Policy on the Use of Cookies
The policy on the use of this Cookies will explain the type, reason and nature on the use of Cookies including how to manage Cookies of all websites of Crown Seal Public Company Limited with the details as follows:
- What is cookies? Cookies is a small text file that will be installed or saved on your computer or electronic device when you visit the website. Cookies remembers your use of this website, and we will also refer to other similarly functional technologies as Cookies.
- How do we use cookies? We use Cookies when you visit our website. Our use of Cookies can be divided according to the nature of the use as follows:
- Analytic Cookies. This type of Cookies collects data about your use of the website in order to enable us to measure, evaluate, improve and develop our contents, products/services and website in order to enhance good experience on your use of the website. Provided, however, that if you should not give us your consent in so doing, we would not be able to measure, evaluate and develop the website.
- Functional Cookies: This type of Cookies helps to remember computer data or electronic device that you use to visit this website, registration or log in data, settings or data on the options you have made on the website: such as; the language displayed on the website in order to enable you to use the website more conveniently without requiring you to give new or resetting data each time you use the website. However, if you do not give us your consent to our use of this type of Cookies, you may not be able to use the website easily and efficiently.
- Targeting Cookies. This type of Cookies collects data which may include: Your personal data and the creation of a profile about yourself in order to enable us to analyze and present the contents, products/services and/or advertisements that suit your interests, provided, however, that if you should not give us consent to use this type of Cookies, you may receive general data and advertisements that do not match your interests.
- Third-Party Cookies: Our website uses Cookies by a third party. The functional nature and settings are in accordance with the Cookies in Clause 2. You may not elect to set the use of the Cookies only by the third party, but, we have no control over the use of the data by such third party. You can check the list of third parties, Privacy Notice and Third Party Cookies Policy which differs from our website, at such third party website.
- Cookies Management You can choose to set the Cookies of each type by making the settings in your web browser: for example; prohibiting the installation of Cookies on your device. Provided, however, that the closure of the Cookies’ function may result in your inability to use your website effectively.
Terms and personal right
In order to comply with the Personal Data Protection Act, B.E. 2562, general public, entrepreneurs, and operators in both public sector and private sector should study the roles and rights of persons related to the information, dividing into 3 groups of related persons, as follows :
- General public in the status of data subject who should be aware and understand about their right, read the terms and objectives carefully before giving consent to give information
What are the right of personal data subject?
For this, there should be keeping of records of evidence. If it is found that personal data is misused for the agreed objectives, it can be used as evidence in complaining to expert committee.
- Date Controller : personal data controller is a person, or juristic person who has authority and duty to make decision related to collection, use, or disclosure of personal data, to deal with this Act. Personal data controller may start from setting budget and requesting for management’s support for adding safety to personal data. Then there shall be setting up of group of Data Protection Officer in the organization to specify the type, to distribute the information, explain about the objectives, review the Data Protection Policy and prepare the terms and guidelines, for protection of personal data, as well as making documents of safety measures. Furthermore, personal data controller must promote improvement and development of breach notification process and design the system, service and products, by realizing privacy by Design & Security by design and focusing for employees, personnel and customers, realizing about protection of personal data and organize training to provide knowledge and develop necessary skills for protecting personal data to personnel in the organization.
- Data Processor : Personal Data processor is a person or juristic person operating about collection, use, or disclosure of personal data, who will do the duty of collecting, using or disclosing information according to the order or in the name of Personal Data Controller. The processor will arrange the information safety taking care measures to be appropriate, prepare and keep the record of report. Where there is any violation, the personal data controller shall be informed. The Personal Data Protection Act, B.E. 2562 shall apply to entrepreneurs residing in Thailand, whether keeping of data, use of data, or disclosure of data occurs in the country or in foreign countries, if there is committing of offence, punishment will be given as specified by laws. Therefore, the related persons should strictly take care of personal data.
Punishment of offender
- Criminal penalty
- Highest imprisonment: 1 year
- Highest fine up to 1 million Baht
- Civil penalty
- Paying actual damage, including compensation for highest punishment of two times of actual damage
- Administrative penalty
- Fine not over 5 million Baht
Privacy Policy of the Company
Crown Seal Public Company Limited (“the Company”) respects the privacy rights of customers, shareholders, employees and persons related to the Company and in order to be sure that such persons’ right will be protected
fully under the law on personal data protection, therefore, the Board of Directors of Crown Seal Public Company Limited approved for the use of the Company’s privacy policy, so that the company will have criteria, mechanism,
governance measures and management of personal data clearly and appropriately.
- Scope of application The Privacy Policy is applicable to the company, employees and persons relating with the data processing of personal data according to the instruction, or in the name of the company.
- Definition
- 2.1 Processing means any action with personal data, such as collecting of data, recording, organizing, structuring, keeping, updating, changing, recovering, using, disclosing, forwarding, disseminating, transferring, merging, deleting, destroying.
- 2.2 Personal Data means data ion relating to natural person; personal helps identify such person; directly or indirectly, such as name, surname, e-mail, telephone number, IP address, photographs, race, religion, political opinion, genetic data, biometric data.
- 2.3 Data Subject means natural person whose personal data can identify the person, directly or indirectly.
- 2.4 Data controller means natural person or juristic person having authority and duty to decide relating with personal data processing.
- 2.5 Data processor means natural person or juristic person who does the work relating with processing of personal data according to the order or on behalf of data controller.
