Personal Data Protection Policy
For Third Party
Varuna (Thailand) Company Limited (hereinafter referred to as “we,” “us,” “our,” “ours”, “Varuna” or “Company”) recognize the importance of the protection of your personal data. Therefore, we have issued our Personal Data Protection Policy (“Policy”) in order to prescribe the process of data collection, storage, usage and disclosure, also including other rights of the Data Subject under Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). Company would like to announce this Policy with the following:
1.Definition
“Personal Data” means any information relating to a person which enables the identification of such person, whether directly or indirectly, but not including the information of deceased persons in particular.
“Sensitive Personal Data” means any information relating to a particular person which is sensitive and presents significant risks to the person’s fundamental rights and freedoms, which includes data regarding racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, or any data which may affect the Data Subject in the same manner, as prescribed by the Personal Data Protection Committee.
“Personal Data Protection Committee” means the Committee appointed under the PDPA, in charge of the duties and authorities to govern, issue criteria or measures or provide any other guidance as prescribed by the PDPA.
2.Application of this Policy
This Policy applies to you if you are (i) a natural person who is our business partner or sells products or provides service(s) to Varuna (Thailand) Company Limited, or (ii) a contact person or authorized representative of the entity who is our business partner or sells products or provides service(s) to Varuna (Thailand) Company Limited (collectively referred to as, “Third Party”).
3.Collection of Personal Data
Company shall collect your personal data within the purpose, scope, and lawful and fair methods as is necessary which is defined hereinbelow. In case the Company needs to collect sensitive data, the Company shall request explicit consent from you before such collecting, except for when this is allowed by the PDPA, or other laws.
In general, Company will collect and process the following categories of your Personal Data:
| Category of Personal Data | Example of your Personal Data |
|---|---|
| Identification and contact information |
Full name, e-mail address, telephone number, mobile phone number, date of birth, address, identification card number, passport number, data contained in the identification card and passport |
| Finance information |
For example, your bank account number, bank account information, and information of payment evidence |
| Work Information |
Your resume, CV, biography, professional background, educational background, language proficiency, position, company’s name, etc. |
| Sensitive Personal Data |
Your data related to the COVID-19 vaccination status and COVID-19 test result may also be collected by us. We may also collect your Sensitive Personal Data that appear on the copy of your identification card, i.e., your religious belief and/or blood type. However, we do not have an intention to process such Sensitive Personal Data; therefore, we will require you to omit, blind or cross out the information about religious belief and/or blood type before providing a copy of your identification card to Varuna (Thailand) Company Limited. |
In the case where we will collect the Personal Data other than those proscribed in this Policy, we will inform you about the collection or the processing of the Personal Data and may request for your consent (if required), in accordance with the conditions prescribed by the PDPA.
4.Methods for the collection of your Personal Data
In general, we will collect the Personal Data directly from you; however, in the case where it is necessary for us to collect your Personal Data from other sources, we will ensure that your Personal Data will be collected and protected in accordance with the PDPA.
