SAME SAME - BUT DIFFERENT

Privacy

Notice

Privacy Notice For Third Parties

ProTech Transfer Co., Ltd. (collectively referred to as "we," "our," "us," or the "Company") aims to provide a one-stop service as a leader in sales and professional after-sales service for the jewelry industry in Thailand. In doing so, therefore, we have issued this Privacy Notice (referred to as the "Privacy Notice") to inform you how we collect, use, disclose, and/or transfer your personal data if you are:

  1. a past, existing, or potential customer;
     
  2. an authorized person, director, shareholder, employee, personnel, sales agent, agent, or any other person in a similar capacity (collectively referred to as the "Connected Persons ") of our corporate customers, business partners, including partners and third- party service provider's contact persons whom we communicate with, or government officers; or
     
  3. any person whose personal data we obtained, such as complainants, visitors, community members, media members, or students.

(collectively referred to as "you").

This Privacy Notice applies to the collection, use, and/or disclosure of personal data via our normal communication channels such as face-to-face meetings at our premises or at events, by telephone, fax, letters, and via our online channels such as email, websites, social media, and mobile applications, including via any other channels which we may receive your personal data from.

We may amend or modify this Privacy Notice from time to time. We encourage you to read this Privacy Notice periodically for any recent changes. This Privacy Notice is effective on October 1, 2023 and remains in effect until further amendment or modification. We will notify you (or obtain your consent if consent is required) of any substantial changes or any legally required changes which are substantial to this Privacy Notice.

1. Personal data that we collect

Under this Privacy Notice, "personal data" means any information relating to a person which enables the identification of such person whether directly or indirectly, and "sensitive personal data" means personal data that is classified as sensitive personal data under the applicable laws.

We may collect and obtain the following personal data from various sources, including but not limited to, directly from you via our online channels and/or our normal communication channels, or indirectly from our affiliates and subsidiaries, business partners, government agencies, or from other sources. The types of personal data we collect will depend on the context of your relationship with us.

  1. Personal information, including title, first name, last name, nickname, signature, fingerprint, age, date of birth, photograph, CCTV footage, nationality, gender, blood type, position, company name, marital status, identifiable information on government-issued cards (e.g., national identification card, passport, or driving license), copies of house registration, vehicle registration, professional license, work permit, visa, student code, name card, insurance policy number, type of insurance policy, claim number, details of event, visitor records, and/or any information that you decided to disclose to us which may be considered as personal data.
     
  2. Contact information, including physical address, delivery address, billing address, map, delivery details, email address, telephone number, fax number, social media account  (suchas user account on LINE, Facebook, WhatsApp, WeChat, and Skype), and/or any other relevant information.
     
  3. Information collected through your electronic devices, including IP address, web beacon, log, device ID, GPS data, model and type of device, network, connection information, access information, single sign-on (SSO) information, login log, times of access, time spent on the Company's webpage, cookies, login information, search history, browsing and viewing information, type and version of browser, time zone setting and location, type and versions of plug in browser, operating system and platform, and other technologies embedded in the devices you use to access our platforms.
     
  4. Financial information, including bank account details, and/or deposit and withdrawal statement.
     
  5. Information through other channels, including purchase order details, payment method, total amount, and/or any other information which may appear on documents.
     
  6. Sensitive personal data, including sensitive personal data as shown on government- issued cards (such as religion and race), religion, criminal record, biometric data (such as fingerprint data, face image data), health data, and/or disability.

If you provide personal data (such as first name, last name, signature, address, and national identification card number) of any third party (such as a family member, an authorized director, or attorney) to the Company, you are responsible for notifying them of the details of this Privacy Notice, and obtaining consent from them (where consent is required). You must also ensure that we can lawfully collect, use, and/or disclose their personal data under applicable laws and in accordance with this Privacy Notice.

We will only collect personal data of minors, quasi-incompetent persons, and incompetent persons when their parents, curators, or guardians has given their consent (as the case may be), or only when we are permitted under applicable laws. We have no intention to collect personal data from any individuals who are under the age of 20 without obtaining their parental consent when it is required, or from any quasi-incompetent or incompetent persons without their curator or guardian's consent (as the case may be). In certain cases, as required by applicable laws, we may not be able to collect, use, and/or disclose the personal data of minors, quasi-incompetent persons, or incompetent persons, without obtaining their parent, curator, or guardian's consent. Therefore, if you are under the age of 20, or if you are a quasi-incompetent or incompetent person, you must ensure that you have received your parent (where consent is required), curator, or guardian's consent. In the event that we learned that we have unintentionally collected personal data from anyone under the age of 20 without parental consent when it is required, or from a quasi- incompetent or incompetent person without their curator or guardian's consent (as the case may be), we will delete such personal data immediately or will continue to collect, use and/or disclose such personal data only when we can rely on other legal bases apart from consent, or where permitted by law.

