Privacy and Cookies Policy

Privacy Policy

Privacy Policy for Employee and visitors of 

TOYOTOMI Auto Parts (Thailand) Co., Ltd.

 

TOYOTOMI Auto Parts (Thailand) Co., Ltd. recognizes the importance of the privacy rights and the protection of Personal Data of Customers. The Company hereby implements this Privacy Policy to notify the principle for Personal Data protection with the following context:

1. Definitions

In this Privacy Policy, words or messages have meanings as described in the following definitions:

Company	means TOYOTOMI Auto Parts (Thailand) Co., Ltd.
Customer	means a employee, a visitors, or a client using the services of the Company, the use of the Website, or other services of the Company. This also apply to a business partner(s) and an interested person(s).
Data Controller	means the Company that has the authority to make decisions about the Personal Data and to obtain the Personal Data from the Customer to provide services or to perform contract obligations with such persons.
Data Processer	means a natural person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller.
Data Protection Officer	means officer(s) appointed by the Data Controller to perform and act as the Data Protection Officer in accordance with the Personal Data Protection Act B.E. 2562.
Website	means any website owned or provided by TOYOTOMI Auto Parts (Thailand) Co., Ltd. as the case may be.
Personal Data	means any Personal Data which can be identified a natural person directly or indirectly according to Section 6 of the Personal Data Protection Act B.E. 2562.
PDPA	means Personal Data Protection Act B.E. 2562, as amended, including relevant rules, regulations, and orders.
Processing of Personal Data	means the collection, use, and/or disclosure of Personal Data in which you are the data subject.

2. General Provision

This Privacy Policy aims to explain how the Company collects uses and/or discloses and protects Personal Data of Customer. Whereby the Company may improve or amend any material changes in this Privacy Policy whether in whole or in part to comply with the amending laws and regulations. Therefore, you should regularly access this Privacy Policy and follow up about the current version.

3. Collection of Personal Data

The Company will collect your Personal Data for the use of business operations and shall collects only to what necessary to fulfil the purposes of Personal Data processing and to comply with PDPA in the following ways:

• Categories of Personal Data

Your Personal Data that being Processed in this Privacy Policy whether directly given to the Company or indirectly received from third parties or other sources shall be categorized in the following ways:

• Personal Data that the Company collects, such as
  • Personal information and contact information such as name and surname, national identification card number, passport number, photos, gender, date of birth, age, status, address, workplace information, telephone number, fax number, email address, etc.
  • Financial information such as bank account information or tax pay identification number.
  • Information necessary for references or for your transactions such as Personal Data as shown in the copy of identification card, copy of passport, copy of house registration, copy of driving license, copy of vehicle registration, vehicle registration number, copy of power of attorney, invoices, receipts, or payment vouchers, etc.
  • Technology Information such as log, IP address, location, browser, referring website, login log, transaction log, access time, searched information, social media, website function usage, cookies, or other technologies in the same manner, etc.
  • CCTV footage which records your stills and moving footages, voice records or other Personal Data which can identified a natural person.
• Sensitive Data is defined in Section 26 of PDPA as Personal Data pertaining to biometric data, finger scan, face recognition, religious, health data, racial, criminal records, etc. However, the Company do not collect, use and/or disclose for Sensitive Data from you unless the Company obtained your consent for processing of such sensitive data or it falls under any exception as prescribed by this privacy policy or the law.

• Sources of Personal Data
  • The Company may collect Personal Data directly obtained from you, for example, from using the Company’s services or from filling your Personal Data through Company’s Websites or though other available channels, or when you entered into a contract or transaction with the Company and submitted or make copy of any document relating you to the Company, or when you submitted your inquiries, feedback, or complaint to the Company, etc.; or
  • The Company may collect your Personal Data obtained from third parties such as through government agencies, through business partners of the Company, or through other reliable websites, etc.
• In conducting transactions, or contract and agreements, or complying with legal obligations, if you choose not to provided information or provide inaccurate or outdated information to the Company, you may subject to certain restriction. For example, you may be unable to conduct any transactions with the Company or may be unable to demand certain performance of a contract with the Company. All these restrictions may potentially cause damages and loss of opportunity to you and may potentially affect any legal obligation in which you or the Company, as the case may be, is under obligation to comply.
• Retention Period of Personal Data

The Company shall collect and retain your Personal Data for as long as necessary for the purposes of collecting, use, and disclosure of Personal Data in this Policy. In case you terminate relationship or an agreement with the Company, or no longer using the services or the business transaction has been executed, or when your Personal Data is no longer necessary in relation to the specified purposes, the Company shall store your Personal Data for specified period or as specified by the law, or by prescription period or for exercise or defense of legal claims. After the expiration of the storage period of each type of Personal Data, the Company shall proceed to erase or destroy or make anonymize of such Personal Data.

