Privacy Policy
TAT Corporation Public Company Limited and its subsidiaries
- Preamble
TAT Corporation Public Company Limited and its subsidiaries (hereinafter referred to as “the Company” in this Policy are aware of the importance of Personal Data and other information relating to Data Subjects (collectively referred to as “Data”) in order to ensure that the Company is transparent and responsible in collecting, using, or disclosing Data Subjects’ data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“Personal Data Protection Law”) as well as other relevant laws. This Personal Data Protection Policy (“Policy”) has been prepared to clarify to the Data Subject the details of the collection. Use or disclose (collectively, “Process”) Personal Data processed by the Company, including its officers and related persons who act on behalf of or on behalf of the Company, with the following contents.
- Scope of Policy Enforcement
This Policy applies to the personal data of individuals with whom the Company is currently and may be processed in the future, which is processed by the Company, its officers, employees, business units or other forms of entities operated by the Company, including contracting parties or third parties who process the Personal Data on behalf of or on behalf of the Company. (“Personal Data Processor”) under products and services such as websites, application systems, documents or services. In other forms controlled by the Company (collectively, the “Services”).
Persons who have a relationship with the Company as defined in the first paragraph, including
- Individual customers
- Official workers or employees
- Partners and service providers who are individuals
- Referee Authorized Persons representative agent Shareholders or other persons who have the same relationship of the juristic person who has a relationship with the Company
- Users of the Company’s products or services
- Visitors to or use the Company’s website Application systems, devices, or other communication channels controlled by the Company
- Other persons from whom the Company collects personal data, such as job applicants, family members of employees, guarantors, etc. beneficiaries in insurance policies, etc.
Clauses 1) to 7) are collectively referred to as “Data Subjects”
In addition to this policy, The Company may require a privacy notice (“Notice”) for its products or services. To clarify to the Data Subject, who is a service user, the Personal Data Processed objective Lawful grounds for processing The Company has a Record of Processing Activity (RoPA) to control the processing of Personal Data in accordance with the law.
However, In the event of a material conflict between the Privacy Notice and this Policy, the Privacy Notice of that service shall prevail.
- meaning
Company means TAT Corporation Public Company Limited and its subsidiaries.
Personal data means information about an individual who can be identified. Whether directly or indirectly, but does not include information on the deceased in particular.
Sensitive personal data means personal data as stipulated in Section 100 of the Revised Code. 26 of the Personal Data Protection Act B.E. 2562 (2019), which includes information on race, ethnicity, political opinions, beliefs in cults, religion, philosophy, sexual behavior, criminal records, etc. Health and disability information Trade union information, genetic information, biological information, or any other information that similarly affects the Data Subject as announced by the Personal Data Protection Committee.
Processing of personal data means any action taken with personal data, such as collecting, copying, organizing, placing, updating, etc. change Use Recover expose Forward Publish Transfer, destruction, etc.
Data Subject means a natural person who is the subject of the Personal Data collected, used or disclosed by the Company.
Data Controller means a person or juristic person who has the authority to make decisions regarding the collection, use or disclosure of Personal Data.
Personal Data Processor means a person or juristic person who carries out the collection, use or disclosure of Personal Data in accordance with the instructions or on behalf of the Data Controller. The person or juristic person who does so is not the controller of the personal data.
- Sources of Personal Information
The Company collects or obtains various types of personal data from the following sources
- Personal Data collected by the Company from the Data Subject directly through various service channels, such as job application procedures, registration, contract signing, product/service usage surveys, or when the Data Subject communicates with the Company or through other contact channels supervised by the Company, etc.
- The Company collects information from the Data Subject’s access to other products/services in accordance with the contract or mission, such as tracking the usage behavior of the Company’s website, products/services by using cookies or from software on the Data Subject’s device, etc.
- Personal data collected by the Company from sources other than the data subject. There is a lawful reason or the consent of the Data Subject has been obtained. In the Disclosure.
- Information to the Company, such as linking the digital services of other entities. social media or service providers on e-commerce channels to provide services for the benefit of the data subject, etc.
- It also includes cases where the data subject owns the personal data of a third party to the company. As follows: The Data Subject is responsible for notifying the details of this Policy or the announcement of products/services to such person, as the case may be, as well as obtaining consent from that person if consent is required to disclose information to the Company.