5.Purpose of Collecting and Usage of Personal Data
In general, we will process your Personal Data for the following purposes:
| Purposes | Type of Personal Data | Legal Basis |
|---|---|---|
|
To enter into an agreement or establish a legal relationship between Varuna (Thailand) Company Limited and you or the legal entity of which you were authorized to represent |
• Identification and contact information • Finance information • Sensitive Personal Data, i.e., religion and/or blood type data in the Thai identification card (if required) Remark: If you do not provide any Personal Data that is necessary for entering into an agreement with you or the legal entity you represented, we may not be able to proceed to enter into an agreement with you or such entity. |
• Legitimate interest (for corporate Third Party, to prepare documents for entering into an agreement) • Contractual Obligation (for individual Third Party, to proceed with your request to enter into a contract) • Explicit consent (for the processing of Sensitive Personal Data before or when we enter into a contract with you) |
|
To execute and perform the obligations under the agreement with you or the legal entity of which you were authorized to represent |
• Identification and contact information • Sensitive Personal Data, i.e., religion and/or blood type data in the Thai identification card (if required) Remark: If you do not provide any Personal Data that is necessary for the execution and performance of our obligations under the agreement with you or the legal entity which you were its authorized representative, we may not be able to execute or perform our obligations as specified under the agreement, either in whole or in part. |
• Legitimate interest (for corporate Third Party) • Contractual Obligation (for individual Third Party) • Explicit consent (for the processing of Sensitive Personal Data) |
|
To assess and determine qualification, suitability, and eligibility of the individual Third Party for engagement with Varuna (Thailand) Company Limited |
• Identification and contact information • Work information • Sensitive Personal Data, i.e., religion and/or blood type data in the Thai identification card (if required) Remark: If you do not provide any Personal Data that is necessary for assessment and determination of your qualification, we may not be able to determine your eligibility to engage you. |
• Legitimate interest • Explicit consent (for the processing of Sensitive Personal Data) |
|
To open vendor account and proceed for payment For example, to create and record vendor code/account, to communicate with the Third Party, to proceed payment to Third Party, to record and adjust details of account payable |
• Identification and contact information • Work information • Sensitive Personal Data, i.e., religion and/or blood type data in the Thai identification card (if required) Remark: If you do not provide any Personal Data that is necessary for assessment and determination of your qualification, we may not be able to determine your eligibility to engage you. |
• Legitimate interest (to create and record vendor code/account for the Third Party, to communicate with the Third Party, to record and adjust details of account payable, and to proceed with payment for corporate Third Party) • Contractual Obligation (to proceed with payment for individual Third Party) • Explicit consent (for the processing of Sensitive Personal Data) |
|
To process your Personal Data and health-related data (COVID-19 vaccination status, and COVID-19 test result) when you visit/access our premise in order to comply with our internal policy, for our safety, and for prevention of COVID-19 pandemic and public health |
• Identification and contact information • Sensitive personal Data (i.e., COVID-19 vaccination status, COVID-19 test result) |
• Legitimate interest (for processing of Personal Data) • Explicit consent (for processing of Sensitive Personal Data) |
|
To comply with applicable laws Varuna (Thailand) Company Limited may be required to process your Personal Data for complying with laws, regulations, orders, notifications, or other rules issued by authorities. For example, • Authorize to proceed or coordinate, or to submit any required information and documents to the government agencies in order to comply with the applicable law • Arrange to comply with our tax obligations and to submit the required documents to the Revenue Department • To proceed with customs clearance process and import/export related matters |
• Identification and contact information • Finance information • Sensitive Personal Data, i.e., religion and/or blood type data in the Thai identification card (if required) Remark: If you do not provide any Personal Data that is necessary for compliance with the law, which is applicable to Varuna (Thailand) Company Limited, we and/or you may be unable to comply with the laws, and that may affect the necessary processing of your Personal Data as well as may result in the violation of applicable law. |
• Legitimate interest (to arrange to comply with Varuna (Thailand) Company Limited’s tax obligations and to proceed with customs clearance process and import/export related matters for Varuna (Thailand) Company Limited. • Legal obligation (Section 24 (6) of the PDPA for the processing of Personal Data, and Section 26 (5) of the PDPA for the processing of Sensitive Personal Data) |
|
To establish, exercise, comply or defend legal claims Your Personal Data may be processed as part of the establishment, exercising, compliance or defense of legal claims. |
• Identification and contact information • Finance information (if required) • Sensitive Personal Data, i.e., religion and/or blood type data in the Thai identification card (if required) |
• Legitimate interest • Establishment of legal claims (for the processing of Sensitive Personal Data) |
In the case where we will process your Personal Data for purposes other than those prescribed in this Policy, which has been informed you, we will inform you about such additional processing of the Personal Data, and/or arrange to obtain your consent, if required by the applicable law.
6.Personal data disclosure
Company shall not disclose your Personal Data without your consent unless it is solely for the above mentioned purposes which rely on other lawful basis.
