We, Yokohama Tire Sales (Thailand) Co., Ltd.  respect and place importance to the rights of our customers, suppliers, employees, etc. with regard to their Personal Data. This Personal Data Protection Policy aims to discuss our management systems with respect to the Personal Data protection and to establish how we, as the Data Controller, handle the Personal Data of data subjects according to the Personal Data Protection Act B.E. 2562 (2019) and the subordinate regulations and notifications issued thereunder.

1.     Definitions

The following terms used in this Personal Data Protection Policy shall have the meaning as follows:

“Data Controller” means a natural person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data;

“Data Processor” means a natural person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of the Data Controller, whereby such natural person or juristic person is not the Data Controller;

“PDPA” means Thailand’s Personal Data Protection Act B.E. 2562 (2019), including its amendments (if any) and the subordinate regulations and notifications issued thereunder;

“PDPC” means the Personal Data Protection Committee; 

“PDPC Office” means the Office of the Personal Data Protection Committee; 

“Personal Data” means any information relating to a natural person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular. The Personal Data shall include the Sensitive Data; and

“Sensitive Data” means the Personal Data pertaining to race, ethnic origin, political opinions, belief in cults, religions or philosophy, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner as prescribed by the PDPC.

2.     Collection of Personal Data

The collection of the Personal Data of the data subjects by us will be limited to the extent necessary in relation to our lawful purposes only and in compliance with the PDPA in all respects.

We will collect the Personal Data for the use or disclosure to the extent necessary to accomplish the purposes notified to the data subjects and in accordance with the lawful basis for collection as provided by the PDPA. In the event of collection of the Personal Data without lawful basis, we will proceed to obtain prior consent from the data subjects as required by the PDPA.

In addition, we will notify the data subjects of the following information as required by the PDPA before or during the collection of the Personal Data:

(1)  the purposes of the collection for use or disclosure of the Personal Data;  

(2)  the notification of the case where the data subject must provide his/her Personal Data for compliance with a law or contract, including notification of the possible effects where the data subject does not provide such Personal Data;

(3)  the Personal Data to be collected and the period for which the Personal Data will be retained;

(4)  the categories of persons or entities to whom the collected Personal Data may be disclosed;

(5)  our contact information; and

(6)  the rights of the data subject under the PDPA.

We will collect the Personal Data directly from the data subjects only. In case that it is necessary to collect the Personal Data from other sources, we will inform the data subjects of the collection of the Personal Data from other sources within 30 days upon the date of the collection and will obtain the consent from the data subjects, unless it is the Personal Data which is exempted from the requirement of consent from the data subjects as provided by the PDPA.

3.     Use and Disclosure of Personal Data

We will collect, use, or disclose the Personal Data according to the purposes notified to the data subjects prior to or at the time of the collection.

The collection, use, or disclosure of the Personal Data will not be conducted in a manner that is different from the purposes previously notified to the data subjects prior to or at the time of the collection, unless:

(1)  the data subject has been informed of such new purpose, and the consent is obtained prior to the time of collection, use, or disclosure; or

(2)  it can be done by the provisions of the PDPA or by other laws.

We will not use or disclose the Personal Data of data subjects without obtaining prior consent from the data subjects, except for the cases where the consent is not required by the PDPA.

In order to fulfil the purposes for which the Personal Data is collected, we may disclose the Personal Data to third parties. In this case, we will take action to prevent those third parties from using or disclosing the Personal Data unlawfully or without authorization as required by the PDPA.

4.     Retention Period for Personal Data

We will retain the Personal Data in our possession to the extent necessary to achieve the purposes of use of such Personal Data. To determine appropriate retention periods for the relevant Personal Data, we will consider the volume, nature, sensitivity, potential risks of unauthorized use or disclosure, purposes of use and applicable legal requirements of the Personal Data.

When the retention period ends, or when the Personal Data becomes irrelevant or is beyond the purpose necessary for which it has been collected, or when the data subject has requested for erasure or destruction of the Personal Data, or when the data subject has withdrawn the consent, we will erase or destroy such Personal Data unless otherwise provided by the PDPA or other laws.

