Melchers & Co. (Thailand) Co., Ltd. (the "Company") recognizes the importance of personal data protection, monitoring, and management in accordance with personal data protection law and related laws, and therefore prepared and published the Privacy Policy ("Policy"), which is made available to the public related to the Company and is effective for all executives, employees, and third parties who work for the Company to follow. All executives are responsible for supporting, pushing, and monitoring operations in strict accordance with personal data protection policy and laws, as follows:

1. Personal data collection shall be limited to the information necessary in accordance with the Company's policy and privacy notice.
2. Objectives for the collection, use, or disclosure of personal data in accordance with the law, and the data shall be processed solely for the purposes specified. Personal data shall not be disclosed to any third party except as follows:

2.1 Research or Statistics

2.2 Vital Interest

2.3 Contract

2.4 Public Task

2.5 Legitimate Interest

2.6 Legal Obligation

2.7 Consent

3. Personal data quality collection, the Company shall consider the accuracy, appropriateness, and measures to maintain the security of personal data including raising awareness of responsibility for personal data security.
4. To publicize and disseminate policies, including personal data protection practices and privacy notice, through the Company's website, as well as other operations required by law such as measuring for supporting the rights of the Data subjects, defining the duties of the Data Controller, Data Processor and appointing the Data Protection Officer (DPO).
5. Every employee is responsible for and secures the personal data of those involved as if it were their own.

The policy's objective is to inform all sectors about personal data collection, use, and disclosure, including the transfer of personal data abroad, as well as measures for personal data management and security in accordance with the Personal Data Protection Act B.E. 2562 ("Personal Data Protection Act"), related laws, and international personal data protection standards. The Company makes every effort to ensure that only necessary personal data is collected and solely used for the specified objectives in the Personal Data Protection Act, related laws, and international personal data protection standards.

 

1. Scope

The policy applies to the Company's collection, use, disclosure, or transfer of personal data abroad as follows:

1.1 Business partners, Contract partner as follows:

1.1.1 Person who has been a business partner or contract partner with the Company in the past, present, or future.

1.1.2 Employee, agent, authorized person acting on behalf of the juristic person, director, visitor, and any other person acting on behalf of the juristic person as a business partner or contract partner of the Company.

1.2 Visitors and outsiders who enter the Company's responsible area, personal data must be collected for the objective of security.

1.3 Candidates and employees, including family members and referrals.

This personal data protection policy is enforced across multiple channels between the Data subject and the Company that the Company received or collected personal data whether electronic communication channels, websites and other channels of the Company.

This personal data protection policy described the types of personal data that the Company stored, as well as the methods, sources, and objectives for which the Company collected, used, disclosed, and transferred personal data abroad. Persons who may be disclosed or transferred personal information from the Company, the retention of personal data storage and the rights of the Data subjects in accordance with the Personal Data Protection Act. including security in personal data with appropriate measures.

 

2. The policy's definition

“The Company" refers to C. Melchers and Co. (Thailand) Co., Ltd., including an authorized representative of the Company.

"Personal Data" refers to information that identifies the person whether directly or indirectly, that the Company has collected as stated in this policy, such as name, surname, nickname, address, telephone number, ID card number, Passport number, Social Security card number, Driver’s license number, Tax ID number, Bank account number, Credit card number, Education's history, Finance information, Health history, Work history, Criminal history, E-mail address, Car registration, Title deeds, IP address, Cookie id, log file etc.

Note: The following information is not “Personal data”, such as information for business dealings that does not personally identify an individual, such as Company name, Company address, Company registration number, Company phone number, Company's e-mail address, Company group's e-mail address, Anonymous data or Pseudonymous data, Deceased information, etc.

“Sensitive Personal Data” refers to personal data defined as sensitive information by the Personal Data Protection Act., which the Company shall collect, use, disclose or transfer sensitive personal data abroad when the Data subject has given consent. Sensitive personal data such as race, ethnicity, political opinions, cult beliefs, religion, sexual behavior, Criminal history, health information, disability, genetic information, biometric information such as facial image data, iris simulation data, audio identity information or fingerprint image data for purposes of identity verification including any other information that similarly affects the Data subject as announced by the Personal Data Protection Committee.

 

“Data Subject” refers to a person who owns the Personal Data, but not in case that the person has ownership, creator or collector. The Data subject shall refer to Ordinary person only and shall not include “Juristic person” established by law such as Company, Association, Foundation or other organization.

“Data Controller” refers to a person or juristic person who has the authority to make decisions about the collection, use or disclosure of personal data.

“Data Processor” refers to a person or Juristic person who collects, uses or discloses personal data on the order or on behalf of the Data Controller in accordance with the law.

“Data Protection Officer” (DPO) refers to a person who is responsible for personal data by providing advice, consulting, inspecting, coordinating, and supervising the use of personal data in accordance with the personal data protection Act.

