The company recognizes the importance of protecting personal data (Data Privacy) of employees, customers, business partners, and those with business relationships. and other persons who can be identified. Therefore, the Company has created this policy and regulations for the protection of personal information. To carry out operations regarding the collection, use and/or disclosure of personal information. As well as sending or transferring personal information abroad in accordance with the Personal Data Protection Act 2019, including protecting personal information from being misused and maintaining such information. Safe according to international standards
“Company” means West Coast Engineering Company Limited.
“Personal information” means information about an individual. This makes it possible to identify that person, such as name, surname, address, date of birth, gender, educational history, telephone number National identification number, number, code and shall include any other information about any person which enables that person to be identified, whether directly or indirectly.
“Personal information contained” means information that is truly personal to an individual. Regarding race and ethnicity.
“Sensitive personal information” means information that is inherently personal to an individual. About race, ethnicity, political opinions creed Religion or philosophy sexual behavior Criminal history Information about health, disability, trade union information Genetic data, biological data, or any other data that similarly affects the owner of personal data.
“Data owner” means a person who is the owner of personal data, such as employees, customers, business partners, people with business relationships, etc.
“Personal data controller” means a person or juristic person who has the authority to make decisions regarding collection, use, and/or Reveal personal information.
“Personal data processor” means a person or legal entity that collects, uses, and/or discloses personal data. By order or on behalf of the Personal Data Controller provided that the person or juristic person performing such operations is not the controller of personal data.
“Service user” means a person or juristic person who owns personal data. who come in contact with the company’s information system. “Information system” means a computer system, communication network system, the network system connects to the internet, data acquisition system, Electronic mail system (E-mail), all types of data communication systems, communication equipment information computer equipment and peripherals or any equipment related which is the property of the company and/or that the company is permitted to use according to law.
“Office of the Personal Data Protection Commission” means the Office of the Personal Data Protection Commission that has been appointed. It has duties and authority to supervise and issue criteria, measures, or any other practices related to personal data protection in accordance with the Personal Data Protection Act B.E. 2019.
The company has established policies and regulations. Including guidelines for protecting personal information. as well as supervising compliance with policies and regulations including any other related practices and find ways to develop and improve to make implementation more efficient Also to ensure that performance results are reported in accordance with policies and regulations. including related practices.
1. Collection, use and/or disclosure of personal information
Collection, use and/or disclosure of personal information will be done as necessary with objectives, scope, legal basis, including using legal and fair methods according to the company’s operating objectives and only as required by law The company will inform you of the purposes for collecting, using and/or disclosing personal information. Including asking for consent from the data owner before or while doing so. Except in cases specified by law. and/or in other cases As specified in this policy.
The Company will not collect, use and/or disclose sensitive personal information. unless there is express consent from the data owner. or as required by law and/or other cases specified in this policy
2. Sending or transferring personal information abroad
Due to the current operations of the company There may be coordination or transactions with foreign countries. This makes it necessary for the Company to sometimes send or transfer the personal data of the data subject abroad. In this case, the Company will use its best efforts to send or transfer the personal data of the data subject to business partners, service providers. Partners, customers or recipients of trusted company information use the most secure methods to maintain the safety of personal information. By sending or transferring personal information abroad as such. The company will act as necessary. with objectives, scope and using legal and fair methods in accordance with the Company’s operating objectives. and only as required by law The company will inform you of the objectives. and will ask for consent from the data owner before or while doing so. Except in cases specified by law. and/or in other cases As specified in this policy
The Company will not send or transfer sensitive personal information abroad. unless there is express consent from the data owner. or as required by law and/or other cases specified in this policy
3. Source of personal information
The Company may collect personal information from data owners through the following channels:
3.1 The company collects information directly from the data owner. This includes but is not limited to (1) cases where the data subject provides information to the Company through filling out a form; including electronic forms (2) by contacting the company via email (3) by communicating with the company in person or by telephone (4) while the data owner visits the company (5) from using the company’s website or application (6) from participating in activities with the company, etc.
3.2 The Company collects personal information from third parties. is the case where the company receives personal information from
Data sources other than the direct owner of the data This includes but is not limited to (1) emergency contact information or persons referenced in job applications; (2) client companies, joint venture partners, business partners Information on public websites Information from affiliated companies or information from any other person
3.3 The company collects information that is public information, which is the case where the company collects information about the owner of the information from sources that are already publicly available. This includes but is not limited to (1) registration information on companies, associations, organizations (2) information on capital market licensees (3) other public information sources. Including any services that can be accessed on the internet
4. Quality of personal information
The company collects and stores personal information. For use within the authority and operational objectives of the company. Taking into account the accuracy, completeness, and currentness of the information.
