1. Introduction
Asian Palm Oil Public Company Limited (hereinafter referred to as the “Company”) recognizes the importance of personal data and other information related to individuals (collectively referred to as “Data”) to ensure your confidence that we are transparent and responsible in collecting, using, or disclosing your personal data in accordance with the Personal Data Protection Act 2019 (“PDPA”) and other relevant laws. This Privacy Policy (“Policy”) has been prepared to inform you of the details concerning the collection, use, and disclosure (“Processing”) of personal data by the Company, including its officers and relevant personnel acting on behalf of or in the name of the Company. The content of this Policy applies to the Processing of personal data by the Company, its officers, employees under contract, business units, or other entities operated by the Company.
2. Scope of Policy
This Policy applies to the personal data of individuals who have a relationship with Asian Palm Oil Limited (hereinafter referred to as the “Company”), both in the present and in the future, which is processed by the Company, its officers, employees under contract, business units, or other entities operated by the Company. It also includes data processors acting on behalf of or in the name of the Company (“Data Processors”) under various products and services, such as websites, platforms, applications, documents, or services controlled and managed by the Company (collectively referred to as the “Services”).
Individuals who have a relationship with the Company include:
1. Customers
2. Officers or employees
3. Individuals who are natural persons and serve as suppliers and service providers
4. Directors, authorized representatives, agents, shareholders, employees, or other related individuals of legal entities related to the Company
5. Users of the Company’s products or services
6. Visitors or users of the website https://asianpalmoil.com, including systems, platforms, applications, devices, or other communication channels controlled and managed by the Company.
7. Other individuals from whom the Company collects personal data, such as job applicants, family members of employees, guarantors, beneficiaries, etc. Collectively, the above-mentioned points 1 to 7 are referred to as “you.”
Apart from this Policy, the Company may also provide a Privacy Notice (“Notice”) for specific products or services to inform data subjects who are users of the service about the personal data that is being processed, the purposes and legal basis for processing, the retention period of the personal data, and the data subject’s rights concerning the personal data in the contractual documents, products, or services.
In case of any material conflicts between the content of the Privacy Notice and this Policy, the content of the Privacy Notice for that particular service shall prevail.
3. Definitions:
4. The sources of personal data that the Company may collect use, disclose, and process
The company may collect, use, disclose, or process personal data, including but not limited to various types of information, as illustrated in the following examples
5. The methods for collecting and receiving personal data
6. The purposes and legal bases for collecting, using, disclosing, or processing personal data are as follows
The company will process your personal data for the following purposes and in compliance with the legal basis
(1) To fulfill legal obligations or comply with regulations that are applicable to the company.
To ensure compliance with the law, including fulfilling legal obligations and enforcing regulations applicable to the company, which may include, but not limited to:
(2) In order to provide services and ensure that the company can efficiently deliver such services to the data subjects and other individuals.
Users
Users
(3) Communication purposes, deep data analysis, service development by the company, to provide assistance regarding service requests, queries, or suggestions from you, and to ensure efficient delivery of the mentioned services to you and other individuals.
Users
(4) Objectives in Marketing and Public Relations
Users, Partners
(5) For the purpose of human resource management, to enable the company to make the best decisions in personnel recruitment and human resource management.
employee, Individuals interested in working with the company.
(6) Security measures and benefits in compliance with the law.
Data Subject
(7) Purpose of restructuring, modifying, or changing the company’s business.
Data Subject
(8) Other purposes that the company notifies the data subject of at the time of data collection.
Data Subject
Remark :
1. Normally, the company processes personal data based on the legal bases for the purposes stated in the table above. However, the company may process personal data based on other legal bases not listed in the table, depending on the specific circumstances.
2. The reference to the data subject in the table above is for the convenience of considering the company’s processing of personal data under each specific purpose, and it directly relates to the types of data subjects involved.
7. Personal data of minors, persons with disabilities, and persons of limited legal capacity
In cases where the company becomes aware that the personal data necessary for collection belongs to minors, persons with disabilities, or persons of limited legal capacity, the company will not proceed with the data collection until obtaining consent from the legal guardian, guardian, or caregiver, as applicable, in accordance with the law.
