Contact us
Cristalla

Personal Data Protection Policy

Personal Data   Protection Policy

The Company recommends that you read and understand this Personal Data Protection Policy carefully, as it describes how the Company handles your personal data—including collection, use, processing, and disclosure—as well as your rights as a data subject. This policy is intended to inform you of the Company’s personal data protection practices.

 

The Company hereby announces the following Personal Data Protection Policy:

Definitions

“Company” means Cristalla Co., Ltd. and its affiliated companies.

“Affiliated Company” means any limited company or public limited company under the control of the Company.

“Personal Data” means information relating to a person that enables the identification of that person, whether directly or indirectly, but not including data of deceased persons specifically. Examples include: name, surname, nickname, address, telephone number, national identification number, bank account number, e-mail address, vehicle registration number, and land title deed number.

“Sensitive Personal Data” means personal data pertaining to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal record, health data, disability, trade union membership, genetic data, biometric data, or any other data that similarly affects the data subject.

“Person” means a natural person.

“Use of Personal Data” means the collection, use, and disclosure of personal data.

Respect for the Right to Privacy

  1. The Company respects and places great importance on the rights, personal data, and personal data protection of data subjects.
  2. Personal data received by the Company that can identify a data subject and that is complete, accurate, current, and of quality shall be used solely for the Company’s operational purposes. The Company shall implement strict security measures to protect personal data and prevent any unauthorized use thereof.

Limited Use of Personal Data

In using your personal data, the Company shall act with a lawful, fair, and limited purpose and scope, and only to the extent necessary for the Company’s operations.

 

The Company shall use your personal data only to the extent necessary to perform a contract to which you are a party, or to carry out your request prior to entering into such a contract.

 

 The Company shall not use your personal data without your prior consent, except in the following cases:

  • As described in item 2 of this section.
  • For the preparation of historical documents, archives for public benefit, research, or statistics as required by law.
  • To prevent or suppress danger to life, body, or health of a person.
  • For the performance of a task carried out in the public interest or in the exercise of official authority.
  • For the purpose of legitimate interests.
  • To comply with the law.

 

The Company shall not use your sensitive personal data without your prior explicit consent, except in the following cases:

  • To prevent or suppress danger to life, body, or health of a person who is unable to give consent at the time.
  • For the lawful activities of foundations, associations, or non-profit organizations.
  • Where the data has been made publicly available with your explicit consent.
  • Where it is necessary for the establishment, exercise, or defense of legal claims.
  • To comply with the law.

 

The Company may use your personal data obtained from other sources only where your consent has been obtained or as permitted by law.

 

The Company shall retain your personal data only for as long as necessary for the Company’s operations. Upon expiry of such period, the Company shall destroy the personal data.

 

The Company shall establish security measures for your personal data in accordance with the Company’s information technology security policy and applicable law.

Purposes of Use of Personal Data

  1. The Company uses your personal data for its operations, research, or preparation of statistics in accordance with its operational objectives, and to improve the efficiency and quality of its operations.
  2. If the purposes of use of personal data are subsequently changed, the Company shall notify you and obtain your consent, and shall maintain a record of any such amendments as evidence.

The Company shall not act beyond the stated purposes, except:

  • Where a new purpose has been disclosed and consent has been obtained.
  • Where required by law.

Rights of Data Subjects

  1. Right to Withdraw Consent:  You have the right to withdraw your consent to the use of your personal data at any time during the period that the Company holds your personal data.
  2. Right of Access:  You have the right to access your personal data and request the Company to provide a copy thereof, as well as to request the Company to disclose how your personal data was obtained without your consent.
  3. Right to Rectification:  You have the right to request the Company to rectify inaccurate data or to complete incomplete data.
  4. Right to Erasure:  You have the right to request the Company to erase your data in certain circumstances.
  5. Right to Restriction of Processing:  You have the right to request restriction of the processing of your personal data in certain circumstances.
  6. Right to Data Portability:  You have the right to receive and transfer your personal data that you have provided to the Company to another data controller, or to yourself, in certain circumstances.
  7. Right to Object:  You have the right to object to the processing of your personal data in certain circumstances.

 

You may contact the Data Protection Officer (DPO) or the relevant department of the Company to submit a request to exercise the above rights (contact details are provided under “Contact Channels” below). There is no charge for exercising any of the above rights. The Company will consider and notify you of the outcome of your request within 30 days of receipt. If the Company violates or fails to comply with the Personal Data Protection Policy or the Personal Data Protection Act, you have the right to file a complaint with the Office of the Personal Data Protection Committee.

Changes to the Personal Data Protection Policy

The Company shall regularly review the Personal Data Protection Policy to ensure compliance with applicable practices, laws, and regulations. In the event of any changes to this policy, the Company shall notify you by updating the information on www.cristalla.co.th/cristalla/pdpa/ as promptly as possible.

This Personal Data Protection Policy was last reviewed on 8 April 2020.

Contact the Data Protection Officer (DPO)

Address: No. 1, Empire Tower, 43rd Floor, South Sathorn
Road, Yannawa Sub-district, Sathorn District, Bangkok 10120
Telephone: 02-287-7244
E-mail: DPO@cristalla.co.th
Fax: 02-286-4259