2. Purpose of our collection, use, or disclosure of personal data

We may rely on (1) consent basis; (2) contractual basis, for our initiation, entering or fulfilment of a contract with you; (3) legal obligation basis, for the fulfilment of our legal obligations; (4) legitimate interest basis, for the purpose of our legitimate interests and the legitimate interests of third parties; (5) vital interest basis, for preventing or suppressing a danger to a person's life, body, or health; (6) public interest basis, for the performance carried out in the public interests or to perform our duties by exercising official power; or other legal bases as permitted under the personal data protection law (as the case may be) to collect, use, and/or disclose your personal data, for the following purposes.

  1. For business purposes: to verify your identity and status, including your authorized persons, or your representatives; to conduct due diligence or any other form of background check or risk assessment identification; to evaluate and assess your suitability; to fulfill your request before entering into a contract; to enter into a contract and fulfill our contractual obligations with you; and to register our products or services for you.
     
  2. To manage our relationship with you: to perform transaction obligations; for issuing and keeping contracts and associated media which you may be referred to; to process payments and purchase orders, goods receipt documents; to maintain and track records (e.g., delivery and receipt of products, payments, billings and collections, and entering/exiting the Company's premises); to verify and authenticate your identity and allow you to enter into our premises or examine our premises; to facilitate you; to provide support through our projects (including by issuing certificates to project participants and providing scholarships); and to arrange corporate social responsibility (CSR) programs.
     
  3. To communicate with you: to communicate with you in relation to our products and services, our business operations, or business support (e.g., operations, assignments, purchase orders, delivery and receipt of our products and samples, product quality examinations, flight and accommodation reservations, transport reservations, visa applications, or responding to inquiries).
     
  4. For marketing communication purposes: to conduct marketing activities; to allow you to participate in our loyalty program; to send you news updates, promotional offerings, privileges, and occasional gifts; to support internal and external public relations activities, and invite you to participate in our activities and programs; to conduct promotional activities; to allow you to earn points and redeem rewards; sweepstakes and lucky draws; for the presentation and sales of our products; to send and allow you to access information about our products and services.
     
  5. To receive complaints and resolve problems: to handle complaints in relation to our products and services; to resolve complaints and improve our services; to cooperate with the function in charge of managing and solving problems; to follow up on the progress and report back the results; to process and follow up on claims and product recalls; and to receive or pay any compensation.
     
  6. To manage disputes: to resolve disputes; to enforce our contract; and to establish, exercise, or defend against any legal claims.
     
  7. To improve and manage our business operations: to test our products and follow up on the results; to conduct data analytics; planning, performing and managing our business; to assess and report the operating and testing results; to comply with reasonable business requirements, including but not limited to, financial auditing, internal auditing procurement, and training; to supervise, coordinate, follow up, examine, and administer the Company's internal operations; to ensure compliance with internal policies and applicable laws, regulations, directives and regulatory guidelines; and to certify the Company's standards.
     
  8. For IT management: to provide IT support; to resolve issues; to administer, maintain and develop our IT systems; to facilitate and manage your access to our platforms; to create an account for you; to record your data into our systems; to modify and update the information on our platforms; access control and logs to our data and systems; to monitor our internet systems and platforms and to ensure they function securely and effectively.
     
  9. To comply with legal obligations and orders from government authorities: to comply with legal obligations, legal proceedings and/or government authorities' orders which may include orders from government authorities outside Thailand and/or cooperate with the courts, regulators, government authorities and law enforcement bodies when we reasonably believe that we are legally required to do so and when disclosing your personal data is strictly necessary to comply with those legal obligations, legal proceedings, or government orders. This includes internal investigation procedures or preventing crime and fraud and/or to establish legal claims.
     
  10. To protect the interests of the Company and its related parties: to maintain the security and integrity of the Company's business; to exercise our rights and protect our interests where it is necessary and lawfully to do so, for example, to detect, prevent, and respond to fraud claims, intellectual property infringements claims, or violations of law; to manage and prevent loss of our assets and property; to detect and prevent illegal misconduct within our workplace; to ensure the compliance of our terms and conditions; and to prevent or suppress danger to a person's life, body, or health.
     
