“Personal Data” means information about an individual that enables such individual to be identified either directly or indirectly but does not include information of a deceased person in particular.
“Sensitive Personal Data” means Personal Data as provided in Section 26 of the Personal Data Protection Act B.E. 2562, including racial, ethnic, political opinions, ideological beliefs, religion or philosophies, sexual behavior, criminal history, health data, disability data, labor union data, genetic data, biological data, or any other information which affects the owner of personal data in a similar way as announced by the Personal Data Protection Committee.
“Personal Data Processing” means any processing of personal data such as collect, save, copy, organize, store, update, change, use, restore, disclose, transmit, publish, transfer, delete, destroy, etc.
“Data Subject” means an individual who owns Personal Data that the Company collects, uses, or discloses.
“Personal Data Controller” means an individual or legal entity who has the authority to make decisions regarding the collection, use or disclosure of Personal Data
“Personal Data Processor” means an individual or legal entity that processes, uses, or discloses Personal Data on behalf of or at the direction of the Personal Data Controller. However, the individual or legal entity doing so is not a Personal Data Controller.
3) SCOPE OF THIS POLICY
This Policy applies to the Personal Data of individuals who have a current and potential relationship with the Company whose Personal Data is processed by the Company, its officers, contractual employees, business units or other forms of units operated by the Company, and includes parties or third parties who process Personal Data for or on behalf of the Company (“Personal Data Processor”) under products and services such as websites, systems, applications, documents or other forms of services maintained by the Company (collectively, the “Services”).
Individuals related to the Company under the first paragraph include:
- personnel, trainees, applicants, workers, employees;
- business partners who are individuals;
- directors, executives, authorized persons, proxies, agents, representatives, shareholders, debenture holders, employees or other persons having a similar relationship of a juristic person having relationship with the Company;
- individual customers who use the Company’s products or Services;
- visitors or users of the website https://www.thoresenshipping.com, including systems, applications, devices, or other communication channels controlled by the Company;
- interested parties who contact and provide Personal Data to the Company or other persons whose Personal Data is collected by the Company, such as the guarantors, the beneficiaries of the insurance policy, etc.
Articles 1. to 6. are collectively referred to as “You” or the “Data Subject”.
In addition to this Policy, the Company may issue a Privacy Notice (“Notice”) for the processing of Personal Data under any specific contractual obligations, activities, or for products or services provided by the Company to inform the Data Subject of which categories of Personal Data shall be processed, a lawful basis and the purposes of processing of Personal Data, period of retention of Personal Data, including the rights which Data subject shall have when the Company processes Personal Data regard to the purpose for which the Personal Data is processed.
In the event of a material conflict between the terms and conditions of the Notice and this Policy, the terms of the Notice shall prevail for the processing of such Personal Data
4) SOURCE OF PERSONAL DATA COLLECTED BY THE COMPANY
The Company collects or obtains various types of Personal Data from the following sources:
- Personal Data that the Company collects directly from the Data Subject through various service channels such as registration, applying for a job, signing contracts and/or documents, completing surveys or using products, services, participating in the Company’s activities, account information, or other service channels controlled by the Company, or when the Data Subject communicates with the Company at the office or through other communication channels controlled by the Company, etc.;
- Personal Data that the Company collects from the Data Subject when access the Company’s website, products, or other services under contract or under a mission, such as website usage behavior, computer traffic data (Log file), communication between the Company and Data subject and data from logs, such as device identifiers (IP Address), device identifying code, cookie storage (Cookie), other similar or related technologies, or from software on the Data Subject’s device, etc.;
- Personal Data that the Company collects from sources such data sources have the authority, legitimate grounds or have already obtained the consent of the Data Subject to disclose such Personal Data to the Company such as digital platform/ services operated by the government agencies which provides comprehensive public benefit services to the Data Subject, other government agencies which the Company has a duty under its mission to establish a central information exchange center to support the operations of government agencies in providing services to people through digital systems, including the necessity to provide contractual services in which Personal Data may be exchanged with contractual entities.
This also includes the situation in which you provide Personal Data of third parties to the Company, therefore you shall be responsible for providing details under this Policy or announcements of activities, products, or services, as the case may be, to such parties, as well as obtaining their consent if the consent is required to disclose information to the Company.
Refusing to give consent for the collection, use, processing, transfer, or disclosure of certain types of your Personal Data which is necessary for performance or conducting business of the Company may prevent the Company from performing its legal duties or being unable to do business or transact with you in whole or in part.
5) COLLECTION OF PERSONAL DATA
When the Company collects your Personal Data, we shall obtain a consent from Data subject prior to such collection, except in the following cases.
- To perform the contract, in case the collection, use, or disclosure of Personal Data is necessary for the provision of services or performance of the contract between the Data Subject and the Company.
- To prevent or suppress the danger to life, body, or health.
- To comply with the laws.
- For the legitimate interests of the Company in the event that it is necessary for the legitimate interests of the Company’s operations, the Company will consider the rights of the Data Subject such as to prevent fraud, security in the network, protecting the rights, freedoms, and interests of the Data Subject, etc.
