Privacy Policy

ASAHI KASEI ADVANCE THAILAND ("AKAT")

is one of the subsidiary companies of Asahi Kasei Group.

1. Objective 

The objective of this Personal Data Protection Policy (“Policy”) is to clarify the Company’s basic policy regarding Personal Data Protection Act, B.E. 2562 (2019) (“PDPA”).  In addition, this Policy is issued so that the Personal Data is managed and processed suitably and provided sufficient security measures to protect and secure the Personal Data of the Data Subject which the Responsible Manager will be collecting, using and disclosing in accordance with the PDPA and related laws and regulations. 

2. Definitions 

2.1 “Company” means Asahi Kasei Advance (Thailand) Co., Ltd. 

2.2 “Person” means a natural person. 

2.3 “Data Subject” means an identified or identifiable natural person, directly or indirectly by reference to the Personal Data. 

2.4 “Personal Data” means any information relating to a Data Subject, which enables the identification of such Data Subject, whether directly or indirectly, but not including the information of the deceased Person in particular. 

2.5 “Sensitive Personal Data” means any Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behaviour, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner as prescribed by PDPA.  

2.6 “Data Processor” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of the Company. 

2.7 “Company Staff” means all employees and directors of the Company. 

2.8 “Responsible Manager” means heads of any department in the Company that collects, uses or discloses the Personal Data and/or Sensitive Personal Data. For example, in HR department, HR general manager is the Responsible Manager. 

2.9 “MD” means the managing director of the Company. 

2.10 “Data Protection Officer” means the person appointed by the Company for the purpose according to Clause 7.  

2.11 “Office” means the Office of the Personal Data Protection Committee. 

3. Collection of Personal Data 

3.1 Purposes of Personal Data Collection 

The Responsible Manager shall collect Personal Data within the limitation to the extent necessary in relation to the lawful purpose of the Company. The purposes for which the Company processes Personal Data can be exemplified as follow: 

(1) To enter into an agreement and comply with an agreement between the Company and Data Subject, Company’s customers and/or suppliers; 
(2) To answer questions and provide assistance to Company’s customers; 
(3) To develop and improve the Company’s products whether the current products or future products; 
(4) For the purpose of marketing to Company’s customers; 
(5) To comply with laws relating to the operations of the Company, e.g., to collect Personal Data for the purpose of tax requirements; 
(6) To apply for all licenses, permits, applications, forms submitted to government agencies, e.g., work permit, visa; 
(7) To provide information to government agencies as required by law or by public authority, e.g., the Royal Thai Police, the Social Security Office
(8) For the purposes of audit, analysis and preparation of documents as requested by other agencies or organizations that are involved with or may be relevant to the Company’s business operations, such as the Board of Investment of Thailand, the Department of Industrial Works; and
(9) For the benefit of the Company’s internal management, e.g., to recruit employees, to pay salaries and compensation to its Company Staff, to enter into an employment agreement, to internally manage personnel of the Company, to comply with Company’s work rule. 

3.2 Subject to the exception of collection of Personal Data under the PDPA or other relevant laws or exception in Clause 3.3, Responsible Manager shall, before collecting Personal Data, request the Data Subject’s acknowledgement and consent through a form in writing, electronic or other methods as specified by the Company.   

3.3 The Responsible Manager may collect Personal Data without requesting consent: 

(1) To fulfill purposes relating to the preparation of historical documents or archives on public interest grounds or relating to research studies or statistics;  
(2) To prevent or to avoid danger to an individual’s life, body or health; 
(3) To comply with a contract, only to the extent that it is necessary to do so, to which the Data Subject is a party or in order to take steps requested by the Data Subject prior to entering into a contract; 
(4) To carry out tasks, only to the extent that it is necessary to do so, for the public interest or in the exercise of official authority vested in the Company; 
(5) For the purposes of legitimate interests pursued by the Company or by third parties or by other juristic persons, except where such interests are overridden by the fundamental rights and freedoms of Data Subject; and/or 
(6) To comply with laws such as the law relating to social security. 

