Notification of Guardforce Cash Solutions Security (Thailand) Company Limited
Personal Data Protection Policy of
Guardforce Cash Solutions Security (Thailand) Company Limited
Guardforce Cash Solutions Security (Thailand) Company Limited and its Subsidiaries (collectively referred to as “Company”) have realized the importance of personal data protection and have strived to maintain safety and security measures on personal data in accordance with appropriate standards at an international level. Therefore, the Company has established and disseminated this personal data protection policy (“the Policy”) to every relevant party for their acknowledgement. Such policy shall be in effect for every executive, employee, external party and contractor. In addition, the executives of every division shall be responsible for supporting, encouraging and auditing the Company’s operations to ensure their strict compliance with policies and laws relating to personal data protection as follows:
1. Personal data collection shall be conducted in a restricted manner and only when deemed as necessary as well as to comply with the established objectives, policies, handbooks and/ or guidelines set forth by the Company.
2. For the quality of data collected, the Company shall take into consideration the accuracy and appropriateness, while putting in place suitable security and risk management measures, as well as creating an awareness of, and responsibility for, the security of personal data.
3. The objectives of collection, use or disclosure of personal data, in accordance with the law, and data shall be processed according to the specified objectives. Personal data collected shall not be disclosed to any external parties except in the following circumstances:3.1 Vital interest 3.2 Contract 3.3 Official authority 3.4 Legitimate interest 3.5 Legal obligation 3.6 Research or statistics 3.7 Consent
4. To publicize and disseminate the policy, including guidelines on personal data protection via the Company’s website and to carry out other duties as stipulated by law. For example, to establish measures to support the data subject to exercise his/ her right, to specify the responsibility of the data controller and data processor as well as to appoint the DPO etc.
5. Every personnel of the Company shall have an awareness and responsibility while being ready to protect personal data of other related parties as if they were their own personal data.
The objectives of this policy are to inform every sector of the details of the collection, use or disclosure of personal data, including the transfer of such data to other countries, measures in handling and safety of personal data to ensure its strict compliance with the Personal Data Protection Act B.E. 2562 (“Personal Data Protection Act”), relevant laws and must be in line with personal data protection standards at an international level. Consequently, the Company has endeavored to collect personal data only as deemed necessary, while limiting personal data collection only to achieve the established objectives in order to prescribe the process of data collection, storage, usage and disclosure, also including other rights of the Data Subject. Company would like to announce this Policy with the following:
This Personal Data Protection Policy must be applied to personal data in which the Company may collect, use, disclose or transfer to other countries. Such personal data belong to the following groups of people:1.1 Customers which encompass both a natural person whether he/she is the Company’s present, past or future customer and employee, personnel, staff, representative, agent, authorized person of a juristic person, director, contact person and a natural person who acts on behalf of the juristic person who is also the Company’s customer 1.2 Business partners, counterparties which encompass both a natural person who is the Company’s business partner or counterparty, at present, in the past or in the future and employee, personnel, staff, representative, agent, authorized person of a juristic person, director, contact person and a natural person who acts on behalf of the juristic person who is also the Company’s customer 1.3 Shareholders, investors, including any persons interested in the Company’s investment 1.4 Visitors and external parties entering the Company’s premises whereby the Company must gather their personal data to ensure the security of the area under responsibility 1.5 CSR stakeholders or any persons whom the Company may maintain their personal data to proceed with social activities or other related purposes 1.6 Personnel, employees and applicants which include a family’s member, or a person referred to by such employee or applicant
“Company” refers to Guardforce Cash Solutions Security (Thailand) Company Limited and its Subsidiaries, including an authorized representative of such company.
“Personal Data” refer to data of a person which help identify such person, whether directly or indirectly, in which the Company has collected as notified in this Policy; for example, name, last name, nickname, address, telephone number, ID number, passport number, social security number, driver’ s license number, tax ID number, bank account number, credit card number, education background, financial status, health record, work experience, criminal record, email address, license plate number, etc. However, the following forms of data are not considered personal data such as data for business contact that does not identify such person. For example, the company’s name, address of the company, juristic ID of the company, office phone number, office email address, email address of the Company Group, anonymous data or inherent data which are considered pseudonymous data, data of the deceased person, etc.
