- What is cookies? Cookies is a small text file that will be installed or saved on your computer or electronic device when you visit the website. Cookies remembers your use of this website, and we will also refer to other similarly functional technologies as Cookies.
- Analytic Cookies. This type of Cookies collects data about your use of the website in order to enable us to measure, evaluate, improve and develop our contents, products/services and website in order to enhance good experience on your use of the website. Provided, however, that if you should not give us your consent in so doing, we would not be able to measure, evaluate and develop the website.
- Functional Cookies: This type of Cookies helps to remember computer data or electronic device that you use to visit this website, registration or log in data, settings or data on the options you have made on the website: such as; the language displayed on the website in order to enable you to use the website more conveniently without requiring you to give new or resetting data each time you use the website. However, if you do not give us your consent to our use of this type of Cookies, you may not be able to use the website easily and efficiently.
- Targeting Cookies. This type of Cookies collects data which may include: Your personal data and the creation of a profile about yourself in order to enable us to analyze and present the contents, products/services and/or advertisements that suit your interests, provided, however, that if you should not give us consent to use this type of Cookies, you may receive general data and advertisements that do not match your interests.
- Cookies Management You can choose to set the Cookies of each type by making the settings in your web browser: for example; prohibiting the installation of Cookies on your device. Provided, however, that the closure of the Cookies’ function may result in your inability to use your website effectively.
Terms and personal right
In order to comply with the Personal Data Protection Act, B.E. 2562, general public, entrepreneurs, and operators in both public sector and private sector should study the roles and rights of persons related to the information, dividing into 3 groups of related persons, as follows :
- General public in the status of data subject who should be aware and understand about their right, read the terms and objectives carefully before giving consent to give information
What are the right of personal data subject?
For this, there should be keeping of records of evidence. If it is found that personal data is misused for the agreed objectives, it can be used as evidence in complaining to expert committee.
- Date Controller : personal data controller is a person, or juristic person who has authority and duty to make decision related to collection, use, or disclosure of personal data, to deal with this Act. Personal data controller may start from setting budget and requesting for management’s support for adding safety to personal data. Then there shall be setting up of group of Data Protection Officer in the organization to specify the type, to distribute the information, explain about the objectives, review the Data Protection Policy and prepare the terms and guidelines, for protection of personal data, as well as making documents of safety measures. Furthermore, personal data controller must promote improvement and development of breach notification process and design the system, service and products, by realizing privacy by Design & Security by design and focusing for employees, personnel and customers, realizing about protection of personal data and organize training to provide knowledge and develop necessary skills for protecting personal data to personnel in the organization.
- Data Processor : Personal Data processor is a person or juristic person operating about collection, use, or disclosure of personal data, who will do the duty of collecting, using or disclosing information according to the order or in the name of Personal Data Controller. The processor will arrange the information safety taking care measures to be appropriate, prepare and keep the record of report. Where there is any violation, the personal data controller shall be informed. The Personal Data Protection Act, B.E. 2562 shall apply to entrepreneurs residing in Thailand, whether keeping of data, use of data, or disclosure of data occurs in the country or in foreign countries, if there is committing of offence, punishment will be given as specified by laws. Therefore, the related persons should strictly take care of personal data.
Punishment of offender
- Criminal penalty
- Highest imprisonment: 1 year
- Highest fine up to 1 million Baht
- Civil penalty
- Paying actual damage, including compensation for highest punishment of two times of actual damage
- Administrative penalty
- Fine not over 5 million Baht
- 2.1 Processing means any action with personal data, such as collecting of data, recording, organizing, structuring, keeping, updating, changing, recovering, using, disclosing, forwarding, disseminating, transferring, merging, deleting, destroying.
- 2.2 Personal Data means data ion relating to natural person; personal helps identify such person; directly or indirectly, such as name, surname, e-mail, telephone number, IP address, photographs, race, religion, political opinion, genetic data, biometric data.
- 2.3 Data Subject means natural person whose personal data can identify the person, directly or indirectly.
- 2.4 Data controller means natural person or juristic person having authority and duty to decide relating with personal data processing.
- 2.5 Data processor means natural person or juristic person who does the work relating with processing of personal data according to the order or on behalf of data controller.
- 2.6 The company means Crown Seal Public Company Limited and subsidiary companies according to the consolidated financial statement of Crown Seal Public Company Limited
- The company will provide personal data protection governance structure to determine the appropriate methods and measures to comply with the law as follows:(1) Specifying organizational structure, including clearly defining the roles, missions and responsibilities of relating working units and operators, in order to build mechanism for governance, controlling, responsibility, operation, enforcement and monitoring of personal data protection measures according to the law and the company’s personal data protection policy. (2) Appoint the Company’s Data Protection Officer (DPO) having roles and duties as specified in the Company’s personal data protection policy.
- The company will prepare policies, standards of work, guidelines, procedures and other documents related to personal data protection, according to the law and the Company’s personal data protection policy.
- The company will arrange policy management process, to control complying with the Company’s personal data protection policy continuously.
- 4.1 The company will process personal data, both as personal data controller and personal data processor to be lawful, fair, transparent and realizing the accuracy of personal data and the duration of personal data keeping, to do so as necessary under the legal objectives and guidelines for doing business of the company. The company will also maintain confidentiality. Accuracy and completeness and safety of personal data sufficiently.
- 4.2 The company will arrange process and control to manage personal data in every step, according to the law and the Company’s personal data protection policy.
- 4.3 The Company will prepare and maintain Records of Processing (RoP) for recording particulars and activities related to the processing of personal data, to comply with the law, as well as the company will improve Records of Processing of personal data, when there is a change of the involved particulars or activities.
- 4.4 The company will arrange clear process to ensure that the notice of the objectives of collection and the details of privacy notices and the request for consent from the personal data subject complies with the law, as well as providing measures for taking care and inspecting on such matters.
- 4.5 The company will provide mechanism to inspect the accuracy of personal data, including providing a mechanism for correcting personal data to be correct.
- 4.6 In case the company delivers, transfers or allows other persons to use personal data, the company will make an agreement with those who receive or use the personal data to determine their rights and duties, according to the law and the Company’s personal data protection policy.
- 4.7 In case the company delivers, or transfers personal data to other countries, the company will comply with the law.
- 4.8 The company will destroy personal data upon the expiration of the period., by acting to comply with the law and business practices of the company.
- 4.9 The company will evaluate the risks and make measures to mitigate the risks and reduce the impact that will occur on the processing of personal data.
- 6.1 The company will provide sufficient measures for the personal data security, as well as taking steps to prevent the leakage of personal data and the unauthorized use of personal data.
- 6.2 The Company will arrange Privacy Incident Management Policy and Incident Response Program, in order to identify and deal with unusual incidents that are related to personal data immediately.
- 6.3 The company will provide a process for notifying the personal data subject, as well as government official who is the controller of personal data (In case that the company is processor of personal datajointly) and other persons to comply with the law.
- 7.1 The company will arrange follow-up process in case the law changes and update personal data protection measures to be up-to-date and to comply with the law always.
- 7.2 The company will review and update the Policy, Standards, Guidelines, Procedures and other documents related to the personal data protection regularly, to be up-to-date and according to the law and situation of each period.
- Roles, duties and responsibility
Personal Information Request Form