Thoresen Thai Agencies Public Company Limited and its affiliates, including those involved in
the processing of personal data on behalf of Thoresen Thai Agencies Public Company Limited
or pursuant to its directions (hereinafter collectively referred to as “We” or
the “Company”) recognizes the importance of the protection of your Personal Data
and other information about you (collectively referred to as the “Personal
Data”). To ensure you that the Company shall collect, use or disclose your Personal
Data in accordance with the Personal Data Protection Act B.E. 2562 including other relevant
laws and other applicable regulations in Thailand (“Personal Data Protection
clarify to you the details of how we collect, use, or disclosure, correction, deletion,
destruction, or any other action on your Personal Data including the rights of the owner of
the Personal Data (collectively, “Processing” or “Data Processing”)
processed by the Company, including its officers and related persons acting for or on behalf
of the Company.
“Personal Data” means information about an individual that enables such
individual to be identified either directly or indirectly but does not include information
of a deceased person in particular.
“Sensitive Personal Data” means Personal Data as provided in Section 26 of the
Personal Data Protection Act B.E. 2562, including racial, ethnic, political opinions,
ideological beliefs, religion or philosophies, sexual behavior, criminal history, health
data, disability data, labor union data, genetic data, biological data, or any other
information which affects the owner of personal data in a similar way as announced by the
Personal Data Protection Committee.
“Personal Data Processing” means any processing of personal data such as collect,
save, copy, organize, store, update, change, use, restore, disclose, transmit, publish,
transfer, delete, destroy, etc.
“Data Subject” means an individual who owns Personal Data that the Company
collects, uses, or discloses.
“Personal Data Controller” means an individual or legal entity who has the
authority to make decisions regarding the collection, use or disclosure of Personal Data.
“Personal Data Processor” means an individual or legal entity that processes,
uses, or discloses Personal Data on behalf of or at the direction of the Personal Data
Controller. However, the individual or legal entity doing so is not a Personal Data
This Policy applies to the Personal Data of individuals who have a current and potential
relationship with the Company whose Personal Data is processed by the Company, its officers,
contractual employees, business units or other forms of units operated by the Company, and
includes parties or third parties who process Personal Data for or on behalf of the Company
(“Personal Data Processor”) under products and services such as websites,
systems, applications, documents or other forms of services maintained by the Company
(collectively, the “Services”).
Individuals related to the Company under the first paragraph include:
Articles 1. to 6. are collectively referred to as “You” or the “Data
In addition to this Policy, the Company may issue a Privacy Notice (“Notice”) for
the processing of Personal Data under any specific contractual obligations, activities, or
for products or services provided by the Company to inform the Data Subject of which
categories of Personal Data shall be processed, a lawful basis and the purposes of
processing of Personal Data, period of retention of Personal Data, including the rights
which Data subject shall have when the Company processes Personal Data regard to the purpose
for which the Personal Data is processed.
In the event of a material conflict between the terms and conditions of the Notice and this
Policy, the terms of the Notice shall prevail for the processing of such Personal Data.
The Company collects or obtains various types of Personal Data from the following sources:
This also includes the situation in which you provide Personal Data of third parties to the
Company, therefore you shall be responsible for providing details under this Policy or
announcements of activities, products, or services, as the case may be, to such parties, as
well as obtaining their consent if the consent is required to disclose information to the
Refusing to give consent for the collection, use, processing, transfer, or disclosure of
certain types of your Personal Data which is necessary for performance or conducting
business of the Company may prevent the Company from performing its legal duties or being
unable to do business or transact with you in whole or in part.
When the Company collects your Personal Data, we shall obtain a consent from Data subject
prior to such collection, except in the following cases.
If it is necessary for the Company to collect your Personal Data for the performance of a
contract, legal obligations, or for the necessity of entering into a contract, and you
refuse to provide the information or object to the processing, the Company may be unable to
perform or provide the services you have requested in whole or in part.
