Nisshinbo Somboon Automotive co.,ltd.

 

 

 

NSA Privacy notice for suppliers

Date: May 18, 2020

Dear XXX,

Nisshinbo Somboon Automotive Co., Ltd. values a privacy and strives to protect your personal data or personal data relating to the individuals connected to your business (collectively referred to as personal data) based on Thai law.

This privacy notice explains:
What kind of personal data do we collect? This includes what you tell us about yourself or the individuals connected to your business (collectively referred to as you, your or yourself) and what we learn by having you as a customer, and the choice you give us about what marketing you want us to send to you.

How do we use your personal data?

Who do we disclose the personal data to?

What are the choices we offer? This includes how to access and update your personal data.

What are your privacy rights and how does the law protect you?

1. Collection of personal data
We use many different kinds of the personal data. The type of your personal data that we collect depends on various circumstances that are relevant to procuring goods and/or services, and making payments.

We collect the personal data about you from a variety of sources, including but not limited to:

From you directly as part of the process of becoming the supplier.

From third parties as part of the process of becoming the supplier (e.g., credit checks, trade references, our customers, law enforcement authorities, etc.)

The information obtained about you in the course of our working relationship, including when you talk to us (e.g., recorded calls, posts, emails, notes or any other means)

In insurance claims or other documents; and/or

When you manifestly publish your personal data, including via social media.
The categories of personal data about you that we process, subject to the applicable law, including but not limited to:

Personal details: Your name, address, contact details (e.g., email address, telephone number, social media, etc.), date of birth, ID document number and issue/expiry dates, tax status and nationality.

Financial details: The details of your bank account, billing address, credit card numbers, and cardholder’s name and details; and/or

Security protection personal data:
CCTV Images.

2. Use of your personal data
We may collect and use your personal data only if we have proper reasons to do so. This includes sharing it outside Nisshinbo Somboon Automotive Co., Ltd.
We will rely on one or more of the following reasons when processing/holding personal data:

When it is to fulfil the contract we have with you.

When it is our legal duty.

When it is in our legitimate interest; or

When you consent to it.

The purposes for which we may process your personal data, subject to the applicable law, and the legal basis on which we may perform such processing, are:



Purposes of data processing



Legal basis


Procurement of goods and/or services


•To make a decision about procuring goods and/or services with you

•To make and manage payments

•To manage charges and interests due

•To collect and recover the goods and/or services that are owed to us

•To deal with legal disputes




•Fulfilment of contract

•Our legitimate interests

•Our legal duties



Business relationship


•To manage our relationship with you or your business

•To communicate with you about the goods and/or services




•Your consents

•Fulfilment of contract

•Our legitimate interests



Business improvement


•To identify issues with existing goods and services




•Fulfilment of contract

•Our legitimate interests

•Our legal duties



Security and risk management


•To detect, investigate, report, and seek for a financial crime prevention

•To manage risk for us

•To obey the laws and regulations that apply to us




•Fulfilment of contract

•Our legitimate interests

•Our legal duties




When we rely on the legitimate interest as the reason for processing the personal data, it has considered whether or not your rights are overridden by our interests and has concluded that they are not.

3. Disclosure of personal data
We may share your personal data with others where it is lawful to do so, including where we or they:

need to provide you with the requirement under a contract.

have a public or legal duty to do so (e.g., assist in detecting and preventing fraud, tax evasion, financial crime, etc.)

need to in connection with a regulatory reporting, litigation, asserting or defending legal rights and interests.

have legitimate business reasons to do so (e.g., manage risk, verify identity, enable another company to provide you with the services you’ve requested, or assess your suitability for the goods and/or services, etc.); and/or

ask for your permission to share it, and you agree.

