Mitsubishi Electric Kang Yong Watana Co., Ltd.
Mitsubishi Electric Kang Yong Watana Co., Ltd.,
and its affiliates, including any persons involved in the personal data processing by the order or in the name of Mitsubishi Electric Kang Yong Watana Co., Ltd., (hereinafter collectively referred to as the “Company”
), recognize the importance of personal data or other information related to you (hereinafter referred to as the, “data
”) in order to ensure you that the Company is transparent and responsible for the collection, usage or disclosure of your data under the Personal Data Protection Act, B.E. 2562 (2019) (hereinafter referred to as the “PDPA
”), including other relevant laws.
”) has been prepared to clarify to you details about the collection, usage or disclosure (hereinafter collectively referred to as the “processing
”) of personal data, which is operated by the Company, including its staff and relevant parties acting on behalf of or in the name of the Company with the essence as follows:
2. Scope of the Policy
This Policy applies to personal data of any individuals currently and potentially related to the Company, whose personal data is processed by the Company, its staff, contract workers, business units or other agencies operated by the Company, including the counterparties or third parties processing personal data on behalf of or in the name of the Company (hereinafter referred to as the “data processor
”) under the products and services such as websites, systems, applications, documents, or other forms of services, which are under the control of the Company (hereinafter collectively referred to as the “services
Individuals related to the Company in the first paragraph mean
- Individual customers
- Staff or workers, employees
- Partners, suppliers, contractors, subcontractors, and service providers, which are natural persons.
- Directors, attorneys, representatives, agents, shareholders, employees or other related persons similar to the juristic persons that are related to the Company
- Users of products or services of the Company, whose data may be collected while contacting the Company, e.g. first name-last name, address, telephone no., and other contact details, including the records of your inquiry and responses with the Company
- Visitors or users of the website: https://www.mitsubishi-kyw.co.th, including systems, applications, devices, e.g. first name – last name, date of birth, contact details and interest, or other contact channels controlled by the Company
- Other persons, whose personal data are collected by the Company, such as applicants, employees’ family, guarantors, life insurance beneficiaries, etc.
No. 1) to 7) shall collectively be referred to as “you
In addition to this Policy, the Company may issue the Privacy Notice
(hereinafter referred to as the “Notice
”) for products or services of the Company in order to inform the data subjects, as the users, about the processed personal data, objectives and legitimate reasons, retention periods for the retention personal data, as well as rights to the personal data of data subjects regarding the specific products or services.
In this regard, in case of material conflicts between the Privacy Notice and this Policy, the Privacy Notice of the services shall take precedence.
4. Sources of Personal Data Processed by the Company
- Personal data means any data about natural persons, which can identify the persons, whether directly or indirectly, but not including specific information of the deceased.
- Sensitive data means any personal data stated in Article 26 of Personal Data Protection Act, B.E. 2562 (2019) that are race, ethnicity, political opinions, cult belief, religion or philosophy, sexual behavior, criminal records, health information, disability, union information, genetic information, biological information or any other information similarly affecting the data subjects, as announced by the Personal Data Protection Committee.
- Personal data processing means any operation related to personal data, such as collecting, recording, copying, organizing, storing, improving, modifying, using, restoring, disclosing, transmitting, distributing, transferring, including deletion or disposal, etc.
- Data subject means any natural person, who can be identified by the data collected, used or disclosed by the Company.
- Data controller means any natural or juristic person, who has the authority to make decision about the collection, usage or disclosure of personal data.
- Data processor means any natural or juristic person performing the collection, usage or disclosure of personal data by the order or in the name of the data controller, who is not the data controller.
4.1 Data given by you to the Company, while contacting the Company, are as follows:
- Personal data that the Company directly collects from data subjects through the service channels, such as while applying, registering, submitting job application, signing on contracts or documents, filling surveys, using products, services or servicing channels controlled by the Company, or when the data subjects communicate with the Company at the offices or via other contact channels controlled by the Company, etc.