- 2.6 The company means Crown Seal Public Company Limited and subsidiary companies according to the consolidated financial statement of Crown Seal Public Company Limited
- Privacy Policy: Personal Data Protection Governance
- The company will provide personal data protection governance structure to determine the appropriate methods and measures to comply with the law as follows:(1) Specifying organizational structure, including clearly defining the roles, missions and responsibilities of relating working units and operators, in order to build mechanism for governance, controlling, responsibility, operation, enforcement and monitoring of personal data protection measures according to the law and the company’s personal data protection policy. (2) Appoint the Company’s Data Protection Officer (DPO) having roles and duties as specified in the Company’s personal data protection policy.
- The company will prepare policies, standards of work, guidelines, procedures and other documents related to personal data protection, according to the law and the Company’s personal data protection policy.
- The company will arrange policy management process, to control complying with the Company’s personal data protection policy continuously.
- The company will train its employees constantly, to make employees of the company to realize the importance of personal data protection and ensure that all relevant employees of the company are trained and have knowledge and understanding in personal data protection and comply with the company’s privacy policy.
- Privacy Policy: Protection of personal data policy: Personal Data Processing
- 4.1 The company will process personal data, both as personal data controller and personal data processor to be lawful, fair, transparent and realizing the accuracy of personal data and the duration of personal data keeping, to do so as necessary under the legal objectives and guidelines for doing business of the company. The company will also maintain confidentiality. Accuracy and completeness and safety of personal data sufficiently.
- 4.2 The company will arrange process and control to manage personal data in every step, according to the law and the Company’s personal data protection policy.
- 4.3 The Company will prepare and maintain Records of Processing (RoP) for recording particulars and activities related to the processing of personal data, to comply with the law, as well as the company will improve Records of Processing of personal data, when there is a change of the involved particulars or activities.
- 4.4 The company will arrange clear process to ensure that the notice of the objectives of collection and the details of privacy notices and the request for consent from the personal data subject complies with the law, as well as providing measures for taking care and inspecting on such matters.
- 4.5 The company will provide mechanism to inspect the accuracy of personal data, including providing a mechanism for correcting personal data to be correct.
- 4.6 In case the company delivers, transfers or allows other persons to use personal data, the company will make an agreement with those who receive or use the personal data to determine their rights and duties, according to the law and the Company’s personal data protection policy.
- 4.7 In case the company delivers, or transfers personal data to other countries, the company will comply with the law.
- 4.8 The company will destroy personal data upon the expiration of the period., by acting to comply with the law and business practices of the company.
- 4.9 The company will evaluate the risks and make measures to mitigate the risks and reduce the impact that will occur on the processing of personal data.
- Privacy Policy: Data Subject Rights: The company will provide measures, channels and methods for the personal data subjects to exercise their rights as specified by law, as well as the company will record and evaluate response to requests to exercise the rights of the personal data subjects.
- Privacy Policy: Personal data security
- 6.1 The company will provide sufficient measures for the personal data security, as well as taking steps to prevent the leakage of personal data and the unauthorized use of personal data.
- 6.2 The Company will arrange Privacy Incident Management Policy and Incident Response Program, in order to identify and deal with unusual incidents that are related to personal data immediately.
- 6.3 The company will provide a process for notifying the personal data subject, as well as government official who is the controller of personal data (In case that the company is processor of personal datajointly) and other persons to comply with the law.
- Privacy Policy: Personal Data Protection Compliance
- 7.1 The company will arrange follow-up process in case the law changes and update personal data protection measures to be up-to-date and to comply with the law always.
- 7.2 The company will review and update the Policy, Standards, Guidelines, Procedures and other documents related to the personal data protection regularly, to be up-to-date and according to the law and situation of each period.
- Roles, duties and responsibility
- 8.1 The Board of Directors has roles, duties and responsibility as follows: (1) To supervise to create the personal data governance structure and the relevant internal control of the company, in order to comply with the law and privacy policy of the company. (2) To supervise and support the company to effectively protect personal data and to comply with the law.
- 8.2 Privacy Committee The Risk Management Committee shall act as the Personal Data Protection Committee with roles, duties and responsibility as follows: (1) To arrange personal data supervision structure and relevant internal control, as well as Privacy Incident Management Policy and Incident Response Program, in order to be able to identify and deal with unusual events related to personal data immediately. (2) Evaluate the efficiency of the company’s privacy policy and report about the results of the evaluating to the Board of Directors regularly at least once per year and supervise to ensure that all risks related to personal data are managed and there are appropriate risk management guidelines. (3) Specify and review standard of work and guidelines so that the Company’s operation will comply with the law and the Company’s privacy policy. (4) Appoint Data Protection Officer of the Company (DPO).
- 8.3 Executives have roles, duties and responsibility to monitor and supervise the working unit taking care the policy to comply with the Company’s Privacy Policy and promote realizing and awareness among the company’s employees.
- 8.4 The Company’s Data Protection Officer (DPO) has roles, duties and responsibility as specified by law which includes the following duties: (1) To report the status of personal data protection to the Personal Data Protection Committee and prepare recommendations to improve the protection of personal data of the company to be up-to-date and complying with the law. (2) To give advice to employees of the company about complying with the company’s privacy policy. (3) To inspect the operation of working units of the company to comply with the law and the Company’s privacy policy.
- 8.5 The Company employees have roles, duties and responsibility as follows: (1) To comply with the Company’s privacy policy, standard of work, guidelines, procedures and other documents related to the privacy policy. (2) To report unusual events related to the personal data protection and non-compliance with the law and the Company’s privacy policy to the supervisor.
- Punishment for failing to comply with the Company’s privacy policy Any person fails to comply with the Company’s privacy policy may have wrongdoing and may be punished by disciplinary action, as well as the person may be punished as required by law.