We may share your personal data for these purposes with others, including:

any sub-contractors, agents or service providers who work for us or provide the services to us, this is including their sub-contractors, service providers, directors and officers.

any administrators or executors.

people you make payments to and receive payments from

your intermediaries, correspondent and agent.

tax authorities, trade associations, credit reference agencies, and debt recovery agents.

any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you.

any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you.

law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities.

other parties involved in any disputes, including disputed transactions.

fraud prevention agencies who’ll also use it to detect and prevent fraud and other financial crime and to verify your identity.

anyone who provides instructions or operates any of your accounts, goods or services on your behalf (e.g., power of attorney, solicitors, intermediaries, etc.); and/or

anybody else that we have been instructed to share your personal data with by you.

Personal data overseas transfer
Your personal data may be transferred to and stored/processed in other countries.

Such countries may not have the same level of protection for the personal data. When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer the personal data in this way to carry out our contract with you, fulfil the legal obligations, protect the public interests and/or for our legitimate interests. In some countries, the law might compel us to share certain personal data (e.g., with tax authorities).
Even in these cases, we will only share personal data with people who have the right to see it.
4. Retention of personal data
We collect your personal data for as long as it is necessary to carry out the purpose for which it was collected i.e., for business and legal reasons, or compliance with the applicable laws.

We will hold your personal data for up to 10 years after you stop being our supplier in order to ensure that any contractual disputes that may arise can be processed within that time, unless otherwise in the event of regulatory or technical reasons, we may keep your personal data for longer than 10 years.
If we do not need to retain the personal data for longer than it is legally necessary, we will destroy, delete or anonymize it.
5. Accuracy of your personal data
We need your help to ensure that your personal data is current, complete and accurate. Please inform us of any changes to your personal data by contacting our representative at XXX or updating your information at/via XXX.

We will occasionally request the updates from you to ensure the personal data we use to fulfil the purposes of collection, use and/or disclosure are current, accurate and complete.

6. Your rights
Right to withdraw: This enables you to withdraw your consent to our processing of your personal data, which you can do at any time. We may continue to process your personal data if we have another legitimate reason to do so

Right to access: This enables you to receive a copy of personal data we hold about you and to check that we are lawfully processing it

Right to correct: This enables you to have any incomplete or inaccurate information we hold about you corrected

Right to erasure: This enables you to ask us to delete or remove your personal data where there is no good reason for us to continue processing it

Right to object: This enables you to object to the processing of your personal data where we are relying on the legitimate interest and there is something about your particular situation which makes you want to object to the processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes

Right to restrict processing: This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it; and

Right to portability: Request the transfer of your personal data to another party.

Handling of complaints
In the event that you wish to make the complaint about how we process your personal data, please contact us and we will try to consider your request as soon as possible. This does not prejudice your right to file the complaint with a government authority that has a data protection authority.

7. Security of your personal data
Information is our asset and therefore we place a great importance on ensuring the security of your personal data. We regularly review and implement up-to-date physical, technical and organizational security measures when processing your personal data. We have internal policies and controls in place to ensure that your personal data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.

8. Your responsibilities
You are responsible for making sure that the personal data you give us or provided on your behalf, is accurate and up to date, and you must tell us as soon as possible if there are any updates.

You have some responsibilities under your contract to provide us with the personal data. You may also have to provide us with the personal data in order to exercise your statutory rights. Failing to provide the personal data may mean that you are unable to exercise your statutory rights.

Certain personal data, such as contact details and payment details, have to be provided to enable us to enter into the contract with you. If you do not provide such personal data, this will hinder our ability to administer the rights and obligations arising as a result of contract efficiently.

9. Contact us
Please contact us at XXX, email us at XXX, or call us at XXX if you have any questions in regards to the protection of your personal data or if you wish to exercise your rights.

10. Revision of our privacy notice
We keep our privacy notice under a regular review and thus the privacy notice may be subject to changes. The date of last revision of privacy notice can be found on the top of page.

Acknowledgement of privacy notice:
By signing below, I, XXX, have read and understood this privacy notice, and have acknowledged the presence of this privacy notice.





____________________


XXX