-Nua, Watthana Bangkok 10110 Thailand
Telephone: +66 2 714 3070 ext. 122
Website: www.melchers.co.th
9. Reviewing, changing, or amending this Privacy Notice
The Company may consider periodically reviewing, updating, or amending the Policy and Privacy Notice. If there is an update, change, or amendment to comply with law requirements, the Company will notify via the Company’s website www.melchers.co.th The new Policy and Privacy Notice will be effective on the date announced.
Announced on 1 June 2022
Melchers & Co. (Thailand) Co., Ltd. (“The Company”) understands the significance of Personal Data Protection for Customers, Suppliers and Related persons (“you”). According to the Personal Data Protection Act B.E. 2562 , the Company announces the privacy notice to inform you about details relating to the collection, use, or disclosure of personal data as follows:
1. Objectives for collection, use, or disclosure of personal data
The Company’s objectives for collecting, using, and disclosing your personal information are as follows:
1.1 Contract basis: for qualification and selection before entering into a performance contract between The Company and you, making deliveries, proceeding Accounting and Financial, providing after-sales service, and processing returns, including any action required for you to receive goods and/or services or as you request.
1.2 Legal obligation basis: for the necessity of exercising the right to comply with a court order or an order from Competent Government Authorities. this Includes disclosing or reporting your personal information to Competent Government Authorities.
1.3 Legitimate interests basis: taking into consideration fundamental rights in relation to personal data protection for the following objectives:
1) For auditing and verifying identity for making into business transactions, Juristic Act. or contracts.
2) For auditing from relevant agencies through investigation, auditing, and consulting on the exercise of legal claims or proving in legal proceedings. The Company may disclose your personal information to an attorney, legal and tax advisor, auditor, and any other consultants.
3) For risk management, auditing, and internal organization management, including personal data disclosure for internal audit and the prevention of wrongdoing or unlawful acts.
4) For analysis or evaluation, improvement, planning, and business forecasting.
5) For the safety of the building areas or facilities from CCTV recording.
1.4 Consent: The Company will perform activities for the following purposes with your permission:
1) To inform customers, suppliers and related persons about information and business benefits via e-mail, SMS, applications, social media, telephone, etc.
2) With your consent, the Company will collect, use, and disclose sensitive personal data such as health information, religion information, and other sensitive personal data on your identity card for identification reasons.
2. Collection, use, or disclosure of personal data
Personal data collected, used, or disclosed by the Company includes, but is not limited to, the following:
2.1 Personal data: name-surname, title, gender, date of birth, ID card number, Passport number, Tax ID number, position, nationality, age, work experience, expertise, aptitude, including sensitive data such as religion, ethnicity, and health data, which the Company is permitted to collect by your consent or by law.
2.2 Contact information: address, phone number, mobile phone number, e-mail.
2.3 Accounting and financial information: bank account numbers, business transactions, price, and product details.
2.4 Other personal data: information on the use of information systems and websites, CCTV camera and audio recording, Meeting audio recording.
The Company does not intend to collect and process personal data of minors under the age of 10. If you are a minor under the age of 10 or a quasi-incompetent person or incompetent, wishes to use the website, contact us about any products or services, including providing your personal data. Your parent or legal guardian will be asked to act on your behalf and provide consent to the company. If the Company finds that your personal information was collected without the legal consent of the person exercising parental authority or a guardian, the Company reserves the right to reject your request and will immediately delete and destroy your personal data, unless the processing of your personal data can be justified by another legal basis other than obtaining consent.
3. Personal Data Sources
The Company may collect personal data directly from you by exchanging business cards, providing information for qualification, entering contracts, and so on, or the Company may obtain your personal data from other sources, such as sales representatives in other business groups of business partner company or affiliates, customers or agents of the Company who are recommending, and so on.
4. Personal data disclosure and overseas data transfer
The Company will not disclose your personal data to third parties and/or transfer personal data overseas unless you have been properly informed and/or consented or required by law to disclose or report personal data to regulatory authorities, government agencies, and other agencies relating to the Company’s business operations.
The Company may store your data on a computer, server, or cloud service provided by a third party. and may use a program or application in the form of a ready-made software service or a ready-made platform service to process your personal data, but the company does not allow unrelated person to have access to personal information and will necessitate the implementation of appropriate security measures.
Furthermore, the Company may be required to disclose your personal data to relevant third parties for the purposes, such as account verification, legal counsel, audits, assessments, litigation, and other business-related activities.
