Privacy Policy
Privacy Policy and Notice on the Processing of Personal Data
of
THAI FUKUDA CORPORATION LTD.

Thai Fukuda Corporation Ltd. (the “Company”) gives importance to the protection of personal data and the Company is well aware of its duties under the Thailand’s Personal Data Protection Act B.E. 2562 (as may be amended and/or supplemented from time to time) including all rules, regulations, announcements, and notifications issued thereunder (together, the “Data Protection Law”). Therefore, the Company has prepared this Privacy Policy and Notice on the Processing of Personal (“Notice”) and hereby notifies of the Company’s collection, use and disclosure of personal data as well as data subject’s rights as detailed below, to the data subjects, namely, the Company's business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company which are individuals and other relevant individuals, and directors, staffs, employees and personnel, who are individuals, of the Company’s customers and such organizations.

  1. Definitions

    “Personal Data” : Any information relating to an individual which enables the identification of such individual, whether directly or indirectly, but not including the information of the deceased person in particular.

    “data subject(s)” : An individual person who can be identified, directly or indirectly, by Personal Data.

    “Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company, and other relevant persons” : Individuals who are the Company's existing and/or potential business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company and other individuals relevant to the Company, or relevant directors, staffs, employees and personnel, who are individuals, of companies/organizations/legal entities which are the Company's existing and/or potential customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company and other persons relevant to the Company.

  2. Types of Personal Data collected by the Company
    In the Company’s business operation, the Company must contact, coordinate, and proceed various actions with the Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company and other relevant persons. Therefore, the Company may collect the following Personal Data concerning such persons, including:
    • name-surname, address, workplace, telephone number, e-mail address, department, position, including business card;
    • copy of ID card and/or copy of passport, including ID number and/or passport number;
    • contracts/evidence of engagement/hiring, sale and purchase of goods/services, and contracts/evidence of other transactions with the Company;
    • copy of the first page of bank passbook including bank account number;
    • other relevant Personal Data.

  3. Sources of Personal Data

    1. The Company may collect Personal Data directly from the data subjects, from the organizations of the data subjects or other personnel of such organizations, or the information that are already accessible by the public.

    2. The Company receives Personal Data from the sources set out above both in written and verbal forms, through phone calls or emails or posts, as verbal information or documents, or by the Company’s searches from the internet or other public sources.

  4. Collection, use and disclosure of Personal Data, and the purposes and the legal basis thereof

    1. The Company will duly collect, use and/or disclose Personal Data on a limited basis pursuant to the purposes and the lawful basis set out below, and the procedures in accordance with to the Data Protection Law.

    2. The Company collects Personal Data to use and/or disclose for the following purposes:

      1. To verify the identity and address of the Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, persons visiting/contacting the Company and other relevant persons;

      2. To enter into and prepare contracts/evidence of the sale of goods and/or services and/or other transaction agreements with the Company, including for the performance of contracts/agreements (such as confirmation of purchase orders, delivery of goods/provision of services pursuant to the agreements/contracts, payment collections, payments of remuneration, rent, price of goods or service fees, etc.), and to make claims or complaints in the event of non-performance of contracts (such as, where the goods or services do not meet the standards agreed between the Company and the suppliers, etc.);

      3. To comply with applicable laws (e.g. preparing meeting invitation notices, convening shareholders’ meetings, preparing the minutes of shareholders' meetings, preparing the shareholder register book, and submitting the list of shareholders to the Registrar in accordance with the Civil and Commercial Code, and issuing tax invoices, collecting evidence and preparing other documents in accordance with taxation laws, etc.);

      4. For the Company’s business operations and actions, including (without limitation to) provisions of suggestion, assistance, cooperation and/or coordination to the Company’s customers, business partners, suppliers, service providers, contractual counterparties, shareholders, and other relevant persons;

      5. For the Company’s accounting and audit;

      6. In case of any future business acquisition, merger and acquisition, or business restructuring of the Company (or its parent company), to provide sufficient necessary information to the prospective purchaser(s), the person(s) interested in entering into such merger and acquisition transaction including other relevant person(s) for the relevant due diligence against the Company, for consideration and for the completion of the business acquisition, merger and acquisition or business restructuring of the Company (or its parent company) (if any); and

      7. To defend the Company and proceed with litigation and/or arbitration proceedings (if any/necessary).

    3. The Company relies on the following lawful basis under the Data Protection Law to collect, use and/or disclose Personal Data;

      1. The processing is necessary for the performance of a contract/agreement between the Company and its customer, business partner, supplier, service provider, contractual counterparty, shareholder, or other relevant person, or for proceeding with a request of such person before entering into such contract/agreement;

      2. The processing is for compliance with the legal obligations to which the Company is subject;

      3. The processing is necessary for the purposes of the legitimate interests pursued by the Company or other persons, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects.

    4. In addition, it is necessary for the Company to obtain certain Personal Data (e.g. name-surname of the contractual counterparty or the name-surname of the authorized director(s) or attorney(ies) of the contractual counterparty organization, etc.) in order to enter into relevant contract(s)/agreement(s) with the relevant party(ies). Otherwise, the Company may be unable to enter into such contract(s)/agreement(s).

