1. Personal Data [NO&T: We have specified the items of Personal Data 　below, but the Company can add or revise those items to correspond 　with the actual operation of the Company.] The Data Controller may collect any 　personal data relating to you in connection with your use of the Data Controller’s website　(https://stth.co.th), including, but not limited to, the following (“Personal Data”):

(1) Contact information such as name, nickname, address, domicile, telephone number, email address and etc.;
(2) Information necessary for identification of a person such as a copy of an identification card, a copy of passport and facial photograph;
(3) Birthdate;
(4) Gender;
(5) Nationality;
(6) Information of the place for providing or delivering the products such as map, location and building plan;
(7) Information in relation to employment e.g. a juristic person to which you belong and position; and
(8) Data of device or tool and technical data, such as IP address, MAC address, Cookie ID, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Data Controller’s website.

2.  Purpose of the Data Processing of the Personal Data [NO&T: We have 　specified the purpose of the Data Processing of the Personal Data below, 　but the Company can add or revise such purpose to correspond with the 　actual operation of the Company.] The Data Controller shall perform the 　Data Processing of the Personal Data as necessary and as permitted by the 　PDPA in whole or in part for the following purposes:

(1) Consideration for the execution and performance of any business contract;
(2) Consideration and operation for the sale of products and provision of after-sale services;
(3) Procurement of materials, tools, portables or other items necessary for providing the products;
(4) Communication between the Data Controller and you with respect to Data Controller’s products, services, events, etc.;
(5) Communication with a person or juristic person who is third party, which may be necessary for the business operation of the Data Controller or IT and system administration services for the Data Controller’s website, for example outsourced vendor, employee, business partner, etc.;
(6) Improvement of the Data Controller’s products, services and/or website; and
(7) For the preparation of market research, customer trend analysis, and other statistical data.

3. Disclosure of the Personal Data[NO&T: We have specified below the 　parties to whom the Personal Data is disclosed and transferred , but the 　Company can add or revise such list to correspond with the actual 　operation of the Company.] The Data Controller may disclose or transfer 　the Personal Data to any person or juristic person including the following 　person or juristic person in order to achieve the purposes as prescribed 　in Clause 2 above:

(1) Parent company, subsidiary, group company or affiliated company of the Data Controller (“Affiliates”);
(2) Directors, employees and advisors of the Data Controller or any of the Affiliates;
(3) Accounting firms, law firms and other service providers retained by the Data Controller or any of the Affiliates such as cloud computing service providers to provide cloud storage services and provider of marketing platforms and analytics services relating to users’ behavior, in order to tailor the products or services; and
(4) Customers, business partners of the Data Controller, and a person or juristic person who is other third party who are necessary to communicate with in the course of the business operation of the Data Controller.

4. Cookies Policy

The website https://stth.co.th is owned by the Data Controller. Once you access the website, information about your visit is collected in the form of cookies. This Cookie Policy describes the definition, purpose, and cookies setting for your privacy. By accessing this website, it is deemed that you consent the Data Controller to use the cookies in accordance with the Cookie Policy, which contains the following details:

4.1 What are “Cookies”?
Cookies are small files which are saved on your computer device and/or communication devices used for accessing the website such as notebooks, tablets, or smartphones through a browser to record website access information such as dates and times, clicked links, visited pages, and setting conditions.

4.2 How the Data Controller uses “Cookies”?
The Data Controller uses the cookies for the following purpose: [NO&T: We refer to the description of types of cookies from https://gdpr.eu/cookies/ and https://www.dga.or.th/ but the Company can add or revise the cookies to correspond with the actual operation of the website.]

➢  Strictly Necessary Cookies 
Strictly necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. Strictly necessary cookies do not require your consent.

➢ Functional Cookies
Functional cookies allow the website to remember choices you have made in the past, such as what language you prefer and help perform certain functionalities such as sharing the content of the website on social media platforms, collecting feedback, and other third-party features. They may be set by the Data Controller or by third party providers whose services added to the website.

➢ Statistics Cookies
Statistics cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate and traffic source. These cookies do not collect any information that could identify you and are only used to help us improve how the website works, understand what interests the users and measure how effective the content is.

➢ Advertisement Cookies
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

4.3 How to Manage Cookie Setting
If you do not wish the Data Controller to collect the Personal Data through cookies, you can remove or reject specific cookies through your browser.  However, if you disable or refuse cookies, please note that some parts of the website may become inaccessible or not function properly or you may have to manually adjust some preferences every time you visit the website.

5. Third-Party Links

The Data Controller’s website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The Data Controller does not control these third-party websites and is not responsible for their privacy policy. When you leave the website, the Data Controller encourages you to read the privacy policy of every websites you visit.