- Legal Basis for Collecting Personal Data
The Company considers to determine the legal basis for collecting Personal Data of Data Subjects as appropriate and in accordance with the context of the service. The legal basis for collecting personal data used by the Company includes
Legal basis for data collection | Detail |
For the performance of legal duties. | To enable the Company to comply with the requirements of the law, such as:- Collection of computer traffic data under the Computer Crime Act B.E. 2560 (2017)
– Tax Law This includes the implementation of court orders, etc. |
It is necessary for legitimate interests. | For the legitimate interests of the Company and of other persons, such interests are no less important than rights. Basic personal data of the data subject, such as for the security of the Company’s premises or the processing of personal data for the Company’s internal affairs, etc. |
It is necessary for the prevention or suppression of danger to life. The person’s body or health | To prevent or suppress danger to life. For example, using treatment data to monitor epidemics according to government policies, etc. |
For performance of a contract | In order for the Company to be able to perform its contractual duties or perform actions that are necessary for entering into a contract in which the data subject. An individual is a party to a contract with a company, such as employment. Hiring of memorandums of cooperation, sales contracts, service contracts, or other forms of contracts, etc. |
For the preparation of important biographical, research, or statistical documents. | To enable the Company to prepare or support the preparation of historical documents, research or statistics as the Company may be assigned, such as providing information to government agencies in accordance with the law, etc. |
agreement | For the collection, use or disclosure of personal data in the event that the Company needs to obtain the consent of the personal data subject, the purpose of collection, use or disclosure of personal data has been notified before the consent has been requested, both before and during the collection of data, such as the collection of sensitive personal data for purposes that do not comply with the exceptions to Section 2019. 24 or 26 of the Personal Data Protection Act B.E. 2562 (2019), etc. |
The Company will review and verify the types of personal data that the Company has collected and whether the legal basis for collecting it is appropriate. At least once every 6 months.
In the event that the Company needs to collect the Personal Data of the Data Subject for the performance of the contract. In the performance of legal duties or for the necessity of entering into a contract. If the Data Subject refuses to provide personal data or objects to the processing according to the purpose of the activity, it may result in the Company. Unable to perform or provide services as requested by the Data Subject in whole or in part.
- Types of Personal Information Collected by the Company
The Company may collect or obtain the following information, which may include the Personal Data of the Data Subject: Depending on the services used by the Data Subject or the context of the relationship that the Data Subject has with the Company, as well as other considerations that affect the collection of Personal Data, the following types of information are only the general framework for the Company’s personal data collection. However, only information related to products/services that the Data Subject uses or has a relationship with will be applicable.
Types of Personal Information | Details and examples |
Personally identifiable information | Information identifying the name of the Data Subject or information from official documents that identify the Data Subject, such as prefix, name, surname, fictitious name, etc. ID card number or tax identification number Passport number, nationality, address House registration information, driver’s license information, signature, social security number, or other official documents that can be identified, etc. |
Information about the characteristics of a person. | Detailed information about the data subject, such as date of birth, gender, height, weight, age, marital status. Military enlistment status, photos, bankruptcy information. Information on the person’s abilities, etc. |
Contact Information | Information for contacting the Data Subject, such as telephone number, fax number, electronic mail, postal address, location map of the address. Social media usernames The name of the user account that identifies the user with the program or application, or other electronic communication channels, etc. |
Information about work and education. | For example, employment details, work history and educational history, type of employment, occupation, rank, position, duties, expertise, work permit status, reference information, emergency contact person, position history, etc. Salary information, start and end dates Job Evaluation Results Achievement Educational Institution Educational Background Academic Results Date of Graduation Workplace Access Information Entry and exit information during working hours, etc. |
Insurance Policy Information | Details about the operator insurance policy such as insurer, insured, beneficiary, policy number, policy type, coverage limit. Information about claims, etc. |
Transaction or financial information | Transaction or financial information, such as bank account number, credit/debit card number, etc. |
Information about the use of the Company’s services | Details about the Company’s products or services, such as user account name, Password, PIN number, Single Sign-on Information (SSO ID), OTP code, computer serial number. IP Address, Computer Traffic Data (log), Coordinates Information, Photos, Video, Voice recordings, usage behavior data (websites under the management of the Company or applications), Internet usage data or other website connections, information collected by the Company through cookies or other similar technologies, device ID, device type, etc. Browser data, operating system used, and user statistics on the website are analyzed and displayed in various ways, such as the number of users, geographic distribution of users, etc. device or operating system or duration of use, or other forms of detailed analysis, etc. |
Other Personal Information | Other personal data such as the data provider’s marketing statistical analysis, Video Information, CCTV (CCTV), video/audio tape, In case the informant contacts the company. Conversation and communication information, or transactions by telephone, video call, or other electronic devices, including communication with the Company through other channels. In addition to the channels mentioned above, etc. |
Sensitive Personal Information | Sensitive personal data of the data subject, such as race, ethnicity, political opinions, creeds. religion or philosophy, sexual behavior, criminal history, health information, disability, Mental health information, medical information, trade union information, genetic information, biological information (meaning personal information resulting from the use of techniques or technologies related to the use of physical or behavioral characteristics of a person to verify the identity of that person unlike another person) such as facial image data, Iris, or fingerprint data, etc., as well as any other information that affects the Data Subject in the same way as specified by the Commission. The company will review whether it is still necessary to store such sensitive information. At least once every 6 months. |
- cookie
The Company collects and uses cookies and other similar technologies on websites under the Company’s management, such as the Company’s website or on the data subject’s device depending on the service provided by the data subject. This is for the security of the Company’s services and for the Data Subject, which is the user, to obtain convenience and a good experience in use. This information will be used to improve the Company’s website to better meet the needs of the data subject. The data subject can manually set or delete the use of cookies from the settings in the web browser. Web Browser of the Data Subject.
