Yamato Unyu (Thailand) Co., Ltd.
Yamato Unyu (Thailand) Co., Ltd. and its affiliates (“Company”) understand and recognize the importance of your Personal Data and fundamental rights of the data subjects. It is our responsibility to protect your personal data in accordance with the regulated law. Therefore, when Company uses or processes your personal data in operating our business or providing any services to you, your personal data will be properly managed in compliance with Thailand Personal Data Protection Act 2019 (PDPA).
“Personal Data (General)” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including information of the deceased persons.
“Sensitive Personal Data” means personal data about racial, ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner, as prescribed by the PDPC.
“Cookies” means information that a website puts on a user’s computer while a user is visiting the website.
“Processing” means actions relating to the collection, use, disclosure, deletion or destruction of Personal Data.
2. Collection of personal Data
2.1 When any business partners contact “Company” for selling products, providing services or receiving any services from us, we may collect your personal data from various source such as: –
(1) Business card (e.g., name, surname, job title, telephone number, e-mail address).
(2) Any data is required for identity verification (e.g., name, surname, ID card information, photos, and other forms of information employed for identity verification.
(3) Your working record (e.g., employment or working history, any information is essential for safety management, occupational health and working environment including financial information (e.g., compensation, bank account number, or credit card number).
2.2 When you enter into our premises, we may collect your images via CCTV system but your audio won’t be recorded. We will clearly show CCTV signage to announce the presence and operation of live camera recording in that specified CCTV surveillance areas.
2.3 When you contact us or participate in our activities, we may collect your personal data as follows:
(1) Identification information (e.g., name, surname, age, gender, nationality, date of birth Marital status, photo, ID card number, driver’s license number, Passport number and signature.
(2) Contact information (e.g., email, telephone numbers, addresses or social media contact).
(3) Record of your past participation in our activities (4). Usage data (e.g., behavior information of your using in our application or platform, browsing record when you visited our corporate websites, amount of time you spend viewing our web page, any searching history on our corporate website for our services, time and date you’ve visited our website and website browsing information, etc.).
(1) when we need to use sensitive data for our security measures compliance (e.g., biometric data, facial recognition data, fingerprints or similar categories of such data) for identification or verification using the sensitive data as required by certain services you opt for, such as application or etc.).
(2) In some cases, we may collect sensitive personal data, for example, in the event that it is required to use your ID card stating your religious information to verify your identity or operate taxation process. (3) Health information, such as food allergy data required by certain activities.
2.5 In case of necessary, we will only process your sensitive personal data with your explicit consent or for other purposes as regulated by law. In the event that, appropriate measures will be implemented to safeguard your sensitive personal data.
3. Purpose of Collection, Use and Disclosure of Personal Data
We will collect, use, or disclose your personal data based on a lawful basis for processing permitted by Personal Data Protection Law and only to extent necessity or implementation of the following purposes.
• It is necessary for performance of a contract to which you are a party or for fulfillment of your request prior to entering into that contract. (“Performing a contract or fulfilling a requirement”).
• It is necessary for our legitimate interests or a third party’s (“Legitimate Interest”).
• It is our legal obligation to comply with any regulatory laws. (“Compliance with the law”).
• It is to fulfill the purposes for processing your personal data you’ve given a consent. (“Fulfilling a purpose of given consent”).
• For other necessities as permitted by law, such as for the public interest, for research and statistics studies, for preventing or suppressing a danger to the life, body or health of a person, for performing our obligation in regard to public interest or government benefits provided to you (if any), etc.
Purpose for processing your personal data we have obtained through business relationship; selling products, providing services or receiving services, including the lawful basis for processing referred to process your personal data are described as shown in the table below.
