Date: XXX
Dear XXX
Nisshinbo Somboon Automotive Co., Ltd. values a privacy and strives to protect your personal data or personal data relating to the individuals connected to your business (collectively referred to as ‘personal data’) based on Thai law.
This privacy notice explains:
What kind of personal data do we collect? This includes what you tell us about yourself or the individuals connected to your business (collectively referred to as ‘you’, ‘your’ or ‘yourself’) and what we learn by having you as a customer, and the choice you give us about what marketing you want us to send to you.
How do we use your personal data?
Who do we disclose the personal data to?
What are the choices we offer? This includes how to access and update your personal data.
What are your privacy rights and how does the law protect you?
1. Collection of personal data
We use many different kinds of the personal data. The type of your personal data that we collect depends on various circumstances of the collection and nature of products and/or services, and transaction performed.
We collect the personal data about you from a variety of sources, including but not limited to:
When you request for our products and/or services
When you talk to us, including recorded calls, posts, emails, notes or any other means
When you use our websites
In insurance claims or other documents
In customer surveys
When you take part in our competitions or promotions
When you manifestly publish your personal data, including via social media
When we receive your personal data from third parties e.g., your employer, our customers, credit reference agencies, law enforcement authorities, etc.; and/or
When you purchase any of our products and/or services through the third parties.
In some instances, we may engage non-affiliated third parties to collect your personal data about your online activities when you visit our online sources.
We may also use your personal data collected across non-affiliated websites for the purpose of serving you the advertisements related to your browsing behavior.
However, we will provide an appropriate notice and choice so that you can opt-out such processing.
The categories of personal data about you that we process, subject to the applicable law, including but not limited to:
Personal details: Your name, address, contact details (e.g., email address, telephone number, social media, etc.), date of birth, gender, ID document number and issue/expiry dates, nationality and authentication data (e.g., password, PINs, facial and voice recognition data, etc.)
Financial details: The details of your bank account, billing address, credit card numbers, and cardholder’s name and details
Electronic Data: IP address, cookies, activity log, online identifier, unique device identifier and geolocation data; and
Security protection personal data
CCTV Images.
2. Use of your personal data
We may collect and use your personal data only if we have proper reasons to do so.
This includes sharing it outside Nisshinbo Somboon Automotive Co., Ltd.
We will rely on one or more of the following reasons when processing personal data:
When it is to fulfil the contract we have with you
When it is our legal duty
When it is in our legitimate interest or
When you consent to it
The purposes for which we may process your personal data, subject to the applicable law, and the legal basis on which we may perform such processing, are
Purposes of data processing
Products and services
•To manage our relationship with you or your business
•To work on which of our products and/or services may interest you
•To deliver our products and/or services
•To study how you use the products and/or services from us and other organisations
•To communicate with you about our products and/or services
•To facilitate insurance and financial services
•To develop the products and services
•Your consents
•Fulfilment of contract
•Our legitimate interests
•Our legal duties
Customer support
•To make and manage customer payments
•To manage fees, charges and interests due on customer accounts
•To collect and recover money that is owed to us
•To manage and provide treasury and investment products and/or services
•Fulfilment of contract
•Our legitimate interests
•Our legal duties
Business improvement
•To develop new ways to meet your need and to grow our business
•To test, analyse and develop new products and services
•To understand and analyze your need and satisfaction to protect your personal data.
•To identify issues with existing products and services
•To plan the improvements to existing products and services
•Fulfilment of contract
•Our legitimate interests
•Our legal duties
Security and risk management
•To detect, investigate, report, and seek for a financial crime prevention
•To manage risk for us and our customers
•To obey the laws and regulations that apply to us
•To respond to complaints and seek for a resolution
•Fulfilment of contract
•Our legitimate interests
•Our legal duties
Marketing
•To develop and carry out marketing activities
•To communicate with you via any means (including email, telephone, text message, social media, post or in person) to ensure that such communications are provided to you in compliance with applicable laws
•To maintain and update your contact information where appropriate.
•Your consents
•Our legitimate interests
When we rely on the legitimate interests as the reason for processing the personal data, it has considered whether or not your rights are overridden by our interests and has concluded that they are not.
