Privacy Notice

/
/
Privacy Notice

PRIVACY NOTICE BANPU NEXT CO., LTD.

Announced on 27 May 2021

The Company realizes the significance of Personal Data protection, which represents one of the basic rights of privacy protected by law, and as such, the Company has issued this Privacy Notice as the foundation of protecting Personal Data disclosed by Data Subjects to the Company.

The Company suggests that Data Subjects read understand this Notice, which describes the manner by which the Company treats Personal Data of the Data Subjects, including their rights, as follows:

“Policy” refers to this Privacy Policy including its amendment which may be subsequently announced.
“Company” refers to Banpu NEXT Co., Ltd and its subsidiaries in Thailand.
“Personal Data” refers to any information relating to a person which can identify that person directly or indirectly by, e.g., name, surname, email, address, telephone number, images, use of cookies, etc.
“Data Subject” refers to a person to whom such Personal Data refers.
“Data Controller” refers to a person or a juristic person with the power and duties to make decisions regarding the collection, use or disclosure of Personal Data.
“Data Processor” refers to a person designated by the Company who proceeds with the collection, use or disclosure of Personal Data under the orders given by or on behalf of a Data Controller, and the person who proceeds as such is not a Data Controller.
“Act” refers to the Personal Data Protection Act B.E. 2562 (A.D. 2019)

This Policy shall apply to any persons to whom such Personal Data refers and/or any persons disclosing, possessing and/or having access to, Personal Data, including the Board of Directors, the Company’s management, staff at all levels of the Company and its partners, and also apply to such persons whose activities involve their Personal Data with the Company.

The Company shall collect, use or disclose Personal Data with limitations according to the purpose and scope which are lawful, necessary and fair, whereby such Personal Data to be protected shall include, but not limited to, the following information:
3.1 Name-surname;
3.2 Email;
3.3 Address;
3.4 Telephone number;
3.5 Identification number;
3.6 Images, photographs;
3.7 Use of cookies.

Personal Data shall not be collected, used or disclosed without consent of the Data Subject given in advance or at that time, unless permitted by law.

The request for such consent (1) shall be made expressly in writing or by electronic means, except where such consent may not be obtained by such means; (2) shall inform the purpose of collection, use or disclosure of Personal Data; and (3) shall be clearly and simply separated from other contents.

The Data Subject reserves the right whether to give his/her consent or to withdraw his/her given consent; the right of access to Personal Data; the right to data portability; the right to object to the collection, use or disclosure of Personal Data; the right to erasure or destruction of Personal Data or rendering it unidentifiable, as per the details in Clause 7.

The Company shall limit the collection, use, processing or disclosure of Personal Data to the extent as necessary and fair for sustainable business operations, taking into account the personal rights and liberty and security of Personal Data as appropriate and sufficient. The Company shall not collect, use process or disclose any Personal Data unless it is for the following purposes:

4.1 It is for preventing or suppressing a danger to a person’s life, body or health;
4.2 It is necessary for the performance of a contract for;
(a) Compliance with terms and conditions, exercise of contractual rights;
(b) Compliance with policies and work rules and regulations, such as, various policies of the Company, operating manuals, the Company’s regulations, work rules and/or access control for the Company’s office or premises, etc., in order for the Company’s various administration works to be more efficient and effective;
(c) General administration, health, safety and environmental management as well as human resources management, such as, procurement and engagement, acceptance and delivery of goods, recruitment, employment, health insurance, social security, workmen compensation fund, provident fund;
4.3 Compliance with rules, regulations, requirements or provisions of law, including orders or practices and requirements of the state, government, authorities, regulatory bodies, in order to ensure that the Company’s operations comply with contractual provisions, legal provisions and good governance principles;
4.4 It is necessary for the legitimate interests of the Company for;
(a) Operation or business purposes, such as, production, trading, distribution, exchange, hire of service, hire of work, provision of services, digging, transportation, provision or receipt of consultation, investment, borrowing of loans, receipt or payment of money, in the interest of the Company’s business operations for sustainable growth;
(b) Hazard prevention and security, occupational healthcare, quality and environmental care and/or risk management, both under normal circumstances and during crisis caused or to be caused by accident, in order to ensure that these tasks are efficient and cover all parties concerned such as CCTV record, self-authentication, ID card exchange to enter the premises
(c) Any other arrangements, such as, secretarial works, meetings, information on the Company’s directors, shareholders or securities, corporate governance, activities for common or public interest, announcement or other activities within and outside the organizations, etc., for being engaged in security and sustainability
4.5 It is as per the purposes which Data Subject consents to;
(a) Sales or marketing purposes, such as, promotional campaigns for marketing activities, sales promotion, survey and evaluation, in order to improve the efficiency and effectiveness of the provision of services and/or management of client or customer relations;
(b) Advertisements, public relations and communications, such as, inquiries, notifications, review, survey of opinions, data verification, news update or any other arrangements as necessary to better understand the Company’s business and services;
(c) Keeping records, storage of data, statistics and research, such as, monitoring, review, processing and analysis of data, in order to improve, rectify, develop and present new products and/or services to suit the requirements of the market, investors, customers, business partners and/or those involved with the Company;