|Purpose||Type of Personal Data||Lawful basis of Processing|
|1) It is necessary for execution of a business counterpart’s requirement prior to entering into a contract or for the performance of a contract.||– Identification information- Contact Information||1) Performance of a contract or requirement2) Legitimate interests|
|2) It is necessary for developing our services such as shipping, package delivery, parcel delivery, storage and warehousing, and etc. In addition, it is beneficial to provide you with any assistance and facilitate any inquiry and complaint in regard to our products or services and for us to be able to provide services that meet your needs.||– Identification information- Contact Information- Record of your participation in our activities.- Behavior information of your using our products, services, corporate website or application.||1) Consent Basis2) Legitimate interests|
|3) It is necessary for enhancing our online service channels enabling you to obtain services from us with the highest quality, speed and convenience.||-Identification information- Contact Information- Behavior information of your using our products, services, corporate website or application.||1) Legitimate interests|
|4) It is necessary for administering our corporate website and application or for solving technical problems that may arise when utilizing our website. In addition, it is required for our service development.||– Identification information- Contact Information- Behavior information of your using our products, services, corporate website or application.||1) Legitimate interests|
|5) It is necessary for carrying out data analysis employed for developing our corporate website and generating excellent experience for business partners in receiving services from us.||– Behavior information of your using our products, services, corporate website or application.||1) Legitimate interests|
|6) It is necessary for notifying our news or information which may be interesting and beneficial for you.||– Contact Information- Communication information- Record of your participation in our activities.||1) Consent Basis2) Legitimate interests|
|7) It is for direct marketing by offering other products or services that may be of interest to you including for conducting marketing analysis and for marketing activity planning. (Only for what personal data you have explicitly given us a consent to process).||– Identification information- Contact Information- Behavior information of your using our product, services, corporate website or application.||1) Consent BasisWe will explicitly ask your consent for the specified purpose in processing your personal data for direct marketing or for offering products or services that may meet your needs as specified purpose.|
|8) It is necessary for dispute or conflict settlement which may arise between “Company” and you in connection with the services or business operations of “Company”.||– Identification information- Contact Information- Behavior information of your using our product, services, corporate website or application.||1) Performance of a contract or requirement|
|9) It is necessary for lawful purpose only and to achieve compliance with any applicable laws and regulations.||1) Performance of a contract or requirement2) compliance with law|
Depending on the purposes for each activity, we may apply more than one lawful basis for processing your personal data. We may use other legitimate necessities permitted by law in processing of personal data. In course of processing your personal data under our legitimate interest based, we will consider whether we have a legitimate interest overriding your right and in the event of that, it shall be included that such benefits must override fundamental rights of the data subject.
In the event that you need to provide us your personal data in order to comply with or as required by any applicable law, or perform the contract, or it is necessary for entering into the contract. If you choose not to provide your personal data or incomplete provided, we may not be able to act or perform some legal obligation for you or provide you some certain services specified by law or in contract.
4. Consent Basis and Consequence of Withdrawing Consent
4.1 In case, we collect and process your personal data based on consent basis, you have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal. The withdrawal of consent will not affect the lawfulness of the collection, use, or disclosure of your personal data based on your consent before it was withdrawn.
5. Retention period of personal data
5.1 We will maintain your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified. (e.g. for business reasons or for relevant law). We will keep your personal data for 10 years after you have ended your relationship with us. In order to facilitate a resolution on contract disputes or legal claims which may occur during that period unless legal reasons or technical reasons support, we may keep your personal data for more than 10 years. If the Personal Data is no longer necessary in relation to the purposes for which it was collected, used or disclosed, we will erase, destroy or anonymize your personal data to become the anonymous data which cannot identify the data subject.
5.2 For records of CCTV surveillance, we may retain your personal data:
1) Under normal circumstances, your personal data may be kept for 30 days.
2) In cases of necessity, such as personal data is needed for evidence in investigating suspicious, for prosecution or for data owner’s request, your personal data may be retained for more than 30 days. We will securely destroy and delete upon completion of that purpose.
5.3 Your personal data collected from cookies (Cookies) when you use our corporate website, we may need to retain it not later than 13 months or the prescription period under relevant laws.
5.4 In case, we process your personal data based on consent basis, we will process such personal data until your withdrawal of that consent or fulfill your requirement. However, we may continue to retain your personal data and withdrawal record if it is necessary for us to respond to your request in the future.
6. Disclosure of personal information
We may disclose your personal data to any third parties under the provisions of PDPA.
• It is necessary for the performance of a contract.
• Compliance with law or regulatory obligations and/or orders of regulator or government agencies (e.g. fraud prevention, tax evasion, financial crimes, etc.).
• It is necessary for law compliance, prosecution proceeding, exercise or defense of legal claims.
• It is necessary for legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to: to improve our services, to audit, to conduct risk managements, to conduct business analysis or report, to conduct internal operation management or etc. and/or
• Disclose your personal data to the public with your explicit consent.
• We may disclose your personal data to following third parties.
• Our affiliates, business partners or other persons that we have the legal relationship with, including our directors, executives, employees, staffs and, representatives.
• Other business entities, subcontractors or any service providers who provide any services to us. These include staffs or representatives of those entities.
• Any relevant persons as a result of activities relating to paying and receiving the payment.
• Other banks, financial institutions and any payment service providers.
• Any authority or agency required or permitted by law such as government, court, dispute resolution or accounting auditor.
• Any persons involved to any disputes including business transaction disputes
• Any relevant persons whom you have requested us to disclose your personal data to.