3.4 Subject to the exception of collection of Sensitive Personal Data under the PDPA or other relevant laws, in case where the Company needs to collect Sensitive Personal Data, the Responsible Manager  shall request explicit consent from the Data Subject before such collecting. 

The consent form for the Clause 3.2 and 3.4 are prescribed in the Appendix A Consent Form attached hereto. 

3.5 In collecting the Personal Data, the Responsible Manager shall inform the Data Subject, prior to or at the time of such collection, of the following details, except the case where the Data Subject already knows of such details: 

3.5.1 the purpose of the collection for use or disclosure of the Personal Data, including the purpose which is permitted under the PDPA for the collection of Personal Data without the Data Subject’s consent; 
3.5.2 notification of the case where the Data Subject must provide his or her Personal Data for compliance with a law, or contract, or where it is necessary to provide the Personal Data for the purpose of entering into the contract, including notification of the possible effect where the Data Subject does not provide such Personal Data; 
3.5.3 the Personal Data to be collected and the period for which the Personal Data will be retained. If it is not possible to specify the retention period, the expected data retention period according the data retention standard shall be specified; 
3.5.4 the categories of Persons or entities to whom the collected Personal Data may be disclosed; 
3.5.5 information, address, and the contact channel detail of the Company, where applicable, of the Company’s representative or Data Protection Officer; and 
3.5.6 the rights of the Data Subject under the PDPA.

3.6 Sources of Personal Data 

The Responsible Manager may collect the Personal Data from the following sources:

(1) Personal Data received directly from the Data Subject, for example, collection of Personal Data from filling out personal information in application forms, either in paper form or online, responses to surveys conducted by the Company, or access to the Company’s website using cookies; and/or 
(2) Collection from sources other than the Data Subjects, for example, collects the Personal Data from the Company’s group company, subsidiaries, searches for Personal Data via a website or inquiries made by third parties. In these cases the Responsible Manager will notify Data Subject of the Personal Data collection without delay, but not more than thirty (30) days from the date the Responsible Manager collects the Personal Data from such sources, and request consent to collect the Personal Data from the Data Subjects, except where exempted by law from the need to request consent from or notify the Data Subject. 

4. Use or Disclosure of Personal Data 

4.1 The Responsible Manager shall inform the Data Subject to consent through a written form and/or electronic or other methods as specified by the Company before such using or disclosing.  

4.2 The Responsible Manager may use or disclose the Personal Data without requesting consent if such use or disclosure falls under the exemption in Clause 3.3. 

4.3 In the event that the Responsible Manager uses or discloses the Personal Data  pursuant to Clause 4.2, the Responsible Manager shall maintain a record of such use or disclosure in the Record Form as prescribed in Appendix B Record of Collection, Use and Disclosure of Personal Data attached hereto.  

5. Data Processor 

The Responsible Manager shall not engage the Data Processor to perform work related to the collection, use or disclosure of personal data of the Data Subject, unless the Data Processor has agreed, in writing, to keep the personal data confidential and secure, and to prevent the collection, use or disclosure of such Personal Data for any purposes other than specified in the scope of engagement or for any unlawful purposes.

6. Processing Personal Data 

6.1 The Responsible Manager shall maintain, at least, the records in order to enable the Data Subject and the Office to check upon, which can be either in a written or electronic form. The Record form is prescribed in Appendix B Record of Collection, Use and Disclosure of Personal Data attached hereto. 

6.2 During the operation, if the Company Staff  receive any contact or request from the Data Subject regarding his/her Personal Data, such Company Staff shall immediately report to the Responsible Manager who is his/her direct line supervisor, and shall follow such Responsible Manager’s instruction to comply with this Policy.  

6.3 The Responsible Manager shall monitor and supervise his/her Company’s Staff to comply with this Policy all the time. 

6.4 If the Responsible Manager has any question or  doubt as to whether or not any processing of Personal Data is in compliance with this Policy or PDPA, he/she shall contact and consult with the Data Protection Officer, and shall follow such Data Protection Officer’s instruction. 

