Personal Data Protection Notice for Customers and Activities Participants
We, Max Asia Co., Ltd., (the “Company”) [Thai Beverage Public Company Limited and its subsidiaries (collectively the “Company”)] recognize and respect the privacy and the protection of personal data of customers, users and activities participants (collectively “You”). The Company put in place this Personal Data Protection Notice in order to notify You of the details relating to a collection, use and disclosure of Your personal data (collectively the “Process”) in accordance with the personal data protection laws.
1. Purposes of Processing the Personal Data
1.1 The Company will Process Your personal data for the following purposes:
| Purposes |
Lawful Basis |
| (1) |
Considering applications for purchasing products or receiving services, verifying the identification, authorization, delegation and receipt of delegation, proceeding pursuant to the Company’s internal processes for entering into an agreement, performing obligations of the agreements, delivering products, performing services including communicating, collecting expenses and delivering relating documents.
|
ContractualLegitimate Interests
|
| (2) |
Applying for using electronic systems or granting the right to access or use the internet or other electronic working systems.
|
Legitimate Interests
|
| (3) |
Communicating relating to the Company’s products and/or services, registering customers, responding complaints and finding guidelines for remedying relating to the Company’s products or services, proceeding according to Your request pursuant to Your rights to Your personal data in the Company’s possession, managing relationship between the Company and You or Your business, ensuring the communication information is up-to-date, organizing activities for customers, etc.
|
ContractualLegal ObligationLegitimate InterestsConsent
|
| (4) |
Marketing and developing businesses, communicating the marketing activities, which were analyzed that they matched Your needs, through any means including
e-mail, telephone, telephone message, social media, letter or fact-to-face communication in order to improve marketing activities.
|
Legitimate InterestsConsent
|
| (5) |
Evaluating, improving and developing the Company’s products, services and promotions including surveying satisfaction to the Company’s productions or services in order to be able to present the appropriate products or services that match Your needs and interests.
|
Legitimate Interests
|
| (6) |
Using as information and documents to support any operation with banks, financial institutions, the Department of Business Development, the Revenue Department, the Excise Department, the Stock Exchange of Thailand, the Securities and Exchange Commission and other relevant external organizations.
|
Legitimate Interests
|
| (7) |
Communicating through various channels such as the Company’s and the companies within the group’s internal e-mail, website, social media (Facebook, Line, YouTube) or other online media of the Company or other media such as television, publications, etc.
|
Legitimate InterestsConsent
|
| (8) |
Business planning, reporting and anticipating, managing risks, overseeing an audit including an internal audit by the internal audit department and an internal management within the organization, including for the benefits of internal operations within the Company in relation to the payment of the accounting and finance department.
|
Legitimate Interests
|
| (9) |
Proceeding relating to the assignment of any right, obligation and benefit such as the legit merger and acquisition, separation or amalgamation.
|
Legitimate Interests
|
| (10) |
Being a database of stakeholders of the Company and/or using the data for managing the relations or other communications relating to the Company.
|
Legitimate Interests
|
| (11) |
Investigating and inquiring a complaint within the organization, preventing corruption or proceeding any legal proceeding including inspecting and managing complaints and allegations relating to the operations of the Company or any related person to ensure transparency and equality for all parties.
|
Legitimate Interests
|
| (12) |
Recruiting or considering for participating in the Company’s projects or activities such as observational studies, business visits, acceptance of donations, seminars, training projects or other projects of the Company or that the Company operates with a third party or government sector, etc., including any proceeding relating to an activity participation such as submitting response for lucky draw or delivering rewards.
|
Legitimate Interests
|
| (13) |
Maintaining security around the area of the Company’s building or place and evaluating security risks including contacting for an issuance of cards for accessing and exiting the Company’s place and recording images, still and motion, within the Company’s buildings or offices by using CCTV.
|
Legitimate Interests
|
| (14) |
Creating legal claim, authorization, and receipt of authorization, compliance with laws or exercising legal rights, litigating including proceeding any action for compulsory execution according to the laws.
|
Legitimate InterestsLegal Obligation
|
| (15) |
Complying with laws or subpoena, letter or order of authorities, independent organizations or officers having lawful duties and authorities such as complying with a summon, warrant of seizure, order of the courts, police officers, public prosecutors and government authorities including reporting or disclosing information to the shareholders, government authorities or independent organizations such as the Office of Energy Regulatory Commission, the Ministry of Energy, the Revenue Department, the Land Department, the State Audit Office, the Office of National Anti-Corruption Commission, etc., for compliance with relevant laws.
|
Legal Obligation
|
| (16) |
Complying with laws concerning public interest in respect of public health such as health protection against dangerous communicable disease or epidemic which may be contagious or spread into the kingdom.
|
Legal Obligation
|
| (17) |
Managing Your hygiene and safety.
|
Preventing or suppressing danger to a person's life, body or health (Vital Interests)
|
1.2 In the event that the Company will Process Your personal data for any purpose other than the above purposes, the Company may collect Your additional personal data by notifying You and requesting Your consent from time to time (as the case may be).