 

3. Cookies

When visiting the Company's website, cookies may be placed on the visitor's device while data is collected automatically. Some cookies are required for the website's proper operation. Some cookies are designed to facilitate website visitors. You can learn more about the Cookie policy.

 

4. Privacy Policy updates

The Company may review, update and change this Privacy Policy from time to time in accordance with the Guideline, Privacy notices, laws, rules, and regulations relevant to this. If this Privacy policy is updated, the Company will publish the updated Policy on the Company's website and other channels.

 

5. Retention and Security measures

The Company will maintain personal data for as long as it is reasonably necessary to achieve the objectives stated in this policy. The Company will consider the appropriate period of personal data retention from the contract period, legal age, including retaining personal data for the period required by law. Internal and external audits for the assessment and exercise of legal claims. In case the retention period for personal data cannot be specified, the Company will collect in accordance with the general legal period of up to 10 years.

The Company will maintain and store personal data to ensure appropriate security, whether in the form of a document, computer system or electronic system including various tools used to secure personal data and to be ensure that the Company's personal data security measures are appropriate in accordance with international standards to prevent the loss, access, use, alteration, correction or disclosure of personal data or acting without lawful powers.

The Company has limited access and uses technology to secure personal data to prevent unauthorized access to computer systems or electronic systems, including when personal data is disclosed to third parties who process it or to data processors. The Company shall adhere to the policies.

 

6. Rights of the Data Subject

Consent granted by the Data subject to the Company for the collection, use and disclosure of personal data. It is valid until the Data subject revokes the use or disclosure in writing consent. The Data subject has the right to revoke or suspend the use or disclosure of personal data for any purpose by submitting the request in writing or via e-mail to the Company at PDPAcenter@melchers.co.th

Furthermore, under the Personal Data Protection Act, the Data subject has the following legal rights:

• Right of access

The Data subject has the right to request access to or a copy of the personal data in order to ensure that authorized data is used for the intended purpose.

• Right to rectification and erasure

The Company makes every effort to keep personal information accurate and up to date in order to keep information complete and avoid misunderstandings. The Data subject has the right to request corrections, change inaccurate personal data or add incomplete personal data as well as delete, destroy, or convert such personal data into non-personally identifiable information using any method.

• Right to restriction of processing

The Data subject has the right to suspend the restriction on processing personal data.

• Right to data portability

The Data subject has the right to obtain personal data in a format that is organized by the Company and can be read in electronic format, including the right to request information to be sent to a person or a juristic person

The Company may collect expenses if the request or exercise of that right is unreasonably redundant, or the Company requires excessive technical or managerial effort.

• Right to object

The Data subject has the right to object to the collection, use, or disclosure of personal data.

• Right to complain

The Data subject has the right, under the Personal Data Protection Act, to request to the Personal Data Protection Committee. when personal data is infringed.

However, the Company sincerely hopes that if you have any concerns about personal data, you will contact the Company first before contacting the Personal Data Protection Committee.

• Right to be informed

If you have any questions or concerns about the Personal Data Protection Act, please contact the Personal Data Protection Officer (DPO) mentioned in this Policy.

• Right to withdraw consent

The Data subject has the right to withdraw consent to the processing of personal data at any time, unless prohibited by law or contract. However, withdrawal of consent has no effect on the processing of personal data for previously lawfully provided consent to the Company.

 

7. Guidelines

Executives and employees of the Company should always check themselves in order to operate properly in accordance with the Policy, Privacy notices, handbooks, and laws that their operations related to personal data or not, and how to operate in accordance with the policy, including

7.1 Endeavor to understand the subject matter of the Rules, Regulations, Policies, and accompanying Privacy Notice which is part of the Policy

7.2 Endeavor to understand the laws, rules, regulations both internally and externally related to the operation and protection of personal data.

7.3 If you discover any inconsistent practices, please report them to the Company's contact information.

 

8. Contact information

If you have any questions about this privacy notice or wish to exercise the rights of the Data subject, please contact at

Data Protection Officer : DPO

Email : PDPAcenter@melchers.co.th

Address : 15th Floor ,Sorachai Building, 23/38-39 Soi Sukhumvit 63, Sukhumvit Road, Khlongton-Nua, Wattana, Bangkok 10110 Thailand

Telephone 02 714-3070 ext. 122

Website : www.melchers.co.th

 

9. Reviewing, changing, or amending this Privacy Notice

The Company may consider periodically reviewing, updating, or amending the Policy and Privacy Notice. If there is an update, change, or amendment to comply with law requirements, the Company will notify via the Company's website www.melchers.co.th The new Policy and Privacy Notice will be effective on the date announced.

 

Announced on 1 June 2022