- Personal data that the Company collects when you order, request a repair or return any product of the Company, which the Company may request your information, e.g. contact information and payment information, etc.
- Personal data that the Company request you to fill in any survey used by the Company for research and product development, including after-sales support, etc.
- Personal data that the Company request you to fill in, when you create an account to use online services of the Company, etc.
4.2 Data collected for website usage and communications
Data collected by the Company while data subjects are using the website, products or services according to any agreements or missions, such as tracking usage behaviors on website, products or services of the Company using Cookies or from software on the devices of the data subjects, etc.
4.3 Data obtained from other sources
In case that you purchase products of the Company from retailers, the Company may obtain the information about your purchase from the retailers, including the personal data that the Company collected from other sources besides from the data subjects, which the sources have the authority and legitimate reasons, or obtain consents from the data subjects for the data disclosure to the Company, such as connection to one-stop digital services for public interest by government agencies to serve the data subjects, retrieval of personal data other government agencies as the Company is obliged to establish a center for information exchange to support operations of government agencies to serve the public via digital systems, as well as necessity to provide services with exchange personal data exchange among counterparty agencies.
This also includes cases that you provide personal data of third parties to the Company, which you are responsible for informing details of this Policy or Notice of products or services, depending on the cases, to the third parties as well as request consent from them, in case that consent is required to disclose their personal data to the Company.
In case that the data subjects refuse to provide information necessary for the services of the Company, this may prevent the Company from providing the services to data subjects, in whole or in part.
5. Collection of Personal Data
The Company shall collect personal data only after receiving consent from the data subject except in the following cases:
- To comply with the contracts, in case that the collection, usage or disclosure of personal data is necessary to provide services or proceed in compliance with the contracts between the data subjects and the Company.
- To prevent or suppress danger to life, body or health.
- To comply with the law.
- For legitimate interest in case that it is necessary for the legitimate interest in the operations of the Company, which the Company shall mainly consider the rights of data subjects such as to prevent fraud, maintain security of the network systems, protect rights, liberty and interests of the data subjects, etc.
- For research study or statistics in case of preparation for the historical documents or archives for public interest, or for activities related to research study or statistics with proper protective measures in order to protect rights and liberty of data subjects
- To perform state missions in case that it is necessary to carry out the mission for public interest or compliance with the duties assigned by the state authority to the Company.
In case that the Company is required to collect your personal data in compliance with legally binding contracts or as required for contract signing, if you refuse to provide personal data or object to the processing according to the objectives of any activities, this may prevent the Company from operating or serving your request, in whole or in part.
6. Types of Personal Data Collected by the Company
Regarding the collection and retention of personal data, the Company shall apply legitimate methods only as necessarily for the objective of the Company as follows:
7. Cookies Policy
|Type of Personal Data
||Description and Example
||Your identifier or data from your identification, e.g. first name – last name, age, date of birth, nationality, citizen ID card no. or passport no., or other government documents for identification, etc.
||Your contact information, e.g. address, telephone no., E-mail, social media accounts, etc.
|Government document data
||Your government document data, e.g. copies of citizen ID card, house registration, passport, birth certificate, etc.
||Your financial data, e.g. bank account no., copy of bank passbook, credit card no., income, etc.
|Data collected by the Company or via the automated systems in the equipment of the Company
||Data collected by the Company or via the automated systems in the equipment of the Company, e.g. staff ID, work permit no., images from CCTV camera, etc.
||Your sensitive data, e.g. race, religion, disability, criminal records, biological information (finger-print simulation data, face simulation data), health information, etc.
8. Objectives of the Personal Data Processing
The Company shall process your personal data for several objectives depending on products or services in use and your relationship with the Company, or on the consideration in each context, and as specified in PDPA. The following objectives are mentioned as framework for general usage of personal data by the Company. In this regard, only the objectives related to the products or services in use or in relationship shall be applied to your data. Please be informed that, besides the processing mentioned below, the Company may disclose the personal data for the objectives, which the Company describes in the Privacy Notice (for Third Parties) and our affiliates operate in the name of the Company and other members of the Mitsubishi Electric Group.
