For the purpose of complying with the Personal Data Protection Act B.E. 2562 (2019) and subordinate laws issued thereunder, including any amendments which may be made thereto, (hereinafter referred to be “Laws on Personal Data Protection”), Hitachi Transport System Group Thailand i.e Hitachi Transport System Vantec (Thailand) Limited, TST Sunrise Service Limited, Eternity Grand Logistics Public Company Limited, Pands Group Logistics Company Limited, Eternity Consulting and Service Company Limited (hereinafter referred to be "Company”) has prepared this Personal Data Privacy Notice (hereinafter referred to be “Privacy Notice”) for Visitor (hereinafter referred to be “you”) to inform data subject for the purpose of collecting Personal Data, lawful basis, the retention period, disclosure of Personal Data (hereinafter referred to be “Processing”) Data about the Personal Data controller and the rights as the data subject. The details are as follows :
Under this Privacy Notice, the definitions used are as follows:
- 1.1. Visitor means a third party who is not an employee of the Company, to liaise with employees of the Company and shall include workers of contractors companies who
- come to work for the Company, government agencies that have representatives to contact the work.
- 1.2. Personal Data means any data relating to a Person, which enables the identification of such Person, whether directly or indirectly, (but not including the data of the
- deceased Persons in particular).
- 1.3. Sensitive Personal Data means data about race, ethnicity, political opinion, creed, religious or philosophical belief, sexual behavior, Criminal records, health
- data, disability data, trade union data, genetic data, biometric data or any data that may affect the owner of the data in the same way.
2. Types of Personal Data collected and Personal Data Protection
The Company will collect various types of personal data that you provide directly to the Company from the operation or sales channels / services / receiving various services of the Company under the terms/based processing as required by law as stated as follows :
- 2.1. General Personal Data include:
- 2.1.1. Personal data such as first name, last name, date/month/year of birth, age, sex, national identification number, photograph, and signature, etc.
- 2.1.2. Contact data such as address, telephone number, e-mail and details of name card, etc.
- 2.1.3. Company contact data such as Recording data or audio when contacting the company.
- 2.1.4. Data about participation in activities with the Company, such as recording of picture or videos, etc.
- 2.1.5. Data used as evidence for transactions or juristic acts, such as Personal Data which appears in a copy of national identification card, copy of
- passport, copy of change of name certificate, data of other parties related to you, such as data about your employees, etc.
- 2.1.6. Other data, such as voice recording of conversations, and video recording by means of CCTV, etc.
- 2.2. Sensitive Personal Data, in general, the Company does not intend to collect and use sensitive personal data such as religion and blood group that appears on the copy of
- your identification card for any specific purpose. If you have provided a copy of your ID card to the Company, ask you to conceal such data. If you do not conceal the
- above data, you authorize the Company to conceal and the document is deemed to be concealed valid with enforceable in all respects by law. However, if the
- Company is unable to conceal data due to some technical limitations. The Company will collect and use such data only as part of your identity document.
- 2.3. Retention of Personal Data, the Company collects Personal Data according to the nature of the data received.
- 2.3.1. Personal Data in electronic (Soft Copy) from the Company's computer system will be stored in the Company's central database that maintains and maintains the
- security of data, assigns access control rights, including control rights. Enter the computer room. In the case of cloud-stored data, the Company utilizes a cloud service provider that has received ISO/IEC 20000-1:2011 International Cloud Service Management and CSA STAR Certification. Information security system in accordance with international standards ISO/IEC 27001:2013.
- 2.3.2. Personal Data in paper Document (Hard Copy), for paper documents in the process of Company’s operations are stored in the Company's secure area where
- access rights are set. The finished paper documents are stored in a secure document storage facility.
3. Purposes and Lawful Basis for the Collection, Use, Disclosure and Processing of your Personal Data
The Company will collect, use and/or disclose your Personal Data in accordance with the relationship between the Company and you only if necessary with Based on Legitimate Interest Base, Contract Performance Base, Legal Compliance Base, Consent Base or other legal bases as determined by the Personal Data Protection Act as the case may be, for the purposes of collecting, using or disclosing the Company's data as follows:
- 3.1. For the purpose of complying with the laws such as compliance with a legal obligation to which the Company are subject such as personal data protection laws, tax law,
- labor law, social security law, civil and commercial law, public limited company law, etc.
- 3.2 For the purpose of the legitimate interests of the Company in monitoring, protecting and ensuring the security of properties of the Company. Such as, the CCTV footages
- can be used to prevent loss or damages to the Company’s properties and other person, etc.
- 3.3. For the purpose of responses to your communications contact with the Company, such as for answering questions, handling complaints, or giving opinions, etc.
- 3.4. For the purpose of preventing or suppressing danger to a person’s life, body, or health basis such as emergency contact.
- 3.5. In the event of use other than the purpose to Clause 3.1-3.4. Collecting your Personal Data that you will be informed of the details and the Company will request your
- 3.6. Where the Company has previously collected your Personal Data before the Laws on Personal Data Protection have become effective, the Company will continue to
- collect and use your Personal Data in accordance with the original purposes of collection. In this regard, you have the right to withdraw your consent by contacting the
- Company using the contact details set out in article 9 contacting the Company. However, the Company reserves the right to consider your request for the withdrawal
- of consent and proceed in accordance with the Laws on Personal Data Protection.
