Privacy Notice for Processing of Personal Data of Charoensin Group
Under Personal Data Protection Act B.E. 2562 (2019)
Charoensin Group is comprised of CPL Group Public Co.,Ltd. Charoensin Asset Co.,Ltd. Applied DB Public Co.,Ltd. TTN Nonwoven Solution Co.,Ltd. Song Mao Nonwaven Co.,Ltd. Eagle Chemical Industry Co.,Ltd. CS Rubber Industry Co.,Ltd. CS Unitel Technology Co.,Ltd. CS Mitsufuku Elastomers Co.,Ltd. CSJ Rubber Sheet Co.,Ltd. Manwood Intertrade Co.,Ltd. Thai Wiring System Co.,Ltd. CS Metal Parts Co.,Ltd. and Charoensin Capital Co.,Ltd. hereinafter referred to as “The Company”
The company recognizes and prioritizes the importance of the personal data1 you have provided to us. In accordance with the Personal Data Protection Act B.E. 2562 (2019) and relevant law, the company hereby establishes the Privacy Notice for Processing of Personal Data to inform you regarding the policy and objectives of the company group relating to the collection, use, and disclosure of your personal data regarding the transaction that you have conducted with the company, as well as the policy and regulations on implementation of the company group relating the maintaining and security measure for personal data protection, including to ensure that your personal data is protected and to be used appropriately as prescribed by law. The Privacy Notice for Processing of Personal Data Notice will be applied to the following personal data:
(1) Individual customer utilizing the company’s products and services, including an individual customer with the authority to be an authorized person to perform duties on behalf of a corporation customer.
(2) Individual who is not a customer of the company, including a customer who does not use the company’s products or services, and for whom the company may need to collect, use, and disclose personal data, such as an individual who paid or received money from the company, an individual who received services from a branch or office of the company, or any individual relating to a transaction involving the company or its customer.
(3) Business partner and service provider being an individual person.
(4) Visitor entering corporation events, websites, systems, applications, devices, or other communication channels under supervised by the company.
(5) staff members or practitioner or company employee.
(6) Other individuals for whom the company has collected personal data, such as the applicant, the employee’s family, the guarantor, and the insurance beneficiary, etc.
(7) Committee, Authorized person, Representative, Agent, Shareholders, or other individual acting similarly to the legal entity in relation to the business. The individual described in articles 1 to 7 is referred to as the “Data owner”
The company will inform you accordingly that you can examine and comprehend the processing2 of your personal data.
1.Collection of personal data
The company collects your personal data, such as individual personal data, personal life’s data or Personal interesting data, financial data, and Sensitive Personal data. The sources for data collection are as follows.
1.1 Sources of personal data; the company may obtain personal data from the following sources:
1) Direct data, such as filling out questionnaire applications form on both paper and online platforms, surveying the company, or entering the company’s website via cookies.
2) Indirect data that comes from sources aside from the individual, such as searching for personal data on a website or interviewing a third party. The company will notify you within 30 days of the date that collected your personal data. Before collecting your personal information, the company will request your consent, unless authorization and notification to the data owner are not required by law.
3) Social Media Sources or external login providers; the data owner must consent to the sharing of personal data with the company for the purpose of connecting users to external services and the company’s services. If the personal data has already been disclosed to the company, it will be in accordance with the owner data settings provided in the external service provider’s policy on the confidentiality of personal data.
1.2. Personal data gathered by the company for collection, use or disclosure
The variety of personal data gathered by the company for collection, use or disclosure depends on the scope of the products or services in which the data owner is interested or used to have, e.g., individual personal data, financial data, sensitive personal data, but not limited to the following data.
Type of data | Example of personal data |
Details on personal data |
|
Details on contact |
|
Details on identification and authentication |
|
Details on work |
|
Details on financial and relationship between the owner data and the company |
|
Details on geography/ devices / software and technical terms |
|
Data verification |
|
Data Security |
|
Sensitive Personal data |
|
Others |
|
2.Objectives for collecting personal data
The company collected your personal data to comply with the following purposes.
2.1 To execute or comply with the contract, including implementation of service conditions of the company.
2.2 To provide services or be responsible for the customer in accordance with the contract.
2.3 To manage relationships with the company and the customer in terms of accounting and/or the selling-buying of the company’s products or services, including the analysis of statistics for risk management of the relationship between both the company and the customers.
2.4 To manage, analyze, and approve loans, based on the case’s risk.
2.5 To implement dispute, reclamation, debt transfer, and business payment procedures of corporation nature.
2.6. Record of conversation and contact with customers without knowledge of media use (e-mail, fax, telephone interview or other) to develop communication correspondence with the rules and regulations of financial markets and transaction security.