  11. Corporate Transaction: in the event of sale, transfer, merger, reorganization, or similar events, the Company may transfer your personal data to one or many third parties as a part of that transaction. Where we collect personal data of Connected Persons from our corporate customers or business partners, we will use the personal data which you've previously provided, including any other data, for the following purposes.
     
  12. To select business partners: to verify your identity and status; to conduct due diligence; to evaluate your suitability and qualifications, including the business partner and personnel who will provide the services to the Company; to consider quotations or participate in an auction; to select for an interview; and to consider for a contract renewal or any other related matter.
     
  13. To manage our relationship with you: to plan, perform, and manage the contractual relationship with you (e.g., negotiations, price negotiation, fee proposal, bidding, procurement, execution of contract, contract renewal with you, our corporate customers, and/or business partners, business ethics documents signatory process, business partner registration, purchase order issuance, invoice issuance and payment collection, preparation of payment vouchers, payment (including payment of wages, payment of land utilization, or other compensation), accounting, and auditing); to monitor and evaluate your contractual performance; to deliver occasional gifts; and to facilitate other operations or relevant transactions.
     
  14. To introduce business partners: to introduce you to our affiliates or any third parties. In addition to the collection, use, and/or disclosure of the aforementioned personal data, we also collect, use, and/or disclose the following sensitive personal data.
  • Sensitive personal data in official documents (such as religion data as shown on the national identification card, or race as shown in the passport): to verify and authenticate your identity.
     
  • Religion: to prepare meals for you upon your visit or inspection at our premises, or during meetings, seminars, or training sessions.
     
  • Criminal records: to maintain as record and evidence, and for the investigation relating to the complaints received and/or for taking any necessary legal action to protect our interests.
     
  • Health data: to maintain as record and evidence and for the investigation relating to the complaints received; to manage insurance claims; to certify hygienic conditions in our premises; and/or to certify the Company's standards.
     
  • Your health or disability data (for example, we may take your photographs when engaging in certain activities which involves you, and in some cases, such photographs may indicate your health condition or disability), as part of the Company's CSR programs; for the assessment of those eligible for the Company's programs or for the Company's support; for the preparation of the Company's reports, documents, videos, or other materials; and for the Company's internal and external public relations activities; or for inviting you to participate in the Company's activities or programs. Where we need to collect your personal data as required by law, or for entering into or performing the contract we have with you and you refuse to provide that personal data when requested, we may not be able to fulfill the relevant purposes as listed above. Where consent is required for certain activities of the collection, use, and/or disclosure of your personal data, we will request and obtain your consent for such activity separately.

3. Persons or entities to whom we disclose or transfer your personal data

We may disclose or transfer your personal data to third parties, whether they are located in or outside Thailand, for the aforementioned purposes. These third parties include: (1) subsidiaries or affiliated companies ; (2) business partners (such as universities, sales agents, contractual parties, insurance companies, insurance brokers, certification bodies, and independent auditing agencies);

(3) our service providers (such as tour operators, travel agencies, flight agencies, hotels, banks and financial institutions, information technology service providers, storage and cloud service providers, data-analytic service provider, logistics and transportation providers, driving service providers, independent advisors, financial advisors, auditors providing accounting or auditing services to the Company, legal advisors, quality assurance service providers, and testing and research companies); or (4) government agencies (such as the Ministry of Commerce, the Revenue Department, the Customs Department, the Department of Lands, the Provincial Electricity Authority, the Stock Exchange of Thailand, the Office of the Securities and Exchange Commission, the Board of Investment, provincial industry offices, the Bureau of Personnel Administration Development and Legal Affairs, local administration organizations, courts, and the Royal Thai Police).

This refers to ProTech Transfer Co., Ltd. both local and overseas based group companies, including: 1. ProTech Transfer Co., Ltd. (Bangkok Head office) 2. ProTech Transfer Chiang Mai (Chiang Mai Office) 3. Protech Bogyoke Market (Yangon Office) 4. ProTech Transfer Vietnam Office (Jewelry Import Export Trading Co., Ltd/ CONG TY TNHH XNK-TM KIM HOAN)

In some cases, we may need to disclose or share your personal data to investors, shareholders, transferees, or potential transferees, and assignees or potential assignees in the event of a reorganization or debt restructuring, merger, acquisition of a business, disposal, purchase, joint venture, assignment, business dissolution, or any other similar events involving the transfer or other deposition of all or any portion of our businesses, assets or stock.