- For research or statistical purposes in the case of historical documents or archives for the public benefit or in connection with research or statistics, in which appropriate safeguards to protect the rights and freedoms of the Data Subject are in place.
- To perform state missions in the event that it is necessary to carry out the mission for the public interest or performing duties under the powers of the state assigned to the Company.
If it is necessary for the Company to collect your Personal Data for the performance of a contract, legal obligations, or for the necessity of entering into a contract, and you refuse to provide the information or object to the processing, the Company may be unable to perform or provide the services you have requested in whole or in part.
6) TYPES OF PERSONAL DATA THE COMPANY COLLECTS
The Company shall collect your Personal Data within the purposes, scope, lawful and using fair methods as is necessary to conduct Company’s operational activities, which including but not limited to:
|Types of Personal Data||Details and Examples|
|Personal data||Personally, identifiable information, such as your given name, surname, age, date of birth, nationality, identification card number, passport number or other official documents that can be used to identify you|
|Contact Information||Information for contacting you such as address, telephone number, email address, social media account name, etc.|
|Official Document Information||Your official document information such as a copy of your identification card, a copy of your house registration, a copy of your passport, a copy of your work permit, etc.|
|Financial Data||Your financial information such as bank account number, copy of bank passbook, credit card information, income information, etc.|
|Information collected by the Company automated systems from various devices of the Company||Information obtained from the Company’s automated systems such as websites usage data, CCTV footage, etc.|
|Sensitive Personal Data||Your Sensitive Personal Data such as ethnicity, religious information, disability information, criminal history, biometric information (fingerprint data), health information, etc.|
Sensitive Personal Data
Some Personal Data that the Company collects may be considered Sensitive Data such as religion, ethnicity, biometric information (such as fingerprints), disability information, medical information, and criminal history. The Company will collect Sensitive Personal Data from you only if you have given your express consent and to the extent necessary for the Company’s operations except for the following purposes:
- To prevent or suppress a danger to the life, body, or health of a person.
- In the case of lawful activities with appropriate protections of foundations, associations, or non-profit organizations with political, religion, philosophy or trade union objectives to members, former members, or individuals who have regular contact with the foundation, association, or non-profit organization according to the said purpose without disclosing such Personal Data to the outside of the foundation, association, or non-profit organization.
- In the case of Data made available to the public with the express consent of the Data Subject.
- Where it is necessary for the establishment of a statutory claim, the performance or exercise of a statutory claim, or the assertion of a statutory claim.
- Where it is necessary to comply with the law in order to achieve the objectives relating to:
- Preventive medicine or occupational medicine, employee competency assessment, medical diagnosis, providing health or social services, medical treatment, health management, or social work service system.
- Public health benefits, such as health protection from dangerous communicable diseases or epidemics
- Labor protection, social security, National Health Insurance, welfare related to medical treatment of persons entitled to legal rights, protection of car accident victims, or social protection.
- Scientific, historical, or statistical or other public interest research.
- Important public interest.
7) PURPOSES OF PROCESSING PERSONAL DATA
The Company shall collect your Personal Data as is necessary within the scope of the Company’s objectives depending on your relationship or activities that you have with the Company or the type of product or service you use as prior informed the Data Subject before collecting such Personal Data. We shall obtain the explicit consent from the Data Subject before or when such collecting Personal Data, except for when it is allowed by the Personal Data Protection Laws or the Company has a valid reason to process Personal Data without consent of the Data Subject. The purposes stated below are just a general framework for the Company’s use of your Personal Data. Only the purposes related to your relationship, activities, type of products, Services you have with the Company shall apply to your Personal Data.
- To enter into contracts or perform contractual duties, conduct transactions between the Company and the Data Subject, or perform contractual obligations between the Company and third parties for the benefit of the Data Subject;
- To answer questions and provide assistance to the Data Subject;
- To develop and improve goods, products, and services of the Company to be more responsive to the needs of the Data Subject;
- To provide information and recommend products, goods, services, activities or public relations for marketing promotions or benefits through contact channels received from the Data Subject as the Data Subject has given consent and agreed with the Company;
- For the purpose of the management of the Company’s internal affairs or operations that are necessary under the legitimate interests;
- For the purpose of human resource management;
- To inspect, supervise, and secure the building or premises of the Company;
- For compliance with laws related to the Company’s operations, such as deduction of withholding tax, etc.;
- To provide information to government agencies with legal authority as requested by government agencies, such as the Royal Thai Police, Anti-Money Laundering Office, the Revenue Department, Courts, or any regulators such as the Stock Exchange of Thailand, Securities and Exchange Commission, Ministry of Commerce, etc.;
- To carry out any accounting and financial activities such as auditing, debt notification and collection, exercise of benefits, taxes, and proof of transactions required by laws;
- For the legitimate interests of the Company, such as recording complaints via the call center system, video recording via CCTV, etc.;
- For verification and identification of individuals;
- To conduct survey, analyze, research, and prepare statistical data for marketing purposes or to develop and improve the Company’s operations according to your consent given to the Company;
- For use in investigations and compliance with laws, regulations, rules, or legal duties of the Company;
- For the purpose of establishing legal rights and litigation; and
- Other purposes with the explicit consent of the Data Subject.
