THE THAI SILK COMPANY LIMITED and its affiliates (the “Company”) recognize the importance of data privacy protection of personal data subjects as a fundamental right in personal privacy. In accordance with the Personal Data Protection Act of 2019, the Company, therefore, has established this Data Privacy Policy as a guiding principle to protect the personal data of the data subject in the particulars shown within this policy.

1.Definition

The personal data that the Company collects, uses and/or discloses.“Person” means a natural person."Personal data" means information about an individual that enables an individual to be identified whether directly or indirectly but excludes any data related to deceased individuals."Sensitive Data" means personal information which may risk unfair discrimination such as race, ethnicity, political opinions, cult, religion or philosophy, sexual behavior, criminal records, health information, disability, trade union information, genetic information, biological information or any other information that affects the data subject in the same way as announced by the Personal Data Protection Committee.

2. Personal data that the Company may collect, use and/or disclose can be divided into 2 types as follow

2.1 General personal data
The Company may collect, use and/or disclose any general personal data classified by type of data subject as follows: (1) contact information (2) Financial information and information related to transactions with the Company (3) Visual and audio information in contact with the Company (4) Other personal data obtained in connection with the Company (5) Usage Data, such as information about the use of data subject on the website, platform, the Company's use of products and service

2.2 Sensitive Data
The Company does not have a policy to collect Sensitive Data. However, if there is a circumstance where the Company needs to collect such personal information, the Company will request your explicit consent prior to the collection of such personal data or unless there is a legal ground to collect such information without obtaining consent.
In case the data subject does not provide personal data or provides inaccurate or out-of-date personal data to the Company, this could have adverse consequences. Such implications may result in the data subject's inability to conduct transactions with the Company, leading to inconvenience or non-compliance with existing contractual obligations. Furthermore, this may cause potential harm or loss to the data subject and could also hinder the Company's ability to comply with legal obligations that pertain to either the data subject or the Company.

3. Data source of your personal data

The Company will collect your personal data through the following channels:

3.1 Personal data that you have provided to the Company directly.
The data arising from your communication with the Company, which may involve making inquiries, providing feedback, offering criticism, or filing complaints through channels such as the website, application, telephone, or email, as well as engaging in product purchases, service acquisitions, and contract agreements with the Company, either as a buyer or service provider. This also encompasses participation in marketing or other related activities, among others.

3.2 Personal data that the Company automatically collects from data subject.
The Company may collect certain technical information about the devices, activities and traffic patterns, automatic browsing history information.

3.3 Personal data held by the Company received from third parties.
The Company may from time to time obtain your personal data from third-party sources, such as publicly accessible repositories concerning your business or commercial interests. This data may have been furnished either directly by you or through your explicit consent, permitting disclosure to service providers, companies, or government agencies.

4. Purposes for collecting, using or disclosing of personal data

The company may collect, use and/or disclose personal data for the following purposes:

4.1 Purposes for which the Company requires consent.
The Company requires and relies on the consent of the data subject for

  • Sending Marketing Communications that encompass special offers, promotional materials related to products and services, or presenting financing or investment opportunities to data subjects.
  • Collecting, using, and/or disclosing the sensitive information displayed in the identity document solely for verification and identification purposes.
  • Transferring the personal data of data subjects to countries that might not guarantee an adequate level of data protection.

4.2 Purposes for which the Company may perform based on the basis or other legal basis for the processing of personal data.

4.3 In the event that the Company processes your personal data in a manner and/or for purposes inconsistent with the purposes stated above, the Company will provide additional policies or notices regarding the protection of personal data and/or a letter to you explaining the processing of such data. You are advised to read the relevant policies or additional notices in this announcement and/or such notices. (depending on the case)

4.4 If the data subject has provided the personal data of a third party to the Company, the data subject must warrant that such information is lawful. It is imperative that the data subject informs the third party about this privacy policy and/or seeks their explicit consent before sharing their personal data with the Company.