7. Data Protection Officer 

The Company shall officially appoint the Data Protection Officer, and the roles and responsibilities of the Data Protection Officer are as follows:

7.1 To give advices to the Responsible Manager, the Data Processor, Company Staff with respect to compliance with PDPA;  

7.2 To monitor and investigate the performance of the Responsible Manager or the Data Processor, including the Company Staff with respect to the collection, use, or disclosure of the Personal Data for compliance with PDPA;  

7.3 To coordinate and cooperate with the Office in the circumstance where there are problems with respect to the collection, use, or disclosure of the Personal Data undertaken by the Company or the Data Processor, including the Company Staff with respect to the compliance with PDPA; 

7.4 To handle a notification to the Office in case of personal data breach; and 

7.5 To report to MD in case of Personal Data breach or possible Personal Data breach and give advices to the Responsible Manager and/or MD for the solution, mitigation and protection of such breach.  

7.6 To be a center for keeping the Record of Collection, Use and Disclosure of Personal Data of Responsible Manager as state in  no 4.3 and no. 6 

7.7 The Data Protection Officer shall keep confidentiality of the Personal Data known or acquired in the course of his or her performance of duty under this Policy. 

8. Security Measures 

8.1 The Company shall provide appropriate security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of Personal Data.

8.2 In case of processing Personal Data in electronic method, IT department of the Company or the like shall provide appropriate IT security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of Personal Data, and such measures must be reviewed when it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety. It shall also be in accordance with the minimum standard specified and announced by PDPA and its relevant laws. 

9.Transferring or Sending Personal Data overseas 

In the event, the Company has to transfer or send the Personal Data oversea, the Company will determine the standard of covenants with organization which will receive the Personal Data to have an acceptable standard for data protection and to coordinate with the law. This is to ensure that the personal data will be secured i.e. In the event, the Company has the necessity to store and/or transfer Personal Data for storing such as processing of Personal Data in the Cloud; The Company shall consider the organization which has international standard for security and shall store the data by entering the password or by any other means which will not identify the personal data.

10. Policy Enforcement 

With respect to Personal Data collected prior to the establishment date of this Policy, the Responsible Manager can continue collecting and using the Personal Data for the initial purposes. Any disclosures and acts other than the collection and use of Personal Data must be in compliance with this Policy.

11. Penalty 

In the case of any violation of this Policy, the Responsible Manager and/or Company Staff may be subject to penalty in accordance with the internal disciplinary rules of the Company.

Appendix

Rights of Data Subjects

  1. Right to Access Personal Data You have the right to access your personal data collected by the company. You may request a copy of such personal data and ask the company to disclose the source of your personal data if it was collected without your consent.
  2. Right to Withdraw Consent You have the right to withdraw your consent for the company to process your personal data during the period your personal data is retained by the company. Your withdrawal of consent does not affect the company’s operations regarding the collection, use, or disclosure of personal data before you withdraw your consent.
  3. Right to Rectify Personal Data You have the right to request the company to correct any inaccurate data or to complete any incomplete data.
  4. Right to Erase Personal Data You have the right to request the company to delete your personal data for specific reasons.
  5. Right to Restrict Processing of Personal Data You have the right to request the company to restrict the processing of your personal data for specific reasons.
  6. Right to Data Portability You have the right to transfer your personal data provided to the company to another data controller or to yourself for specific reasons.
  7. Right to Object to Processing of Personal Data You have the right to object to the processing of your personal data for specific reasons.

Contact Information If you wish to contact the company to exercise your rights related to your personal data, or if you have any questions regarding your personal data under this consent form, please contact:

Contact
Administration and General Affairs
ASAHI KASEI ADVANCE (THAILAND) CO., LTD.

Responsible party
Manager of General Affairs

Contact methods
By telephone : (66) 02-337-2840-2
By e-mail :
Please use the inquiry form and input your name, address, e-mail address, telephone number, and the substance of your request.

TOP