We will require third parties who are receivers of personal data we have disclosed as mentioned above to maintain confidentiality and provide appropriate security measure to protect your personal data in accordance with the standards imposed by the Personal Data Protection Laws and limit to use your personal data in accordance with lawful basis or under the specific purposes that the we have determined the third party to conduct, We may disclose your personal data to the relevant authorities or various regulatory for compliance with law.
In the event that the Company employs other persons to act as a personal data processor, the Company will investigate personal data protection measures and arrange to sign an agreement to control and protect personal data appropriately and in accordance with the rules prescribed by required law.
7. Rights of the Data Subject
You shall have rights to your personal data, and according to the PDPA these rights include:
7.1 Right to withdraw consent: You may withdraw consent to any of our processing activities on your personal data at any time, unless we have a lawful basis to deny your request and continue to process your personal data.
7.2 Right to Access: You have the right to access, review and request a physical or electronic copy of information held about you. You also have the right to request information on the source of your personal data which you haven’t given consent to us.
7.3 Right to rectification: You have a right to rectify inaccurate personal data in order to make it accurate, up-to-date, complete and not misleading.
7.4 Right to erasure: You have a right to request us to delete, destroy or anonymize your personal data.
7.5 Right to object to the processing of your personal data: Unless there are circumstances that do not allow you to make the objection, you have the right to object to the processing of your personal data under our legitimate interests. In addition, you have the right to object to the processing of your personal data for marketing purposes and useful information collection.
7.6 Right to data portability: You have a right to request us to transfer your personal data to any third parties.
7.7 Right to restrict the processing of your information: You have a right to request us to restrict the processing of your personal data in certain circumstance, such as, under a pending examination process to check if your personal data is accurate, up-to-date, complete and not misleading, or under pending examination process of verifying the lawsuit basis in processing your personal data.
7.8 Right to lodge a complaint: You have the right to make a complaint to the Personal Data Protection Committee in the case where we, our data processors, employees or contractors do not comply with PDPA or other announcements under PDPA.
In order to exercise your rights stated above, you may refer to our contact’s details under “How to contact us” stated in article 11. If you make a request, we will ask you to confirm your identity (if necessary), and to provide information that helps us to understand your request better. We expect to respond to your request within 30 days of the receipt of your request or within the period specified by law.
We have full rights to either fulfill or decline your request. We are entitled to refuse your request on statutory grounds and we will notify you of the refusal and our grounds.
8. Cookies Policy
• Functionality Cookies: We use this kind of cookies to help us recognize your device or browser and your list of favorites or most common use when visiting our corporate website, as well as assisting us to customizing the website to suit your need and enhancing our service and platform more convenient and beneficial to you.
9. Security of personal data
9.1 We implement appropriate security measures to maintain the security and confidentiality of personal data; to prevent loss, unauthorized collection, deletion, access, use, modification, correction or disclosure of personal data which strictly comply with our security standards for data protection.
9.2 We maintain, validate and update our security system to ensure a maximum level of security and reliability for your personal data processing. In the event of that, we have a right to change system security if it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety.
10. Transferring Personal Data to foreign country
- If the transfer is necessary for the performance of a contract with you or the implementation of pre-contractual measures taken at your request;
- If the transfer is necessary for the conclusion or performance of a contract in your interest between Company and another natural or legal person;
- If the transfer is necessary for compliance with the law;
- If the transfer is necessary to protect vital interests of you or other persons;
- If the transfer is necessary for important reasons of public interest.
10.2 We may store your personal data on a server or cloud service provided by third parties and may use their application, platform or software service in processing of your personal data. For this reason, we will regulate those third parties to practice; unauthorized persons mustn’t be permitted to access your personal data and appropriate safeguards shall be provided.
10.3 In the event that your personal data is transferred to foreign country, we will comply with personal data protection law and take reasonable measures to ensure that your personal data is protected, whereas you may exercise your rights in accordance with the law. In addition, we will regulate data receivers to take appropriate measures to protect your personal data and process your personal data only if it is necessary and prevent unauthorized use or disclosure of your personal data.
11. With respect to personal data collected prior to the introduction of the Personal Data Protection Act B.E. 2562
With respect to personal data collected prior to the introduction of the Personal Data Protection Act B.E. 2562, the Company is enable to continue collecting and using the personal data for the initial purposes. Any disclosures and acts other than the collection and use of personal data must be in compliance with the Personal Data Protection Act B.E. 2562.
12. How to Contact Us
If you have any questions or want to exercise your rights regarding your personal data or if there are any complaints, please contact:
Yamato Unyu (Thailand) Co., Ltd.
Address: No. 1617 Phatthanakan Road, Suan Luang Subdistrict, Suan Luang District, Bangkok 10250
Email Address: PDPA_contact@yamatothai.co.th
Telephone Number: 02-026-6828 # 1804