5. Purposes for collecting, using, disclosing and/or transferring personal information abroad
The Company will collect, use, disclose and/or transfer personal information abroad. For the benefit of the company’s operations This includes but is not limited to: Procurement, contracts, financial transactions Company activities Various coordination To improve the quality of the company’s work to be more efficient, such as creating a database. Analyze and develop the company’s operating processes. For the necessity of establishing legal claims. As evidence to raise as a defense to legal claims. Compliance with court orders or orders of government agencies with legal authority for legitimate benefits and for any other purposes that are not prohibited by law and/or to comply with laws or regulations or policies related to the Company’s operations.
For sensitive personal information (In cases where personal information is collected, used, disclosed and/or transferred abroad The Company has received explicit consent from the data owner or in the case of falling under the exceptions specified in the Personal Data Protection Act). The Company has operated for the purpose of disease screening. or assess the risk of contracting a contagious disease To consider physical readiness for work and to report according to the procedures specified by the company or as required by regulatory agencies or agencies as specified by law
In addition, the Company will store, collect, use, disclose and/or transfer personal information abroad. according to the objectives and criteria set by the company
6. Legal bases for collecting, using and/or disclosing personal information
General collection, use, and/or disclosure of personal data of data subjects The company operates under
The legal basis is as follows.
1) Performance of the contract or to carry out various steps as requested by the data owner before entering into a contract with the company.
2) For the legitimate interests of the company or third parties provided that such benefits do not exceed the basic rights to personal data and freedom of the data owner.
3) It is necessary to perform duties according to law.
4) Consent that the company receives from the data owner in the letter requesting consent for collection, use, and disclosure (document attached to Appendix A) or
5) In any other cases that can be done within the scope of the law.
6) Only in the case of collecting, using and/or disclosing sensitive personal information. operating company
Under the following legal bases
1) Explicit consent that the company receives from the data owner in the letter requesting consent for collection use and/or disclose personal data processing (Document attached to Appendix A)
2) It is to prevent or stop danger to a person’s life, body, or health.
3) It is necessary for the establishment of legal claims. Complying with or exercising rights to claim according to the law or
4) Raising a legal claim or Any other cases that can be done within the scope of the law.
7. Types of persons or agencies to which the company discloses personal information of the data owner.
The Company may disclose the personal information of the data owner. (only to the extent necessary) to outside persons or agencies for the purposes specified in this document. Such external persons or agencies may be located in Thailand or abroad as follows:
1) Affiliated companies and savings cooperatives Sahaviriya Industry Co., Ltd.
The Company may share the personal information of the data subject with the Company’s affiliated companies. and Sahaviriya Industry Savings Cooperative Limited for risk management. Exchange information with each other Internal audit of the company group and for the welfare of the company’s employees, including money lending services Deposit service, etc.
2) Third parties who provide services related to the Company’s operations
The Company may disclose the personal information of the data subject to such persons. Whether the person acts as a personal data controller or a personal data processor, for example, an accounting service provider, a bank, an information technology service provider. Cloud service provider (Cloud) A service provider for storing data or documents. Application service provider Location and parking service providers, etc.
3) Relevant government agencies
The Company may disclose the personal information of the data subject to government officials and government agencies. which has legal authority or to protect the rights of the company Rights of other people or for the benefit of the data owner, e.g. Office of the Auditor General, Comptroller General’s Department, Court of Justice, Revenue Department, Legal Execution Department, etc.
4) Other external persons or agencies
The Company may disclose the personal information of the data subject to outside persons or agencies to access the information.
Personal information of data subjects, for example, professional advisors (such as legal advisors or external auditors) and external agencies that the Company wishes to promote. according to the objectives stated above
8. Processing of personal data processors
In cases where the company contracts with outsiders to process data The Company will ensure that personal data processors collect, use and/or disclose personal information only according to the Company’s instructions. Including controlling operations to be in accordance with the law and the Personal Data Protection Act B.E. 2019
Personal data processors must provide appropriate personal data security measures. To prevent loss, access, use and/or disclosure of personal information without authority or wrongdoing and must report to the company immediately. and measures must be provided to compensate the data owner for damages arising from such events immediately.
9. Limitations on the use of personal information
The Company will not collect, use and/or disclose personal information that is inconsistent with the purposes for which personal information is collected, used and/or disclosed. unless consent is received from the data owner or collect, use and/or disclose personal information as required by law.
10. Maintaining the security of personal information
The company has appropriate measures in place to maintain the security of personal information. To prevent loss, access, destruction, modification, correction or collection, use and/or disclosure of personal information. without permission or illegally
In the event of a violation of personal information The company will notify the Office of the Personal Data Protection Commission. In addition, in cases where the violation has a high risk of affecting the rights and freedoms of individuals. The Company will inform the data owner along with remedies without delay, in accordance with the conditions and criteria specified by the Personal Data Protection Law or announcements or rules or regulations issued under the said law.
