Privacy Policy

1. Introduction

           In order to ensure compliance with the Personal Data Protection Act B.E. 2562 (2019 ), Echo Autoparts (Thailand) Co., Ltd. has established a policy and guidelines on personal data protection as a guideline for personal data protection. Appropriate security measures are in place. To prevent unauthorized or unlawful loss, access, use, change, correction or disclosure of personal data, and to review such measures when necessary or when technology changes. To be effective in maintaining proper security. Therefore, the Company has announced the policy and guidelines for personal data protection to serve as guidelines for personal data protection practices in accordance with such laws.

 

2. Objectives of the Policy

  • To ensure that the Company's executives and employees are aware of the importance and use it as a guideline for personal data protection practices to be in order.
  • To ensure that customers, business partners and related persons can be confident that the Company will collect and process their information. Use or disclose information sparingly with caution.

 

3. Scope of Policy

           This policy covers the operations of executives and all employees in the Company, including those who are related to the Company's business.

 

4. Definitions

  • Data Subject  means a natural person whose personal data can identify that person. This covers the information of customers, business partners, business related persons with the Company, as well as all employees in the Company. The following information is not personal information, such as non-personally identifiable business contact information, such as company name and company address. The Company's juristic person registration number Work phone number, work email address Information of the deceased, etc.
  • Personal Data means information relating to a natural person which enables the identification of that person. Whether directly or indirectly, such as first name, last name, email address, telephone number. ID card number Social security number, passport number, bank account number, educational background, health history, work history, family history, criminal record. Pictures, fingerprints. Work Time Log Race, Religion, IP Address Log File, Genetic Information Biometric data, etc.
  • Processing means any operation with personal data, such as collection, record, systematization, structuring, preservation, improvement. Change, recover Use Reveal Forward, Publish Transfer, mix together, delete, destroy.

 

5. Limited Collection of Personal Data

          The collection of personal information will be done for the purpose. The Company shall collect limited information only to the extent necessary for the provision of services or services by any other electronic means under the Company's objectives. In this regard, the Company will acknowledge the data subject and give consent in accordance with the method prescribed by the Company. The Company will seek consent from employees before collecting, unless:

  • Comply with laws such as the Personal Data Protection Act. Electronic Transactions Act Telecommunications Business Act Anti-Money Laundering Act Civil and Criminal Code Code of Civil and Criminal Procedure, etc.
  • It is for the benefit of the investigation of the investigating officer or the judgment of the court.
  • For the benefit of the customer and consent cannot be obtained at that time.
  • It is necessary for the legitimate interests of the Company or of persons or juristic persons other than the Company.
  • It is necessary to prevent or suppress the danger to life. or a person's health.
  • It is necessary for the performance of a contract to which the personal data subject is a party, or to take steps at the request of the personal data subject before entering into such contract.
  • To achieve the objectives related to the preparation of historical documents or archives, for the public interest, or for study, research, and statistics, appropriate preventive measures have been provided.

 

6. Data Security and Quality Measures

  • The Company realizes the importance of maintaining the security of personal data, so the Company has established appropriate measures to maintain the security of personal data in accordance with the confidentiality of personal data to prevent loss. Accessing, destroying, using, converting, correcting or disclosing personal data without rights or unlawfully, as well as preventing unauthorized use of personal data.
  • Personal information received by the Company, such as name, age, address. Telephone number, ID card number Personal data that is accurate and up-to-date will be used only for the Company's operational purposes and the Company will take appropriate measures to protect the rights of the personal data subject.

 

7. Purpose of Collection, Storage, Use of Personal Data

          The Company will collect, use Personal Data for the benefit of providing services to the Data Subject and for any other purposes that are not prohibited by law and/or to comply with laws or regulations applicable to the Company now and in the future, including consenting to the Company sending, transferring and/or disclosing Personal Data to the Company's business groups. Business partners, external service providers, data processors, assignees, entities/organizations/juristic persons who have contracts with the Company by consenting to the Company sending, transferring and/or disclosing such information, and the Company will retain such data only for as long as necessary for those purposes. If there is a change in the purpose of collecting personal data. The Company will announce to the data subject every time.

