For the purpose of complying with the Personal Data Protection Act B.E. 2562 (2019) and subordinate laws issued thereunder, including any amendments which may be made thereto, (hereinafter referred to be “Laws on Personal Data Protection”), Hitachi Transport System Group Thailand i.e Hitachi Transport System Vantec (Thailand) Limited, TST Sunrise Service Limited, Eternity Grand Logistics Public Company Limited, Pands Group Logistics Company Limited, Eternity Consulting and Service Company Limited (hereinafter referred to be "Company”) has prepared this Personal Data Privacy Notice (hereinafter referred to be “Privacy Notice”) for Business Partner (hereinafter referred to be “you”) to inform data subject for the purpose of collecting Personal Data, lawful basis, the retention period, disclosure of Personal Data (hereinafter referred to be “Processing”) Data about the Personal Data controller and the rights as the data subject. The details are as follows.
Under this Privacy Notice, the definitions used are as follows:
- 1.1. Business Partner mean (1) persons who provide quotations for products and/or services to be sold to the Company or have registered as vendors with the Company or
- have any other relationships of a similar nature with the Company, such as service providers, consultants, experts, academics, contracting parties or any other
- ppersons having similar characteristics, etc.; (2) persons who are related to or act as representatives of Business Partner who are juristic persons such as directors,
- employees, representatives of Business Partner.
- 1.2. Personal Data means any data relating to a Person, which enables the identification of such Person, whether directly or indirectly, (but not including the data of the
- deceased Persons in particular).
- 1.3. Sensitive Personal Data means data about race, ethnicity, political opinion, creed, religious or philosophical belief, sexual behavior, Criminal records, health data, disability
- data, trade union data, genetic data, biometric data or any data that may affect the owner of the data in the same way.
2. Types of Personal Data collected and Personal Data Protection
The Company will collect various types of personal data that you provide directly to the Company from the operation or sales channels / services / receiving various services of the Company under the terms/based processing as required by law as stated as follows:
- 2.1. General Personal Data include:
- 2.1.1. Personal data such as name-surname, title, age, gender, photograph, video, date of birth, nationality, marital status, data from official documents (such as ID card
- number, passport number, taxpayer identification number, driver's license number, house registration number), vehicle data (such as vehicle registration number), signature (including electronic signature, bank account and payment data such as the name of the owner of the bank account), etc.
- 2.1.2. Contact data such as telephone numbers, mobile phone numbers, fax numbers, addresses, email addresses, and other similar data, etc.
- 2.1.3. Other data related to the relationship between the Company and Business Partners such as your data that provide to the Company as which appears in a contract,
- survey, or transaction data that you have with the Company, etc.
- 2.1.4. Data of other parties related to you, such as your employee data.
- 2.1.5. Other data, such as voice recording of conversations, and video recording by means of CCTV, etc.
- 2.2. Sensitive Personal Data
- 2.2.1. Biometric data such as fingerprint and face image data in order to identify and confirm your identity to prevent crime and safeguard legitimate interests of us or
- 2.2.2. Data about criminal records to consider your suitability with our operations and protect legitimate interests of us or other persons.
- 2.2.3. Sensitive Personal Data, such as religion and blood group that appears on the copy of your identification card for any specific purpose. If you have provided a copy
- of your ID card to the Company, ask you to conceal such data. If you do not conceal the above data, you authorize the Company to conceal and the document is deemed to be concealed valid with enforceable in all respects by law. However, if the Company is unable to conceal data due to some technical limitations. The Company will collect and use such data only as part of your identity document.
- 2.3. If necessary, the Company will process your Sensitive Personal Data with your explicit consent or for other purposes as required by law. We will use our best efforts to
- provide security measures that is appropriate to protect your Sensitive Personal Data.
- 2.4. Data about criminal records, which will be collected from the evidence provided by you or you consent us to acquire from a relevant authority. The Company will impose
- measures to protect your Sensitive Personal Data as required by law.
- 2.5. Retention of Personal Data, the Company collects Personal Data according to the nature of the data received.
