Banner_Aboutus

Personal Data Protection Policy

Subject: Personal Data Protection Policy

TPI Polene Public Company Limited and its subsidiaries

Part 1: Intention

TPI Polene Public Company Limited and its subsidiaries (“the Company”) recognize the importance of personal data. To protect the personal data of individuals contacting the Company through its website and online media such as customers, suppliers, employees, job applicants, shareholders, bondholders, directors, and job contacts, etc., the Company complies with the Personal Data Protection Act. Therefore, the Company notifies individuals who contacts the Company via our website and online platforms that they must acknowledge and consent to the Company collecting, compiling, using, disclosing, editing, and destroying their personal data in accordance with this Personal Data Protection Policy.

The Company shalll collect and disclose data securely, using it solely for the purposes consented by the data subject and in compliance with applicable law. To comply with the Personal Data Protection Act, B.E. 2562 (2019), the Company has established this Personal Data Protection Policy to inform you about its intentions, the process of processing personal data, the exercise of rights, and security measures. The Company respects the privacy rights of customers, business partners, employees, job applicants, and job contacts. Personal data will be collected, compiled, used, disclosed, edited, and destroyed only as necessary or as required by law, in accordance with the details specified in this policy.

Part 2: Vocabulary and Explanation

  1. Personal Data: Information relating to an individual that enables identification, behavior analysis, or access to the data subject, either directly or indirectly.
  2. Sensitive Personal Data: Specific personal information, including genetic and biometric data, that may lead to unfair discrimination against the data subject based on race, ethnicity, political opinions, religious or philosophical beliefs, sexual orientation, criminal background, health and disability status, trade union membership, and other data as specified by the Personal Data Protection Commission.
  3. Data Subject: An individual to whom personal data pertains. The Company defines data subjects as the following types based on their legal relationships: job applicants, shareholders, bondholders, directors, and job contacts.
  4. Processing of Personal Data: Any action performed on personal data, including collection, use, disclosure, correction, and destruction.
  5. Data Controller: The individual with authority over the collection, use, and disclosure of personal data for the purpose of fulfilling their duties, who has the power to determine how and where such personal data is managed.
  6. Data Processor: An individual or entity that processes personal data, including its collection, use, and management, but does not act as a data controller.

 

 

Part 3: Purposes for Collecting, Using, or Disclosing Personal Data

  • The Company shall inform the data subject of the purposes for collecting, using, and disclosing personal data, as well as their rights, and will obtain consent at the initial stage. The Company shall collect and use the data subject's personal data to benefit business operations. This includes necessary actions for internal management, such as recruitment, procurement, entering into contracts for the purchase and sale of goods, financial transactions, insurance, conducting company activities, coordinating contacts, and improving work efficiency. Specific activities may include creating databases, analyzing and developing the Company’s processes, and other purposes that are not prohibited by law or that comply with regulations related to the Company’s operations. The Company shall collect and use such data solely for the period necessary to fulfill the purposes communicated to the data subject or as required by law.

The Company shalll not act against the stated purposes for data collection, except in the following circumstances:

  • The new purpose has been communicated to the data subject, and their consent has been obtained.
  • This ensures compliance with the Personal Data Protection Act and other relevant laws.

Part 4: Collection of Personal Data

  • Personal data is collected and disclosed for the benefit of the Company’s business operations, both directly and indirectly. The personal data provided to the Company may include details necessary for job applications, such as name, photograph, contact address, telephone number, ID card number, date of birth, educational qualifications, nationality, race, religion, and other relevant documents.
  • Personal data is collected to benefit the Company’s business operations, both directly and indirectly, including marketing and communication, purchasing, selling, special offers, sales promotions, discounts, privileges, and notifications about news and information related to the Company’s products, goods, and services.
  • The Company shall collect, use, and disclose information solely for its objectives related to the management of benefits, welfare, and marketing of the Company’s products, goods, and services, except when disclosure is required to comply with applicable laws, which the Company will strictly adhere to.
  • The Company shall collect personal data of directors and nominees directly from the data subjects, as well as from government and private agencies, publicly disclosed information, and official documents for identity verification purposes. This data may include name and surname, gender, ID card number, passport number, photograph, date of birth, nationality, place of birth, height, remuneration, training, activities, marital status, information on spouses/ on cohabitants, children, parents, siblings, blood type, bank account numbers, email, educational history, occupation, work history, directorships or positions in other companies or entities, attendance at meetings of the Board of Directors or subcommittees or shareholders, director remuneration, securities holdings, names of securities companies, performance of directors, and other information as specified by law or corporate governance principles.

