Privacy Policy For Business Partner

YKK (Thailand) Co., Ltd. (hereinafter referred to as the “Company”, “we”, “us”, or “our”) recognises the importance of personal data in order to comply with the Personal Data Protection Act B.E. 2562 (“Applicable Law”). We have established this privacy policy for business partner (“Policy”) to inform our current and prospective business partners and relevant stakeholders, of our purpose of collecting, using, disclosing and/or transferring your Personal Data, and to inform you of your rights relating to your Personal Data.

The Company is committed to ensure that your Personal Data is processed in accordance with the Applicable Law and other regulations in the jurisdictions in which we operate. If you provide any Personal Data to us, you understand we will only collect, use, disclose and/or transfer your Personal Data in accordance with this Policy. You do not have to provide all the requested Personal Data to us, however where the Personal Data we collect is necessary or legally required in relation to our potential and existing relationship with you, if you do not agree or provide the Personal Data when requested, it may affect our ability to conduct and carry out business transaction with you.

For the purposes of this Policy, “Business Partner”, includes, without limitation, employees, authorised persons, authorised signatories, directors, shareholders and other personnel of our business partners (e.g., authorised dealers, suppliers, vendors, service providers, construction contractors, agents from banks, securities and insurance companies), and third parties whose information you have provided to us (collectively referred to as “you” or “your”).

“Personal Data” means any information relating to a Person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular.

“Sensitive Data” means Personal Data which is considered to be sensitive as defined by the Applicable Law.

The Policy applies to any online or offline communication channels where we collect your Personal Data, whether face-to-face inside or outside of the Company’s premises (e.g., offices, factories, events), by phone, or online via emails or social media platforms, and other channels related to any of our business operations.

WHAT PERSONAL DATA WE COLLECT

We collect your Personal Information for the primary purpose of conducting business with you or to perform due diligence checks before we agree to the business transaction. We may also use your Personal Data for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

Examples of Personal Data we may collect are as follows: –

• Personal identification and financial details, such as name, surname, title, age, gender, geographic location, date of birth, nationality, marital status, financial status, educational and professional information, signature (including electronic signature), photos, national identification card/ passport number, driving license number, vehicle-related information, taxpayer identification number, bank account and payment information, credit card details, details relating to lands that you own (e.g., land rights certificate number), business partner’s identification number and information, number of shares held, securities holder registration number, and/or CCTV records (refer to our ‘Privacy Policy on CCTV use’);
• Contact details, such as phone numbers, facsimile number, address(es), email address(es), postal code, social media account information (e.g., LINE ID, Facebook account etc.), and/or other information-related to social networking sites;
• Business transaction and compliance details, such as beneficial ownership information and due diligence information, information that you have given to the Company (as appeared in agreement, form or survey), transactional information between you and the Company (e.g., lease agreement or purchase and sale agreement, contractor agreement, consultancy agreement, tendering or bidding document, pricing strategy), information relating to purchase and sale transaction with related person/third party, product type, budget type, disbursement budget, expense details, traveling expense, date of purchasing product/service, amount of products/services purchased, number of disbursement items, budget, headquarter number, document number, project name, registered company, creditors, branch, area and payment terms, computer data (e.g., IP address), vendor and service provider status inspection results, information from the terms of reference or scope of tendering/ bidding/ procurement, report of interests, incident report, litigation information, details of quotation in procurement project, annual vendor/service provider evaluation report and/or construction details for each project;
• Information of your related person, such as identified information of your parent, spouse and/or children, and about your employees and other third parties related to you;
• Sensitive Data, such as religious or other beliefs, racial or ethnic origin, biometric data (e.g., fingerprint, facial recognition), and information about trade unions and political opinions/ membership. This information will only be collected from you in limited circumstances where necessary.

If you provide Personal Data of any third party such as spouse, children, emergency contact or referral person, you represent and warrant that you have the authority to do so by (i) informing such other persons about this Policy; and (ii) obtaining consents (where necessary or required by laws) to permit us to collect, use, and/or disclose such Personal Data in accordance with this Policy. Additionally, we will only collect Sensitive Data from you in limited circumstances and where necessary.

HOW WE COLLECT YOUR PERSONAL DATA

The Company may collect your Personal Data through multiple channels including but not limited to:

• Directly from you – for example, when you conduct business with us, sign an agreement, during meeting and business activities with you, or when you fill out a form during interactions with us, including interactions through our online platforms, website or mobile application, communication via email, phone, survey and/or postal;
• Indirectly from other sources – such as from other business partners, alliances or service providers that you work for, represent or act as agent, from affiliated companies and subsidiaries under YKK Corporation, governmental agencies and/or other publicly available sources.

