Due to the online identify theft crimes and illegal data access behaviours which can cause damage to the data subjects in respect of one’s identity or property and directly affect the social life, the Thai government has established measures to protect the personal information in order to comply with the international data protection standards and General Data Protection Regulations (GDPR) through Personal Data Protection Act B.E. 2562.
“Personal Data” means any information relating to a person which enable to identify such person, whether directly or indirectly, such as name, surname, age, date of birth. ID card number, contact information, such as residence, workplace, telephone number, including any other information which is considered as personal information, such as website usage data, comments or sensitive data, excluding the information of the deceased persons in particular.
“Person” means a natural person.
“Data Controller” means an individual or a juristic person with authority to make decisions regarding the personal information collection, usage or disclosure.
“Data Processor” means an individual or a juristic person who processes, collects, uses or discloses any personal information in accordance with an order or on behalf of a data controller. In this regard, the person or juristic person who performs such operations shall not be a data controller.
Data Privacy Measures
The Company will operate as necessary and reasonable with technical methods and working methods of the agency for your personal information protection. If the Company uses any personal information in processing the data privacy for the Company’s operations, the Company will ensure that such personal information will be processed under the data privacy measures.
The use of personal information given to the Company will be used for the purpose of agreed operation. Only some information, such as position, duties and department details may be processed as combined data through anonymization technique for the analytical and statistical benefits. The Company will do not sell or distribute your personal information under any circumstances.
The personal data collecting in accordance with the Personal Data Protection Act includes the use of technology to store the data through cookies browser. Therefore, by refusing to give a consent on the Company’s website will suspend the collection of personal information.
Personal Information Security
The Company has established various standard measures and IT security requirements to prevent data leakage, including personal data access and storage management. All personal data processing will be secured without data leakage to the possession of others or any misuse from the original purpose or consent of the data subject, as well as disclosure to others or public without the consent of the data subject or requirements as specified by law.
In this regard, the Company regularly and carefully reviews all the personal data to ensure proper security and prevent unauthorized access without the consent of the data subject, including data protection from various privacy violations
The Company will not transmit any personal data to the third parties, except with the consent of the data subject and such third parties must have standards for personal information protection at the level as required by laws and the Personal Information Protection.
Company’s Operation Relating to Personal Data
The Company may transmit or transfer the personal data between HIS MSC Company Limited and its subsidiaries for the purpose of solution improvement or development as necessary and appropriate, such as marketing, purchasing or service information and other communications related to the Company’s operation in accordance with its rights granted under the Personal Data Protection Act or with the data subject’s consent.
Data subject’s Rights
– To access personal data
– To amend and update the personal data
– To withdraw a consent
– To object the collection, use or disclosure of personal data
– To request for a suspension of personal data usage
– To request for a deletion or destroy of personal data
– To transfer personal data
Personal Data Processing
The Company will process your personal data to comply with trade, services and any other operations as provided by the data subject to the Company through data processing under Section 24 (3) in the contract.
The Company will use the personal data for only purposes as specified in the consent or as required by law.
The Company will use or act in connection with the personal data for legitimate interest in accordance with
Section 24 (5) as in the following cases:
– To estimate data processing as necessary
– The data used for processing must be publicly available and not be a sensitive information.
– Low personal data protection risk
– There are ways to choose not to receive information or communication easily.
The Company may take any actions in connection with the personal data to comply with the legitimate orders and other laws, such as securities and stock exchange laws, tax laws or court orders, etc.
The company may process or take any actions in connection with the personal information, such as sensitive data, health data or tracking and monitoring during the epidemic situations by aiming to prevent and suppress any incidents that may affect or be harmful to the data subject or the Company.
Personal Data Storage
According to the principle of collecting personal information as necessary, the Company will maintain the personal information as long as a period of time necessary for the data storage purposes in accordance with the following laws:
– The period of contractual data processing basis and the legitimate interest basis are specified for 5 years.
– When the specified storage period has expired, the Company will delete and destroy or make such personal data unidentifiable.
Personal Data Obtained Prior to the Enforcement of the Personal Data Protection Act
However, if you wish to request for any withdraw of personal data, either wholly or partly, please contact the Company at the available channel as specified below hereof for further data deletion or destroy processes.
HIS MSC Company Limited
400 Chaloemphrakiat Rama 9 Road, Nong Bon,
Prawet, Bangkok 10250
Phone: 02-089-8466 (Data Protection Officer)