Customer’s Privacy Notice
MFEC Company Limited (the “Company”) assure that the Company respect the statutory rights as the data subject of you as our customer (the “Customer”); and represent to collect and use your personal data correctly and transparently only as necessary for the efficient provision of our services or performance of any obligations that the Company may have with the Customer. In particular, the Company commit to ensure the compliance of their personal data processing with the applicable personal data protections laws and the best information security measures
Objectives of this Privacy Notice
The Company intend to inform this Customer’s Privacy Notice (the “Notice”) to notify the Company’s necessity and conditions for the collection, use, and disclosure of the Customer’s personal data.
Acceptance of this Notice
When the Customer contact the Company for any inquiries via any of the Company’s channels that may include this Corporate Website or other channels; and when the Customer enter into an agreement and/or any transaction documentation with the Company, the Company shall deem that the Customer have accepted and acknowledged the terms and conditions of this Notice.
Change of this Notice
The Company may review and update this Notice from time to time to ensure its compliance with the relevant laws and regulations and scope of the Company’s services provided to the Customer. The Company will notify the Customer of the amended Notice by announcing the updated Notice via Company’s communication channels.
Definition and Scope of Personal Data
“Personal Data” means any information that is directly or indirectly personal identifiable in accordance with the definitions given under the Protection Data Protection Act B.E.2562, the amendment thereof and other relevant laws. For the avoidance of doubt, the Personal Data hereunder would also be referred to the Personal Data of the authorized representative of the corporate Customer (the “Representative”).
The Personal Data to be processed under this Notice shall include the process of the personal data of the individual Customer and the process of personal data of the authorized director and/or representatives who is authorized by the corporate Customer to contact with the Company.
Source of Personal Data
Personal Data being Processed
The Company would need to collect, use and process the following Personal Data of the Customer:
- Contact information including full name, contact information of the Representative (i.e., telephone number, email and contact address); and the Identification information of the Representative, for instance, a copy of identification card or passport;
- Personal Data of the Customer’s employees who will become the system or products users of the the Company which may including full name, telephone number, email address for user registration;
- Technical information that the Company’s systems may collect in connection with the use of electronic systems or of the device that the Customer uses to connect with the Company’s systems, including without limitation to the IP Address, browser type, username and password information and all the log-in logs;
- Other Personal Data that the Customer may submit to the Company during the communication made between the Customer and the Company that may include the complaint and feedback raised by the Customer; the request for any support from help desk; the Personal Data being submitted to participate in the Company’s campaign or event, including without limitation the identity documentation of the Representative or other persons that would be required for the travel reservation).
In case the Customer submit any Personal Data of any related personal under their supervision to the Company, upon the receipt of those Personal Data, the Company shall deem that the Customer represent their legitimate rights to share and disclose those Personal Data to the Company and therefore the Company shall be fully entitled to process those Personal Data pursuant to this Notice.
Objectives of the Personal Data Processing
All of the Personal Data of the Customer and the relevant persons shall be collected, used, and processed by the Company in order to serve the following purposes:
- To communicate; to give the relevant information; and to coordinate with the Customer throughout the process of the negotiation and conclusion of the transaction arrangement as well as the documentation preparation and execution;
- To perform any rights and obligations that the Company may have with the Customer under the agreement entered into, including the provisions of the installation, advisory or maintenance services, the payment confirmation, the delivery services; and any the performance of any other duties that the Company may have in any campaign or event that the Company may host for the Customer in accordance with any agreement to be made between the Company and the relevant Customer;
- To protect the Company’s legitimate right in case that the Company may need to enforce their right against the non-complying Customer as defined under the relevant agreement and in the legal proceeding;
- To improve the good relationship between the Company and the Customer from the individual or on the overall perspective, for instance: to plan the product and service development or improvement that would match the Customer’s interest and requirements; to train the Company’s employees; to manage the compliant and feedback made by the Customer; to prepare the internal audit process; or to prepare the Company’s report summarizing the business performance of the Company, both in the identifiable and non-identifiable statistic information of the relevant Customer;
- To serve any other particular purposes that the Customer may give specific consent to the Company to process, including without limitation to contact for marketing purposes.
