Personal Data Protection Policy

Thai Rubber Latex Group Public Company Limited

        Thai Rubber Latex Group Public Company Limited, including group of undertakings and affiliated businesses(hereinafter referred to as the “Company”) recognize the importance of the protection of personal data which is relating to or doing transaction with the Company and ensures that such person will receive full protection of its rights in accordance with the Personal Data Protection Law, the Company, therefore, has prepared this personal data protection policy in order to have clear and suitable rules, mechanisms, measures for supervision and management of personal data as follows:

1. Definition
Company means Thai Rubber Latex Group Public Company Limited and group of undertakings, affiliated businesses according to the financial statement of Thai Rubber Latex Group Public Company Limited.
You/Data Subject means the natural person who owns the personal data on which the personal data can identify that person, whether directly or indirectly, by which the Company has stored, used, collected, disclosed the personal data including company employees, job applicants, business partners, customers, directors, shareholders, investors, website visitors, company stakeholders.
Personal Data means the data about a person that enables the identification of that person directly or indirectly, but it does not include the data of specific deceased person, e.g. name, surname, photograph, fingerprint, identification card number
which can identify the person directly or location cookies storage, which can identify the person indirectly, that is, being the basic data but cannot identify the person, but when used in conjunction with other data, resulting in a data set which can identify a person, e.g. address, gender, age, after being taken together, it can identify any individual.
Sensitive Personal Data means the data that is genuinely personal of the person but being vulnerable and subject to unfair discrimination, e.g. race, ethnicity, political opinion, belief in religion or philosophy, sexual behavior, criminal record, health data, disability, trade union data, genetic data, biometrics data or any other data which affect the data subject’s personal data in the same manner as stipulated by the Personal Data Protection Committee.
Biometrics Data means the personal data generated through the use of technical technology related to the outstanding physical or behavioral characteristics of a person to be used for the verification of the identity of that person, e.g. fingerprint, facial image, iris scan data.
Data Controller means the person having the authority to make decision on the collection, use or disclosure of personal data.
Data Controller means the person having the authority to make decision on the collection, use or disclosure of personal data.

2. Governing Law
          The Company has established this privacy policy as a guideline under the Personal Data Protection Act, including related notifications or regulations.
3. Collection of Personal Data
         The Company will store, collect, the personal data under the purpose, scope and apply the methods at law or in equity for the benefit of operating under the objectives of the Company only. In this regard, the Company will provide the data subject to acknowledge, give consent electronically or according to the Company's methods. In case that the Company collects your sensitive data, the Company will obtain explicit consent prior to the collection, unless the collection of personal and sensitive personal data will meet an exception of the Personal Data Protection Act or other required laws.