  5. Retention of Personal Data
    1. Retention of Personal Data

      The Company retains Personal Data in both hard copy form and electronic/soft copy form. Hard copies will be kept in locked cabinets at relevant departments. Electronic/soft copies will be stored in the Company’s internal computer system with password requirement for access and only the persons who having the right to access the Personal Data (as stated below) would have the password.

      Persons who have access to Personal Data

      • Only the staffs/employees in the Administrative Department and the Management of the Company would have access to the contracts/agreements/evidence of engagement/hiring, sale and purchase of goods/services, and evidence of service provisions, and contracts/agreements/evidence of other transactions between the Company and its customers, and Personal Data concerning the Company’s customers.

      • Only the staffs/employees the Design Department, the Engineering Department, the Administrative Department and the Accounting Department, and the Management of the Company would have access to the supplier contracts/agreements, the service agreements/contract and Personal Data concerning the Company’s suppliers and service providers.

      • Only the staffs/employees in the Administrative Department, relevant personnel, and the Management of the Company would have access to Personal Data concerning the Company’s shareholders, other contractual counterparties, persons visiting/contacting the Company and other relevant persons.

      The Company may internally send Personal Data within the Company’s relevant departments on a need-to know basis and on a case-by-case basis for reasonable purposes/reasons related to the Company's business operations, and the Company may disclose Personal Data to third parties as specified in paragraph 6 below.

    2. Retention period for Personal Data

      1. The Company will retain Personal Data and documents containing Personal Data for the following periods:

        No. Type of Data / Document Period
        1. Personal Data concerning shareholders. Forever.
        2. Personal Data concerning customers, contracts/agreements/evidence of hiring/ engagement, sale and purchase of goods/ services, and provisions of services, and contracts/agreements/evidence of other transactions between the Company and its customers. Forever.
        3. Contracts/evidence of other transactions between the Company and its business partners, suppliers, service providers, contractual counterparties, and/or other relevant persons. Throughout the term of the relevant contract/agreement and another 3 years thereafter.
        4. Account and documents supporting accounting. 5 years from account closing date (or until delivery of account and document to the Chief Accounting Inspector in case the Company ceases its business operation without liquidation).
        5. Documents submitted to the Revenue Department (e.g. information on withholding tax which may contain ID numbers and names of relevant persons, etc.) and documents submitted to other government agencies and officials. 5 years from submission date.
        6. Personal Data concerning persons visiting/contacting the Company. 6 months from the collection date.
        7. Other Personal Data concerning the Company’s customers, business partners, suppliers, service providers, contractual counterparties, and other relevant persons, and other documents containing such data. For so long as the data subject continues to have a relationship with the Company and another 3 years thereafter.

      2. If any law with which the Company must comply requires the Company to retain any Personal Data or any document containing such data for a longer period than the relevant period set out in paragraph 5.2.1 above, the Company will retain such Personal Data or document for the period required by law.

      3. If the Company considers that certain Personal Data and/or documents containing such data may be necessary or important for the Company’s establishment of a right of claim under the law, compliance with, or exercise of a right of claim under, the law, or raising of a defense under the law, or may help the Company in any potential dispute, claim and/or litigation in any form, the Company may retain such data and/or document for a longer period than the relevant period set out in paragraph 5.2.1 or paragraph 5.2.2.

      4. The Company will ensure to erase or destroy or anonymize the Personal Data upon the end of the relevant retention period set out above or erase or destroy or anonymize the Personal Data that are irrelevant or unnecessary as per the purpose of collection of such Personal Data or as requested by the data subject who is entitled to such request.

  6. Disclosure of Personal Data
    1. The Company may disclose Personal Data to the following persons and entities for the following reasons:

      1. Government agencies and officials such as Department of Business Development, Ministry of Commerce, Revenue Department, police offices, or other competent government agencies/officials, in order for the Company to comply with applicable laws, lawful orders of government agencies or court’s orders to which the Company is subject, as well as for investigations of suspicious persons and events.

      2. Bank in order to make payment of remunerations/compensations to relevant parties/persons.

      3. Business partners The Company has business partners who the Company necessarily provides advice, assistance, cooperation and/or coordination to, and/or enters into contracts/agreements with, in the Company’s business operation. Therefore, the Company may have to disclose certain Personal Data to the Company’s business partners.

      4. Customers In the Company’s business operation, the Company has customers who the Company necessarily provides advice, assistance, cooperation, coordination, sell its products and services to, and/or enters into contracts/agreements with. Therefore, the Company may have to disclose certain Personal Data to the Company’s customers.

      5. Professional advisor(s) and/or service provider(s) The Company engages professional advisor(s) and/or service provider(s) e.g. legal advisor, financial advisor, external messengers, etc. Therefore, the Company may have to disclose certain Personal Data to such persons, to the extent necessary for such persons to perform their duties as per the agreements that they have with the Company.

      6. Auditor As the Company has an independent auditor who audits the Company’s account, the Company must disclose certain Personal Data to the auditor for such purpose.