4. Disclosure of Personal Data
- 4.1. The Company may need to disclose your Personal Data in accordance with the purposes and rules prescribed under the law on Personal Data protection by providing
- appropriate measures to protect your Personal Data disclosed to the following persons and entities:
- 4.1.1. Hitachi Transport System group of companies are shall include executives, directors, employees and/or internal personnel to the extent and as necessary for the
- processing of your Personal Data.
- 4.1.2. Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/Processing of
- Personal Data for the Company in the provision of various services or any other services which may be beneficial to you or relevant to the Company’s business operation.
- 4.1.3. Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company.
- 4.1.4. Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or relevant
- to the legal process or which were granted permission pursuant to applicable laws, such as Revenue Department, Ministry of Commerce, Office of the Personal Data Protection Commission, etc.
- 4.2. The disclosure of your Personal Data to third parties other than article 4.1 shall be in accordance with the Purposes or other purposes permitted by law, provided that if
- the law requires your consent to be provided, the Company will request for your prior consent. And the Company will put in place appropriate safeguards to protect
- the Personal Data that has been disclosed and to comply with the standards and duties relating to the protection of Personal Data as prescribed by the Laws on
- Personal Data Protection.
- 4.3. Where the Company sends or transfers your Personal Data as specified in article 4.1 and 4.2.which are outside Thailand, the Company will ensure that the recipient
- country, the international organization or such overseas recipient has a sufficient standard for the protection of Personal Data. In some cases, the Company may
- request your consent for the transfer of your Personal Data outside Thailand, subject to the requirements under Laws on Personal Data Protection.
5. Security of Personal Data
The Company has provide appropriate security measures to prevent of Personal Data as required by the law on Personal Data protection. It's covers management preventive measures, technical and physical safeguards in regard to access or control of access to Personal Data, to maintain confidentiality, integrity and completeness and the availability of Personal Data, to prevent the loss, unauthorized access, use, alteration, correction or disclosure of Personal Data.
6. Retention Period of Personal Data
The Company will retain your Personal Data for the period necessary to the purposes for which the Personal Data was processed, whereby the retention period will vary depending on the purposes for which such Personal Data. The Company will retain Personal Data for the period prescribed under the applicable laws (if any) and the Company will keep your Personal Data until the end of the lawsuit (if any).
After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company. In this regard, for additional details regarding the retention period of your Personal Data, you can contact the Company by using the contact details set out in article 9 contacting the Company.
7. Rights related to data subjects
- 7.1. Under the Laws on Personal Data Protection and under the Company's rights management process, you have the rights follows:
- 7.1.1. Withdraw the consent you have given to the Company for the processing of your Personal Data.
- 7.1.2. Request to view and copy your Personal Data or disclose the source where we obtain your Personal Data.
- 7.1.3. Send or transfer Personal Data that is in an electronic form as required by Personal Data protection laws to other data controllers.
- 7.1.4. Oppose the collection, use, or disclosure of Personal Data about you.
- 7.1.5. Delete or destroy of your Personal Data.
- 7.1.6. Suspend the use of your Personal Data.
- 7.1.7. Correct your Personal Data to be current, complete, and not cause misunderstanding.
- 7.1.8. Complain to the Personal Data Protection Committee in the event that the Company violate to comply with Personal Data protection laws.
- 7.2. If you wish to exercise any of the rights as specified in article 7.1. Please contact using the contact details set out in article 9 contacting the Company. However, may be c
- ases where applicable law restricts the exercise of any rights or there may be cases where the Company can refuse your request such as in the case of refusing to
- exercise your right to comply with the law or court order. In the case of refusing to exercise your right to comply with the law or court order if the Company refuses
- your request for such reasons. If you find that there is a violation of your Personal Data in accordance with the data protection law, please contact the Company to
- clarify the reasons and take corrective action according to your complaint.
- 7.3. In this regard, the process of receiving a request to exercise rights from you, the Company will consider and notify you within 30 days from the date of receipt of the
- request form as required by the Personal Data Protection Law.
8. Changes to This Privacy Notice
The Company may change or update this Privacy Notice from time to time and if there is a change in the Company's Personal Data protection practices due to reasons such as technological change or legal changes. The amendment to this Privacy Notice will become effective when the Company publishes the revised version on the website as follows
- 8.1. Hitachi Transport System Vantec (Thailand) Limited and TST Sunrise Service Limited on https://www.hitachi-tstv.com/en/privacypolicy
- 8.2. Eternity Grand Logistics Public Company Limited, Pands Group Logistics Company Limited and Eternity Consulting and Service Company Limited on
However, if revision has an effect on you as the Data Subject, the Company will notify you in advance of the revision as appropriate before it becomes effective.
9. Contacting the Company.
If you have any questions about any aspect of the Company’s practices in relation to your Personal Data, the Company appreciate to advise, provide data, suggestions and resolve your complaints by contacting Personal Data Protection Officer (DPO), Corporate Group Compliance Department. By using the contact data provided below:
- 9.1. By phone: 02 337-2086-99 Ext. 3111
- 9.2. By E-mail: TST-Corporate-Compliance@hitachi-tstv.com
- 9.3. By registered mail or express mail, sending a letter to:
- Personal Data Protection Officer (DPO).
- Corporate Group Compliance Department.
- No. 11/8-11/9, Moo 9, Bangchalong, Bangplee, Samut Prakan10540.
ISD-BLC1-LC-07_Privacy Notice for Visitor_01-Jul-2021_Rev00