Bertram (1958) Co., Ltd.
Personal Data Protection Policy
Bertram Company (1958) Ltd. (“The Company”) recognized the importance of personal data protection and set the Personal Data Protection Policy in compliance with the Personal Data Protection Act B.E. 2562. The policy describes the manner with which the Company shall treat personal data such as collection, storage and publication as well as the rights of the data subjects. This policy is being announced so that data subjects are made aware of the Company’s personal data protection policy as follows:
“Personal data” refers to data regarding a person which can be used to identify a living person directly or indirectly.
“Sensitive personal data” refers to data that is genuinely personal but is also sensitive and carries risk of prejudice such as nationality, race, political view, religious belief, philosophy, sexual orientation, criminal history, health information, disability, labor union association, genetic information, biometrics, and other data that could impact the data subjects in a similar manner as defined by the Personal Data Protection Committee.
“Personal Data Protection Committee” refers to the committee established and authorized to govern, set criteria and define measures or other guidelines regarding personal data protection according to the Personal Data Protection Act B.E. 2562.
2.Personal data collection
The Company will collect personal data only as needed with legal and fair objectives, scope, and methods. The Company will inform the data subject to get their acknowledgement and consent electronically or using the Company’s process. In the case where the Company is collecting sensitive data, the Company will ask for explicit consent from the data subject prior to collecting the data except when collecting personal data or sensitive personal data that is exempted according to the Personal Data Protection Act B.E. 2562 or other laws.
3.Objectives for personal data collection and usage
The Company will collect and use personal data for the Company’s operations such as procurement, contract signing, financial transactions, business activities, coordination, collaboration, or for quality improvement such as database for analysis and operational development as well as for other objectives which are not illegal and/or are required to meet related regulations for the Company’s operations. The Company will store and use data according to the objective and within the time period communicated to the data subject or as the law allows.
The Company will not use the data outside of the original data collection objective except when
(1) The new objective had been communicated to the data subject and consent was given by the data subject.
(2) Required by the Personal Data Protection Act or other related laws.
4.Sharing of personal data
The Company will not share personal data without consent from the data subject. Personal data will be shared only for the objectives specified. Nonetheless, in order to facilitate business operations and services provided to the data subject, the Company may need to share personal data of the data subject with subsidiaries as well as other domestic or international entities, e.g., related service providers. When sharing personal data with other parties, the Company will mandate that personal data remains confidential and is used only for the objective defined by the Company.
In addition, the Company may disclose the personal data of the data subject under the legal principles such as sharing data with government agencies, public entities, and regulators in the case where disclosure is requested by law such as data required for lawsuits or in legal proceedings or requests from private entities or other third parties relevant to the legal process.
5.Guidelines for protecting personal data
The Company will define various measures which are in accordance with the law, regulations, principles, and operational guidelines for securing personal data of employees and related parties. Also, the Company supports employee’s education and awareness of their roles and responsibilities regarding personal data collection, storage, usage and sharing. Employees must adhere to personal data protection policy and guidelines defined by the Company to allow correct and efficient compliance of the personal data protection law.
6.Personal data subject rights
Personal data subjects have the following rights:
(6.1) The right to withdraw previously given consent regarding personal data process. Such withdrawal shall not retrospectively affect the collection, usage, or disclosure of personal data which had already been consented to.
(6.2) The right to access and copy personal data including disclosure of personal data collected without consent.
(6.3) The right to make corrections to personal data
(6.4) The right to delete personal data
(6.5) The right to terminate personal data usage
(6.6) The right to transfer personal data
(6.7) The right to oppose personal data processing
The data subject can invoke any of the above rights by submitting a written letter or email to the Company via the channels described below. The Company will process the request and send the results within 30 days from the date of receipt. The Company may reject the request depending on its legal obligations.
7.Personal data protection policy review and changes
The Company may occasionally modify this policy due to the law, changes to its operations, and suggestions from other business entities. The Company will announce its plan before making the changes.
Personal Data Protection Committee
Bertram (1958) Co., Ltd.
37 Soi Ladprao 80 (Chantima) Ladprao Rd.
Wangthonglang, Bangkok 10310
Telephone: 0-2932-7051 to 3
Website : www.bertram1958.com