- Personal Information of Minors Incompetent people and quasi-incompetent people.
In the event that the Company becomes aware that the personal information that requires consent to be collected is Data Subject who is a minor The Company will not collect such personal data until it has obtained the consent of the user of parental authority who has the authority to act on behalf of the minor, or the guardian or guardian, as the case may be, in accordance with the conditions prescribed by law.
In case the Company does not know that the Data Subject is a minor. and later found out that the Company had collected the data of the Data Subject. The Company shall promptly delete the Personal Data without the consent of the Guardian who has the authority to act on behalf of the minor, or the Guardian or the Guardian as the case may be. If the company does not have a legitimate reason, Other than consent to the collection, use or disclosure of such information.
- Purpose of collecting personal data
The Company collects the Personal Data of the Data Subject for the purpose of using the data subject, which depends on the type of product or service or activity used by the data subject, as well as the nature of the relationship between the data subject and the company, or the considerations in each context. However, only the purposes related to the products or services that the Data Subject uses or has a relationship with will be applicable to the Data Subject’s information , such as
- To carry out the necessary operations to conduct the business.
- To provide services and manage the Company’s services. Improve the quality of products and services in line with customer needs.
- For the Company’s transaction processing.
- Supervision Use, monitor, monitor, and manage services to facilitate and comply with the needs of the Data Subject.
- To preserve and update information related to the Data Subject, including documents that are claimed to be the Data Subject.
- Prepare a record of the processing of personal data as required by law.
- Analyze data and solve problems related to the Company’s services.
- To carry out necessary actions for internal management, including recruitment, nomination of directors or office holders, qualification assessment, etc.
- Protect, detect. avoid Fraud Investigation Breach of security or prohibited or illegal acts, and may cause damage to both the Company and the Data Subject.
- Identity verification, identity verification, and verification of information when the Data Subject applies for the Company’s services or contacts the service or exercises legal rights.
- Improve and modernize the quality of products and services.
- Risk Assessment and Management
- Send notifications, order confirmations. Communicate and inform the data subject of news.
- To prepare and deliver relevant and necessary documents or information.
- Identity verification Prevent spam or unauthorized or illegal activities.
- Examine how the Data Subject accesses and uses the Company’s services, both collectively and individually, for research and analysis purposes.
- Take the necessary steps to comply with the Company’s obligations to the controlling authorities. Tax authorities, law enforcement, or legal obligations of the Company.
- To take necessary actions in the legitimate interests of the Company or other persons or of other juristic persons in connection with the Company’s operations.
- Prevent or stop danger to life. including epidemic surveillance.
- Prepare historical documents for the public interest, research or compile statistics that the company is assigned to carry out.
- For compliance with applicable laws, notices, orders, or proceedings related to lawsuits, subpoenas, including the exercise of rights related to data subjects.
- Recording a fingerprint mockup or recording a face It is intended to be used for identity verification in recording the time of entry and exit of the company’s workspace and to ensure the security of employees and the company.
- Categories of persons to whom the Company discloses the Personal Data of the Data Subject
Under the purposes set out in Clause 9 above, the Company may disclose the Personal Data of the Data Subject. Personal information to the following persons: The following categories of recipients are only the disclosure framework. The Company’s personal data is general, and only the recipient of information related to the product or service that the data subject uses or has a relationship with will be applicable.