- To enter into contracts or comply with contracts between the Company and data subjects, or between the Company and third parties for the sake of the data subjects.
- To answer the questions and assist the data subjects.
- To develop and improve goods, products and services of the Company to better satisfy the needs of data subjects.
- To provide information, and recommend goods, products or services, or marketing public relations, sales promotions or benefits via communication channels as suggested by data subjects according to the consent given to the Company.
5. To survey opinions, analyze, research and prepare statistical data for marketing or the development and improvement of the operations of the Company according to the consent given by you to the Company.
6. To conduct online marketing on the website of the Company to meet your desires or interest, which the Company shall apply automatic decision-making technology to track the data, such as browsing history on its website,
the links clicked by you on the E-mails of the Company, or mobile application in use.
7. For the sake of the management or internal operations of the Company necessary under legitimate interest
8. To audit, supervise and maintain security of the building areas or premises of the Company
9. To comply with laws related to the operations of the Company, e.g. withholding tax, etc.
10. To provide information as required by government agencies with legitimate authority, e.g. Royal Thai Police, Anti-Money Laundering Office, Revenue Department, courts, etc.
11. To conduct any accounting and financial activities, such as audit, debt collection, welfare rights, taxes and proof of transactions as required by law.
12. For legitimate interests of the Company, e.g. recording audio complaints via Call Center, recording video via CCTV camera, etc.
13. To be used in investigation, and to comply with the law, regulations, rules or statutory duties of the Company
14. To identify the customers.
15. For other purposes with your explicit consent
9. Transfer and Disclosure of Personal Data
The Company shall not disclose or transfer your personal data to external agencies, unless with your explicit consent or in any of the following cases:
10. Transmission or Transfer of Personal Data Abroad
- The law or legal process requires data disclosure or release to officers, government officials or authorized agencies in order to comply with lawful orders or requests.
10.2 In case that the Company transfers personal data out of Thailand, the Company may be required to specifically increase measures to protect your relevant personal data and interest.
In some countries outside Thailand, the Personal Data Protection Committee may approve that the significant protection is equivalent to that of Thai laws. In unapproved countries, the Company shall establish legal bases for such data transfer, such as your consent or other legal bases permitted by legal regulations.
11. Retention Period for Personal Data
The Company shall retain your personal data for as long as it is necessary for the objectives of data collection only, and for the business and legal requirements according to details specified in the relevant policies, announcements or laws. When the retention period expires and your personal data is no longer necessary for the objectives, the Company shall delete or dispose of your personal data or make it anonymous according to the formats and standards of personal data disposal. However, in case of disputes over exercise of rights or lawsuits about your personal data, the Company reserves the rights to store the data until the disputes have been finalized by order or judgement as the personal data is no longer required, the Company may either permanently make it anonymous (and still retain and use such anonymous data) or securely dispose of the data.
12. Peronal Data Protection
The Company shall apply technical measures and proper management to protect and maintain security of your personal data by performing encryption for data transfer via the internet and restricting the access to your personal data only to related persons both as documents and in electronic formats.
13. Connection to External Websites or Services
Services of the Company may connect to websites or services of third parties, which their privacy policies may contain different contents from this Policy. The Company recommends you to study the privacy policies of those websites or services in order to acknowledge the details before accessing them. In this regard, the Company has no association or control over their personal data protection measures, and cannot be responsible for the contents, policies, damages or actions caused by the websites or services of the third parties.
14. Data Protection Officer
The Company has appointed the Data Protection Officer to audit, administer and supervise on the personal data processing, including coordination and cooperation with the Office of the Personal Data Protection Committee in accordance with the Personal Data Protection Act, B.E. 2562 (2019).
15. Rights under the Personal Data Protection Act, B.E. 2562 (2019)
You can exercise the rights granted by laws and specified in this Policy as follows:
16. Security Measures for Personal Data
- Right to request an access and obtain a copy of the personal data
- Right to request modification of the data to become up-to-date and accurate
- Right to request acquisition of the personal data in case that the Company has processed it in formats that are readable or operable generally by automated tools or devices, and useable or disclosable by automated methods.