4. Purposes of Processing of Personal Data

The Company processes your Personal Data for the purposes in accordance with lawful basis under PDPA as follows:

• For membership or account registration purpose and for the benefit in verifying or identifying the Customer’s authentication when accessing or using the services or entering into a contract with the Company, including for compliance with your requests or performance of a contract between you and the Company;
• For services management purposes such as when the Company received purchase order and/or services from you, the Company shall proceed to prepare products and/or services, shipping products, billing products, and sending invoice or related documents to you or any other activities which is necessary to provide services efficiently;
• For examination and maintenance of quality and standards of goods and Company’s services in the event that the Company or you find any goods or services do not meet minimum standards or any defect in goods;
• To process or analyze any other benefits which related to the Company's business operations in order to provide various services to meet the interests of Customer and improve quality of Company’s services such as for the benefit of setting up and managing your account, analyzing the user experiences in Website or the Company’s application, analyzing and tracking user behavior, for marketing purpose, preparing statistics, researching and developing surveys, and preparing marketing or advertising within the Company or for relevant goals including content delivery, advertising about activities and promotions as well as providing appropriate advice, etc;
• To contact Customer through telephone, text (SMS), email or postal mail or through any other available channels to inquire or inform Customer, or to check and verify the Customer’s account information, or survey poll, or inform other information related to the services of the Company as necessary and appropriate;
• For the purpose of handling Customer’s complaints, feedback or suggestions. The Company will use the information received from you to improve and develop the quality of service in identified areas to be more efficient;
• To verify information of the Customer’s service usage in accordance with the safety and security standards of the service management and to improve safety and security standards of Company system. The Company may take Customer’ Personal Data only as necessary and may proceed to encrypt prior to use and/or may provide random inspection, or access testing by third parties for risk management, detecting, preventing, eliminating fraud, or other activities that may violate the laws, relevant terms of use or the Company's terms and conditions of use of the Website or Company’s application;
• To provide service in compliance with PDPA and related rules and regulations both currently enforceable or to be amended in the future, and to comply with legal obligations;
• For the establishment, compliance, exercise, or defense of legal claims. For initiating litigation, as well as proceeding for legal enforcement such as investigation and/or examination by government officials, for case preparation, and/or defense of legal claims in court, etc;
• For surveillance and protection of your security and Company’s assets, including security in building or in premises of the Company. The Company may record your information and video footages and/or voice in buildings, offices, or surrounding areas under CCTV surveillance.
• To prevent or suppress a danger to life, body, or health of the Customer where the Customer is incapable of giving consent by whatever reasons, including necessity for the public interest, or to perform duties in exercising of official authority vested in the Company, the employees or designated person(s), or to comply with a law to which the Company is subjected.
• For any other purposes that are related to your interests as our Customer. Nevertheless, for any Processing of Personal Data activities which required your consent, the Company will seek your consent prior to Processing of your Personal Data.

5. Disclosure of Personal Data

The Company shall disclose your Personal Data in compliance with the notified purposes to the following persons:

• The Company’s affiliates. Whereby the Company may disclose your Personal Data to its affiliates’ employees or designated person(s) to what necessary to fulfil the purpose it was collected for;
• Service Provider(s) and the Data Processor which the Company appoints to manage/ process Personal Data for the Company in providing services. For example, to provide services in security, to provide services in information technology, or other services related to business operations or benefits you;
• Government agencies, authorized official authorities under the law such as Revenue Department, Office of the Personal Data Protection Committee, Royal Thai Police, Courts Official, Police Officers, Bank of Thailand, hospitals, etc;
• State enterprises or private entities such as commercial banks, financial institutions, insurance companies, hospitals, delivery services companies, etc;
• Business Partners of the Company such as freight forwarders, event organizers, other related vendors, contractors, contractual parties which related to the business operation and providing services to you, etc;
• Company’s consultants for providing advice on business operations such as accounting auditors, external auditors, experts, legal consultants, attorneys, etc; or
• Other person(s) or business sector(s) in which you had given consent to disclose your Personal Data to such person(s) or business sector(s).