5.     Transfer of Personal Data outside of Thailand

If we send or transfer the Personal Data outside of Thailand, the destination country or international organization that receives the Personal Data shall have in place adequate data protection standards which are in accordance with criteria and requirements for personal data protection as prescribed by the PDPC, unless certain exemptions as provided by the PDPA apply.

Further, if we send or transfer the Personal Data to the Data Controller or the Data Processor, who is in a foreign country and is in the same affiliated business or is in the same group of undertakings in order to jointly operate the business or group of undertakings, such sending or transfer will be in accordance with our Personal Data protection policy reviewed and certified by the PDPC, which shall be exempted from the requirement in relation to the adequate data protection standards of the destination country or international organization as abovementioned.

6.     Respect for the Rights of the Data Subject

We acknowledge and respect the rights of the data subjects as provided by the PDPA and we will respond to the requests of the data subjects with regard to the Personal Data in good faith, without delay, and in accordance with the PDPA.

Under the PDPA, the data subject has the following rights:

(1)  right to withdraw consent given to us at any time; however, the withdrawal of consent will not affect the collection, use, or disclosure of the Personal Data that the data subject has already given the consent legally;

(2)  right to request to access to and obtain copy of the Personal Data related to the data subject, which is under our responsibility, or to request the disclosure of the acquisition of the Personal Data obtained without the data subject’s consent;

(3)  right to receive the Personal Data concerning the data subject in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. The data subject is also entitled to:  

(i)    request us to send or transfer the Personal Data to other Data Controllers; and

(ii)  request to directly obtain the Personal Data that we have sent or transferred to other Data Controllers;

(4)  right to object the collection, use, or disclosure of the Personal Data concerning the data subject, at any time under certain circumstances;

(5)  right to request us to erase or destroy the Personal Data, or anonymize the Personal Data to become the anonymous data which cannot identify the data subject under certain circumstances;

(6)  right to request us to restrict the use of the Personal Data under certain circumstances;  

(7)  right to request us to keep the Personal Data relating to the data subject accurate, up-to-date, complete, and not misleading; and

(8)  right to file a complaint in the event that we, including our employees or contractors, violate or do not comply with the PDPA.

7.     Implementing Security Measures

In order to ensure the accuracy and security of the Personal Data, any Personal Data collected by us will be protected by the measures which should consist of the administrative, technical and physical safeguards with the appropriate tracking system to trace the access, alteration, deletion, or transfer of the Personal Data.

Our security measures will be reviewed when it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety, and are in accordance with the minimum standards specified and announced by the PDPC.

8.     Notification of Personal Data Breach

In the event of the Personal Data breach, we will notify the PDPC Office of any Personal Data breach without delay and, where feasible, within 72 hours after having become aware of it, unless such Personal Data breach is unlikely to result in a risk to the rights and freedoms of the persons. If the Personal Data breach is likely to result in a high risk to the rights and freedoms of the persons, we will also notify the Personal Data breach and the remedial measures to the data subjects without delay.

9.     Maintenance of Personal Data Records

We will maintain the records regarding the collection, use and disclosure of the Personal Data, which can be either in a written or electronic form, in order to enable the data subjects and the PDPC Office to check upon as required by the PDPA.

We will ensure that the Personal Data in our possession remains accurate, up-to-date, complete, and not misleading.

10.  Changes to this Personal Data Protection Policy

We reserve the right to amend the terms of this Personal Data Protection Policy at our discretion without informing you in advance to be in accordance with the PDPA.

11.  Contact Channel

In case that you have any question, please contact us by using the following information:

Name:                                        Yokohama Tire Sales (Thailand) Co., Ltd.

Contact Address:            12th Floor, Zone A,B Thanapoom Tower, 1550 New Petchburi Road, Makkasan, Ratthewi, Bangkok 10400

Telephone No.:              02-652-6996-7

E-mail:                          Sirima_j@yokohama.co.th        

Responsible person:       Mr. Sirima Jiramanit

 

Issued on May 27, 2022