Data Privacy Policy
Due to the online identify theft crimes and illegal data access behaviours which can cause damage to the data subjects in respect of one’s identity or property and directly affect the social life, the Thai government has established measures to protect the personal information in order to comply with the international data protection standards and General Data Protection Regulations (GDPR) through Personal Data Protection Act B.E. 2562.
Metro Systems Corporation (Public) Company Limited, the “Company”, recognizes the importance of keeping your personal information in possession and any other actions in connection with your personal information to be a standard according to the Personal Data Protection Act B.E. 2562. For your confidence and trust, the Company has, therefore, implemented a Data Privacy Policy in accordance with the measures to support any process related to your personal information with security and efficiency under the Company’s supervision and control.
Definitions
“Personal Data” means any information relating to a person which enable to identify such person, whether directly or indirectly, such as name, surname, age, date of birth. ID card number, contact information, such as residence, workplace, telephone number, including any other information which is considered as personal information, such as website usage data, comments or sensitive data, excluding the information of the deceased persons in particular.
“Person” means a natural person.
“Data Controller” means an individual or a juristic person with authority to make decisions regarding the personal information collection, usage or disclosure.
“Data Processor” means an individual or a juristic person who processes, collects, uses or discloses any personal information in accordance with an order or on behalf of a data controller. In this regard, the person or juristic person who performs such operations shall not be a data controller.
Data Privacy Measures
The Company will operate as necessary and reasonable with technical methods and working methods of the agency for your personal information protection. If the Company uses any personal information in processing the data privacy for the Company’s operations, the Company will ensure that such personal information will be processed under the data privacy measures.
The use of personal information given to the Company will be used for the purpose of agreed operation. Only some information, such as position, duties and department details may be processed as combined data through anonymization technique for the analytical and statistical benefits. The Company will do not sell or distribute your personal information under any circumstances.
The personal data collecting in accordance with the Personal Data Protection Act includes the use of technology to store the data through cookies browser. Therefore, by refusing to give a consent on the Company’s website will suspend the collection of personal information.
If there is any update on personal information required or any action granted under the Personal Data Protection Act , please inform the Company to perform such operations via the Company’s website or available contact channels as specified at the end of the Data Privacy Policy.
Personal Information Security
The Company has established various standard measures and IT security requirements to prevent data leakage, including personal data access and storage management. All personal data processing will be secured without data leakage to the possession of others or any misuse from the original purpose or consent of the data subject, as well as disclosure to others or public without the consent of the data subject or requirements as specified by law.
In this regard, the Company regularly and carefully reviews all the personal data to ensure proper security and prevent unauthorized access without the consent of the data subject, including data protection from various privacy violations
The Company will not transmit any personal data to the third parties, except with the consent of the data subject and such third parties must have standards for personal information protection at the level as required by laws and the Personal Information Protection.
Company’s Operation Relating to Personal Data
The Company may transmit or transfer the personal data between Metro Systems Corporation (Public) Company Limited and its subsidiaries for the purpose of solution improvement or development as necessary and appropriate, such as marketing, purchasing or service information and other communications related to the Company’s operation in accordance with its rights granted under the Personal Data Protection Act or with the data subject’s consent.
Data subject’s Rights
Under the Personal Data Protection Act B.E. 2562 in the processing of personal data, the Company shall inform of the data subject’s rights. Regarding the personal data provided to the Company, the data subject’s rights under the Data Privacy Policy shall include the following rights:
– To access personal data
– To amend and update the personal data
– To withdraw a consent
– To object the collection, use or disclosure of personal data
– To request for a suspension of personal data usage
– To request for a deletion or destroy of personal data
– To transfer personal data
Personal Data Processing
Contract:
The Company will process your personal data to comply with trade, services and any other operations as provided by the data subject to the Company through data processing under Section 24 (3) in the contract.
Consent:
The Company will use the personal data for only purposes as specified in the consent or as required by law.
Legitimate Interest
The Company will use or act in connection with the personal data for legitimate interest in accordance with
Section 24 (5) as in the following cases:
– To estimate data processing as necessary
– The data used for processing must be publicly available and not be a sensitive information.
– Low personal data protection risk
– There are ways to choose not to receive information or communication easily.
Legal Obligation
The Company may take any actions in connection with the personal data to comply with the legitimate orders and other laws, such as securities and stock exchange laws, tax laws or court orders, etc.
Vital Interest
The company may process or take any actions in connection with the personal information, such as sensitive data, health data or tracking and monitoring during the epidemic situations by aiming to prevent and suppress any incidents that may affect or be harmful to the data subject or the Company.
Personal Data Storage
According to the principle of collecting personal information as necessary, the Company will maintain the personal information as long as a period of time necessary for the data storage purposes in accordance with the following laws:
– The period of contractual data processing basis and the legitimate interest basis are specified for 5 years.
– When the specified storage period has expired, the Company will delete and destroy or make such personal data unidentifiable.
Personal Data Obtained Prior to the Enforcement of the Personal Data Protection Act
The personal data storage in accordance with the Company’s Data Privacy Policy shall mean the operations conducted on behalf of the Company, whether as a data controller or a data processor. The Company will keep the data confidential only for trading and business interest or the mutual interest between the data subject and the Company. This includes any information, whether in the forms of characters, images, speech or any other forms, including a copy, report, memorandum of the contract, attachment of the contract or any documents created by the recipient of the information or received related to the contract or obtained in other ways legally.
However, if you wish to request for any withdraw of personal data, either wholly or partly, please contact the Company at the available channel as specified below hereof for further data deletion or destroy processes.
Contact
If you have any questions relating to Company’s Data Privacy Policy or personal data processing methods, please contact us at:
Metro Systems Corporation (Public) Company Limited
400 Chaloemphrakiat Rama 9 Road, Nong Bon,
Prawet, Bangkok 10250
Email: [email protected]
Phone: 02-089-8466 (Data Protection Officer)
Website: www.metrosystems.co.th
This Data Privacy Policy has been approved by the Board of Directors’ Meeting No. 3/2020, on: 15 May 2020 and is effective from 15 May 2020.