Lion Corporation (Thailand) Limited
Lion Corporation (Thailand) Limited and its subsidiaries are aware of the importance of the Personal Data Protection Act, B.E. 2562 (2019). As the Company has collected, used and disclosed the personal data of customers, employees, job applicants, personnel, and other persons relating to the Company, this Privacy Policy has been made to describe the details of collection, use or disclosure of personal data, period of personal data retention and destruction, rights of data subjects in connection with the operation and service provision of the Company for the relevant parties to acknowledge and practice.
1. Scope of application
This Privacy Policy covers all personal data processed by the Company. Any persons who know the personal data due to their involvement in the Company’s operation shall be required to comply with the law and this Privacy Policy.
2. Definitions
“Company” means Lion Corporation (Thailand) Limited.
“Persons” mean natural persons.
“Data Subject” means the natural persons who own the personal data.
“Personal Data” means any data relating to the persons and can identify those persons directly or indirectly, excluding the deceased persons.
“Sensitive Personal Data” means the personal data relating to nationality, ethnicity, political opinion, genetics, biodata, or any other data which may affect the data subjects in the similar way as determined by the Personal Data Protection Committee.
“Personal Data Processing” means any actions relating to collection, use and disclosure of the personal data.
“Personal Data Controller” means any persons or juristic persons who hold the power to make a decision about personal data collection, use and disclosure.
“Personal Data Processor” means any persons or juristic persons who perform in connection with the collection, use and disclosure of personal data in accordance with the orders or on behalf of Personal Data Controller provided that the persons or juristic persons shall not be the Personal Data Controller.
3. Personal Data Collection
The Company shall collect the Personal Data with the sources of Personal Data, purposes and principles of collection of Personal Data as follows:
3.1 Sources of Personal Data
3.1.1 Collect Personal Data directly from the Data Subjects such as collection of Personal Data through the completion of Personal Data on documents and/or forms and/or surveys of the Company both in paper and online form or through access to electronic system or website of the Company through cookies.
3.1.2 Collect Personal Data from other sources except the Data Subjects such as searching Personal Data through electronic system or website or inquiry of the third party provided that the Data Subjects shall be notified without delay within 30 days from the date of the Company’s collection of Personal Data from the said sources and shall arrange the request for consent for collection of Personal Data from the Data Subjects as determined by Personal Data Protection, B.E. 2562 (2019) and other relevant laws.
3.2 Purposes and principles of Personal Data collection
3.2.1 The Company shall collect Personal Data as necessary for the lawful purposes which have been notified to the Data Subjects prior to or during the collection. These include the purposes of service provision, improvement of service efficiency, verification for analysis and preparation of documents as required by other agencies or organizations relevant to or involved in the Company’s business, for internal management of the Company, and human resources management of the Company. The Company shall expressly request consent from the Data Subjects prior to or during the collection, except for the following cases where the Company is permitted by the law to collect Personal Data without consent:
(1) For the purposes relating to preparation of historical documents or archives for the public benefits or relating to studies, research and statistics for which the Company shall arrange the most appropriate preventive measures to protect the rights and freedom of the Data Subjects
(2) For protecting or preventing danger to life or health of Persons
(3) It is necessary for compliance with the agreement in which the Data Subjects are the party or for fulfilling the requests of the Data Subjects prior to entering into such agreement
(4) It is necessary for performance of the public service missions of the Personal Data Controller or performance of the government’s powers assigned to the Personal Data Controller
(5) It is necessary for the lawful benefits of the Personal Data Controller or other Persons or juristic persons who are not the Persona Data Controller unless such benefits are less important than the fundamental rights in the Personal Data of the Data Subjects
(6) For the Personal Data Controller to comply with the law.
3.2.2 In the case that the Data Subjects are required to provide Personal Data to comply with the law or required to provide Personal Data to enter into a contract or for any other purposes, if the Data Subjects fail to provide such data, the transactions or any other activities relating to the Data Subjects may be temporarily suspended or interrupted until the Company receives the data from the Data Subjects. This is because the Company cannot process such data or it is determined by the law that the transactions or activities shall not be provided any longer.
3.2.3 To collect Sensitive Personal Data, the Company shall expressly request consent from the Data Subjects prior to or during the collection of Sensitive Personal Data under the rules determined by the Company without conflict with the law.
4. Personal Data use and disclosure
To use and disclose Personal Data, the Company shall person in accordance with the purposes and principles that align with the provision of Clause 3.2 Purposes and principles of Personal Data collection. The Company may disclose the Personal Data to the external agencies or persons on a need-to-know basis upon consent of the Data Subjects unless permitted to do so within the scope of law. However, Personal Data may be disclosed to the outsiders, external organizations or government agencies as follows:
(1) Subsidiaries and affiliated companies
(2) Suppliers, contract parties, service providers, business partners of the Company and/or dealers
(3) Credit bureau, financial institutions and/or banks
(4) Government agencies with legal powers
(5) Other agencies or organizations which may be relevant to or involved in the Company’s business operation and/or other legal entities
5. Period of retention of Personal Data
The Company shall retain the Personal Data for the following period:
5.1 For the period specified by the law specifically concerning Personal Data retention
5.2 In the case that the Company has not indicated the specific period of retention of Personal Data, the Company shall retain Personal Data as necessary to fulfill the purposes determined in the said Personal data Processing. The Company shall determine the retention period by taking account of suitability for its operation.