If the company was initially unaware that the data subject is a minor, person with disabilities, or person of limited legal capacity, and subsequently discovers that it has collected such data without obtaining consent from the legal guardian, guardian, or caregiver, as applicable, the company will promptly delete or destroy such personal data, unless there is another legal basis beyond consent for data collection, use, or disclosure of such data.
8. Individuals or entities to whom personal data may be disclosed
1. The company may disclose or transfer your personal data to third parties within Thailand (transfers to other countries) who collect, use, or disclose personal data to individuals or organizations (“individuals or entities to whom personal data may be disclosed”) for the purposes specified in this Privacy Policy.
1.1 companies within the group and shareholders of companies within the group (if any)
Companies within the group, including parent companies, subsidiaries, affiliates, or companies related to the company (collectively referred to as “group companies”), including shareholders of companies within the group.
1.2 Individuals directly related to the company
The company may need to disclose the personal data of service users to individuals directly related to the company’s service provision. This includes identity verification and confirmation service providers, human resource management providers for service users’ employers, service providers authorized to make debt payments or deductions on behalf of service users, or service providers to the company and/or service users.
1.3 Service providers to the company and/or service users
The company may need to disclose the personal data of service users to service providers to the company and/or service users, such as the service providers listed below. These service providers will only use the personal data of service users as authorized by the company.
1. Service providers of various professions, such as financial consultants, legal advisors, and accountants.
2. Infrastructure and information technology service providers.
3. Data storage service providers, including cloud service providers.
4. Service providers related to payment systems and networks, payment agents.
5. Data analysis, research, and statistics service providers.
6. Marketing service providers, including event organizers and activities.
7. Advertising, public relations, and communication service providers, including customer service centers (e.g., call centers or similar service providers).
8. Financial institutions and other external entities used by the company for service provision.
9. Data processing service providers.
10. Identity verification service providers, including Dip Chip card verification service providers.
11. Data verification service providers, such as internet providers and the Department of Provincial Administration (DOPA).
12. Document or parcel delivery service providers.
1.4 Business Partners
Business partners of the company, including business groups in payment systems, electronic cards, debit cards, credit cards, cash cards, telecommunications, e-commerce, reward programs, and loyalty programs. Also, financial institution business groups (collectively referred to as “Business Partners”).
1.5 Persons as Mandated by Law
Other individuals as mandated by law, including government agencies, in cases where laws, regulations, rules, orders, or instructions of government agencies, regulatory bodies, or authorized entities, including court orders or judgments, or organizations with legal authority (whether within Thailand or abroad), require the company to disclose personal information. This includes entities such as the Bank of Thailand, the National Credit Bureau of Thailand Limited, the Office of the Consumer Protection Board, the Office of the Economic Committee of the Ministry of Finance, the Anti-Money Laundering Office, the Revenue Department, the Office of the Comptroller General, the Department of Special Investigation, the Ministry of Justice, the National Police Office, the Courts, and Administrative Courts, among others.
1.6 Transferees and/or Assignees
Transferees and/or assignees (including possible transferees) refer to external parties in the event of organizational restructuring, business consolidation, partial or total business transfers, sales, purchases, joint ventures, transfers, divestments, transactions similar in nature, whether in part or in whole. The transferees and/or assignees of the company shall comply with the provisions of this privacy policy or any other standards that provide a level of personal data protection not less than that of this privacy policy, in order to respect the personal data of the data subject.
Note : When referring to any legal entity under paragraph 8 (Persons or organizations to whom personal data may be disclosed), it includes directors, representatives, employees, staff, or any individuals acting on behalf of that legal entity.
9. Personal Data Protection Act
1. Laws governing personal data protection, you have the following rights
1.1 The right to withdraw consent: You have the right to withdraw your consent for the collection, use, disclosure, or processing of your personal data at any time. Once you have withdrawn your consent, it will not affect the lawfulness of any data processing that occurred based on your consent before the withdrawal.
1.2 Accessing data: You have the right to request access to and obtain a copy of personal data about you that the Company possesses or is responsible for. You can also request disclosure of the acquisition of personal data to which you have not given consent.
1.3 Requesting Personal Data: You have the right to obtain personal information about yourself from the Company. If the company has made personal data available in a format that can be read or used by automated tools and devices, and if such automated means can be used to disclose personal data, you also have the following rights :
(1) Request that the Company transfers or sends personal data in the aforementioned format to another person when it can be done automatically.