Type of Person Receiving Information | Detail |
Government agencies to whom the Company must disclose information for the purpose of legal proceedings or other important purposes. | Law enforcement agencies or have the power to supervise or have other important purposes, such as the Revenue Department. Courts, Social Security Office, Education Loan Fund, etc. |
committees related to the company’s legal operations | The Company may disclose the data subject’s information to individuals. Holders of directors in various faculties such as the Nomination and Remuneration Committee, etc. |
Contracting Parties which deal with the welfare of the Company’s employees. | Third parties that the procurement company hires to perform welfare-related operations, such as insurance companies. hospital Payroll companies, banks, telephone service providers, etc. |
Business Partners/Partners | The Company may disclose the Data Subject’s information to persons who work with the Company for the benefit of providing services to the Data Subject, such as marketing service providers. Advertising media, financial institutions, platform providers, telecommunications service providers, etc. |
servant | The Company may assign other parties to act as service providers on behalf of or support the Company’s operations, such as data storage providers (e.g., cloud), software system developers, applications, websites, payment service providers, Internet service providers, telephone service providers, social media service providers, etc. Risk management service providers, external consultants, transportation service providers, etc. |
Other types of data recipients | The Company may disclose the data subject’s information to individuals. Other types of recipients of information, such as company contacts, family members, Non-Profit Foundation For the operation of the Company’s services, training, etc. |
Public disclosure | The Company may disclose the data subject’s information to the public. If necessary. |
- Sending or transferring personal data abroad
In some cases, the Company may need to send or transfer the Personal Data of the Data Subject abroad to carry out the purpose of providing services to the Data Subject, such as to send the Personal Data to the Cloud with a platform or server located abroad to support information technology systems located outside Thailand. This depends on the Company’s services that the Data Subject uses or is involved in on a case-by-case basis.
However, at the time of preparing this policy, The Personal Data Protection Committee has not yet announced the list of destination countries with adequate personal data protection standards. When the Company needs to send or transfer the Personal Data of the Data Subject to the destination country. The Company will ensure that the Personal Data sent or transferred has adequate personal data protection measures in accordance with international standards or take steps to enable the transmission or transfer of such data in accordance with the law, as follows
- It is in compliance with the law that requires the Company to send or transfer personal data abroad.
- The Company has notified and obtained the consent of the Data Subject in the event that the destination country has insufficient personal data protection standards. This is according to the announcement of the list of countries announced by the Personal Protection Commission.
- It is necessary to perform a contract to which the Data Subject is a party with the Company or to comply with the request of the Data Subject prior to entering into such contract.
- It is an act of the Company’s contract with another person or juristic person for the benefit of the Data Subject.
- To prevent or suppress danger to life. The body or health of the Data Subject or of another person. When the Data Subject is unable to give consent at that time.
- It is necessary to carry out important public interests.
- Period of collection and destruction of personal data of the data subject
The Company will retain the Personal Data of the Data Subject for as long as the data is necessary for the purpose for which the data was collected. In accordance with the details set forth in the policy, announcement or relevant laws. When the period has expired and the personal data of the data subject has ceased to be necessary for the said purpose. The Company will continue to delete or destroy the Personal Data of the Data Subject or make the Personal Data of the Data Subject unidentifiable in accordance with the format and standards for the deletion and destruction of Personal Data that the Board of Directors or the law will promulgate or in accordance with international standards. However, in the event of a dispute, Exercise of rights or lawsuits related to the Personal Data of the Data Subject; The Company reserves the right to retain such information until the dispute is finally ordered or adjudicated.
The Company will delete or destroy personal information in the following ways
– Upon expiration of the retention period of personal data. The Personal Data Protection Team will monitor and verify the end of the period. The matter is sent to the Data Protection Officer for consideration and approval of destruction.
– When the Data Subject exercises the right to request deletion or destruction of Personal Data. The Data Protection Officer will consider and approve the destruction.
Once the Data Protection Officer approves the destruction. The Personal Data Protection Task Force will then delete or destroy it. In the event that the data stored in document form is destroyed by means of a shredder, or in the case that the data stored in electronic form is deleted from the system and from the network drive, or the Personal Data of the Data Subject is made unidentifiable, unless the Company can continue to retain such Personal Data in accordance with the Personal Data Protection Act or other laws. Related Determination.