 

8. Restrictions on Use and/or Disclosure of Personal Data

          The company will use Disclosure of personal data of the data subject is subject to the consent of the data subject, which must be used for the purpose of collecting the Company's data only. The Company will supervise employees. officers or workers of the Company shall not use and/or disclose Personal data of the data subject other than the purpose of collecting personal data or disclosing it to third parties, unless:

  • Comply with laws such as the Personal Data Protection Act. Electronic Transactions Act Anti-Money Laundering Act Civil and Criminal Code Code of Civil and Criminal Procedure, etc.
  • It is for the benefit of the investigation of the investigating officer or the judgment of the court.
  • For the benefit of the data subject and consent cannot be obtained at that time.
  • It is necessary for the legitimate interests of the Company.
  • It is necessary to prevent or suppress the danger to life. or a person's health.
  • It is necessary for the performance of a contract to which the personal data subject is a party, or to take steps at the request of the personal data subject before entering into such contract.
  • For the public interest or for study, research, and statistics, which have provided appropriate preventive measures. The Company may use the information services of third-party service providers in order to process the retention of personal data. Collective action is prohibited. Use or disclose personal data other than as specified by the Company.

 

9. Steps to collect, use, store Processing and destroying personal data

  • The Company will request permission from the data subject to give consent for the Company to use, retain or process data for various purposes specified by the Company in accordance with this Policy.
  • The use of the data must be in accordance with the purposes for which the data subject has given consent, except as stipulated in this policy.
  • The retention shall be in accordance with the Company's confidentiality policy. Information Technology Policy and other related policies
  • Data processing from various parties within the Company can be processed according to the purposes in the consent form of the data subject. In case the data must be submitted to a third party service provider for processing. The Company will enter into a non-disclosure agreement with such third party service providers.
  • Data Destruction The Company will destroy the data at the request of the data subject immediately. If the destruction is not contrary to the law or any other relevant necessity.

 

10. Problem management in case of data leakage

          The Company has set guidelines to manage problems in the event of a personal data breach as follows:

  • When a complaint about a personal data leak is detected or received. Those who detect or receive complaints must report to the Personal Data Officer (Personal & General Affairs Department) for investigation, coordinate with the department responsible for the data to find the cause of the data breach, and report to the relevant supervisory authorities as required by law.
  • When the cause is detected, which is caused by
              - The Company's work system shall coordinate with the Management Information System Department (MIS) to suspend or temporarily shut down the work system in order to correct the errors or notify the external service provider of the work system to take corrective action immediately.
              - Persons within the Company shall immediately suspend access to that person's information and set up an investigation committee.
              - The third party service provider shall investigate the cause and notify the Company within 5 working days from the date of the Company's notification, during which the Company will temporarily suspend the transmission of information to that third party service provider until the leaked data is resolved.
  • The Company will deal with such information by limiting damages as much as possible according to legal process or other means as the case may be.
  • The Company will notify the complainant of the progress periodically. Damage limitation progress reached Cause: The corrective protection that the Company has taken at each stage.

 

11. Rights Relating to Personal Data of Customers, Business Partners, Business Associates and Employees

  • The right to request access to and obtain a copy of the personal data of the data subject in accordance with the rules and procedures specified by the Company or request to disclose the acquisition of personal data. Such request must not be contrary to applicable law.
  • The right to request correction or change of personal data of the data subject that is inaccurate, incomplete or not up-to-date.
  • The right to request deletion or destruction of the personal data of the data subject, unless the Company must comply with relevant laws for the retention of such data.

 

12. Disclosure of Practices and Policies Related to Personal Data

          The Company will notify departments, employees, business partners, and personal data subjects to be informed of the policy and implementation of the guidelines by various methods as appropriate, such as posting internal and external announcements or on the website, etc.

 

13. Compliance with applicable laws or practices and policy updates

          The Company will regularly monitor the progress of relevant laws or guidelines. We will also review and update the policy and procedures for personal data protection periodically. If there are any significant changes, the Company will notify the Data Subject and publicize through various communication channels as appropriate.

 

14. Related Policies

          The Company has established a confidentiality policy (in accordance with Chapter 9 of the Company's Articles of Association In essence) , all documents are classified as confidential documents. The person responsible for preparing or maintaining the document has no right to publish it to outsiders or insiders who do not have duties related to such documents. Except for the coordination of information of employees within the Company itself for the benefit of the Company's work or in the case of government agencies with related duties requesting to:

 

15. Contact channel

          Personal & General Affairs Department

          Echo Autoparts (Thailand) Co., Ltd.

          13/1 M.2 Bangna-Trad Km.41,

          Bangwua District, Bangpakong, Chachoengsao

          Phone 038-538-145

© Copyright 2023 ECHO AUTOPARTS (THAILAND) CO., LTD. All rights reserved. | Privacy Policy