The Company shall collect your Personal Data within the purposes, scope, lawful and using
fair methods as is necessary to conduct Company’s operational activities, which
including but not limited to:
only if you have given your express consent and to the extent necessary for the
Company’s operations except for the following purposes:
The Company shall collect your Personal Data as is necessary within the scope of the
Company’s objectives depending on your relationship or activities that you have with
the Company or the type of product or service you use as prior informed the Data Subject
before collecting such Personal Data. We shall obtain the explicit consent from the Data
Subject before or when such collecting Personal Data, except for when it is allowed by the
Personal Data Protection Laws or the Company has a valid reason to process Personal Data
without consent of the Data Subject. The purposes stated below are just a general framework
for the Company’s use of your Personal Data. Only the purposes related to your
relationship, activities, type of products, Services you have with the Company shall apply
to your Personal Data.
The Company shall not disclose and transfer the Personal Data of the Data Subject to outside
organization except with the explicit consent of the Data Subject is given or in accordance
with the following cases:
You acknowledge and agree we may employ any third-party to perform any of our obligations for
the above purposes, either in whole or in part. In such cases, we will control and put the
appropriate measures in place for such third parties to retain and use only Personal Data in
parties shall strictly comply with the terms and conditions for the security of your
Personal Data in accordance with Personal Data Protection Laws.
If the Data subject is a minor, quasi-incompetent person or incompetent person where the
consent is required, and the Data Subject is legally unable to give consent on their own
according to the law, we shall not collect Personal Data unless the explicit consent from
your legal representative, curator or guardian is given (as the case may be).
However, if the Company collects Personal Data from the Data Subject without consent of the
legal representative, curator or guardian of the Data Subject (as the case may be), and the
Company later becomes aware of such facts, the Company will delete such Personal Data as
soon as possible and may collect, use, disclose and/or transfer such Personal Data only the
extent necessary to carry out in the course of legitimate activities under the laws.
your device, under its supervision, based on the services you use, for the purpose of
operating the security of the Company’s services and to provide you with a convenience
and positive user experience when utilizing the Company’s services. Such Data will be
used to enhance your experience when using the Company’s website. You can manually
enable or disable cookies through your web browser’s settings. If you choose not to
your access to all or a part of the Company’s website. Please see more details in
The Company may send or transfer Personal Data to international organizations or a third
countries. The Company shall ascertain that the international organization or destination
country that receives such Personal Data shall have adequate or greater Personal Data
Protection standards and measures applicable in Thailand.
The Company shall take appropriate technical and administrative measures to protect and
secure the security of your Personal Data, including encryption for transmission over the
Internet network, and will restrict access to your Personal Data so that it is only
accessible to those involved, in both paper and electronic form.
The Company shall retain your Personal Data only for as long as it is necessary for the
purpose for which it was collected as stipulated under this Policy, related Notices, and
applicable laws. After the expiration of the period and when your Personal Data is no longer
required for such purposes, the Company will delete, destroy, or render your Personal Data
unidentifiable in accordance with the forms and standards governing the deletion and
destruction of Personal Data. However, in the event of a dispute, exercise of rights, or
legal action involving your Personal Data, the Company reserves the right to retain such
Personal Data until a final order or judgment has been reached.
In the event that the retention period of Personal Data cannot be clearly stated, the Company
shall retain the Data for a period consistent with the collection standard (e.g. the general
legal period of prescription of up to 10 years).
The Company may link to third-party websites or services. Such websites or services may have
it. The Company is not associated and has no control over the privacy protection measures of
such third-party websites or services and cannot be held responsible for the content,
policies, damages, or actions caused by third-party websites or services.
Data Subject may exercise its rights with respect to the law and as contemplated in this
In this regard, we will consider your request, notify the result of the consideration, and
execute it (if appropriate) within thirty (30) days from the date we receive the request.
Your rights mentioned above will be in accordance with the Personal Data Protection Laws.
If you have question or require further details concerning the protection of your Personal
Data, the collection, use and disclose of your Personal Data, the exercising of your rights
or if you have any complaint, you can contact as per the following channels:
comply with the current applicable laws, regulations, and rules to ensure that your Personal
Data will be fully appropriately and efficiently protected by the applicable laws, which we