THE LEGAL BASES THAT WE MAY RELY ON AND OUR PURPOSES FOR THE COLLECTION, USE, AND/OR DISCLOSURE OF YOUR PERSONAL DATA

The Company will collect, use and/or disclose your Personal Data based by relying on legitimate interest, contractual basis, legal compliance, consent and/or other legal bases permitted under the Applicable Law. Accordingly, depending on the context of the interactions and your relationship with us, we may collect, use and/ or disclose your Personal Data for the following purposes:

1. For selection of Business Partners, such as to register, authenticate, verify, record and evaluate information provided; to assess suitability, qualifications and risks (e.g., for verification of public information from law enforcement agencies and/or the Company’s blacklist record);
2. For business purposes and communication, such as to manage the contractual relationship with you; to prepare quotations and/or bidding offer; to execute contracts; to perform business transactions and fulfil any obligations and/or requests made by you (e.g., prepare purchase orders/ purchase requests); to communicate with you about products, services and/or projects of the Company or by Business Partners (e.g., communication via document, response to questions, requests or operational progress report);
3. For business operation and relationship management, such as to keep your Personal Data up-to-date; to maintain the accuracy of Personal Data; to keep Agreements, other reference documents and evidence of the work of Business Partners which may mention you; to plan, operate and manage contractual relationships and rights with you (e.g., to appoint, withdraw or authorise Business Partners to engage in transaction and order products or services, process payment, conduct activities relating to accountancy, audit, invoice issuance, management of product and service delivery); to invite you to participate in any appropriate Company’s events; to manage your requests or complaints; and to continuously improve our relationship support and management;
4. For marketing purposes, such as to inform you about information which may be useful, such as, but not limited to, activities, new product and service offers, product and service price negotiation and survey;
5. For Business Partner information management, such as to compile list of business partners, record data in our internal system and update the list and directory of business partners; to store and manage Agreements and relating documents which may contain your personal data;
6. For compliance with internal policies, Applicable Law and legal obligations, such as, where the Company has reasonable grounds to comply with guidelines (such as to apply for business licenses as required by law), and to coordinate and/or communicate with government authorities, Courts and/or other relevant law enforcement agencies (such as the Revenue Department, the Royal Thai Police Headquarter and the State Audit Office etc.) with regards to any investigation proceedings or crime/fraud prevention and/or establishment of legal claims;
7. For protecting our interests, such as, to protect the security and integrity of our business and affiliated companies and subsidiaries under YKK Corporation; to exercise our rights and protect our interests where it is necessary and lawful to do so – for example to detect, prevent and proceed with matters in relation to any corruptions, intellectual property infringement claims or violations of law; to manage and prevent loss of our assets; to detect and prevent misconduct within the Company’s premises; to secure the compliance of the terms and conditions of the Company; and to identify and prevent internal misconduct and incidents;
8. For providing security, such as, to prevent or suppress a danger to a person’s life, body, health, and/or asset; for control of situations such as contagious disease/ epidemic; to handle and investigate complaints and/or disputes; and to proceed on crime and fraud prevention; and
9. For managing risks: such as, to perform risk management, performance monitoring and risk assessments.

TO WHOM WE MAY DISCLOSE AND/OR TRANSFER YOUR PERSONAL DATA

The Company takes reasonable precautions to make sure that we keep your Personal Data secure and will not disclose and/or transfer it unless we have your permission or otherwise as necessary for the purposes set out in this Policy. We may disclose your Personal Data to the following categories of recipients: –

1. Our subsidiaries and affiliated companies – we are a subsidiary under YKK Corporation. We collaborate and/or partially share customer services and systems (i.e., service systems), and thus where necessary, we may need to disclose your Personal Data for the relevant purposes;
2. Governmental and/or regulatory agencies – we may be required to disclose your Personal Data, in the event of a critical incident or emergency and/or under certain circumstances as required or authorised by law, to government agencies, courts, tribunals, regulatory authorities, embassy, consulates, emergency services personnel and/or other relevant enforcement officers;
3. Other third parties – we may need to disclose your Personal Data to external service providers such as our contracted and professional services providers, professional advisors, lawyers, consultants, auditors and technicians, to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above.

