AC Machinery Private Limited ("Company"), as the Data Controller, is committed to protecting your personal data. This Privacy Policy is created to inform you, as the Data Subject, about the purposes for which the Company collects and uses your personal data. The Company complies with its legal obligations to collect, use, and disclose personal data only as necessary and in accordance with applicable laws. The Company affirms that it acts in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) to safeguard your personal information.
Personal Data the Company Collects
"Personal Data" refers to any information relating to an individual that enables the identification of that individual, either directly or indirectly, such as name, surname, address, email, or national ID number.Sensitive Personal Data, as defined by law, may also be collected, including.
1.Biometric data such as fingerprints, facial recognition data, or other biometric identifiers.
2.Sensitive data appearing on identification or legal documents, such as religion or ethnicity stated on a copy of the national ID card.
3.Criminal record information.
Sensitive personal data will only be collected, used, disclosed, and/or transferred to another country where the Company has received your explicit consent or where permitted by law.
Types of Personal Data Collected
The Company collects necessary personal data depending on the relationship between you and the Company, as follows:
1.Directly from you: Through services such as registration, job applications, website use, and communication, including details such as title, name, surname, date of birth, signature, government-issued documents (e.g., ID card, government employee ID, driver’s license), name-change documents, voice recordings from phone calls, CCTV footage, occupation, position, job details, business type, contact details, address (ID-registered and current), phone number, email, emergency contacts, financial data such as account statements, income level, debts, bankruptcy status, contracts, loan applications, and product/service usage data.
2.Via other service channels: When you contact the Company at its premises or through any other controlled contact channel.
3.From website and service usage: Including cookies or software used on your devices to track user behavior on our websites or services.
4.From third parties: Such as guarantors, attorneys, employees, or other individuals with a legal or consent-based reason to provide your information to the Company. If you provide third-party data to the Company, you are responsible for informing them about this Privacy Policy and obtaining their consent if necessary.
Purpose of Collecting, Using, and Disclosing Personal Data
The Company may collect, use, and disclose your personal and sensitive personal data for the following purposes
1.With your consent, for purposes such as marketing communications, advertising, special offers, promotions, and product/service presentations.
2.Use of sensitive personal data for purposes such as
- Verifying your identity via religion or ethnicity appearing on documents, though the Company does not intend to use this information beyond identification.
- The Company may redact or request you to redact such sensitive data from relevant documents.
ทั้งนี้ บริษัทฯ จะดำเนินการขีดฆ่าหรือปิดทับข้อมูลในส่วนของข้อมูลส่วนบุคคลที่มีความอ่อนไหวของท่าน (เช่น ศาสนา เชื้อชาติ) ที่ประกฏอยู่บนเอกสารระบุตัวตน หรือเอกสารประกอบการทำธุรกรรม และ/หรือนิติกรรมสัญญา โดยบริษัทฯ อาจดำเนินการดังกล่าวด้วยตนเองโดยไม่จำเป็นต้องแจ้งให้ท่านทราบ หรือบริษัทฯ อาจขอให้ท่านเป็นผู้ดำเนินการขีดฆ่าหรือปิดทับข้อมูลในส่วนของข้อมูลส่วนบุคคลที่มีความอ่อนไหวด้วยตนเอง
Legal Bases for Processing Personal Data
The Company processes your personal data based on lawful bases as stipulated by the PDPA, depending on the nature of the relationship with you. The purposes include
1.Contractual necessity: To carry out transactions or agreements, deposit processes, loan applications, outsourcing services, and transfer of claims.
2.Communication: For requests for additional information, appointments, contract signing, or debt notifications.
3.Marketing and communication: For advertising, promotions, and customer outreach.
4.Business improvement: For market research and evaluation.
5.Legal compliance: To comply with legal procedures or orders from authorities, including international legal obligations.
6.Legitimate interest: For security, fraud prevention, compliance checks, internal policy enforcement, CCTV monitoring, reporting crimes, and risk assessment.
7.Risk prevention: For identity verification, compliance with anti-money laundering laws, cybersecurity, debt and contract violations, and maintaining business integrity.
8.Business transactions: Such as mergers, acquisitions, business transfers, or restructurings.
9.Vital interests: To prevent or suppress harm to life, body, or health.
10.Other legal purposes as needed in accordance with the Company's operations.
Refusal to provide necessary data may affect the Company’s ability to provide services partially or entirely.
Disclosure or Sharing of Personal Data
1.The Company may disclose data to data processors involved in activities like equipment insurance. These processors must maintain data confidentiality and comply with Thai data protection law.
2.The Company does not disclose personal data to third parties unless required by law or authority with legal powers (e.g., for law enforcement, legal claims, or fraud prevention).
Data Retention and Securit
1.Storage: Data is stored in the Company’s information systems with appropriate security measures, such as:
- Access restrictions for authorized personnel only;
- Use of technological safeguards against unauthorized access;
- Data destruction when no longer needed;
- Breach response protocols and mandatory reporting to the PDPC (Personal Data Protection Committee) as required by law.
2. Unauthorized access prevention:
- Restricted access to online systems, fax responses, and email documents, with password protection and limited personnel access.
3. Retention period:
- Data is retained only as long as necessary for service purposes and legal compliance.
- The standard retention period is 10 years, unless otherwise required by law or justified by risk and usage factors.
Your Rights as a Data Subject
Under the PDPA, you have the following rights:
1. Right to withdraw consent at any time;
2. Right of access to your personal data and to request copies;
3. Right to rectify inaccurate or incomplete data;
4. Right to erasure under certain conditions;
5. Right to restrict processing of your data;
6. Right to data portability, to transfer your data to another controller;
7. Right to object to certain data processing activities.
To exercise your rights, please contact the Company usingthe contact information provided. The Company will respond within 30 daysand, in case of rejection, will provide a reason in accordance with the PDPA.
.png)