8) TRANSFERRING AND DISCLOSING OF PERSONAL DATA
The Company shall not disclose and transfer the Personal Data of the Data Subject to outside organization except with the explicit consent of the Data Subject is given or in accordance with the following cases:
- For the purposes stipulated under this Policy, the Company may require disclosing or share specific information as necessary with its business partners, service providers, data collection providers, company consultants, auditors, internal and external auditors, or external agencies, government agencies, regulators, in which case the Company shall enter into a Personal Data Processing Agreement as required by law.
- The Company may disclose or share Personal Data with its affiliates only to process Personal Data for the purposes outlined in this Policy.
- To comply with any law or legal process that requires disclosure, or to comply with the orders of officials, government officials, competent authorities, to comply with a lawful order or request, for the benefit of legal officer investigations, or court proceedings.
9) MINOR, QUASI-INCOMPETENT PERSON, OR INCOMPETENT PERSON
If the Data subject is a minor, quasi-incompetent person or incompetent person where the consent is required, and the Data Subject is legally unable to give consent on their own according to the law, we shall not collect Personal Data unless the explicit consent from your legal representative, curator or guardian is given (as the case may be).
However, if the Company collects Personal Data from the Data Subject without consent of the legal representative, curator or guardian of the Data Subject (as the case may be), and the Company later becomes aware of such facts, the Company will delete such Personal Data as soon as possible and may collect, use, disclose and/or transfer such Personal Data only the extent necessary to carry out in the course of legitimate activities under the laws.
11) TRANSFERRING PERSONAL DATA OVERSEAS
The Company may send or transfer Personal Data to international organizations or a third countries. The Company shall ascertain that the international organization or destination country that receives such Personal Data shall have adequate or greater Personal Data Protection standards and measures applicable in Thailand.
12) PERSONAL DATA PROTECTION
The Company shall take appropriate technical and administrative measures to protect and secure the security of your Personal Data, including encryption for transmission over the Internet network, and will restrict access to your Personal Data so that it is only accessible to those involved, in both paper and electronic form.
13) RETENTION PERIOD OF PERSONAL DATA
The Company shall retain your Personal Data only for as long as it is necessary for the purpose for which it was collected as stipulated under this Policy, related Notices, and applicable laws. After the expiration of the period and when your Personal Data is no longer required for such purposes, the Company will delete, destroy, or render your Personal Data unidentifiable in accordance with the forms and standards governing the deletion and destruction of Personal Data. However, in the event of a dispute, exercise of rights, or legal action involving your Personal Data, the Company reserves the right to retain such Personal Data until a final order or judgment has been reached.
In the event that the retention period of Personal Data cannot be clearly stated, the Company shall retain the Data for a period consistent with the collection standard (e.g. the general legal period of prescription of up to 10 years).
14) CONNECTING TO EXTERNAL WEBSITES OR SERVICES
15) DATA SUBJECT RIGHTS
- Right to access and obtain a copy of Data Subject’s Personal Data;
- Right to correct your Personal Data to be updated and accurate;
- Right to Data Portability in case where the Company has made such Personal Data publicly accessible in the format readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated methods;
- Right to erase, destroy or anonymize Personal Data, should such Personal Data be no longer necessary or the Data Subject withdraws consent on which the collection, use, or disclosure is based on, and where the Data Controller has no legal ground for such collection, use, or disclosure;
- Right to restrict the use of Personal Data under circumstances where Personal Data is subject to erasure or is no longer necessary;
- Right to withdraw the consent given by Data Subject;
- Right to object the Processing of Personal Data at any time; and
- Right to make a complaint to the relevant Personal Data Protection Committee.
In this regard, we will consider your request, notify the result of the consideration, and execute it (if appropriate) within thirty (30) days from the date we receive the request. Your rights mentioned above will be in accordance with the Personal Data Protection Laws.
16) CONTACT DETAILS
If you have question or require further details concerning the protection of your Personal Data, the collection, use and disclose of your Personal Data, the exercising of your rights or if you have any complaint, you can contact as per the following channels:
Thoresen &Co.,(Bangkok) Limited
Contact Place : No. 26/32-34 Orakarn Building, 10th Floor, Soi Chidlom, Ploenchit Road, Lumpinee Sub-district, Pathumwan District, Bangkok 10330, Thailand
Telephone : +662-250-0569 to 74
Personal Data Protection Officer
Contact Place : No. 26/32-34 Orakarn Building, 10th Floor, Soi Chidlom, Ploenchit Road, Lumpinee Sub-district, Pathumwan District, Bangkok 10330, Thailand
Telephone : +662-250-0569 to 74
Email : firstname.lastname@example.org
|Privacy Notice for Business Partner||Link|
|Data Subject Requests||Link|