4. Purpose for Collecting, Using or Disclosing Personal Data
4.1 The Company will collect, use and disclose your personal data for the benefit of the Company's operations, e.g. procurement, contracting, financial transactions, carrying out the activities according to the Company's objectives that are not prohibited by law, various coordination or for work efficiency improvement, e.g. quality of work database preparation, analysis and development of the Company’s operations and or for the compliance with any laws or regulations related to the Company’s operations. The Company shall not act deviately from that stipulated objectives of the collection, disclosure, unless:
(1) notifying the new purpose to the data subject and obtaining the consent of the data subject;
(2) it is in compliance with the Personal Data Protection Act or other relevant laws. 
4.2 Personal data and sensitive personal data as needed which explicit consent is required from the personal data subject, e.g.
Health information For the purpose of considering the recruitment for employment,to support annual health check-up, or to support health programs, e.g. providing vaccinations, etc.
Biometrics Data e.g. facial, fingerprints or iris scan for the purpose of verification and proof of the identity of the data subject when entering the working hours.
Religious Data For the purpose of approving leave to perform religious ceremonies.
5. Legal Base used for Collecting, Using or Disclosing Personal Data
          The Company may collect, use or disclose your personal data by applying law base for the following purposes:
5.1 Contract base 
          For the performance of the contract by which you/data subject is a party to the contract, e.g. various employment contracts, internship contracts, support contracts, or any contracts, or to take any action before entering into a contract, e.g. requests, applications, etc., including having a legal relationship with the shareholders, investors.
5.2 Law Compliance Base
          To perform duties as required by law which stipulating the duties for the Company, e.g. as an employer or any other position under the Civil and Commercial Law, the Public Limited Company Law, the Securities Law and Stock Exchange Law, Labor Law, Tax Law, Computer Law, etc.
5.3 Legitimate Interest Base of the Company or Other People
           For the legitimate interest of the Company or of persons related to the Company, which is lawful, not exceeding the extent that the data subject can reasonably expects, or for other purposes permitted by law, e.g. still images recording of meeting attendance, audio, CCTV images (CCTV cameras) recording to prevent crime, collecting, processing for the security of information technology system and network, cyber threats protection or data forwarding to affiliated businesses, group of undertakings, for the management and normal business operations of the Company or for the litigation in court.
5.4 Consent Base
           To store, collect, disclose, as necessary, under your consent to collect sensitive data.
6. Disclosure of Personal data
6.1 The Company will not disclose the personal data of the data subject to any person without consent and will disclose according to the stated purpose. 
6.2 In the event that the Company sends or transfers, discloses personal data to other persons, affiliatedbusinesses in foreign countries, the Company will comply with the applicable Personal Data Protection Act for the benefit of the Company's business operations and the normal operations of the Company and for the benefit of providing services to the data subject, by which the Company will ensure that the recipients or users of those data retain the personal data confidentially and use it within the objectives specified by the Company, including assigning rights and obligations to comply with the law.
6.3 The Company may disclose personal data of the data subject under the rules prescribed by law, e.g. disclosing personal data to the authorities, government agencies, regulators, including in case of having a request to disclose the data by virtue of legal power.
7. Retention Period of Personal Data 
          The Company will collect your personal data as it deems necessary for the length of your legal relationship period with the Company or within the time period to comply with the law or according to the period / prescription by general law, but not exceeding 10 years.
          In case of a dispute or lawsuit, the Company reserves the right to retain such data until the dispute has been finalized by an order or judgment.
8. Sending or Disclosing Data Abroad
          In certain cases, the Company may need to disclose your personal data abroad, which may have the standards for personal data protection that are different from Thailand as the Company has affiliated businesses, group of undertakings located in foreign countries including conducting a business or doing business transactions with the foreign companies and the Company may store your data on the server or cloud computer of the service provider located abroad. Therefore, the Company may need to disclose your personal data to those persons, including government agencies, professional consultants, persons involved and necessary to carry out normal business operations.
          Upon the transmission or transfer of such data, in any case, the Company will comply with the Personal Data Protection Act.
9. Maintaining Safety Security of Personal Data
9.1 The Company will provide appropriate security measures for personal data and in accordance with the laws, policies, regulations, requirements and practices on the protection o  f personal data for the Company's employees and other related parties.
9.2 The Company supports and encourages the employees to be knowledgeable and aware of their duties and responsibilities while collecting, storage, use and disclosure of the personal data of the data subject in order to enable the Company to comply with data protection policies and laws correctly and effectively.
10. Right of the Data Subject
10.1 The right to request the access and to obtain the copy of personal data in respect of him/her or request the disclosure of the receipt of such personal data that he/she has not given the consent;
10.2 The right to object to the collection, use or disclosure of personal data in respect of oneself;
10.3 The right to request to take action to erase or destroy or to make the personal data incapable of identification of the data subject; 
10.4 The right to request to suspend the use of personal data;
10.5 The right to withdraw the consent for the processing of personal data of which consent has already been given. In this regard, the consent withdrawal shall not affect the collection, use or disclosure of personal data of which consent has already been given; 
10.6 The right to rectify the personal data;
10.7 The right to transfer the personal data.
          If you wish to exercise your right under the Personal Data Protection Law, the Company will process your request within 30 days of receipt of your request and complete supporting documents and reserve the right to extend the period if the Company has not received sufficient information.
11. Review and Change of Personal Data Protection Policy 
          The Company may update or amend this policy from time to time to comply with the provisions under the law, the change in operations of the Company, including suggestions and opinions of various agencies by which the Company will notify explicitly the change thereof.
12. Involvement of Data Subject 
          The Company may disclose your personal data upon request from you, successor, heir, legal representative,  guardian or legal custodian by submitting a request through the contact channels with us.
           In the event that you, successor, heir, legal representative, guardian or legal custodian have objection to the storage, correctness, or any action, e.g. notifying the amendment of personal data, the Company will record such objection as evidence as well.

13. Our Contact Channels
 You can contact the company through the following channels:

(1.) Data Controller
                Name Contact            : Thai Rubber Latex Group Public Company Limited
                Contact Address          (Office)
                                               : No. 99/1-3, Village No. 13, Bangna-Trad Road, Km. 7th , Bang Kaew Sub-district,
                                               Bang Phli District, Samut Prakan Province 10540
                Contact Channels         : Telephone  0 2033 2333
                Website                    :
                Email                        : [email protected]

(2.) Data Protection Officer (DPO)
                Contact Address          : 99/1-3 Village No. 13 Bangna-Trad Road Km. 7th , Bang Kaew Sub-district,
                                               Bang Phli District, Samut Prakan Province 10540
                Contact Channels         : Telephone 0 2033 2333 ext. 407
                Email                        : [email protected]