Once the removal or destruction has been carried out, The Personal Data Protection Task Force will notify the result of deletion or destruction to the Personal Data Protection Officer and attach evidence of destruction.
- Provision of services by third parties or subcontractors.
The Company may assign or procure third parties. (Personal Data Processor) to Such third parties may offer services in various ways, such as hosting, outsourcing, or cloud computing service/provider, or other forms of outsourcing.
The Company has established criteria for selecting third-party service providers, which will be based on 5 components: (1) Organization, such as the size of the organization; Experience, Reputation (2) Operations, such as having an information security policy. Have a plan in place to deal with abuse or attacks. (3) data, such as policies and practices for data sharing and retention; (4) Access to data, e.g., verification of data access rights (5) Compliance with laws, such as the establishment of a personal data protection policy. Processing activities are recorded (RoPA), consent from the data subject is requested, and other policies or procedures related to compliance with personal data protection laws are in place.
Outsourcing to a third party to process personal data as a processor of that personal data. The Company will provide an agreement specifying the rights and obligations of the Company as the Data Controller and of the person designated by the Company as the Data Processor, including specifying the types of Personal Data assigned by the Company to be processed, including the purpose. The Personal Data Processor is only responsible for processing Personal Data to the extent specified in the Agreement and in accordance with the Company’s instructions, and cannot process it for any other purpose.
In the event that the Data Processor has assigned a sub-service provider (subprocessor) to carry out the processing of the Personal Data on behalf of or on behalf of the Data Processor. The Company will direct the Personal Data Processor to provide an agreement document between the Personal Data Processor and the Sub-Processor in a format and standard that is not lower than the agreement between the Company and the Personal Data Processor.
- Retention of Personal Data and Security of Personal Data
The Company has measures to retain personal data by maintaining the accuracy of personal data. It is current, ready to use, and will prevent it from being lost or destroyed.
The Company has measures to protect personal data by restricting the right of access to personal data to be accessed by specific officials or authorized or assigned persons who need to use such information only for the purposes that have been notified to the data subject, and such persons must strictly adhere to and comply with the Company’s personal data protection measures, as well as be responsible for maintaining the confidentiality of personal data that they perceive from the operation of their authority and duties.
In addition, when the company sends Transfer or disclose personal data to third parties, whether for the purpose of providing services in accordance with our mission, contract, or other agreements. The Company will establish appropriate personal information security and confidentiality measures in accordance with the law. To confirm that the personal data collected by the Company is always secure and secure.
- Connecting to External Websites or Services
The Company’s services may contain links to third-party websites or services, which may post personal data protection policies that differ from this policy. The Company recommends that the Data Subject study the Personal Data Protection Policy of the website or service for details before accessing, however, the Company is not involved in and has no control over the personal data protection measures of such website or service and cannot be responsible for the content. policies, damages, or actions arising out of third-party websites or services.
- Data Protection Officer
The Company has appointed a Personal Data Protection Officer to monitor, supervise and advise on the collection, use or disclosure of Personal Data, including coordinating and cooperating with the Office of the Personal Data Protection Commission to comply with the Personal Data Protection Act B.E. 2562 (2019).
- Rights of Data Subjects under the Personal Data Protection Act, B.E. 2562 (2019)
The Personal Data Protection Act B.E. 2562 (2019) stipulates a number of rights of data subjects.
- Right to Request Access to Personal Data The Data Subject has the right to request access, receive a copy of, and request disclosure of the source of the Personal Data collected by the Company without the consent of the Data Subject. Except in cases where the Company has the right to refuse the request of the Data Subject due to legal reasons or court order, or in cases where the exercise of the rights of the Data Subject will have an impact that may cause damage to the rights and freedoms of other persons.
- The right to request correction of personal data to be accurate, complete, and up-to-date if the data subject finds that the personal data of the data subject is inaccurate. Incomplete or not current. The Data Subject has the right to request correction to ensure accuracy. It is current, complete, and non-misleading.
- Right to Delete or Destroy Personal Data The Data Subject has the right to request the Company to delete or destroy the Personal Data of the Data Subject or to make the Personal Data of the Data Subject deleted. The person who is the subject of the personal data cannot be identified. The exercise of the right to delete or destroy data This individual must be subject to the conditions required by law.
- Right to request the suspension of the use of personal data The Data Subject has the right to request the suspension of the use of the Personal Data of the Data Subject in the following cases
- When the Company conducts an audit at the request of the Data Subject, the information shall be corrected. Personalization to be accurate, complete, and up-to-date.