“Sensitive Personal Data” refers to personal data stipulated by the Personal Data Protection Act as sensitive data. The Company shall collect, use, disclose or transfer sensitive personal data abroad, provided that the data subject has already given his/her consent. Sensitive personal data shall include data pertaining to nationality, race, political opinion, cult, religion or philosophy, sexual behavior, criminal record, health record, disability, trade union information such as membership data, etc. , genetic data, biometric such as facial recognition data, iris recognition data, voice identification data, fingerprint recognition data for identity authentication purposes, including other information which may affect the data subject in the same manner according to the notification of the Personal Data Protection Committee.
“Data Processor” refers to the collection, use or disclosure of personal data
“Data Subject” refers to a person who owns such personal data, but not in a case that the person has ownership or is the creator or collector of such data. The data subject shall refer to a natural person and does not include a juridical person constituted by law such as company, association, foundation or any other organizations.
While browsing the Company’s website, cookies may be placed in the viewer’s device, while data may be collected automatically. Some cookies may be required in order to facilitate the proper operation of the website, whereas others shall be used to facilitate the viewers and enable them to browse additional information regarding the Company’s cookies policy.
The Company may review, improve and change this Personal Data Protection Policy from time to time to ensure its consistency with relevant guidelines, laws, rules and regulations. Nonetheless, upon any changes in this Policy, the Company shall publish the revised policy via the Company’s website, including other channels.
The Company shall maintain personal data as long as deemed necessary and appropriate in order to achieve the objectives specified in this Policy. The Company shall take into consideration the appropriate data retention period, contract period, prescription, including the necessity to further data collection for the duration required for the purpose of legal compliance, internal and external audit or audit of major shareholders, assessment, constitution or exercising of legal claim.
The Company shall maintain and keep your personal data in a safe and appropriate manner, whether in a form of document, computer and electronic system. Thus, you can be confident of the Company’s security measures which are appropriate and in line with international standards in order to prevent any losses, accesses, uses, changes, rectifications or disclosures of personal data improperly or without legitimate authorization.
Nonetheless, the Company has restricted the access and use of technology on the safety of your personal data to prevent any unauthorized accesses to computer or electronic system. Besides, in a case that your personal data may be disclosed to the external party who processes data or to the data processor, the Company shall supervise such person to proceed appropriately and in compliance with the order.
The consent given by the data subject to the Company for the objectives of collection, use and disclosure of personal data shall remain usable until the data subject revokes his/her consent in a written document. The data subject can revoke his/ her consent or withhold the use or disclosure of personal data in order to proceed with any activities which can be achieved by sending the data subject’s request to the Company for acknowledgement in a written document or via email to PDPAcenter@guardforcecash.co.th
Furthermore, the data subject is entitled to request his/ her legal rights within the criteria stipulated by the Personal Data Protection Act as indicated below:
Attention : Data Protection Officer (DPO)
Email : PDPAcenter@guardforcecash.co.th
Address : PDPA Center Guardforce Cash Solutions Security (Thailand) Company Limited No.96 Vibhavadi Rangsit Road, Talad Bangkhen Sub - District, Laksi District, Bangkok 10210
Telephone : 02 973 6000 Ext 333 or 339
The executives, employees, the Company and associated companies, companies under IRPC Group shall regularly perform self-audits to ensure that their operations are in line with the policies, guidelines, handbooks and laws and whether such operation is involved with personal data as well as how to operate in accordance with the Policy. Besides, they shall also:
The Company may review and improve the Personal Data Protection Policy or guidelines on a regular basis to ensure their compliance with relevant laws. Nonetheless, if there are any improvements, changes or rectifications, the Company shall notify such improvements, changes or rectifications.
Announced on 1 June 2022
Mr. Kwok Wing Chu
Guardforce Cash Solutions Security (Thailand) Company Limited