6. Your rights as the Data Subject.
   • You have the rights to be informed or obtain a copy of your personal data being processed by the Company or requests the Company to inform what sources the Personal Data originated that you have not given consent.
   • You have the rights to request the Company to correct and complete your Personal Data In the event that you see that your Personal Data is inaccurate, not up to date, or incomplete which may cause misunderstanding.
   • You have the rights to withdraw consent once given to the Company for Processing your Personal Data at any reasonable time unless there is a restriction of the withdrawal of consent by law, or there is contractual obligation that benefits you. For example, you are still bound by employment contract with the Company, or you have contractual obligations or legal obligation with the Company. Nevertheless, if you choose to withdraw consent, you may not be able to receive services from or conduct transaction with the Company, or the Company’s ability to provide services to you may be limited.
   • You have the rights to receive the Personal Data concerning yourself from the Company. In which the Company shall arrange such Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means. You are also entitled to request the Company to send or transfer the Personal Data in such formats to other Data Controllers if it can be done by the automatic means or entitled to request to directly obtain the Personal Data in such formats that the Company sends or transfers to other Data Controllers unless it is impossible to do because of the technical circumstances.
   • You have the rights to object Processing of your Personal Data at any reasonable time in one of the following circumstances:
     • Where collection, use, and disclosure of Personal Data is necessary for the performance of a task carried out in the public interest by the Company or necessary for the legitimate interest of the Company;
     • Where Processing of Personal Data is for the purpose of direct marketing; or
     • Where Processing of Personal Data is for the purpose relating to scientific or historical research or statistics, unless it is necessary for the performance of a task carried out in the public interest by the Company.
   • You have the rights to request the Company to erase or destroy or anonymize Personal Data to become anonymous data where legitimate ground applies.s
   • You have the rights to request the Company to restrict the use of Personal Data, where the following applies:
     • When the Company is pending examination process in accordance with your request to ensure that the Personal Data remains accurate, up-to-date, complete, and not misleading;
     • Where it is the Personal Data which shall be erased or destroyed because it has been unlawfully collected, used, or disclosed, but you request for restriction of the use instead;
     • Where it is no longer necessary to retain such Personal Data for the purposes of such collection, but you have necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims; or
     • Where the Company is pending verification to demonstrated that there is a compelling legitimate ground or pending examination for the establishment, compliance or exercise of legal claims, or defense of legal claims to reject the objection request made by you.
   • You have the rights to complain to expert committee in accordance with PDPA in cases the Company or the Data Controller including employees or Data Processor(s) does not take action or does not comply with PDPA.

Nevertheless, the Company reserves the rights to examine the right requests as abovementioned and to proceed in accordance with PDPA. If you wish to exercise your abovementioned rights, please contact to security@toyotomi.co.th

7. Security Measures for Storing Personal Data

The Company is committed to protecting your Personal Data. Hence, the Company shall provide security measures including a safe and appropriate system for collecting, using, or disclosing Personal Data to prevent your Personal Data from accidental loss, unauthorized access of data, destroy of data, misuse of data, unauthorized change or disclosing of data in accordance with the Company’s information technology security policies and/or procedures. The Company shall provide security measures of Personal Data which include operational safeguards, technical protection measures and physical safeguards regarding access or control of the Personal Data usage which at least consists of the following actions:

• Control of access to Personal Data and storage devices and Processing of Personal Data considering the usage and security;
• Determine permission to access Personal Data;
• Users access management to Personal Data for designated person(s) only;
• Determine roles and responsibilities of users to prevent unauthorized access, disclosure, cybercrime, copy of Personal Data, or to prevent theft of storage devices or data; and
• Provide method for tracing back in access, alteration, disposal, or transmission of Personal Data in accordance with the methods and storage media used for processing of Personal Data.

8. Link to Third Party Website Disclaimer

The Company's Website may contain links to third parties’ websites whereas those third parties may collect certain information of your usage of the services. The Company accepts no liability for the security risk or privacy risk of any of your information collected by such third parties’ websites. You shall carefully check the privacy policy, products, and services provided by such third parties.

9. Application of Privacy Policy

This Privacy Policy applies to all Personal Data in which the Company collected, used, and disclosed, and in which the Company had obtained consent from you prior to carrying out the processing activity (If any), as well as the collection of your Personal Data in current or in the future for use and disclosure to the third parties within the scope of this Privacy Policy.

10. Policy Review

The Company and related business unit shall review this Policy at least once a year. Updated versions are to be adopted by the Board of Directors of the Company where deemed necessary or appropriate.

11. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with Thai laws and Thai courts have the jurisdiction to consider any disputes that may arise.

12. Contact Information

Any questions or concerns regarding this Privacy Policy, the exercising of your rights, or have reasonable reasons to believes that the Personal Data has been misuse, please contact the Company via the following channels:

TOYOTOMI Auto Parts (Thailand) Co., Ltd.	TFD Industrial Estate No. 1/28 Moo 5 Tambol Thasa-an Amphur Bangpakong, Chachoengsao, Thailand 24130 Email address: security@toyotomi.co.th Telephone No.: +66 (0) 38-989808-19 ext. 202
Data Protection Officer	Yongyod Yotheecheevin Email address: security@toyotomi.co.th Telephone No.: +66 (0) 38-989808-19 ext. 202