6. Period for collection and retention of the Personal Data

The Data Controller shall collect and retain the Personal Data for the period necessary to meet the purposes set forth above or throughout the duration of our service to you and for ten (10) years after the termination thereof. The Personal Data may be retained for longer period if the Data Controller is legally obliged to do so, or if retention is necessary to establish, exercise or defend legal claims.
[NO&T:  Pursuant to the PDPA, it shall notify the retention and collection period of the Personal Data.  Thereby, we specified the retention period as 10 years for agreement by taking into account the general prescription for claims under the law, just in case there might be future problems with the customers.  The Company may consider to amend such period as appropriate.]

7. Contact detail of the Data Controller

Data Controller

Sankyo Tateyama (Thailand) Co., Ltd. Address: 205 Moo2 Praksa Rd., Taibanmai, Muang, Samutprakarn, 10280 Thailand Telephone No.: +66(0)2-136-3578 E-mail: takashi_ishihara@st-grp.co.jp

8. Cross-border transfer of the Personal Data

In connection with the Data Processing, the Data Controller may transfer the Personal Data to Japan, where the parent company of the Data Controller is located, or to other destinations outside Thailand.  Nevertheless, in some cases, the data protection standards in the country to which the Personal Data is transferred may not meet the standards that the competent authority under the PDPA prescribes. [NO&T: Under PDPA, in case of cross-border transfer, it shall notify the data subject that the destination country may have insufficient data protection standard (Insufficiency as prescribed by the competent authority). However, if Japan is included in a so-called White List of countries that have sufficient standards, the Company may take out the last sentence.]

9. Your rights

You shall have the following rights with respect to the Personal Data as stipulated under the PDPA:

(1) Right to withdraw consent
You shall have the right to withdraw consent for the Data Processing of the Personal Data by the Data Controller at any time throughout the collection and retention period of the Personal Data.
(2) Right to access
You shall have the right to access and obtain the copy of the Personal Data which are under the supervision of the Data Controller.  Also, if the Personal Data is collected without consent, you shall have the right to request the Data Controller to disclose the acquisition of such Personal Data.
(3) Right to request the portability
You shall have the right to receive the Personal Data concerning you from the Data Controller in case where the Data Controller arranges the Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automatic means.  You shall also have the right to request the Data Controller to send or transfer the Personal Data in such format to other data controllers if it can be done by the automatic means and to request to obtain the Personal Data in such format which the Data Controller sends or transfers to other data controllers, unless it is impossible due to technical circumstances.
(4) Right to object
You shall have the right to object to the Data Processing of the Personal Data by the Data Controller.
(5) Right to erasure, destruction and anonymization
You shall have the right to require the Data Controller to erase, destruct and anonymize the Personal Data.
(6) Right to suspend the use
You shall have the right to request the Data Controller to suspend the use of the Personal Data under certain circumstances as prescribed in the PDPA.
(7) Right to update
You shall have the right to request the Data Controller to ensure the Personal Data remains accurate, up-to-date, complete and not misleading.
(8) Right to file a complaint
You shall have the right under the PDPA to file a complaint with the relevant official authority in the event that the Data Controller including the employees or the entrusted person thereof violate or do not comply with the PDPA.

10. Remarks

(1) The Data Controller shall have the right to collect, use, disclose and transfer certain Personal Data without obtaining your consent for the following purposes under the PDPA:
    (a) To prevent or suppress the danger to a person’s life, body or health;
    (b) To be necessary for the performance of a contract to which you are a party, or in order to take any actions upon your request prior to entering into a contract;
    (c) To be necessary for legitimate interests of the Data Controller or any other person or juristic person other than the Data Controller, except where such interests are overridden by the fundament rights of your Personal Data;
    (d) To be necessary for compliance with the law by the Data Controller;
    (e) To be necessary for the performance of a task carried out for the public interest by the Data Controller, or for the exercising of official authority vested in the Data Controller;
    (f) To achieve the purpose relating to the preparation of the historical documents or the archives for public interest, or for the purpose relating to researcher statistics, in which the appropriate preventive measures to safeguard your rights and freedom are put in place and in accordance with notification as prescribed by the competent authority under the PDPA; and
    (g) Any other events which are not necessary to obtain consent under the PDPA.
(2) If you refuse to provide the Personal Data without reasonable cause, such action may cause the inability to achieve, in whole or in part, the purposes set forth in Clause 2 and Clause 10 (1) above, whereby, among others, causing the impact in the decision to execute or renew of the agreement, or inability to provide the products in your utmost efforts, etc. [NO&T: This is in accordance with Section 19 paragraph 5 and Section 23 (1) and (2) of the PDPA.

11. Amendment of Privacy Policy

The Data Controller may amend this Privacy Policy without prior notice to you for the suitability and efficiency in providing the products, services or to reflect changing of laws, or operational requirements. Therefore, the Data Controller encourages all users to read this Privacy Policy every time of visit the Data Controller’s website. This Privacy Policy supplements the other personal data protection notices which the Data Controller may provide on specific occasions and is not intended to override them.
Sankyo Tateyama (Thailand) Co., Ltd.