Personal Data Protection Policy of Double A (1991) Public Company Limited
1. Objective
Double A (1991) Public Company Limited recognizes the importance of the protection of Personal Data, which is a fundamental right. Therefore, we have issued our Personal Data Protection Policy in order to protect the Personal Data of the company and the company subsidiaries, and to comply with legal standard.
2. Definition
- “The company” means Double A (1991) Public Company Limited
- “Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular1
- “Data Subject” means the person which the Personal Data identification to.
- “Sensitive Data” means any collection of Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the Data Subject in the same manner.2
3. Scope of This Policy
This Personal Data Protection Policy covers all activities of the company and/or the company subsidiaries which relating to Personal Data, complying with the principles under the law.
4. Collection of Personal Data
The company shall collect Personal Data as necessary within the purpose, scope, and provisions of the law. In this regard, the company will ask for consent from the Data Subject before or during collecting the Personal Data through methods of the company, except the law or agreement allows the company to collect the Personal Data without consent.3
In case the company collects the Personal Data from other sources, not from the Data Subject directly, the company shall inform and obtain consent from the Data Subject through methods of the company within thirty days, upon the date of such collection, except the law or license agreement allow the company to collect Personal Data without consent.
In order to collect the Sensitive Data, the company shall obtain explicit consent from the Data Subject through methods as specified by the company.
The company shall notify the Data Subject of the detail of collecting the Personal Data prior to or at the time of such collection. The company will retain the Personal Data with the period notified to the Data Subject.
5. Use or Disclosure of Personal Data
The company shall use or disclose the Personal Data according to the purposes and details that notified the Data Subject before or during collection of the Personal Data, unless compliance with legal obligations. In case the purposes of use or disclosure of the Personal Data are changed, amended, or added thereafter, the company will notify and obtain consent from the Data Subject before the use or disclosure through methods of the company.
In the event that the company sends or transfers the Personal Data to third party or foreign country, the company will consider recipient’s standard of Personal Data protection.
6. Measures for Security and Quality of Personal Data
The company will regularly review the Personal Data to be correct, current, complete, and not misleading, and provide appropriate security measures of Personal Data. In addition, the company shall review such measures when necessary or when technology changes, and determine the right to access, use, or disclose the Personal Data based on the purpose previously consented, in order to prevent loss, access, use, alteration, correction, or disclosure of the Personal Data without authority. Furthermore, there shall be data protection officer according to the criteria of the law, to comply with the Personal Data Protection Act 2019.
In case of Personal Data breach according to the related law due to collecting, using, disclosure of the company, the company shall notify the Data Subject of the breach and remedial measures without delay.4
7. Rights of Data Subject
The Data Subject is entitled to take actions as follows:
I. Right to withdraw consent: The Data Subject is entitled to withdraw his or her consent from the company as long as his or her Personal Data is kept by the company. When the company receives a request to withdraw consent and the withdrawal of consent will affect any benefit or right between the Data Subject and the company, the company shall inform the Data Subject of such consequences through methods of the company.
II. Right of access: The Data Subject is entitled to get access as well as request for copy of his or her Personal Data. This includes requesting for disclosure of the acquisition of such Personal Data without his or her consent.
III. Right to rectification: The Data Subject is entitled to request the company to rectify the inaccurate or incomplete Personal Data.
IV. Right to erasure: The Data Subject is entitled to request the company to erase his or her Personal Data due to a reason.
V. Right to restriction of processing: The Data Subject is entitled to request the company to restrict the use of his or her Personal Data due to a reason.
VI. Right to data portability: The Data Subject is entitled to request the company to transfer his or her Personal Data in such formats to other Data Controllers.
VII. Right to object: The Data Subject is entitled to object the processing of his or her Personal Data due to a reason.
To request according to the abovementioned right, the Data Subject can contact the company by channels as specified by the company. In this regard, the Data Subject shall not pay any expense. The company shall consider the request and inform the result to the Data Subject within 30 days from the date on which the company received such a request.
The company is entitled to reject the requests, according to the abovementioned rights no. II-VII, for the following reason:
a) The request of the Data Subject is unreasonable or extravagant;
b) It is necessary for the performance of a task carried out in the public interest;
c) It is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims;
d) it is necessary for compliance with a law.
8. Changes of Policy
The company shall regularly review this Personal Data Protection Policy to comply with guidelines and laws and regulations relating to Personal Data. In the event this Personal Data Protection Policy was changed, the company will notify the Data subject through the company's appropriate method as soon as available.
9. Contact Information
Double A (1991) Public Company Limited
Address: Double A Business Park, 187/3 Moo 1, Bangna-Trad km.42 Road, Bangwua District, Amphur Bangpakong, Chachoengsao, 24180.
Call Center: 1759 or (+66)02-6591234
Facebook: https://www.facebook.com/DoubleAPaper/
Website: https://www.doubleapaper.com/
This Personal Data Protection Policy is in effect for the company and the company subsidiaries since 13 August 2020.
- Signed -
(Dr. Somchai Richupan)
Chairman Double A(1991) Public Company Limited