5. Disclosure of personal data
The disclosure or transmission of your personal data may be required to various departments within the Company, as well as to specific individuals or entities, as outlined below:

5.1 Internal usage
Only relevant and essential departments within the Company will have access to your personal data, and this will be limited to those with specific roles and duties aligned with the Company's purpose. Employees or teams will only be granted access to your personal data to the extent that is strictly necessary for their designated tasks.

5.2 External usage
Your personal data may be disclosed or delivered to external organizations as follows:

5.2.1 Government agencies, regulators, or other agencies by virtue of law.

5.2.2 The Company may disclose your information to other organizations or third parties with whom the Company has established contact. This disclosure is primarily for the purpose of verifying data subject transactions and to provide services or products tailored to the specific needs of the data subject.

6. Retention period

6.1 The Company will retain your personal data for as long as necessary, taking into account the necessity and purpose for which the Company shall collect, use and process. This includes complying with the requirements of applicable law.

6.2 The Company will continue to collect, use and disclose your personal data even after terminating the relationship with the company to the extent necessary as provided by the provisions of the law, for legitimate interests, or in a form that renders it non-identifiable, either directly or indirectly. This may include the use of "anonymous data" or "pseudonymous data," which can be made identifiable again through technical means.

6.3 The company may retain your personal data for as long as it is necessary for fulfilling the purposes of processing your personal data as set forth in this Policy. However, the Company will not retain your personal data for more than 10 years from the date you terminate the relationship or have the last contact with the Company, unless permitted by law to retain it for a longer duration.

6.4 The Company will carry out investigations to delete or destroy personal data in such a manner that it becomes permanently impossible to identify the owner of the personal data. This process will be conducted after the expiration of the retention period or when the data becomes irrelevant or no longer necessary for the original purpose of collection. Additionally, the Company will comply with your request to delete your personal data, if such a request is made.

7. How does the Company protect your personal data

The Company will diligently ensure the security of your personal data by adhering to technical measures and administrative measures (Organizational Measures) aimed at safeguarding the proper processing of personal data and preventing any breaches. To this end, the Company has established comprehensive policies, rules, and regulations concerning personal data protection. These measures include strict controls to prevent recipients of information from using or disclosing data beyond the intended purpose or without proper authorization. The Company regularly updates its policies, rules, and regulations as necessary and appropriate to adapt to evolving circumstances. All individuals associated with the company, including executives, employees, contractors, agents, consultants, and recipients of information, are bound by strict confidentiality obligations as set forth by the Company.

8. Rights of data subjects

8.1 Withdraw the consent
If the data subject has provided consent to the Company for the collection, use, and/or disclosure of personal data (whether the consent was given before or after the date on which the Personal Data Protection Law came into force), the data subject has the right to withdraw that consent at any time during the period that the personal data is with the Company, unless there are legal limitations on this right or existing contracts that confer benefits to the data subject.
However, it is important to note that your withdrawal of consent may have implications on the usage of the product and/or services. For instance, you may no longer receive certain benefits, new promotions, or special offers. The website may not be able to provide products or services that are tailored to your specific needs, and you may miss out on receiving useful information, among other potential effects that could be advantageous to your benefit and interests. Therefore, as a data subject, it is advisable to thoroughly study and understand the potential impact before deciding to withdraw your consent.

8.2 Right to access personal data
The data subject holds rights to access their personal data and has rights to request the Company to provide a copy of such personal data which also includes the right to inquire about the acquisition of their personal data in the possession of the Company. However, the company may refuse to fulfil your request if granting access and providing a copy of the personal data would adversely affect the rights and freedoms of others, or if there is a legal obligation or a court order that prohibits the disclosure of the said personal data.