      7. Prospective purchaser(s) of the business of the Company or its parent company, the person(s) interested in entering into the merger and acquisition transaction with the Company or its parent company, other person(s) relevant to the future business sale and purchase transaction, merger and acquisition transaction or business restructuring of the Company or its parent company (including their advisor(s) in relation to the relevant transaction) In the future, shareholders, investors, or the parent company of the Company may consider selling the shares in the Company or the Company’s business to other person(s) or may consider entering into a merger and acquisition with other person. In the said event, the Company may have to disclose certain Personal Data to the prospective purchaser(s), the person(s) interested in entering into the merger and acquisition transaction, or other person(s) relevant to the future business sale and purchase transaction, merger and acquisition transaction or business restructuring of the Company or its parent company (including their advisor(s) in relation to the relevant transaction) in order to provide sufficient information for their consideration and for the completion of the transaction

      8. Other person(s) for compliance with the laws and as permitted by the Data Protection Law.

    2. The disclosure of Personal Data mentioned above will be made on a limited basis and the Company will disclose the Personal Data and/or documents only to the extent necessary to achieve the lawful purpose of the disclosure.

  7. Personal Data Security Measures

    The Company will implement appropriate measures to secure Personal Data to prevent unauthorized or undue loss, access, use, change, amendment, or disclosure of Personal Data by using technologies and other methods including the followings:

    1. The Company will store Personal Data securely and will classify the types of Personal Data and clearly establish on who has the right to access each type of such data.

    2. The Company will set up a system to check and erase, destroy, or anonymize Personal Data as specified in paragraph 5.2.4 above by appropriate means.

    3. The Company will ensure that the Company’s personnel must enter their individual username and/or password before accessing and using the Company's computer system.

    4. The Company will take steps to prevent other persons to whom the Company disclose Personal Data from unauthorized or undue use or disclosure of such data.

    5. The Company will notify any data breach incident with respect to Personal Data to the Office of the Personal Data Protection Committee without delay within the period specified by the Data Protection Law. If such data breach has a high risk of affecting the rights and freedoms of an individual, the Company will promptly notify the relevant data subject(s) of the incident with a plan to remedy the damage resulting therefrom without delay.

  8. Data Subject’s Rights

    A data subject is entitled to the rights in relation to the Personal Data concerning him/her as prescribed in the Personal Data Protection Law as follows:

    1. Right to Withdraw Consent In case the Company relies only on a data subject’s consent as its lawful basis to collect, use and/or disclose Personal Data, the data subject may, at any time, withdraw his/her consent. The Company will notify such data subject withdrawing his/her consent of the effects that may occur as a result of his/her consent withdrawal at the time of withdrawal.

    2. Right of Access A data subject has the right to access and request a copy of Personal Data concerning him/her which are under the responsibility of the Company or request the Company to disclose its acquisition of such Personal Data for which he/she did not give consent.

    3. Right to Data Portability A data subject has the right to receive Personal Data concerning him/her from the Company in case the Company has made such Personal Data in the format that is commonly used and readable by automatic machine and can be used and disclosed by automatic means. A data subject also has the right to request the Company to send or transfer the Personal Data in such format to other data controller(s) if it can be done by automatic means and/or request to obtain the Personal Data in such format that the Company sends or transfers to other data controller(s), unless it is technically unfeasible.

    4. Right to Object A data subject has the right to, at any time, object to the collection, the use or the disclosure of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.

    5. Right to Erasure A data subject has the right to request the Company to erase or destroy or anonymize Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.

    6. Right to Restriction of Processing A data subject has the right to request the Company for restriction of its use of Personal Data concerning him/her under certain circumstances prescribed under the Data Protection Law.

    7. Right to Rectification A data subject has the right to request the Company to rectify inaccurate Personal Data concerning him/her and ensure that the Personal Data concerning him/her is up-to-date, complete and not misleading.

    8. Right to Lodge Complaint A data subject has the right to lodge a complaint with the competent authority or committee under the Data Protection Law in the event that the Company including its employee(s) or contractor(s)/service provider(s) violate or fail to comply with the Data Protection Law.

    The data subject can contact the Company’s HR Department to exercise any right under subparagraphs (1) – (7) above as per the details set out in paragraph 10 below.

  9. Amendment of Notice

    The Company may review and revise this Notice on a regular basis as to ensure its consistency with the relevant guidelines and the Data Protection Law. The Company will notify the data subjects of such amendments made to this Notice by publicizing the updated Notice on the Company’s website as soon as possible.

  10. Information about the Company and contact details

    If a data subject has any question or suggestion in relation to the Company’s protection of Personal Data or wishes to exercise a right as data subject, please contact the HR Department as per the following contact details:

    Company’s Name: Thai Fukuda Corporation Ltd.

    Address: 66 Q House Asoke, 15th Floor, Room 1509-1510, Sukhumvit 21 (Asoke), Sukhumvit Road, North Klongtoey Sub-district, Wattana District, Bangkok 10110

    Telephone: 02-2642020-2

    Website: www.tfd.co.th

This Notice is last updated on June 14,2022
If there is anything we can help you with, please do not hesitate to contact us. Contact
©THAI FUKUDA CORPORATION LIMITED
All rights reserved.