- Right to request deletion, disposal or anonymization of the personal data, when it is no longer necessary or when the data subjects have withdrawn the consent.
- Right to request suspension of personal data usage, in case that the personal data must be deleted or is no longer necessary.
- Right to withdraw the given consent to the processing of the personal data
- Right to request objection to the collection, usage or disclosure of the personal data, which the data subjects can exercise the right at any time.
The Company recognizes the importance of maintaining security of your personal data. Therefore, it establishes and reviews measures for security of personal data appropriately and always in accordance with the confidentiality of personal data in order to prevent loss, access, disposal, usage, modification, correction or disclosure of personal data without privileges or illegally, as well as prevents unauthorized usage of personal data. In this regard, it shall be in compliance with the regulations on personal data protection, regulations on management of confidential data, regulations on the administration of websites on the internet, and regulations on computer crime prevention of the Company.
In case that the personal data given by you to the Company is a document containing sensitive data not requested by the Company, the Company shall delete or take any action in order to make the sensitive data disappear from the document.
17. Internal Security
17.1 Transmission of data via the internet or websites may not guarantee the security from intrusion. However, the Company shall maintain physical defense, electronic protection and proper safeguard in commercial aspect in order to protect your personal data as required by legal regulations on data protection.
17.2 All information provided by you to the Company shall be stored in secure servers of the Company, and shall be accessed and used according to the policies and measures on security of the Company. In case that the Company provides a password to you (or in case that you have chosen a password), which allows you to access a part of the website of the Company, you are responsible for keeping the password confidential and complying with any other security procedures that the Company informs you. The Company requires that you do not reveal the password to anyone at all.
18. Personal Data Breach Reporting
When there is any personal data breach, the Company shall report the incident to Office of the Personal Data Protection Committee within 72 hours after being aware of the incident within its capability, unless the breach causes no risk to personal rights or liberty. In case of high risk affecting rights and liberty of individuals, the Company shall notify the data subjects about the breach and the remedy without delay.
Non-compliance with the Policy may result in an offense, be subject to disciplinary actions according to the rules of the Company (for staff or workers of the Company) or the agreements on personal data processing (for data processor) depending on the cases and your relationship with the Company, and receive punishment as specified in Personal Data Protection Act, B.E. 2562 (2019), including applicable secondary laws, rules, regulations, and orders.
20. Complaints to Regulatory Agencies
If you find that the Company has not complied with PDPA, you have the rights to file complaints to the Personal Data Protection Committee or regulatory agencies appointed by the Committee or by laws. In this regard, before filing the complaints, the Company asks you to please contact the Company, so it has an opportunity to learn the facts and clarify the issues, as well as address your concerns first.
The Company may consider to improve, amend, or change this Policy as it deems appropriate, and shall inform you via websites, e.g. https://www.mitsubishi-kyw.co.th
, along with the effective date stated on each revision. However, the Company recommends you to regularly check for new version of the Policy via specific channels dedicated to activities of the Company before you disclose your personal data to the Company. Utilization of products or services of the Company after the enforcement of the new policy shall be deemed that you have acknowledged it already. In this regard, please stop the use if you do not agree with the details of this Policy, and please contact the Company for further clarification.
22. Contact for Inquiry or Exercise of Rights
Should you have any inquiry, suggestion or concern about the collection, usage and disclosure of personal data by the Company or about this Policy, or wish to exercise your rights under the PDPA, you may request further information at:
Mitsubishi Electric Kang Yong Watana Co., Ltd.
Data Protection Officer
28 Krungthep Kreetha Rd., Huamark,
Bangkapi, Bangkok 10240
Telephone : 0-2763-7000 ext. 5018, 5014, 5012
Facsimile : 0-2379-4759
E-mail : firstname.lastname@example.org
Announced on June 1, 2022
Mitsubishi Electric Kang Yong Watana Co., Ltd.