8.3 Rights to transfer personal data
The data subject has rights to obtain your personal data if the Company has provided the personal data in a format that is readable or usable by means of a device or device that works automatically. This enables the data subject to use or disclose their personal data through automated processes. Additionally, the data subject has the right to request the Company to transmit or transfer the personal data in this format to other personal data controllers, wherever feasible, by automated means. Furthermore, the data subject has the right to receive the personal data directly from the company when the company sends or transfers the personal data to other personal data controllers in such a format, except in cases where technical reasons prevent such operation. Additionally, the data subject has the right to request the Company to transmit or transfer the personal data in this format to other personal data controllers, wherever feasible, by automated means.
The personal data mentioned above must be the data for which the data subject has given consent to the Company for collecting, using, and/or disclosing. It may also include personal data that is necessary to be collected, used, and/or disclosed in order for the data subject to use the Company's products and/or services in accordance with their preferences, or to fulfil data subject requests before using the Company's products and/or services. Additionally, it may encompass other personal data as required by law.

8.4 Rights to object data processing
The data subject has the right to object to the collection, use, and/or disclosure of your personal data at any time. However, if the collection, use, and/or disclosure of your personal data is deemed necessary for the Company's legitimate interests or the legitimate interests of another individual or legal entity, and it does not exceed the extent that you can reasonably expect or is carried out to fulfill obligations for the public interest, your objection may be subject to certain considerations. Should you file an objection, the Company will only continue to collect, use, and/or disclose your Personal Data under specific circumstances where the Company can demonstrate compelling legal reasons that take precedence over your fundamental rights, or to establish, exercise, or defend legal claims, or for compliance with legal obligations, or in legal proceedings, on a case-by-case basis.

8.5 Rights to request erasure of personal data
The data subject has the right to request the deletion or destruction of personal data or to have the personal data made non-identifiable if there are doubts that the data has been unlawfully collected, used, and/or disclosed in accordance with applicable law. The data subject also has the right to request deletion if the Company deems that it is no longer necessary to retain the data for the relevant purposes stated in this Policy, or if the data subject has exercised their rights to withdraw consent or to object as previously stated. However, please be aware that the company may be compelled to retain such information in compliance with the law or for the purpose of using any legal claim related to the retention of the data.

8.6 Rights to request the halted/suspended use of personal data
The data subject has the rights to request temporary suspend the use of personal data in the event that the Company is in the process of reviewing the request for the rights to correct personal data or object to it, or any other cases where the Company is no longer necessary and obligated by necessity to delete or destroy the data subject's personal data in accordance with relevant laws, but the data subject requests the Company to suspend its use instead.

8.7 Rights to rectification of personal data
The data subject has the right to request the Company to correct their personal data to ensure its accuracy, currency, and completeness.

8.8 Rights to complain
The data subject has rights to lodge a complaint with the relevant legal authority. If a data subject doubts that the collection, use and/or disclosure of your personal data is in a manner that violates or fails to comply with applicable laws. However, the Company reserves the right to refuse or not process such a request if it is required by law to do so.
The exercise of your rights under clauses 8.1 - 8.8 may be limited under applicable law and in certain circumstances where it is necessary for the Company to refuse or be unable to process your request for the above-mentioned exercise. In the event that the Company rejects the request, the reason for the refusal will be provided.
If you wish to exercise the aforementioned rights, you can submit a request to the Company through the contact channels provided below.

9. Changes to the Customer Privacy Notice

The Company will conduct regular reviews of the Data Privacy Policy to ensure alignment with current best practices, laws, and regulations. In the event of any changes to the privacy notice pertaining to customers, the Company will duly inform you through updates in this Data Privacy Policy. To stay informed about such changes, the Company encourages you to review this Privacy Notice periodically through appropriate channels.

10. Contact us

If you have any recommendations or inquiries regarding the details of your personal data collection, use, and/or disclosure, including requests to exercise your rights under this privacy policy, and if you believe that the processing of your personal data is inconsistent with the provisions of the Personal Data Protection Act B.E. 2562 (2019), you have the right to lodge a complaint by contacting:

Data Protection Office

The Thai Silk Company Limited Legal Department,
Data Protection Division96 soi Puengmee 29,
Sukhumvit 93 Road,Bangchak,Prakanong, Bangkok 10260 THAILAND
Email: DPO@jimthompson.com
Tel: +66 2700 2000 ext. 2472-2473

Announced on 31 May 2022