- 2.5.1. Personal Data in electronic (Soft Copy) from the Company's computer system will be stored in the Company's central database that maintains and maintains the
- security of data, assigns access control rights, including control rights. Enter the computer room. In the case of cloud-stored data, the Company utilizes a cloud service provider that has received ISO/IEC 20000-1:2011 International Cloud Service Management and CSA STAR Certification. Information security system in accordance with international standards ISO/IEC 27001:2013.
- 2.5.2. Personal Data in paper Document (Hard Copy), for paper documents in the process of Company’s operations are stored in the Company's secure area where
- access rights are set. The finished paper documents are stored in a secure document storage facility.
3. Purposes and Lawful Basis for the Collection, Use, Disclosure and Processing of your Personal Data
The Company will collect, use and/or disclose your Personal Data in accordance with the relationship between the Company and you only if necessary with Based on Legitimate Interest Base, Contract Performance Base, Legal Compliance Base, Consent Base or other legal bases as determined by the Personal Data Protection Act as the case may be, for the purposes of collecting, using or disclosing the Company's data as follows:
- 3.1. For the purpose of used to process your request prior to entering into a contract or to perform the contract which the Business Partner is a party to the company.
- 3.2. For the legitimate interests of the Company or another person.
- 3.2.1. For the purpose to perform the contract with our Business Partner. We process your personal data for procurement, inspection, payment of goods and services,
- relationship management, evaluate the work according to the agreements specified in the purchase order, contract, or other documents relevant to the procurement process including managing relationships with you.
- 3.2.2. For the purpose to manage, develop, and conduct our business operations which include administration management and development (including websites and
- applications), research (e.g. interviews, questionnaires), fraud prevention and detection, crime prevention, maintenance of data technology (IT) systems.
- 3.2.3. For the purpose of safety, such as providing security measures such as entering the company's area.
- 3.2.4. For the purpose of notify news and benefits via letter, emails, SMS, applications, social media and telephone.
- 3.2.5. For the purpose of exercise of legal claims.
- 3.3. For the purpose of preventing or suppressing danger to a person’s life, body, or health basic such as emergency contact, control and prevention of communicable
- 3.4. For the purpose of complying with the laws such as compliance with the provisions of the law, rules and orders of those with legal authority.
- 3.5. For the purpose of the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
- 3.6 In the event of use other than the purpose to Clause 3.1-3.5. Collecting your Personal Data that you will be informed of the details and the Company will request your
- 3.7. Where the Company has previously collected your Personal Data before the Laws on Personal Data Protection have become effective, the Company will continue to
- collect and use your Personal Data in accordance with the original purposes of collection. In this regard, you have the right to withdraw your consent by contacting the
- Company using the contact details set out in article 9 contacting the Company. However, the Company reserves the right to consider your request for the withdrawal
- of consent and proceed in accordance with the Laws on Personal Data Protection.
4. Disclosure of Personal Data
- 4.1. The Company may need to disclose your Personal Data in accordance with the purposes and rules prescribed under the law on Personal Data protection by providing
- appropriate measures to protect your Personal Data disclosed to the following persons and entities:
- 4.1.1. Hitachi Transport System group of companies are shall include executives, directors, employees and/or internal personnel to the extent and as necessary for the
- processing of your Personal Data.
- 4.1.2. Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/Processing of
- Personal Data for the Company in the provision of various services or any other services which may be beneficial to you or relevant to the Company’s business operation.
- 4.1.3. Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company.
- 4.1.4. Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or relevant
- to the legal process or which were granted permission pursuant to applicable laws, such as Revenue Department, Ministry of Commerce, Office of the Personal Data Protection Commission, etc.
- 4.2. The disclosure of your Personal Data to third parties other than article 4.1 shall be in accordance with the Purposes or other purposes permitted by law, provided that if
- the law requires your consent to be provided, the Company will request for your prior consent. And the Company will put in place appropriate safeguards to protect
- the Personal Data that has been disclosed and to comply with the standards and duties relating to the protection of Personal Data as prescribed by the Laws on
- Personal Data Protection.