2.7 To solve the system problem if the authenticated data must be verified.
2.8 Verification and identification of customers or users, or business facilitator, or partner, or visitor who requires access to a restricted area
2.9 Photo and video records of each event of visitors entering the company’s area for security and protection of company assets, including checking in the event of accidents and crimes.
2.10 To comply with the law, rules, and regulations of the organization, particularly the risk management of company implementation (comprising of internal auditing and control, safety and security of computer transaction and international payment and financial instruments preservation) compliance with the requirements of financial markets and tax law, as well as the prevention of money laundering and the financing of terrorism.
3. Principle of personal data collection
The company will collect the personal data required by law to fulfill the stated purpose. Before collecting your individual data, the company will seek your permission, apart from the following cases. In these cases, the company will collect personal data without your consent:
3.1 To accomplish the objective of establishing historical documents or archives for the purpose of public benefit, research, or statistical collection. The company will provide the appropriate prevention measures and take the necessary precautions to protect your rights and freedoms.
3.2 To prevent and refrain from life-threatening, physical, and health risks to the individual.
3.3 To follow the contract in which you are a partner in accordance with your request prior to entering into the contract.
3.4 To engage in state-authorized public activities or exercise state authority granted to the company.
3.5 To proceed in accordance with the consent of the company, individual, or juristic person, unless such benefits have fewer fundamental rights than your personal data.
3.6 To abide by the law.
However, the collection of sensitive personal3 data requires the consent of the company, or at the time of collection of sensitive personal data from a minor or an incompetent person, the company must ensure that the personal data of such a person has been protected in accordance with the company’s conditions and is not contrary to the law.
4. Use and Disclosure of Personal Data
Use and Disclosure of Personal Data, the company has the purposes and primary implementation corresponding to articles 2 and 3 which are applicable to the usage and disclosure of personal data. The company will disclose strictly your personal data to the agencies or external provider as follow.4
4.1 Business Facilitator, which includes the personal that the company employs, assigns, or appoints to act as the company in whole or in part regarding the company’s responsibilities, these include subcontractor, but are not limited to, technology services providers, business consultants, debt collection, document printing, electronic card production, and delivery services.
4.2 Partner, business alliance, or corporation partner of the company
4.3 Companies performing credit card data
4.4 Government agencies with all rights and responsibilities, such as the Anti-Money Laundering Office, the Office of the National Anti-Corruption Commission, the Office of the Narcotics Control Board, the Social Security office, the Revenue Department, and the Court.
5.Collection and use of personal data for a previously stated objective
The company may continue to collect and use your personal data as it did prior to the implementation of the Personal Data Protection Act B.E. 2562 (2019) and for the same purposes. By the way, you can withdraw your consent to the collection and use of your personal data at any time.
6.Duration of personal data preservation
The company will preserve your personal data for the duration specified below.
6.1 Duration in accordance with the law controlling the preservation of personal data, such as the Accounting Act B.E. 2543 (2000), the Anti-Money-Laundering Act B.E. 2542(1999), the Computer Crime Act B.E. 2550 (2007), and the Revenue Code.
6.2 If the law does not specify the appropriate length of time for preserving personal data, the company will determine the appropriate length of time based on the company’s operations. At the end of the time duration, the company will delete, demolish, or modify the owner’s personal data so that it cannot be identified.
7.Data owner rights
The Personal Data Protection Act B.E. 2562 grants you the following rights:
7.1 Right of access; you have the right to access your personal data by informing the company that made a copy of such person, as well as the right to request the method of personal data collection if you do not consent.
7.2 Right to rectification; you have right to ask the company to rectify the incorrect information, not up-to-date or misleading information or add up the incomplete information.
7.3 Right to Data Portability; you have the right to obtain your personal data from the company by delivering or transferring it to the controller of personal data, and you can also request that the personal data of another individual be delivered or transferred to you.
7.4 Right to withdraw consent; you have the right to withdraw consent in processing your personal data even you have always given the consent. In addition, withdrawing consent will not affect the processing of other personal data for which you have already provided consent under applicable law.
7.5 Right to object; you have the right to object to processing of your personal data, if the company processing personal data in accordance with the law of the company, an individual, or another legal entity for public benefits or the exercise of state authority, or for direct marketing, historical or scientific research, or for statistical purposes, the company would be in violation.
7.6 Right to Restriction of Processing; you have the right to restrict the use of your personal data during the authentication process if you request rectification or restriction of use to replace personal data, or during the company’s justification for refusing your right to object.
7.7 Right to erasure; you have the right to erase or demolish your personal data if it is determined that the data is no longer required for the purposes of collection, usage, or disclosure; or if you withdraw your consent and the company has no right to processing your further personal data; or if you object to the processing of your personal data and the company has no appropriate reason for the objection; or if the processing of such person does not follow the requirements of the law.