In processing Personal Data for the above purposes, it may be necessary for us to disclose your Personal Data to third parties, as follows:
(a). to any of Varuna (Thailand) Company Limited affiliates or group companies, domestically, for internal management and administration work, to perform our contractual obligations, and for other purposes as identified in this Policy;
(b). to external legal counsels in the case of legal proceedings and legal execution;
(c). to general counsels, advisors, auditors, and other experts;
(d). to other third-party vendors, suppliers, or service provider, who provide services to us;
(e). to local commercial banks;
(f). to any competent regulatory, prosecuting, tax or governmental agencies, courts or other tribunals in any jurisdiction, including, without limitation, Customs Department, and Revenue Department;
(g). to any other persons or entities to whom Varuna (Thailand) Company Limited is required to make disclosure by applicable law and regulations. Also, we may disclose it by virtue of laws, such as requests for the purposes of litigation or prosecution, or requests made by the private sector or other persons involved in the legal proceedings, or whom we are permitted by you to disclose your Personal Data; and/or
(h). to prospect buyer in case of merger or acquisition of Varuna (Thailand) Company Limited.
7.Retention of the Personal Data
Varuna (Thailand) Company Limited retains your Personal Data for as long as is required in order to fulfil our contractual obligations under the agreement with you. In general, Varuna (Thailand) Company Limited will retain your Personal Data for ten (10) years after the cessation of our contractual relationship or our last communication.
For Finance Information, it will be trained only for five (10) years from the date that the accounts are closed.
Notwithstanding the above, we may retain your Personal Data longer than the above period, only as otherwise permitted or specified by the applicable law.
8.Direction of Personal Data Protection
Company shall establish measures including for the security of Personal Data in accordance with the laws, regulations, rules, and guidelines regarding the personal data protection for employees and other relevant persons. Company shall promote and encourage employees to learn and recognize the duties and accountabilities in the collection, storage, usage, and disclosure of personal data. All employees are required to follow this policy and all guidelines regarding personal data protection in order for the Company to remain in compliance with the PDPA accurately and effectively.
9.Rights of Data Subject
You are entitled to request any actions regarding your Personal Data as per the following:
Right to withdraw consent, or to request a change to the scope of your consent; however, any consent which was obtained earlier shall not be affected.
Right to request that we confirm to you whether we have in possession any Personal Data that is related to you; and right to access; to request access to and obtain a copy of the Personal Data related, including to request the disclosure of the acquisition of the Personal Data obtained without your consent.
Right to rectification or update any Personal Data that is related to you.
Right to request that we erase or destroy, or de-identify your Personal Data;
Right to restriction of processing of your Personal Data.
Right to request that we transfer your Personal Data in a format which is generally readable or usable by automatic device or tool.
Right to object the processing of your Personal Data.
Right to file a complaint in relation to our processing of your Personal Data with the Personal Data Protection Commission, in accordance with the procedures set out in the PDPA.
You may request these rights by sending a notice or submitting Company electronics form set by the Company to the channel following the Contact Information of this policy.
Company shall consider the right request received and inform the Data Subject without undue delay, but not exceeding 30 days from the date of receiving the request to access, or to access and obtain a copy of the Personal Data related, or to request the disclosure of the acquisition of the Personal Data obtained without the Data Subject’s consent. However, the Company may deny such a right subject to exception by applicable laws. And as far as permitted by the applicable law and regulations, we may be entitled to charge reasonable expenses incurred in respect to handling any of the above requests.
10.Review and Changes of Policy
Company may review this policy to ensure that it remains in adherence to laws, any significant business changes, and any suggestions and opinions from other organizations. Company shall review the amended policies thoroughly before implementing all the changes and announce on its website: https://www.varunatech.co/
In the event that the amendment, change, or update will affect the purposes for which your Personal Data has originally been collected, we will notify you about such changes, and obtain your consent (if required by law), prior to such changes becoming effective.
11.Contact Information
If you have any inquiries in relation to your Personal Data, or you would like to exercise any of your Data Subject Rights, you may contact us at:
Varuna (Thailand) Company Limited
Bhiraj Tower at Sathorn Building C. Unit no. 33,31 31/1 S Sathorn Road, Yannawa, Sathorn,
Bangkok 10120, Thailand
Email Address: [email protected]
Contact details of our Data Protection Officer (DPO)
Contact details: Nartsupee Chankao ([email protected])
(Panunya Charoensawadpong)
Varuna (Thailand) Company Limited
Varuna (Thailand) Company Limited Co-Founder
This Policy shall take effect from June 1, 2022, onwards.