- 4.3. Where the Company sends or transfers your Personal Data as specified in article 4.1 and 4.2.which are outside Thailand, the Company will ensure that the recipient
- country, the international organization or such overseas recipient has a sufficient standard for the protection of Personal Data. In some cases, the Company may
- request your consent for the transfer of your Personal Data outside Thailand, subject to the requirements under Laws on Personal Data Protection.
5. Security of Personal Data
The Company has provide appropriate security measures to prevent of Personal Data as required by the law on Personal Data protection. It's covers management preventive measures, technical and physical safeguards in regard to access or control of access to Personal Data, to maintain confidentiality, integrity and completeness and the availability of Personal Data, to prevent the loss, unauthorized access, use, alteration, correction or disclosure of Personal Data.
6. Retention Period of Personal Data
The Company will retain your Personal Data for the period necessary to the purposes for which the Personal Data was processed, whereby the retention period will vary depending on the purposes for which such Personal Data. The Company will retain Personal Data for the period prescribed under the applicable laws (if any) and the Company will keep your Personal Data until the end of the lawsuit (if any).
After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company. In this regard, for additional details regarding the retention period of your Personal Data, you can contact the Company by using the contact details set out in article 9 contacting the Company.
7. Rights related to data subjects
- 7.1. Under the Laws on Personal Data Protection and under the Company's rights management process, you have the rights follows:
- 7.1.1. Withdraw the consent you have given to the Company for the processing of your Personal Data.
- 7.1.2. Request to view and copy you’re Personal Data or disclose the source where we obtain your Personal Data.
- 7.1.3. Send or transfer Personal Data that is in an electronic form as required by Personal Data protection laws to other data controllers.
- 7.1.4. Oppose the collection, use, or disclosure of Personal Data about you.
- 7.1.5. Delete or destroy of your Personal Data.
- 7.1.6. Suspend the use of your Personal Data.
- 7.1.7. Correct your Personal Data to be current, complete, and not cause misunderstanding.
- 7.1.8. Complain to the Personal Data Protection Committee in the event that the Company violate to comply with Personal Data protection laws.
- 7.2. If you wish to exercise any of the rights as specified in article 7.1. Please contact using the contact details set out in article 9 contacting the Company. However, may be
- cases where applicable law restricts the exercise of any rights or there may be cases where the Company can refuse your request such as in the case of refusing to
- eexercise your right to comply with the law or court order. In the case of refusing to exercise your right to comply with the law or court order if the Company refuses
- your request for such reasons. If you find that there is a violation of your Personal Data in accordance with the data protection law, please contact the Company to
- clarify the reasons and take corrective action according to your complaint.
- 7.3. In this regard, the process of receiving a request to exercise rights from you, the Company will consider and notify you within 30 days from the date of receipt of the
- request form as required by the Personal Data Protection Law.
8. Changes to This Privacy Notice
The Company may change or update this Privacy Notice from time to time and if there is a change in the Company's Personal Data protection practices due to reasons such as technological change or legal changes. The amendment to this Privacy Notice will become effective when the Company publishes the revised version on the website as follows
- 8.1. Hitachi Transport System Vantec (Thailand) Limited and TST Sunrise Service Limited on https://www.hitachi-tstv.com/en/privacypolicy
- 8.2. Eternity Grand Logistics Public Company Limited, Pands Group Logistics Company Limited and Eternity Consulting and Service Company Limited on
However, if revision has an effect on you as the Data Subject, the Company will notify you in advance of the revision as appropriate before it becomes effective.
9. Contacting the Company.
If you have any questions about any aspect of the Company’s practices in relation to your Personal Data, the Company appreciate to advise, provide data, suggestions and resolve your complaints by contacting Personal Data Protection Officer (DPO), Corporate Group Compliance Department. By using the contact data provided below:
- 9.1. By phone: 02 337-2086-99 Ext. 3111
- 9.2. By E-mail: TST-Corporate-Compliance@hitachi-tstv.com
- 9.3. By registered mail or express mail, sending a letter to:
- Personal Data Protection Officer (DPO).
- Corporate Group Compliance Department.
- No. 11/8-11/9, Moo 9, Bangchalong, Bangplee, Samut Prakan10540.
ISD-BLC1-LC-06_Privacy Notice for Business Partner_01-Jul-2021_Rev00