After the above retention period, the Company shall delete, destroy or make Personal Data unidentifiable to the Data Subjects.
6. Personal Data security
The Company shall implement appropriate security measures to prevent robbery or breach of Personal Data, loss, unauthorized or illegal access, use, modification, alteration, or disclosure of Personal Data.
7. Breach of Personal Data
In case of the breach of Personal Data, the Company shall notify the Office of the Personal Data Protection Committee within 72 hours after the Company has been aware of the breach of Personal Data. If the breach of Personal Data is in high risk of affecting the Data Subjects’ rights and freedom, the Company shall notify the breach and the remedy of such breach to the Data Subject without delay.
8. Rights of the Data Subjects
This Privacy Policy is made for the Data Subjects to rest assured that they can exercise the rights granted by Personal Data Protection Act, B.E. 2562 (2019) as follows:
8.1 Right to withdraw consent: The Data Subjects have the right to withdraw their consent for the Company to collect or use Personal Data at any time provided that the Personal Data Controller shall guarantee that withdrawal of consent would be as easy as obtaining consent. For example, id the Company requests consent for sending news updates via email through pressing “Subscribe” button, if the Data Subjects want to withdraw their consent, they shall be allowed to press the “Unsubscribe” button immediately.
8.2 Right to access: The Data Subjects may request access or receipt of the copy of their Personal Data under the Company’s responsibility and request the Company to disclose the method of acquiring the Personal Data without the Data Subjects’ consent. However, the Company has the right to reject the requests if such access or receipt of the copy could affect the others’ rights and freedom in accordance with the law and court order.
For request to exercise the right, the Company shall consider and proceed as requested within 30 days after Personal Data Protection Officer has sent the response to the request to exercise the right.
8.3 Right to correction: The Data Subjects may request to correct or add information to their Personal Data to ensure correctness and completion. In this case, the Company may proceed as requested.
8.4 Right to erase, destroy or make Personal Data unidentifiable: If the Data Subjects find that Personal Data collected by the Company is unnecessary or wrongly processed, the Data Subjects may request the Company to destroy all of that Personal Data or certain sets of Personal Data to prevent it from identifying the Data Subjects. Regarding the request to exercise this right, if the Company can explain why it is necessary for the Company on any relevant basis in Personal Data Processing, the Company may reject the Data Subjects’ request to exercise the said right.
8.5 Right to object the Personal Data Processing: If the Company processes Personal Data of the Data Subjects on the basis of legitimate interest, the Data Subjects may object to the collection, use or disclosure of their Personal Data at any time if the said collection or use excessively affects the Data Subjects.
8.6 Tight to suspend the use of Personal Data: In the course of verification for correction of Personal Data or in case of Personal Data that the Company is required to erase or destroy sue to its unnecessity, the Data Subjects may request the Company to suspend the use of such Personal Data temporarily.
8.7 Right to data portability: If Personal Data is stored in the form that can be transferred automatically, the Data Subjects may request the Company to transfer it to another company.
8.8 Right to complain: Upon receipt of any of the above requests, we will comply with them after your authentication unless there is an acceptable reason to reject such requests.
9. Delivery or transfer Personal Data to overseas
It might be necessary for the Company to deliver or transfer Personal Data to other companies in the Company’s overseas network or to other data receivers who are part of the Company’s normal course of business such as delivery or transfer of Personal Data to be stored in the server or Cloud in other countries. The Company shall consider and take account of whether the destination countries put in place of the Personal Data protective measure.
10. Review and revision of the policy
The Company shall review privacy Policy annually.
11. Amendment of Privacy Policy
This Privacy Policy is subject to change or amendment without prior notice. However, in case of any change of this Privacy Policy, the updated policy shall be published on the Company’s website.
12. Contact
In case of any inquiries or feedback regarding this Privacy Policy or if you want us to update the data, please contact Personal Data Protection Officer:
Lion Corporation (Thailand) Limited
Head Office: No. 989 Kingbridge Tower 36-37 floors Rama 3 Road, Bang Phong Phang Sub-district, Yan Nawa District, Bangkok Metropolis 10120
Tel. 02-682-1821 Contact during work hours from Mondays to Fridays at 08.00-17.00 hr.
Email : dpo@lion.co.th
Policy
1. Privacy Policy on CCTV Usage
2. Cookies Policy