- The personal data of the data subject is unlawfully collected, used, or disclosed.
- When the Personal Data of the Data Subject ceases to be necessary to retain the data for the purpose notified by the Company in collection, but the Data Subject wishes the Company to continue to retain the data for the exercise of legal rights.
- When the Company is proving the legitimate grounds for collecting the Personal Data of the Data Subject or investigating the need to collect, use or disclose personal data for the public interest. Use or Disclosure of Personal Information
- Right to object to the processing of personal data The Data Subject has the right to object to the collection, use or disclosure of Personal Data relating to the Data Subject, except in the case where the Company There are legitimate grounds for refusing the request (e.g., the Company can show that the collection, use, or disclosure of the Personal Data of the Data Subject is more lawful or for the establishment of a legal claim). Compliance or exercise of legal claims or for the public interest of the Company)
- Right to withdraw consent in case the Data Subject has given consent to the Company to collect ( regardless of whether such consent is given before or after the Personal Data Protection Act B.E. 2562 (2019) comes into force), the Data Subject has the right to withdraw consent. At any time during the period during which the Data Subject’s Personal Data is retained by the Company, unless there is a restriction of rights by law that requires the Company to continue to retain the data or there is still a contract between the Data Subject and the Company that provides benefits to the Data Subject.
- Right to Request, Transmit or Transfer Personal Data Data Subjects have the right to request information. The personal data subject from the Company in a form that can be read or used in general with an automated tool or device, and can use or disclose personal data by automated means, and may request the Company to send or transfer the data in such form to another data controller. The exercise of this right must be subject to the conditions prescribed by law.
- Penalties for Failure to Comply with the Personal Data Protection Policy
Failure to comply with the policy may result in an offence and disciplinary action according to the company’s rules. (for officers or employees of the Company) or in accordance with the Personal Data Processing Agreement. This is according to the case and the relationship that the Data Subject has with the Company and may be subject to penalties as prescribed by the Personal Data Protection Act B.E. 2562 (2019) as well as secondary laws. Relevant Rules, Regulations, and Orders.
- Complaints to the Supervisory Authority
In the event that the Data Subject finds that the Company has not complied with the Personal Data Protection Act. The Data Subject has the right to lodge a complaint with the Personal Data Protection Committee or a supervisory authority appointed by the Personal Data Protection Committee or in accordance with the law. Prior to such complaints, the Company requests the Data Subject to contact the Company so that the Company has the opportunity to know the facts and clarify various issues, including resolving the concerns of the Data Subject.
However, If there is a breach of personal data, the Company will notify the supervisory authority and the data subject of such breach within the period prescribed by law.
- Effects of Withdrawal of Consent
The withdrawal of consent to the processing of personal data will not affect the processing of personal data that the Company has already processed before the withdrawal of consent.
In case of withdrawal of consent at the will of the Data Subject. This affects the restriction on offering products/services. Any transactions and/or legal acts of the Company towards the Data Subject. In such a case, the company will be free from any damages. Due to the withdrawal of such consent.
- Amendments to the Personal Data Protection Policy
The Company may consider amending, amending or changing this Policy as it deems appropriate and will notify the Data Subject through the Company’s website. The effective date of each amendment is indicated. However, the Company recommends that the Data Subject should check regularly to be aware of the new policy through the application or channels specific to the activities carried out by the Company, especially before the Data Subject does so. Disclosure of Personal Data to the Company.
Access to the Company’s products or services after the implementation of the new policy is an acknowledgment of the agreement in the new policy. Please stop accessing the data if the data subject does not agree with the details. Please contact the Company to clarify the facts.
- Inquiries or Exercise of Rights
If the Data Subject has any doubts: Suggestions or concerns about the collection, use and disclosure of personal data of the Company or this policy, or the data subject wishes to exercise their rights under the Personal Data Protection Act. Data subjects can contact the.
- Data Protection Officer (DPO)
– Contact Address: 51 Major Tower Rama 9 – Ramkhamhaeng 14th Floor Rama 9 Road, Bangkok
– Contact Us: dpo@tatcorp.co.th
– Phone: 02-026-6424 Ext. 914
- Data Controller
– Name: TAT Corporation Public Company Limited
– Contact Address: 51 Major Tower Rama 9 – Ramkhamhaeng 14th Floor Rama 9 Road, Bangkok
– Contact Us: info@tatcorp.co.th
– Phone: 02-026-6424
Effective from August 1, 2024 onwards.