2. Personal Data to be Collected
In general, the Company will collect Your personal data by directly querying You or requesting the data from You; however, there may be some circumstances that the Company may collect Your personal data from other sources such as government authorities or other sources where Your personal data are clearly and publicly disclosed including the personal data disclosed via social media, etc. In such case the Company will collect only the information You choose to be publicly available. In this regard, the type of Your personal data which will be Processed by the Company will be as follows:
2.1 Once You purchase the products or receive service from the Company:
(1) Personal information such as name, surname, date of birth, status, address and other information specified in the identification card or passport;
(2) Contact information such as address, e-mail address, telephone number, online social media contact information;
(3) Information related to the purchase of products and/or receipt of services such as record of purchases, claims against the Company for defect of products, record of services received, complaint and recommendation;
(4) Financial information such as Your bank account, credit/debit card, income, benefits, record of payments.
2.2 Once You view and/or purchase online products or enter a website or application including registering for a membership of website, application or benefits cards of the Company:
(1) Information regarding membership registration such as name, surname, date of birth, email address, telephone number, username, password, Personal Identification Number (PIN), address, social media contact channel;
(2) Information regarding Your electronic devices such as IP address, location data, device identifier, etc;
(3) Type and version of Your web browser including type and version of web browser’s plug-in;
(4) Time zone.
2.3 Once You participate in the Company’s activity whether organized by the Company or the Company assigns a third party to organize or the Company participates in organizing or the Company supports a third party to organize or once You enter into the areas within the Company’s responsibility:
(1) Personal information using for registering, participating in the activities and contacting such as name, surname, age, address, telephone number, email address and social media contact channel;
(2) Your images, both still and motion, and/or voices in the areas holding the activities;
(3) Information of the activities or the incidents You participated in or registered for;
2.4 Once You contact the Company via customers relations center or other service units:
(1) Personal information such as name, surname, date of birth, address and other information specified in the identification card or passport;
(2) Contact information such as address, e-mail address, telephone number, online social media contact information;
(3) Other information such as record of products/service used, location of the purchase of products or services and quantity of the products purchased.
2.5 The aforementioned collected personal data is necessary for the Company to perform according to the agreement or Your request prior to entering into an agreement. If You decline to provide the Company with the necessary personal data, the Company may not be able to proceed any action relating to entering into transaction or managing according to the agreement entering into with You (as the case may be).
3. Sensitive Personal Data
3.1 The Company may have to Process sensitive personal data in accordance with the personal data protection laws for the purposes as notified by the Company according to this Notice or any other purposes as the Company additionally notify You or as per Your consent provided to the Company on a case-by-case basis such as:
(1) once the Company has to use the information for the benefit of the Company’s security such as biometric data, face recognition data and fingerprint data for verifying Your identification;
(2) the Company may collect Your sensitive personal data although the products or services are not directly relating to the sensitive personal data such as the Company has to use Your identification card which contains religious information for verifying Your identification;
(3) health information such as food allergy, drug allergy, personal congenital disease, medical history in case you can claim medical expenses from the Company for using in any activity You participate in or for public health benefits such as prevention the spread of contagious disease or epidemic, etc.
3.2 The Company will request for Your express consent on a case-by-case basis for Processing Your sensitive personal data and will provide adequate security measures to protect Your sensitive personal data.
4. Cookies
In the event that You access any electronic device of the Company such as applications, websites, information technology and cyber system, etc., the Company uses cookies for collecting personal data as specified in the Cookies Notice.
5. Withdrawal of Consent and Effect thereof
5.1 In the event that the Company Processes personal data with Your consent, You have the right to, at any time, withdraw Your consent given to the Company. Such withdrawal will not affect any Process of personal data performed by the Company prior to the withdrawal of Your consent.
5.2 Your withdrawal of consent given to the Company or refusal to provide certain information may result in the Company being unable to meet all or certain purposes of the Company as notified in this Notice or other purposes as the Company additionally notify You or as per Your consent provided to the Company on a case-by-case basis.