5. Personal data retention period
The Company will keep your personal data for the period necessary to achieve the purpose of each type of personal data, in accordance with legal, accounting, tax, and other related requirements. Unless the law allows for a longer retention period. If the Personal data retention period cannot be specified, the Company will collect it for a general legal period of up to ten years.
6. Rights of the data subject
6.1 Right to be informed
6.2 Right of access
6.3 Right to data portability
6.4 Right to object
6.5 Right to erasure
6.6 Right to withdraw consent
6.7 Right to restriction of processing
6.8 Right to rectification
6.9 Right to complain
In this regard, the Company will consider and notify the result of the consideration in accordance with the request to exercise your rights within 30 days of receiving a request, and the Company may contact the owner of the personal data for additional information to assess and verify your request.
7. Cookies
The Company uses cookies to collect personal data.
8. Contact information
If you have any questions about this privacy notice or wish to exercise the rights of the personal data subject, please contact at
Data Protection Officer : DPO
Email: PDPAcenter@melchers.co.th
Address: 15th Floor, Sorachai Building, 23/38-39 Sukhumvit 63 Klongton-Nua, Watthana Bangkok 10110 Thailand
Telephone: +66 2 714 3070 ext. 122
Website: www.melchers.co.th
9. Reviewing, changing, or amending this Privacy Notice
The Company may consider periodically reviewing, updating, or amending the Privacy Notice for customer, suppliers and related persons. If there is an update, change, or amendment to comply with legal requirements, the Company will notify you via the Company’s website www.melchers.co.th.
The new Privacy Notice will be effective on the date announced.
We welcome you to our website. We would like to inform you about the management of your personal data in accordance with Art. 13 General Data Protection Regulation (GDPR).
Controller
The controller responsible for the described data collection and processing is named in the imprint.
Storage of Your IP address
We store the IP address transmitted by your web browser for a period of seven (7) days, strictly for the purpose of identifying, restricting and eliminating attacks on our website. After seven (7) days, we delete or anonymize your IP address. The legal basis for the processing of this personal data is provided for in Art. 6 para. 1 s. 1 lit. f GDPR.
Usage Data
When you visit our website, the data collected from the use of the website is temporarily stored on our web server for statistical purposes in order to improve the quality of our website. This data set contains:
• the page, from which the data is requested,
• the name of the data file,
• the date and time of the query,
• the amount of data transferred,
• the access status (file transmitted, file not found),
• a description of the type of browser used,
• the IP address of the requesting computer shortened to such an extent that no reidentification of any persona data is possible.
The listed usage data is stored anonymously.
2. Data Transfer to Third Parties
We do not transfer your personal data to third parties.
3. Cookies
We use cookies on our website. Cookies are small pieces of data that are stored and read in your end-device. A distinction is made between session cookies, which are deleted when you close your browser, and permanent cookies, which are stored even after your visit has expired. Cookies may contain data that enables the recognition of the device being used. However, in some cases cookies only contain information on certain settings which are not personal data.
We use session cookies and permanent cookies on our website. The data is processed in accordance to Art. 6 para. 1 s. 1 lit. f GDPR and in the interest of optimizing or enabling user guidance and improving our website presence.
Please be aware that you can set your browser to inform you when cookies are being stored or used on the website you are visiting. Thus, any use of cookies is transparent to you. You have the possibility to delete your browser configuration at any time and prevent any use of new cookies. In the event you refuse the use of cookies, please note that our web sites may not be displayed optimally and some functions are then no longer technically available.
GOOGLE ANALYTICS
We use Google Analytics to create pseudonymous user profiles for improving and designing our website on demand. Google Analytics uses “cookies”, which are text files placed on your end device and can be read by us. In this way, we are able to recognize and count returning visitors. This data processing is carried out on the basis of Art. 6 para. 1 s. 1 lit. f GDPR or § 15 para. 3 TMG and in the interest of finding out how often our website is viewed by different users.
The information generated by the cookies about your use of the website will be transmitted to and stored by Google on its servers in the United States. We have activated IP-anonymization on this website, your IP address will be truncated within the area of Member States of the European Union. Only in exceptional cases is the whole IP address transferred to a Google server in the USA and truncated there (an adequate level of data protection is ensured according to Art. 45 para. 1 GDPR because Google is a participant in the Privacy Shield Agreement). We have also concluded a contract with Google Inc. (USA) for commissioned data processing / order processing pursuant to Art. 28 GDPR. Accordingly, Google will solely use collected data for the purposes intended, which are to evaluate the use of the website and to compile reports on website activities.