(2) Request to receive personal data that the Company transfers or sends directly to another person in the aforementioned format, unless it is technically impossible to do so.
1.4 Deprecation: You have the right to object to the collection, use, disclosure, or processing of personal data about yourself at any time.
1.5 Deletion or Destruction: You have the right to request the Company to carry out the deletion, destruction, or anonymization of personal data, so that the data can no longer identify you as the data subject, as required by the applicable law.
1.6 Suspension: You have the right to request the data controller to suspend the use of personal data in accordance with the provisions of the applicable law.
1.7 Correction: You have the right to request that the Company keeps your personal information accurate, current, complete, and not misleading. In case you make such a request, and the company fails to comply, the company is required to record your request along with the reasons, as mandated by law.
1.8 Complaint: You have the right to file a complaint with the relevant authorities as stipulated by the laws governing personal data protection, in the event Company , including its employees or contractors, violates or fails to comply with the laws concerning the protection of personal data.
2. The data subject acknowledges that the rights mentioned from section 1.1 to 1.8 above are subject to limitations as per the laws governing personal data protection and other relevant regulations. The Company may refuse to exercise these rights if there are lawful grounds for such refusal.
10. Data Security Measures.
The company is aware of the importance of maintaining the security of personal data provided by you. The company will exercise caution to prevent unauthorized access, destruction, usage, alteration, modification, disclosure, or any other unlawful action concerning personal data, throughout the duration of your engagement with Company or while having a relationship with the company. This will be in accordance with the policies and practices implemented by the Company for ensuring information technology security.
11. Other agreements
If you terminate any relationship with Company, whether it be as a customer canceling accounts for various services, a business partner terminating business relations, an employee ending their employment status as per the law, or an individual interested in working with Company terminating their interest, all data (including personal data) related to the aforementioned relationship will be processed in accordance with the laws governing personal data protection or other applicable laws, as well as this Privacy Policy and any other policies of Company.
However, the termination of any such relationship shall not be considered as a withdrawal of consent to this Privacy Policy or the revocation of any authorization or consent given to Company for the collection, use, disclosure, and processing of such data (where consent forms the basis), unless otherwise explicitly specified in writing.
Company shall not be liable for any damages incurred by the data subject related to this Privacy Policy or any other relationship between Company and the data subject, unless such damages result from willful or grossly negligent actions of Company
12. Contact Information for Company and Data Protection Officers of Company
In order to efficiently implement this Privacy Policy, the Company has appointed Data Protection Officers who will provide assistance regarding the management of your personal data. If you have any questions, suggestions, or wish to exercise your rights regarding personal data, you can contact Company using the following details:
Asian Palm Oil Public Company Limited
Address : No. 99 Moo 2, Ao Luek Tai Sub District, Ao Luek District, Krabi Province 81110
Email: [email protected]
Website: https://asianpalmoil.com
Phone number: 075-681354, 075-681355
Personal Data Protection Officer (DPO)
Email: [email protected]
Phone number: 075-681354 ext. 1400, 075-681355 ext. 1400
13. Changes to the Privacy Policy
The company may periodically update this Privacy Policy to align with legal requirements, service delivery, business operations, and feedback from you. Any changes to the Privacy Policy will be communicated to you in advance, and the company may provide direct notifications regarding such changes.
This Privacy Policy constitutes a binding agreement or contract between you and the company, as permitted by law.
Please be aware that you have the right to withhold your personal data from the company. However, if you choose not to provide your personal data, it may have various implications on your ability to conduct transactions or engage in relationships with the company.
Service for users :
The company may provide services to you on a limited basis and may not be able to provide services to you efficiently or effectively.
For employees and individuals interested in working with the company :
It may result in the company not having sufficient information to consider your employment application or contact you effectively. It may also cause disruptions in human resources management and lead to potential legal liabilities (depending on the circumstances).
For partners :
It may prevent the company from establishing a business relationship with you.
You acknowledge, accept, and have read and fully understood the Privacy Policy in detail.
This policy was approved at the 1/2566 Company Board meeting on May 15, 2566.
Asian Palm Oil Public Company Limited
99 Moo 2 Ao Luek Tai, Ao Luek, Krabi 81110