6. Personal Data of Other Persons
6.1 In the event that You provide personal data of other persons to the Company, You have the following obligations:
(1) to notify such person of the details as specified in this Notice including to request a consent from such person (if data subject’s consent is required);
(2) to perform any necessary actions in order that the Company is able to legally Process such person’s personal data.
6.2 Personal data, include sensitive personal data, of other persons which may be Processed by the Company such as name, surname, date of birth, address, sex, information shown in an identification card or passport, nationality, e-mail address, telephone number, occupation, position, work location, financial documents, relationship with You, online social media contact information.
7. Personal Data of a Minor, Incompetent Person and Quasi-incompetent Person
7.1 In the event that the Company has to obtain a consent for Processing personal data of a minor, incompetent person or quasi-incompetent person, the Company will be able to Process personal data of such person only upon the Company’s receipt of a consent of the holder of parental responsibility over the minor, the custodian or the curator, or the person with authority to give consent in the name of such person in accordance with the personal data protection laws (as the case may be).
7.2 In the event that the Company has to obtain a consent for Processing personal data of a minor, incompetent person or quasi-incompetent person but, at that time of data Processing, the Company is not aware that the data subject is a minor, incompetent person or quasi-incompetent person, and later becomes aware that the Company had Processed the personal data of such person without consent of the person with authority to give consent in the name of such person in accordance with clause 7.1, the Company will erase or destroy the personal data or anonymize the personal data of the data subject which is a minor, incompetent person or quasi-incompetent person to become the anonymous data which cannot identify the data subject except in the event that the Company can Process the personal data of such person by using lawful cause and without consent.
8. Period for Retaining the Personal Data
8.1 The Company will retain Your personal data for a period necessary for achieving the purpose of such personal data Processing unless it is permitted to be retained longer by any law. If it is unable to be clearly identify the period for retaining the personal data, the Company will retain Your personal data for a period that can be anticipated in accordance with the collecting standards, by taking into consideration a business practice for each type of personal data.
8.2 The Company will retain Your personal data collected from the CCTVs for a period as follows:
(1) In general, the Company will retain Your personal data for a period of 1 year from the date the CCTV records Your personal data.
(2) In necessary situation such as using as evidence for inquiry, investigation or legal proceeding or in case of Your request, the Company will retain Your personal data over 1 year from the date the CCTV records Your personal data and the Company will delete or destroy the personal data or turn Your personal data into anonymous data once the Company completes such purposes.
8.3 In the event that the Company Processes Your personal data with Your consent, the Company will Process Your personal data until the Company receives Your withdrawal for such consent and the Company finishes proceeding with Your withdrawal request. However, the Company will still retain Your personal data as necessary to make a record that You used to withdraw such consent in order that the Company will be able to respond to Your request in the future.
9. Disclosure of Personal Data
9.1 The Company may disclose Your personal data to the companies within the group, any person assigned by the Company to be personal data processors and/or personal data protection officers, advisors, financial institutes, financial service providers, auditors, external auditors, credit rating company, partners, business partners, service providers, contractors, sub-contractors who are related to business operations of the Company to the extent that, associated with personal data, partners who are co-branding with the Company, any natural persons and/or juristic persons who have relationship or legal relation with the Company, any persons who are interesting in receiving the assignment of the Company’s rights and obligations, any persons who intend to have a merger transaction with the Company in any manner, any organization related to sustainability index, infirmary and/or rescue forces (in case of emergency for protecting Your benefits), government authorities, regulatory authorities, legal authorities, any persons who request the Company to disclose Your personal data with legal power and/or in compliance with any agreements You are a party thereto and/or any natural persons or juristic persons as necessary, whether inside or outside Thailand, (including staff members, employees, executives, directors, shareholders, agents and advisors of the Company and of the aforesaid recipients) in order that the Company will be able to operate their businesses and provide services to You including to comply with the purposes of personal data Processing as specified in this Notice or other purposes as the Company will additionally inform You or in accordance with Your consent given to the Company on a case-by-case basis and/or to act in compliance with the laws.
9.2 The Company will cause the recipients of Your personal data to have appropriate security measures for protecting Your personal data and to Process Your personal data only to the extent as necessary, and to prevent any use or disclosure of Your personal data by any other persons without lawful authority.
9.3 The Company will cause the recipients of Your personal data to keep such personal data in confidence and not use it for any purposes other than the purposes of personal data Processing under this Notice or other purposes as the Company will additionally inform You or in accordance with Your consent given to the Company on a case-by-case basis and/or to act in compliance with the laws.