Retention Period of the Personal Data
The Company may need to retain the Personal Data throughout the period of time that Company would need to serve the defined objectives under this Notice, in particular for the following retention period: (A) throughout the time that the Company still have the business relationship with the relevant Customer; (B) for the period of time necessary for the Company to protect our legitimate rights in the legal proceedings at the maximum prescription period of 10 years; (C) the period of time that the Company would have the legal obligations to perform; (D) for the period of time necessary for the business operation of the Company without causing excessive impact on the Customer’s rights; and (E) in case any Personal Data processing is executed with the consent granted, the Company would retain the Personal Data until the time that the Customer may withdraw their consent.
Disclosure of the Personal Data
Generally, the Personal Data will not be disclosed to any third party, except in these necessary circumstances that the Company may need to disclose and/or share the Personal Data to the following persons:
- To third-party service providers of the Company, including without limitation the Company’s affiliates, subcontractors, consulting company or audit company, being engaged by the Company to support the Company’s performance of any obligations or to support its business operation; provided that the Company shall disclose the Personal Data only on the necessary basis under the data processing agreement between the Company and such third-party service providers; and
- To any government authorities that the Company is obliged under the relevant laws or the judgement or order of government authorities to disclose such Personal Data to; provided that the Company shall only disclose Personal Data on the necessary to perform such statutory obligations solely.
In case that the Company will be disclosing or sharing the Personal Data to any person residing or operating in any country other than Thailand, the Company commits to do so in strict compliance with the Personal Data Protection Act B.E. 2562.
Customer’s Right as a Data Subject
The Company respect the Customer’s statutory rights as the data subject under the relevant laws that the Customer shall be entitled to exercise any of the following rights in accordance with the conditions in the applicable laws:
- Right to withdraw consent if the Customer have given the consent to the Company to collect, use and disclose the Personal Data (whether the consent received before or after the effective date of the relevant laws) at any time that the Company still possess the Personal Data;
- Right to request for access to Personal Data that are in the Company’s possession and request for the copy thereof;
- Right to request for data portability in case the Company storing such Personal Data in the format which is readable or commonly used by ways of automatic tools or equipment and request for data portability of such Personal Data to other data controller at any time unless the technical problems;
- Right to object to any processing of the Personal Data if the collection, usage, and disclosure of the Personal Data is processed for the legitimate interest and the Customer can prove that such process causes impact to the Customer’s fundamental rights;
- Right to request for the deletion or de-identification if the Customer believe that the Personal Data are collected, used and disclosed illegally; or the Company do not have any necessity to process their Personal Data or when the Customer exercise the right to withdraw the consent;
- Right to request the Company to suspend the Personal Data processing, in case the Company is in the process of reviewing the relevant request from the Customer relating to the Personal Data or in any circumstance that the Company have no further necessity to process such Personal Data;
- Right to request to rectify the Personal Data to be correct, updated and complete; and
- Right to complain to any authorities if the Customer believe that the collection, usage and disclosure of the Personal Data by the Company do not comply with the relevant laws.
The Customer may exercise those defined rights by completing the request form and submit to the Company via the designated channels; provided that it should be noted that certain request may be subject to legal restriction and in certain circumstances, the Company may reject or object to the rights requested and the Company shall notify the Customer of the legal justification.
Data Protection officer
The Company have appointed the Data Protection Officer (DPO) to supervise and monitor the Company’s operation regarding the collection, use and disclosure of the Personal Data to ensure the full compliance with the Personal Data Protection Act B.E. 2562 and other relevant laws.
In case the Customer have any inquiries about the Personal Data, please feel free to contact the Company at: