About Processing of Personal Data

About Processing of Personal Data

KTL INTERNATIONAL LOGISTICS (THAILAND) CO., LTD. – PRIVACY POLICY ON PROCESSING OF PERSONAL DATA


 

You may find under below headings how your personal data will be collected, used or disclosed (“processed”) by 

KTL INTERNATIONAL LOGISTICS (THAILAND) CO., LTD. (“Company”)

 

a) What is Personal Data?

Any kind of information about or relating to an identified or identifiable person whether directly or indirectly is regarded as personal data. In that context, not only that information enabling to identify a person such as name, surname, birth date and birth place, but also information relating to that person’s physical, marital, economic, social and similar characteristics are considered as personal data. A real person becomes identified or identifiable when available data could be correlated in any manner to that person. Therefore, such identification could be made when the data contains physical, economic, cultural, social or psychological information about the person or when they could be correlated to any record relating to the identity, taxation, social security number etc. of that person. As a result, personal data could be defined as data enabling identification of that person even if indirectly and it includes but is not limited to name/surname, phone number, plate number of the motor vehicle, social security number, passport number, CV, photos/pictures, visuals and audio records, fingerprints, genetic data, and similar information.

 

b) Who is a Related Person?

Related person is a real person whose personal data will be used. Related person includes but is not limited to employees, employee candidates, trainees, guests, suppliers, customers and all real persons and legal entities employed by the Company for its business affairs. 


c) Who is a Data Controller?

The Company will be the person who has power and duties to make decisions regarding the collection, use, or disclosure of your personal data. Under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), the Company is in the position of a data controller. 

 
d) What personal data we collect?

We collect and retain the following types of personal data:

1. Personal information such as name, surname, age, birthday, ID card number, signature and copy of ID card;

2. Contact information such as address, telephone number and e-mail;

3. Technical data such as internet protocol (IP) address and Cookies.

 

The PDPA places restrictions on collecting sensitive personal data about you (for example, information about your racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data or biometric data). Generally, we have no need to collect this kind of data. However, if there is any requirement to do so, we may collect such data, provided that you consent has been given.

 

e) Why do we process your personal data?

Personal data will be processed for the following purposes:

Delivery of goods or customs activities which we performed on behalf of you, billing purposes, communication for business affairs between you and the Company.

 

In addition, please be informed that we will process your personal data only when you have given your consent prior to or at the time of such processing, except the case where it is permitted by the PDPA or any other laws to do so.

 

The cases where it is permitted by the PDPA are:

 

In case where you are required to provide your personal data for compliance with laws, or a contract, or where it is necessary to provide the personal data for the purpose of entering into the contract with us and you reject to provide us such Personal Data, your rejection may affect us to be unable to provide or perform our services to you wholly or partly.
 

f) How do we secure your personal data?
Our Company will use proper measures to process your personal data and take any and all technical, organizational and administrative security measures which are in accordance with the PDPA in order to prevent illegal processing of personal data and unauthorized access to personal data and to ensure safe keeping of the personal data.

g) When do we share your personal data?

Personal data may be shared with:

1. the business partners, suppliers, outsourced service providers whom we have executed a data processing agreement;

 

2. the shareholders of the Company, our affiliated companies, our group of company, provided that the collection, use, or disclose will be in accordance with the purpose under this policy;

 

3. legally authorized public establishments and organizations which we are obliged to comply with.

 


In any case, your personal data will be shared only when (1) it is necessary for providing or performing our services requested by you; (2) it is the disclosure within our affiliated companies which is under the purposes specified in this policy; (3) it is necessary to comply with the laws or legal proceeding or order of competent authorities which requires the disclosure of your personal data; or (4) the personal data is in a form of anonymized data. 

 

Our Company will take necessary security measures before sharing any of your personal data.

 

If your personal information will be disclosed to recipients overseas, those recipients are required to protect your personal information in a manner that is the same as, or similar to, the protections afforded under PDPA.

 

Access to personal data is limited to those Related Person who need to access your personal data. We will ensure that the Related Person complies with PDPA, however, we will not be held responsible for events arising from the unauthorized access to your personal data or the failure of any third party or outsourced service providers to comply with PDPA.



h) What are the Methods of Personal Data Collection and what are the relevant legal reason?
In order to continue with its activities, the Company will collect your personal data directly from you or may obtain the same from the legally authorized public establishments and organizations, or data providers, as well as information from our business partners or related and affiliated companies in Thailand or internationally which you have a relationship with.

 

We have lawful rights to process your personal data when:



i) How long personal data is collected and held

We hold your personal data for as long as necessary for the aforementioned purposes for which they were collected or otherwise processed, for compliance with a legal obligation to which we are subject, or for the establishment, exercise or defense of legal claims.

 

j) What are your rights under Law regarding your personal data?

You have the right under the law in regard to your personal data as follows:

 

In the event that you exercise your right to object to processing of your personal data, we will no longer be able to collect, use, or disclose such personal data, and we will immediately distinguish such personal data clearly from the other matters at the time when you give the notice of objection to us.

 

However, we may reject your request to exercise the right to objection if we can prove that:

(a) the collection, use, or disclosure of such personal data can be demonstrated by us that there is a compelling legitimate ground; or

(b) the collection, use, or disclosure of such personal data is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims.


You may file a written application to us if you want to exercise your rights detailed above and send that application to the address given below. If new application methods are determined by the Personal Data Protection Committee of Thailand, personal data will provide necessary information about these methods.


Such applications will be finalized as soon as possible or at latest within 30 days on free of charge basis. However, if the relevant procedure requires any additional costs permitted by the relevant laws. However, this fee will be refunded if it is understood that the application was made due to mistake of the Company (data controller). 


k) Application Methods and Contact Details

You may contact us to exercise your rights in regard to your personal data, please contact as by email at kvkk.international@kinaygroup.com 

 

In addition, you may use the Application Form provided above, containing your identity details, the rights you would like to exercise and subject of your request and send this Application Form to the address indicated on the form by means of registered letter.

 

l) Updates to Privacy Policy 

We may modify this privacy policy at any time. Any changes to this policy become effective one week after we publish it online. If you do not agree with changes to this Privacy Policy, you should terminate your account with us.