GOOGLE MAPS We use Google Maps to display maps and to create directions. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
If you use Google Maps, e.g. by clicking on our locations listed there, we do not collect any personal data from you. However, when using Google Maps, information about your use (in particular the IP address of your computer) may, to the best of our knowledge, be transmitted to and stored by Google LLC on servers in the USA. The processing of personal data using technically required cookies and your IP address is based on Art. 6 para. 1 s. 1 lit. f DSGVO with the purpose of displaying our website as convenient as possible for you. We have no influence on the further processing of data by Google LLC.
Please also read the terms and conditions of Google Maps if you wish to use the service. The terms and conditions for Google Maps can be found at: http://www.google.com/intl/de_de/help/terms_maps.html.
Detailed information on Google’s privacy policy can also be found at: http://www.google.de/intl/de/policies/privacy/.
If you do not agree with the data processing by Google LLC, please do not use the map or deactivate java-script in your browser in order to receive a limited view
You can withdraw your consent to the processing at any time. Please use one of the following options:
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you proceed accordingly you may not be able to benefit from the full functionality of this website.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and (http://tools.google.com/dlpage/gaoptout?hl=de) installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to opting out from being tracked by Google Analytics you can also click the following link.
Click here to object the processing of your data by Google Analytics.
An opt-out cookie will be stored, which means that no web analysis will take place as long as the opt-out cookie is stored by your browser.
4. Explanation of Data Security Measures
To avoid unauthorized access to your data, we have implemented technical and organizational measures. We use encryption technologies on our website. Your data will be transferred to our servers and back again via a connection that is protected by a TLS encryption technology. You can recognize that you are browsing on an encryption secured website by the locksymbol shown in the address bar of your browser and by the address bar starting with https://.
5. Rights as a User
As a website user, the GDPR grants you certain rights when processing your personal data.
1. Right of access (Art. 15 GDPR):
You have the right to obtain confirmation at to whether or not personal data concerning you is being processed, and, where that is the case access to the personal data and the information specified in Art. 15 GDPR.
2. Right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.
You also have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer necessary for the intended purpose.
3. Right to restriction of processing (Art. 18 GDPR):
If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.
4. Right to data portability (Art. 20 GDPR):
In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.
5. Right to object (Art. 21 GDPR):
6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.
6. Right to lodge a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.
6. Contact Details of the Data Protection Officer
Please contact our data protection officer if you have any further questions, suggestions or wishes regarding data protection: Datenschutz@melchers.de
7. Further Content of a Website Privacy Policy
7.1. Newsletter
On our website we provide the opportunity to subscribe to our newsletter. If you consent to this processing separately, this processing is pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. If necessary, please refer to a link and opening tracking this is also only permitted with your consent. Your consent can be withdrawn at any time without affecting the lawfulness of the prior processing. If consent is withdrawn, we will stop the corresponding data processing.
You may unsubscribe from the newsletter at any time, e.g. via the link to unsubscribe from the newsletter, which you will find in every newsletter email.
7.2. Contact Form
You can contact us via our web contact form. In order to use our contact form we require your name and your email-address. You may provide us with further information, but you are not obligated to do so.
CONSENT
By submitting this contact form you agree to the electronic collection and storage of your personal data. The legal basis for processing is Art. 6 para. 1 s. 1 lit. a GDPR. We use your data exclusively for the processing of your request. You may withdraw your consent at any time, e.g. via an email to Datenschutz@melchers.de.
7.3. Online Applications
We process your personal data in accordance with applicable data protection regulations pursuant to § 26 BDSG. We process the data you provide us in the context of your online application strictly for the purpose of selecting applicants. Data will not be processed for other purposes.
You determine the amount of data you want to send us in the context of your online application. Online applications are transferred electronically to our HR department and processed as quickly as possible. The transfer is encrypted. As a rule, applications are forwarded to the heads of the relevant departments in our company. Furthermore, your data will not be transferred to third parties. Your details will be treated confidentially in our company. If the application is unsuccessful, your documents will be deleted after 12 months.
If we may also consider your application for other or future job openings, please indicate this on your application. We will then process your data on the basis of Art. 6 para. 1 s. 1 lit. a GDPR.
7.4. YouTube Videos
On some of our websites we embed YouTube videos. Opening these websites results in YouTube content being downloaded. In this context, YouTube also receives your IP address, which is technically necessary for retrieving the contents. We have no influence on the further processing by YouTube. However, when embedding the videos, we activated the extended data protection mode offered by YouTube.
English 
Thai