CROSS-BORDER DATA TRANSFERS OF YOUR PERSONAL DATA

The Company is part of YKK Corporation which operates a global business, and thus your Personal Data may be disclose and/or transfer to any company under YKK Corporation, for the purposes set out in this Policy.

It may also be necessary for us to disclose your Personal Data to third parties located overseas in connection with the purposes set out above. We will obtain your consent for such disclosure and/or transfer unless there are other compelling legitimate bases or other cross-border mechanism as permitted by law for us to conduct without obtaining your consent. We will ensure that any such transfer of Personal Data will only be undertaken in compliance with the Applicable Law.

YOUR RIGHTS AS A DATA SUBJECT

Subject to Applicable law and exceptions thereof, you may have the following rights to:

1. Access: You may have the right to access or request a copy of your Personal Data we collect, use and/or disclose, or request that we disclose how we acquired your personal information;
2. Objection: You may have the right to object to our collection, use and/or disclosure of your Personal Data subject to the Applicable Law;
3. Rectification: You may have the right to request for rectification of incomplete, outdated, inaccurate or misleading Personal Data that we collect, use and/or disclose;
4. Restriction: You may have the right to restrict our use of your Personal Data in certain circumstances, including where you believe such Personal Data to be inaccurate; that our collection, use and/or disclosure is unlawful, or that we no longer need such Personal Data for a particular purpose;
5. Data portability: You may have the right to obtain your Personal Data we hold, in a structured, electronic format, and to transmit such data to another party (data controller), where this is personal information which you have provided to us or if we had collected, used and/or disclosed that data on the basis of your consent;
6. Withdraw consent: You may have the right to withdraw consent in certain circumstances, and for the purposes you have consented to our collection, use and/or disclosure of your Personal Data;
7. Deletion: You may have the right to request that we delete, destroy or anonymise your Personal data that we collect, use, and/or disclose, except we are not obligated to do so if we need to retain such Personal Data in order to comply with a legal obligation or to establish, exercise or defend legal claims;
8. Lodge a complaint: You have the right to lodge a complaint to the competent authorities if you believe that our collection, use and/or disclosure of your Personal Data does not comply with the Applicable Law. However, we ask that you contact us first about any complaints before contacting the relevant authorities so that we have an opportunity to address your complaints.

There may be cases where the law limits the exercise of any duties or rights above, or where we may appropriately or justifiably decline your request to your Rights mentioned above. For example, we may decline your exercise of such rights in order to comply with our legal obligations, for our legitimate and/or public interest, or if your exercise of such right violates any right or freedom of any other person. If your request is decline, we will notify you of the reason(s).

HOW LONG DO WE KEEP YOUR PERSONAL DATA

The Company will only retain your Personal Data for as long as reasonably necessary to fulfil our duties to achieve the objectives prescribed in this policy. We will remove your Personal Data from our systems and records when we are no longer permitted by the Applicable Law to store your Personal Data. In the event a judicial or disciplinary action is initiated, your Personal Data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by the Applicable Law.

SECURITY MEASURES TO MAINTAIN YOUR PERSONAL DATA

The Company maintains appropriate security measures in compliance with the Applicable Law. This includes administrative, technical and physical safeguards in relation to access control, in order to protect the confidentiality, integrity, and availability of Personal Data against any accidental, unlawful or unauthorised loss, alteration, correction, use, disclosure and/or access.

In particular, we have implemented access control measures to maintain the security of your Personal Data such as management administrative safeguards, technical safeguards and physical safeguards. And these include the following measures:

1. Control and restrict usage and security access to Personal Data, and the related devices that store and process the data;
2. Determination of permission or assignment of right to access Personal Data; and
3. User access management to control and restrict access to Personal Data such as access granted only to certain authorised employees.

OUR RIGHTS TO AMEND THE POLICY

The Company reserves the right to amend this Policy at any time, in its sole discretion and as it deems appropriate, to revise and update the Policy, for reasons such as when there is a change in the Company’s personal data protection practices, changes in technology and/or the Applicable Law. We will use reasonable endeavours to inform you in any appropriate methods, of any amendments to the terms or details of the Policy when it comes to effect.

OUR CONTACT DETAILS

If you have a question or complaint about this Policy and/or our privacy practices, or if you would like to exercise your Rights in relation to your Personal Data, please contact us at: –

Contact person: Ms. Jurairat Gotan
Address: 689 Moo 6, Sukhumvit k.m. 35, Bangpoomai, Muang District, Samutprakarn 10280
Contact number: 02-323-9041 (Ext. 132)
Contact email address: Jurairat_g@ykk.com