10. Sending or Transferring Personal Data to Foreign Countries
In the event that the Company is required to send or transfer Your personal data to any foreign country including to keep Your personal data on any database in any foreign country, the Company will ensure that a transferee or data retention service provider in such destination country has adequate data protection standard to protect the personal data in accordance with those specified in the personal data protection laws of the country of transferer of such personal data (if any). If the transferee or data retention service provider in such destination country has data protection standard to protect the personal data lower than those specified in the personal data protection laws of the country of transferer of such personal data, the Company will perform as appropriate and necessary in order that the personal data transferred to such foreign country will be protected in the same level as the Company protect Your personal data.
11. Security Measures for Personal Data Protection
11.1 The Company will strictly set up the right to access, use, modify, revise or disclose the personal data including to display or confirm the identity of a person who accesses or uses the personal data in compliance with the standards for safeguarding the personal data as specified in the personal data protection laws.
11.2 The Company will set up an appropriate technological procedure to prevent any access to information technology system which collects personal data without permission.
11.3 In the event that the Company discloses Your personal data to any third person, the Company will perform any action to prevent such person from illegal or unauthorized use or disclosure of the personal data so that such person will only use Your personal data as necessary and in accordance with the purposes as the Company notifies You and/or in accordance with Your consent on a case-by-case basis.
11.4 The Company will set up a monitoring system for erasing or destroying personal data from the collecting system once the retention period for such personal data ends or once such personal data is excessive or no longer related to the data processing purposes or upon Your request or withdrawal of consent.
11.5 In the event that there is a violation of the Company’s security measures for personal data which causes an infringement of Your personal data, the Company will, without delay, notify such infringement to a competent authority as specified in the personal data protection laws unless there is no risk that such infringement will affect Your personal rights and freedom. If there is high risk that such infringement will affect Your personal rights and freedom, the Company will, without delay, notify You of such infringement together with remedial guidelines in accordance with the criteria and procedures specified in the personal data protection laws.
11.6 The Company will record any transactions as specified in the personal data protection laws in writing or on electronic system so that the data subject or any authority under the personal data protection laws be able to make an examination thereon.
12. Rights of Data Subject
12.1 You, as a data subject, have the rights to deal with Your personal data which are in the Company’s responsibility in accordance with the personal data protection laws as follows:
(1) to request access to or obtain copy of Your personal data or to request the disclosure of the acquisition of Your personal data without Your consent;
(2) to obtain Your personal data in electronic form or transfer Your personal data to other persons;
(3) to object to the collection, use, or disclosure of Your personal data in accordance with the personal data protection laws;
(4) to erase or destroy Your personal data, or to anonymize Your personal data to become the anonymous data which cannot identify You in accordance with the personal data protection laws;
(5) to restrict the use of Your personal data in accordance with the personal data protection laws;
(6) to revise or modify Your personal data to be accurate, up to date, complete and not misleading;
(7) to withdraw Your consent given to the Company unless there is any restriction for consent withdrawal by laws or any agreement which gives benefits to You;
(8) to complain to any authority if You believe that any dealing with the personal data by the Company is incompliance with the personal data protection laws.
12.2 You can use the right as specified in clause 12.1 by contacting the person specified in clause 14 hereof.
12.3 The Company reserves the right to refuse to perform according to Your request, whether in whole or in part, if the Company has reasonable and lawful reason such as such performance will cause unreasonable burden to the Company, is impracticable, is illegal or the use of such right by You will or may affect other person’s rights or freedom or in the event that the Company has a legal authority to collect Your personal data without Your consent.
13. Privacy Notice or Privacy Policy of other Websites or Applications
In the event that You use the Company’s websites or applications and You clicks any link shown on such websites or applications to enter into other websites or applications, whether such other websites or applications belong to the Company or not, You are required to learn and comply with the Privacy Notice or Privacy Policy of such other websites or applications, and the Company will not be responsible for any contents or data protection standards to protect the personal data of such other websites or applications. Moreover, if You give Your personal data to the owners of other websites or applications, You acknowledge and understand that the Company is not relevant to processing of Your personal data by the owners of such other websites or applications.
14. Details of Personal Data Controller and Personal Data Protection Officer
You can contact the personal data controller and/or personal data protection officer of the Company through the following channels:
PDPA Contact Center
Tel: 02-975-5566 or email: pdpa_info@thaibev.com
15. Revision of Personal Data Protection Notice
In the event that there is any revision to this Notice, the Company will make an announcement via the Company’s website or application, or other communication channels of the Company and the new Notice will be effective on the date of such announcement.
TH
EN