If you wish to exercise the right or revoke your consent for the processing of your personal data, you may request an application for owner data right from a branch of our corporate group or download it from our website.
However, the company may deny a request for the use of this right if its requirements do not conflict with the law. If the company denies your request, it will provide the reason for the rejection for your data
The right usage, if the data owner’s age is less than 10 years or he or she is an incompetent person, a quasi-incompetent person, it shall be consented by the parents, guardian, or legal guardian acting on behalf of the minors; being an incompetent person or quasi-incompetent person has the same meaning in each case.
8.Cookies
Cookies are mini files in a computer, storing a temporary file in the your computer for the most efficient and convenient method of communication, and are only active at the time of website access. Cookies will expire or become inactive upon termination of website use, termination of data link from the group company, or when the user deletes or withdraws consent for such cookies.
The company uses cookies in the case of strictly necessary cookies, analytic cookies, functional cookies, and targeting cookies to assist the company in collecting the data, such as type of browser, timing of usage, webpage URL, language setting and logfile, for the purposes of security, ease of website usage, displaying an effective information, collecting statistics data, enhancing the website visit experience, and developing the application responsiveness. Cookies are a tool that enables a company to select the advertisement or presentation that you are most interested in for display during your visit, to send you marketing information via e-mail, and to respond to your needs regarding online advertising and marketing e-mail.
8.1 Cookies management
Except for strictly necessary cookies, which can be managed via “Setting cookies” or web browser settings, it is prohibited to install cookies on your devices; closing cookies may prevent the user from accessing the website.
8.2 Duration of cookies administration
(1) Session Cookies are automatically deleted when the web browser is closed.
(2) Persistent Cookies will remain on the user’s computer until their expiration date or until deleted. During subsequent visits to a website, persistent cookies can store the user’s data in such a manner that nearly fulfills his or her requirements.
9. Protection and security of personal data
The company provides the appropriate security and safety measures for personal data to prevent the loss, the access, the usage, the modification, and the disclosure of personal data without authorization and in violation of the law, which corresponds to security policies and practices if the Company authorizes affiliated or third parties to act on the collection, use, or disclosure of the Group.
The company shall require such entities or third parties for collection, usage and disclosure to keep personal data confidential and secure, including preventing personal data from being collected, used, or disclosed without authorization or in violation of the law for any other purpose.
10.Contact
10.1 Data controller: Charoensin Group
Contact address: Charoensin Building 318/10-22 Soi Sukhumvit 22, Sukhumvit Rd., Kwang Klongtoey, Khet Klongtoey, Bangkok, Thailand 10110.
Telephone no.: +66 2259 0320
Website: https://charoensin.co.th/
Additional information on personal data processing and the protection of personal data can be found in “Policy of Personal Data Protection” under the Personal Data Protection Act B.E. 2562 (2019) of the company’s website: https://charoensin.co.th/ If you have any inquiries regarding the processing of personal data of the company, you are invited to contact our Data Protection Officer of our company as following details:
10.2 Details of Data Protection Officer: DPO of Charoensin Group
Name: Personal Data Protection Section
Contact address: Charoensin Building 318/10-22 Soi Sukhumvit 22, Sukhumvit Rd., Kwang Klongtoey, Khet Klongtoey, Bangkok, Thailand 10110.
Tel: +66 2259 0320
Website : https://charoensin.co.th/
10.3 Details of controller agency: The Office of the Information and Privacy Commissioner (OIPC)
In case that the company, officer, or employee of the company does not follow and respect to the Personal data protection law, the complaint can be made directly to the controller agency details as follows:
Name: Personal Data Protection Section
Contact: The Government Complex Commemorating His Majesty the King’s 80th Birthday Anniversary, Ratthaprasasanabhakti Building (Building B), Chaengwattana Road
Tel: 0 2142 1033
E-mail: pdpc@mdes.go.th
11. Modification of the Privacy Notice
The Company will review and revise the Privacy Policy regularly in which it may have affect to this Privacy Notice for Customers’ member. You can view the latest changes available in company’s website https://charoensin.co.th/ and other channels.
1 “Personal data” refers to data that can be used directly or indirectly identify an individual, excluding deceased individuals and juristic person data.
2 “Personal data processing” refers to personal data collection, use, or disclosure.
3 “Sensitive Personal Data” means the private personal information of each individual that is intentionally and at risk of being used in a manner of unfair discrimination that may directly affect the owner of the information, as defined by the Personal Data Commission.
4 You can verify the list of Company Financial Group/ Company business alliances/ Person or Assigned agencies by visiting the following link: https://charoensin.co.th/