3. Disclosure of personal data
We may share your personal data with others where it is lawful to do so, including where we or they:
need to provide you with the requirement under a contract
have a public or legal duty to do so (e.g., assist in detecting and preventing fraud, tax evasion, financial crime, etc.)
need to in connection with a regulatory reporting, litigation, asserting or defending legal rights and interests
have legitimate business reasons to do so (e.g., manage risk, verify identity, enable another company to provide you with the services you’ve requested, or assess your suitability for the products and/or services, etc.); and/or
ask for your permission to share it, and you agree.
We may share your personal data for these purposes with others, including:
any sub-contractors, agents or service providers who work for us or provide the services to us, this is including their sub-contractors, service providers, directors and officers
any administrators or executors
people who give guarantees or other securities for any amounts you owe us;
people you make payments to and receive payments from
your intermediaries, correspondent and agent
tax authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents
any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you
any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you
law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities
other parties involved in any disputes, including disputed transactions;
fraud prevention agencies who’ll also use it to detect and prevent fraud and other financial crime and to verify your identity
anyone who provides instructions or operates any of your accounts, products or services on your behalf (e.g., power of attorney, solicitors, intermediaries, etc.) and/or
anybody else that we have been instructed to share your personal data with by you.
Personal data overseas transfer
Your personal data may be transferred to and stored/processed in other countries.
Such countries may not have the same level of protection for the personal data.
When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer the personal data in this way to carry out our contract with you, fulfill the legal obligations, protect the public interests and/or for our legitimate interests.
In some countries, the law might compel us to share certain personal data (e.g., with tax authorities). Even in these cases, we will only share personal data with people who have the right to see it
4. Retention of personal data
We collect your personal data for as long as it is necessary to carry out the purpose for which it was collected i.e., for business and legal reasons, or compliance with the applicable laws.
We will hold your personal data for up to 10 years after you stop being our customer in order to ensure that any contractual disputes that may arise can be processed within that time, unless otherwise in the event of regulatory or technical reasons, we may keep your personal data for longer than 10 years. If we do not need to retain the personal data for longer than it is legally necessary, we will destroy, delete or anonymize it.
5. Accuracy of your personal data
We need your help to ensure that your personal data is current, complete and accurate. Please inform us of any changes to your personal data by contacting our representative at XXX or updating your information at/via XXX.
We will occasionally request the updates from you to ensure the personal data we use to fulfill the purposes of collection, use and/or disclosure are current, accurate and complete.
6. Your rights
Right to withdraw: This enables you to withdraw your consent to our processing of your personal data, which you can do at any time. We may continue to process your personal data if we have another legitimate reason to do so
Right to access: This enables you to receive a copy of personal data we hold about you and to check that we are lawfully processing it
Right to correct: This enables you to have any incomplete or inaccurate information we hold about you corrected
Right to erasure: This enables you to ask us to delete or remove your personal data where there is no good reason for us to continue processing it
Right to object: This enables you to object to the processing of your personal data where we are relying on the legitimate interest and there is something about your particular situation which makes you want to object to the processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes
Right to restrict processing: This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it; and
Right to portability: Request the transfer of your personal data to another party.
Handling of complaints
In the event that you wish to make the complaint about how we process your personal data, please contact us and we will try to consider your request as soon as possible. This does not prejudice your right to file the complaint with a government authority that has a data protection authority.
7. Security of your personal data
Information is our asset and therefore we place a great importance on ensuring the security of your personal data. We regularly review and implement up-to-date physical, technical and organizational security measures when processing your personal data. We have internal policies and controls in place to ensure that your personal data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
8. Your responsibilities
You are responsible for making sure that the personal data you give us or provided on your behalf, is accurate and up to date, and you must tell us as soon as possible if there are any updates.
You have some responsibilities under your contract to provide us with the personal data. You may also have to provide us with the personal data in order to exercise your statutory rights. Failing to provide the personal data may mean that you are unable to exercise your statutory rights.
Certain personal data, such as contact details and payment details, have to be provided to enable us to enter into the contract with you. If you do not provide such personal data, this will hinder our ability to administer the rights and obligations arising as a result of contract efficiently.
9. Contact us
Please contact us at XXX, email us at XXX, or call us at XXX if you have any questions in regards to the protection of your personal data or if you wish to exercise your rights.
10. Revision of our privacy notice
We keep our privacy notice under a regular review and thus the privacy notice may be subject to changes. The date of last revision of privacy notice can be found on the top of page.
Acknowledgement of privacy notice:
By signing below, I, XXX, have read and understood this privacy notice, and have acknowledged the presence of this privacy notice.
____________________
XXX