Personal Data Protection Policy Announcement

In recognizing the importance of customer’s personal data, Siam Borihand Co.,Ltd. and its subsidiaries have established a policy to determine secure data processing and collection procedures to protect personal data and comply with the Personal Data Protection Act B.E. 2562 as below.

1. Personal Data

“Personal data” shall mean personal information that can be used to identify a person whether directly or indirectly, but not including data of the deceased.

“Company” shall mean Siam Borihand Co.,Ltd. and its subsidiaries that may process personal data of service users obtained through this website.

“Service user” shall mean a natural person or legal entity that provides information to the company through this website.

2. Data Collection

The data collection shall be conducted within the purpose, scope, and method allowed by the law, justifiable, and to the extent necessary to provide the applicable services. The company shall arrange to obtain consent from the data owner in writing or through an electronic means, except where consent may not be obtained due to certain circumstances or exempted by the law, in the following cases.

  • To comply with relevant law
  • For the benefit of the police investigation or court proceeding
  • For the benefit of the service user when impossible to obtain consent at that time
  • For legal benefits of the company or other persons or entities that are not the company
  • To protect the life, body or health of a person
  • To perform a contractual obligation where the data owner is a contractual party, or to provide a service requested by the data owner prior to the agreement.
  • For the purpose of the National Archives, public use, study, research, and statistics, in which appropriate security measures are in place.

In some cases where the company is required to collect sensitive information such as race, religion, philosophy, sexual inclination, disability, labor union, genetic data, biodata, and health data, the company shall arrange to explicitly obtain consent from the data owner.

3. Personal Data Protection

The company has implemented personal data protection measures and a policy that are applicable and in compliance with the law to ensure that the data is processed for relevant purposes and securely, and to prevent loss, unauthorized access, destruction, modification, alteration, or disclosure. The company also ensures that the employees are aware of their role and responsibility in data collection, storage, usage, and disclosure. The company reviews the measures and policy from time to time.

4. Data Processing Purpose

The company may collect, use, process, transfer, or disclose your data on this website for the following purposes.

  • To perform service obligation required under the terms of service.
  • To analyze the user’s interests to be able to offer customized privileges or services according to the user’s interests.
  • To improve the services.
  • To provide support services such as providing user guidelines and solutions.
  • To send news, information, and email notifications of promotions that the user may be interested in.

5. Personal Data Disclosure

As the company recognizes the importance of personal data, it shall not disclose user’s personal data to outsiders, except in the following cases.

  • Obtained consent from the data owner.
  • Upon receiving a court order, or required by the authority or the law to disclose the data.
  • Disclosed to subsidiaries, business partners, consultants, employees, affiliates of the company to perform a contractual obligation.
  • Other cases permitted under relevant agreements and the law.

6. Data Storage Duration

The company shall store your data as necessary for the relevant products and services, and the duration after the contractual or service period made with the company, as required by the service or applicable laws such as the accounting law, anti-money laundering law, taxation law, and the company’s policy and terms of service. The personal data shall be deleted, rendered unidentifiable, or destroyed at the end of the storage period.

7. Data Owner Rights

The users shall have the right to personal data under this agreement and applicable laws as below.

  • The right to access the personal data and obtain a copy of it.
  • The right to update the personal data.
  • The right to obtain upon request the personal data in a format readable or usable by an automatic tool or equipment, if made available, usable by the company, or possible to disclose through an automatic mean.
  • The right to request the personal data to be rendered unidentifiable when such data is no longer required or when the data owner revokes the consent.
  • The right to suspend the use of the personal data when the data is to be deleted or no longer required.
  • The right to revoke the data processing consent.