4. Cross-border transfer of personal data

We may transfer your personal data to third parties located outside Thailand, such as: (1) affiliated companies with which we work corporately and jointly to provide the products and services to you, or share the same work systems, whereby we may need to transfer your personal data to these affiliated companies and allow them to access your personal data for the purposes set out in this Privacy Notice; (2) business partners (such as our contractual parties); (3) our service providers (such as banks, bill payment service providers, tour operators, travel agencies, hotels, logistics and transportation providers, importers, independent advisors, storage and cloud service providers); and/or (4) government agencies (such as foreign stock exchanges) for which the Personal Data Protection Commission under the Personal Data Protection Act, B.E. 2562

(2019) has not yet determined that such country has adequate personal data protection standards.

When it is necessary to transfer your personal data to a country with a level of personal data protection standards which may be considered lower than in Thailand, we will use our best endeavors to ensure an adequate degree of protection is afforded to the transferred personal data, and ensure that the data recipient has adequate data protection standards in place, or that we are permitted to transfer your personal data in accordance with applicable data protection law. We may, for example, obtain contractual assurances from any third parties given access to the transferred personal data to ensure that your personal data will be protected by personal data protection standards which are equivalent to those required under the applicable laws in Thailand.

5. Retention period

We will keep your personal data as long as necessary to fulfill the aforementioned purposes. However, we may retain your personal data for a longer duration if we need to comply with applicable laws and regulations, our internal policies, operational rules or, when necessary, when a dispute occurs.

6. Your rights as the Data Subject

Subject to the conditions prescribed by applicable laws and our Data Subject rights management procedures, you may have the following rights.

  1. Access. You may have the right to access or request a copy of your personal data that we collect, use, or disclose.
     
  2. Rectification. You may have the right to request the personal data that we collect, use, and/or disclose about you is corrected, updated, completed, and not misleading.
     
  3. Data Portability. You may have the right to obtain personal data we hold about you in a structured, and readable electronic format, and to transmit such data to another data controller.
     
  4. Objection. You may have the right to object to certain collection, use, and/or disclosure of your personal data to the extent permitted under applicable laws.
     
  5. Restriction. You may have the right to restrict our use of your personal data in some cases.
     
  6. Withdrawal of consent. For the purposes where you have provided your consent for our collection, use, and/or disclosure of your personal data, you may have the right to withdraw your consent in some cases.
     
  7. Deletion. You may have the right to request us to delete, destroy, or anonymize your personal data that we collected, used, or disclosed.
     
  8. Complaints. You have the right to lodge a complaint to the competent authority where you believe that the Company fails to comply with personal data protection laws.

If you wish to exercise any of the aforementioned rights, please contact us using the contact information provided in the "Contact Us" section below.

Your request for exercising any of the aforementioned rights may be limited by applicable laws and exceptions. There may be certain cases where we can reasonably and lawfully reject your requests, for example, due to our legal obligations or court orders. If we reject your requests, we will notify you of our reason.

7. Security measures

We have reasonable security measures regarding personal data, including organizational, technical, and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of personal data against any unauthorized or unlawful loss, access, alteration, correction or disclosure of personal data, in compliance with applicable laws.

We have implemented access control measures and the use of data storage and processing devices which are secured and suitable for the collection, use, and/or disclosure of personal data. We restrict access to personal data as well as storage and processing devices by imposing access rights or permission, allowing only authorized individuals to access personal data, and implement user responsibilities to prevent unauthorized access, disclosure, perception, unlawful duplication of personal data or theft of storage or processing devices. We also have appropriate measures to enable the re-examination of access, alteration, deletion, or transfer of personal data.

8. Contact us

If you wish to contact us or if you have any questions about your personal data as described in this Privacy Notice, you may contact us at:

Data Protection Officer (DPO)

Company: ProTech Transfer Co., Ltd.
Address: 189 Soi Chockchaijongjamlearn, Rama 3 Road, Bangpongpang, Yannawa, Bangkok 10120, Thailand
Email: dpo@protech-transfer.com
Telephone number: 02-683-4990-1

9. Amendment

The company reserves the right to amend, review and update the Privacy Notice without prior notice. This is to ensure that the Privacy Notice is appropriate and efficient under changing circumstances. Therefore, the company recommends you to read the Privacy Notice each time when requesting services.

Announced on October 1, 2023

© Copyright Protech Transfer - All Rights Reserved | Design by: dp