11. Rights of the owner of personal data
The Company specifies that data owners have the right to request a copy of their personal information. In the event that personal information is incorrect Data owners can notify for corrections, changes, and request to revoke consent. Suspend the use of personal information while waiting for verification of the accuracy of the personal information, delete or destroy, or make the owner of that information impossible to identify. Including requesting that personal data be transferred to another personal data controller. The company will prepare a record of objections to the storage. Correction of data or any action related to personal information as evidence
In addition, data owners have the right to complain to the Personal Data Protection Commission. In the event that the company violates or fails to comply with the law on personal data protection or announcements or rules or regulations issued according to such law.
In the case that the data owner wishes to exercise the rights mentioned above. You can submit a request to exercise your rights to the company according to the form specified by the company. (Document attached to Appendix B) through the company’s contact channels as specified below. However, the data owner does not need to pay for the implementation of the above rights.
The Company reserves the right to refuse the request to exercise the rights of the data owner according to Section 11. in the following cases:
12.1 Personal data protection law or other relevant laws specify that it can be carried out
12.2 Personal data is anonymized or has characteristics that can identify the data owner.
12.3 The applicant has no evidence to prove that he is the owner of the information or is the person with the authority to submit the request.
12.4 Such a request is a superfluous request, such as a request of the same nature or with the same content.repeatedly without reasonable cause, etc.
12.5 In the case of other necessary reasons, such as having to comply with court orders or employees or officials of related government agencies The operation is in the public interest. Exercising rights may violate rights. or the freedom of other people, etc.
In addition, the company will inform the data owner of the reason for rejecting the request.
13. Guidelines on personal data protection
The company will set guidelines for various matters. About personal information protection to be enforced further
If the company has a need to collect information related to the data owner’s access to websites and/or applications. which will be recorded in the form of cookies The company will continue to announce the policy for using cookies.
15. Period for keeping personal information
The Company will retain the personal information of the data subject for a reasonable and necessary period of time. For each type of personal data and purposes as specified by the Personal Data Protection Law.
The Company will retain the personal information of the data owner according to the statute of limitations or the period specified by law (such as the Public Limited Company Act. Securities and Exchange Law Laws to prevent and suppress money laundering accounting law Tax laws, labor laws, and other laws that the company must comply with. Both in Thailand and abroad. In addition, the company may be required to record information from closed-circuit television cameras at the head office, branch office, or manufacturing plant. for the purpose of preventing fraud and maintaining security). After the said retention period has elapsed, the Company will delete, destroy, or make personal information non-identifiable to the person who owns the information.
In addition, the company will collect, preserve and destroy personal information. according to the objectives and criteria set by the company
16. Processing of personal data according to the original purpose
The Company has the right to collect, use and/or disclose personal data of data subjects that the Company has collected before the date of the Personal Data Protection Act B.E. 2019 in relation to the collection, use and/or disclosure. Personal data continues to be effective for the original purpose. If the data owner does not wish for the Company to continue collecting, using and/or disclosing such personal information. The data subject can notify the Company to withdraw the data subject’s consent at any time.
17. Review and change of personal data protection policy
The company can amend, cancel, change or update this policy and regulations. To comply with legal requirements Changes in company operations Including suggestions and opinions from various agencies. as appropriate as appropriate to the case The company will announce this before starting the process or may send a notification to the data owner via the company’s communication channels.
18. Channels for contacting the company
Working Group for Supervising Compliance with the Personal Data Protection Act (“PDPA Working Group”)
Contact location: No. 16 K&Y Building, 5th Floor, Surasak Road, Silom Subdistrict, Bang Rak District, Bangkok 10500
Contact channel: email@example.com
Details of the regulatory agency
In the case where the company or employees or employees of the company Violate or fail to comply with the law regarding personal data protection. Data owners can file a complaint with a supervisory authority. according to the following details
Name: Office of the Personal Data Protection Commission
Contact location: 7th Floor, Chaloem Phrakiat Government Center 80th Anniversary, Ratthaprasana Phakdi Building (Building B)
120 Moo 3, Chaengwattana Road, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210
Telephone: 02 141 6993, 02 142 1033
Contact channel: firstname.lastname@example.org
Purchasing Department : email@example.com | Human Resources and Administration Department : firstname.lastname@example.org | Sales Department : email@example.com
16 K&Y Building 5 Fl., Surasak Road, Silom Sub-District, Bangrak District, Bangkok, 10500
Telephone +66 (0) 2234 9487-89
Fax +66 (0) 2233 6669
9/1 Moo 4, BanKlangNa – YaiPloy Road, Maeramphueng, BangSaphan, PrachuapKhiriKhan 77140
Telephone +66 (0) 3290 6112 – 119
Fax +66 (0) 3290 6120