Privacy Policy
YKK AP (Thailand) Co., Ltd. realizes the importance of personal data in order to comply with the Personal Data Protection Act B.E. 2562. Company has made this policy to inform the collection, use, disclosure or transfer of personal data as the following message.
1. Objective
This policy is designed to inform data subject or data owner aware the purpose of collecting personal data to use or disclose the legal base (Lawful basis) personal data that will be collected under the retention policy, personal data about the company and rights of personal data subjects under Section 23 of the Personal Data Protection Act B.E. 2562, therefore, the company has established this personal data protection policy.
2. Personal data we collect, objective, legal base, and retention of personal data
The company will collect personal data from various channels, whether directly or indirectly, in hard copy or electronic form. However, the company may collect personal data from any other sources, which is the result of the analytics and statistics of the usage or access to relevant systems. Processing of personal data will be performed as necessary for the purposes for which the company stated in this policy.
2.1 Personal Data to be collected
- Personal information such as full name, age, date of birth, etc.
- Contact information such as residential address, telephone numbers, email addresses, etc.
- Account details such as username, password, etc.
- Technical information such as information about the use of the website and the company’s systems, computer traffic information (log), contact information and communication between the data subject and other users Information from usage logs such as device identifiers, computer IP address. ID device type mobile network data connection information geolocation information, Type of browser (Browser) log information, application data or websites that the data subject accesses before and after (Referring Website), records of system usage history Log, transaction log, usage behavior System usage statistics, and Access Time.
- Other such as photo, video, and other information that is considered personal data under the Personal Data Protection Laws.
- All interests and opinions that personal data subject has expressed through company’s system (if any), information about the activities of the personal data subject in the company’s system, questionnaire information that obtained from the data subject’s contact with the company or the company’s team.
2.2 Retention and retention period of personal data
2.2.1 We will retain your personal data as hard copy and electronic form, for example, by storing the data in a server with restricted access or with a cloud service provider whom partnered with the company, etc.
2.2.2 The collection of personal data shall be limited to the extent necessary in relation to the lawful purpose, use and disclosure personal data as informed to the personal data subject until the personal data subject terminates the relationship with the company. The company may be required to keep the data subject’s personal data for a period of time required by law.
3. Use of Data
We use the collected data for various purposes:
- To create and manage accounts
- To provide products or services
- To improve products, services, or user experiences
- To share and manage information within organization
- To conduct marketing activities and promotions
- To provide after-sales services
- To gather user’s feedback
- To process payments of products or services
- To comply with our Terms and Conditions
- To comply with laws, rules, and regulatory authorities
4. Changing the Purpose of Use of Personal Data
We may change this Privacy Policy from time to time. The company will notify you of the new purpose and obtain your consent before the processing of personal data or the provisions of the law allow it to be done.
5. Security measures to protect personal data
Company has implemented to appropriate security measures, security of personal data means maintaining confidentiality, integrity, and availability of personal data. This is to prevent the loss, access, use, alteration, correction or disclosure of personal data.
Company has informed about the security measures of personal data, including raise awareness of the importance of personal data protection.
Company has provided measures to maintain the security of personal data which covers measures to prevent management Administrative safeguards, technical safeguards and physical safeguards regarding access or access control include the following actions:
- Controlling access to personal data and devices for storing and processing personal data with regard to usage and security.
- Determination of permission or assignment of right to access personal data.
- User access management to control access Personal data only for authorized persons.
- Determining user responsibilities to prevent unauthorized access to personal data, disclosure, acknowledgment, or illegal copying of personal data, theft of personal data storage or processing equipment.
- Providing a means to enable retrospective review of access, alteration, deletion or transfer of personal data to be consistent with the methods and mediums used for collecting, using or disclosing personal data.
In addition, measures are also reviewed as needed or as technology changes in order to be effective in maintaining appropriate security.
6. Transfers the Personal Data to a foreign country
In the event that company send or transfer personal data to a foreign country, for example, Cloud Computing service providers who have platforms or servers located abroad, Data Processor, Platform as a Service (PaaS) providers, etc. for the purposes for which the company stated in this policy. The destination country or international organization receiving personal data have to adequate personal data protection measures and will be able to enforce the rights of the personal data subject as well as having effective legal remedial measures in accordance with the rules announced by the Personal Data Protection Committee.
7. Rights of the data subject
Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:
- Withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
- Data access: You have the right to access your personal data that is under our responsibility; to request us to make a copy of such data for you; and to request us to reveal as to how we obtain your personal data.
- Data portability: You have the right to obtain your personal data if the we organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
- Objection: You have the right to object to collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
- Data erasure or destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or retention of the data by us is no longer necessary in connection with related purposes under this Privacy Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
- Suspension: You have the right to request us to suspend processing your personal data during the period where we examine your rectification or objection request; or when it is no longer necessary and we must erase or destroy your personal data pursuant to relevant laws but you instead request us to suspend the processing.
- Rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
- Complaint lodging: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.
You can exercise these rights as the Data Subject by contacting our Data Protection Officer as mentioned below. We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reason via SMS, email address, telephone, registered mail (if applicable).
8. Disclosure of Personal Data
We may disclose your personal data to the following parties in certain circumstances:
Service Providers
We may use service providers to help us provide our services such as payments, marketing and development of products or services. Please note that service providers have their own privacy policy.
Business Partners
In relation with our business partners, we may disclose certain personal data to them in order to coordinate and provide our products or services to you and provide necessary information about the availability of our products or services.
The company affirms to keep our customers’ and stakeholders’ collected personal data confidential, and not use it for other objectives than the lawful objectives, or for the company’s business operations.
9. Minors
If you are under the age of 20 or having legal restrictions, we may collect use or disclose your personal data. We require your parents or guardian to be aware and provide consent to us or allowed by applicable laws. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
10. Advertising and Marketing
We may send certain information or newsletter for the purpose of utilizing your preference via your email. If you no longer want to receive the communications from us, you can click the “unsubscribe” link in the email or contact us through our email.
11. Cookies
To enrich and perfect your experience, we use cookies or similar technologies to display personalized content, appropriate advertising and store your preferences on your computer. We use cookies to identify and track visitors, their usage of our website and their website access preferences. If you do not wish to have cookies placed on your computer, you should set their browsers to refuse cookies before using our website.
12. Data Breach Notification
We will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, we will also notify the personal data breach and the remedial measures to you without delay through our website, SMS, email address, telephone or registered mail (if applicable).
13. Links to Other Sites
The purpose of this Privacy Policy is to offer products or services and use of our website. Any websites from other domains found on our site is subject to their privacy policy which is not related to us.
14. Contact Information
If you have any questions about this Privacy Policy or would like to exercise your rights, you can contact us by using the following details:
Data Controller
YKK AP (Thailand) Co., Ltd.
55 Wave Place, 13th Floor, Wireless Road, Lumpini, Pathumwan, Bangkok 10330
www.ykkap.co.th
02-655-6334