The Company shall collect personal data from shareholders, bondholders, their attorneys or proxies, and subscribers of shares and bonds directly from individuals, as well as through securities brokers, securities registrars, and relevant government and private agencies. This data may include name, surname, address, telephone number, email, contact information, nationality, occupation, date of birth, taxpayer identification number, identification number, juristic person registration number, bank account details, number of shares, etc.

The Company may need to collect and process special types of personal data as required by the Personal Data Protection Act, such as health information, food allergies, and drug allergies, in order to facilitate participation in meetings or other activities.

The Company will obtain explicit consent from such data subject and will make every effort to implement adequate security measures to protect this sensitive personal data. The data will be stored, used, and disclosed solely for the benefit of the Company’s business operations in accordance with the law.

  • The Company has a stringent, appropriate, sufficient, and secure system for collecting, using, and disclosing personal data.
  • The Company has designated a data controller, data processor, and personal data protection officer to ensure that personal data is used according to its intended purpose, remains within the scope of consent, and does not cause harm to the data subject.
  • When it is necessary to collect, use, or disclose sensitive personal data—such as information regarding ethnicity, political opinions, religious beliefs, health data, criminal records, or disabilities—the Company shall obtain explicit consent from the data subject and handle this information with care and confidentiality.

Part 5: Rights of Personal Data Subjects

  • Data subjects have the right to easily access, review, and withdraw their consent regarding their data at any time during its storage, including non-Thais foreign data subjects. Their data will be stored and managed in the same manner as that of Thai data subjects.
  • Right to Access
  • Data Portability Right
  • Right to Object
  • Erasure Right
  • Right to Restrict Processing
  • Right to Rectification
  • Right to Lodge a Complaint
  • Right to Withdraw Consent
  • The withdrawal of consent will not affect any processing of personal data that occurred prior to the withdrawal. However, withdrawing consent may result in reduced access to certain services, such as product updates, discounts, and other benefits.

 

Part 6: Personal Data Protection Measures

The Company, as the personal data controller and processor, has established security measures to ensure the confidentiality, accuracy, completeness, and availability of personal data used in processing by:

  1. Implementing a system for ROPA (Record of Processing Activities) to control access to personal data and assess the risks associated with potential breaches, particularly in critical areas such as the processing of sensitive personal data.
  2. The Company has implemented management and technical measures to prevent unauthorized access, use, alteration, modification, or disclosure of personal data, as well as to prevent data loss.
  3. The Company has implemented measures to maintain the security of personal data and conducts training to enhance data protection awareness among employees, ensuring strict compliance with the established measures.

Part 7: Disclosure of Personal Data and Use of Personal Data

  • The Company may disclose personal data to its subsidiaries and to government or state agencies as required by law, court orders, or directives from authorized officials. Personal data will be kept confidential in both document and electronic forms throughout all stages of data transmission. When sending personal data to external agencies or abroad, the Company will establish agreements with these entities or destination countries to ensure appropriate and adequate protection, in compliance with legal requirements.

Part 8: Guidelines for Implementing Personal Data Protection Measures

  • The Company treats the personal data collected as if it were its own property. No one is permitted to violate, disclose, access, exploit, or destroy this data without the consent of the data controller. Violators will face the maximum penalties, and prosecution will be pursued to the fullest extent of the law, including full compensation for damages as stipulated by law.

Part 9: Review and Amendment of Personal Data Protection Policy Information

  • The Company may amend this Personal Data Protection Policy periodically to comply with legal requirements and updates in the Company's Personal Data Protection Policy. When such changes are made, the Company will issue a formal announcement. If additional consent is required, the Company will seek it from you.

Part 10: Contact Channels

For any inquiries or concerns regarding personal data protection, data collection, use or disclosure, the exercise of rights, or any complaints, please contact us through the following channels:

 

  1. TPI Polene Public Company Limited and its subsidiaries

Head Office: 26/56 TPI Tower, Chan Tat Mai Road, Thungmahamek, Sathorn, Bangkok 10120

Tel. Number: +66 (0) 2213-1039-49, 285-5090-9

Fax Number: +66 (0) 2213-1035, 213-1038

Website : https://www.tpipolene.co.th/en/

Email    : This email address is being protected from spambots. You need JavaScript enabled to view it. (This email address is being protected from spambots. You need JavaScript enabled to view it.)

Facebook : TPI Polene (Public) Co., LTD

Line         : @tpipl

  1. Personal Data Protection Officer (DPO)

Telephone : 02-213-1039, 02-285-5090

Email        : This email address is being protected from spambots. You need JavaScript enabled to view it. (mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.)