The Company shall not disclose such Personal Data so collected without consent of the Data Subject in advance or at that time, unless such disclosure is;

5.1 to affiliated companies of the Company’s Group which shall be including but not limited to directors, executives, employees, the contractors of such affiliated companies;
5.2 to government, authorities or regulatory bodies;
5.3 to Data Subject’s authorized attorney, agent or legal guardian who is legally appointed;
5.4 to service providers who is directly responsible to the purposes of such data collection;
5.5 to comply with relevant laws and regulations.

The proper protection and security of Personal Data represent one of the basic rights and liberty available to the Data Subject. Therefore, the Company provides the Privacy Policy, operating manuals and/or appropriate security measures for Personal Data, in order to ensure that the collection, use and processing of Personal Data shall be limited, including the prevention of access, erasure, destruction and security of Personal Data, in compliance with the provisions of the Company’s policy on security of information technology, and the Company shall review and develop such policy, operating manuals and/or measures as necessary or when the technology has changed, so as to ensure the efficiency of such security and safety.

The Company respects the Data Subject who wishes to exercise its rights as follows:

7.1 Right to withdraw consent: The Data Subject shall have the right to withdraw his/her consent given to the Company at any time during the period his/her Personal Data remains in the Company’s possession.
7.2 Right of access: The Data Subject shall have the right to access his/her Personal Data and request the Company to make a copy of such Personal Data, and also request the Company to disclose how the Data Subject’s Personal Data was collected without his/her consent to the Company.
7.3 Right to data portability: The Data Subject shall have the right to request a transmission or transfer of his/her Personal Data provided to the Company to another Data Controller or the Data Subject.
7.4 Right to object: The Data Subject shall have the right to object to the collection, use, processing or disclosure of Personal Data, if he/she finds it invalid, inapplicable or unfair.
7.5 Right to rectification: The Data Subject shall have the right to request the Company to rectify any information to be up-to-date, correct or complete.
7.6 Right to erasure: The Data Subject shall have the right to request the Company to erase or destroy his/her Personal Data or render it unidentifiable to the Data Subject, due to the absence of its power to collect the same or when it is not necessary.
7.7 Right to restriction of processing: The Data Subject shall have the right to restrict the use of his/her Personal Data pending data verification or when it is no longer necessary.

Once the Act is fully effective following the expiry of the grace period granted by the Royal Decree Establishing Organizations and Businesses that the Data Controllers are Exempted from the Applicability of the Act B.E. 2564 (A.D. 2021) Number 2, Data Subject shall be able to access to channel given by the Company to exercise its rights.

The Company may collect Personal Data within a necessary period to pursue purposes as listed in Clause 4 of this Privacy Notice that shall be considered as necessary and appropriate unless such collection is to comply with any relevant laws.

The Company may consider reviewing the Notice to be in line with the Act, ministerial regulations, notifications, practices and other relevant rules. Upon any change in the Notice, the Company shall keep you informed of such change by way of announcement on the Company’s website. Should there be any discrepancy between the new and the existing Notice, the new Notice shall prevail.

Should this Notice not cover anything addressed by any ministerial regulation or announcement which will be subsequently issued under the Act, such ministerial regulation or announcement shall apply as if it were an integral part of this Notice.

The Data Subject who has provided the Company with his/her Personal Data may contact the Company’s Data Protection Officer (DPO) in order to exercise his/her rights under Clause 6 above (as per the details in the “Contact Channels” below).

Contact Channels
Details of the Data Protection Officer (DPO)

Name of DPO
Vice President Corporate Compliance and/or acting personnel in such capacity

Contact Address
27th Floor, Thanapoom Tower, 1550 New Petchburi Road, Makkasan, Ratchathewi, Bangkok 10400, Thailand

Contact Channels
Telephone: +66 2694 6600
Facsimile: +66 2207 0696-7
E-mail: dpo@banpu.co.th
Website: www.banpunext.co.th

This Notice is governed by and construed in accordance with Thai laws, and Thai courts shall have the competent jurisdiction over any dispute arising from this Notice.