Vendor

NISSAN TRADING (THAILAND) CO., LTD.

Business Partner Privacy Policy
 

About this policy

Nissan Trading (Thailand) Co. Ltd. (the “Company”) recognizes the importance of the protection of our Business Partner ("You") Personal Data (the "Personal Data"). This Business Partnet Privacy Policy ("Privacy Policy") explains our practices regarding the collection, usage or disclosure of personal data including other rights of the Data Subjects in accordance with the Personal Data Protection Act B.E. 2562 (2019) (the “Personal Data Protection Laws”).
 

Sources of Personal Data

The Company collects your Personal Data that receive directly or indirectly from you as following:
 

●      Procurement assessment form

●      Procurement assessment process

●      Business Partner application form

●      Supporting documents for procurement assessment

●      Submission of information via the Company’s website

●      Contact via telephone

●      Contact via email

●      Contact via post

●      Google login

●      LINE login

●      LinkedIn login

●      Facebook login
 

The Company may collect your Personal Data that we can access from the other sources not directly from you such as search engines, social media, public websites, other company’s websites, government authorities, third parties, reference person, etc.
 

Type of Data Collected

Personal Data such as name, surname, age, identification card numbers, passport numbers, photo, etc.
 

Contact Data such as address, telephone number, fax number, email address, etc.
 

Account Data such as username, password, etc.
 

Proof of Identity Data such as copy of identification card, copy of passport, etc.
 

Photo or Video Recording Data such as photo recording via CCTV, etc.
 

Work and skill Data such as work permits, past work experience or project experience, etc.
 

Other information such as business card, portfolio, reference persons, any information which you provide to the Company during the business partner assessment process.
 

The Company may collect, use or disclose your sensitive Personal Data that is specially categorized by the laws when the Company has obtained explicit consent from you or where necessary for the Company as permissible under the laws. The Company may collect, use or disclose your sensitive Personal Data as following:
 

●      Racial

●      Ethnic

●      Political opinions

●      Cult

●      Religious or philosophical beliefs

●      Sexual behavior

●      Criminal records

●      Health data

●      Disability

●      Labor union information

●      Genetic data

●      Biometric data such as facial recognition, data, iris recognition data or fingerprint recognition data

●      Any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee
 

In case that Personal Data collected by the Company as specified above is necessary for the business partners selection process or any legal compliance. If you do not provide the Company with such necessary Personal Data, the Company may not be able to process your business partner application further.

Storage of Personal Data

The Company shall store your Personal Data as hard copy and soft copy.

The Company shall store your Personal Data by using the following systems:
 

●      Our server in Thailand

●      Our server outside of Thailand

●      Third-party server of service providers in Thailand

●      Third-party server of service providers outside of Thailand
 

Purpose of Personal Data

The Company shall use the collected Personal Data for various purposes:
 

●      Business Partner assessment and application procedures.

●      Create and manage the business partner account in the Company’s database.

●      Perform a contractual obligation between business partner and the Company.

●      Internal record and management of the Company.

●      Procedure for conducting background and qualification check.

●      Internal audit or investigation of the Company.

●      Monitor security in the Company’s area such as recording photo via CCTV and ID card deposit before entering into the building or area of the Company.

●      Comply with any related laws, government orders or regulations.

Disclosure of Personal Data

The Company may disclose your Personal Data to the following parties in certain circumstances.

• Organization Management
  The Company may disclose your Personal Data within our affiliate company only as necessary for the procurement assessment procedure or the purposes specified above.

• Law Enforcement
  Under certain circumstances, the Company may be required to disclose your Personal Data, if required by the laws or in response to valid requests by government authorities such as court or a government body.

• Business Partner
  The Company may disclose your Personal Data to the business partners in order to pursue the purposes of this Privacy Policy.

• Service Providers
  The Company may disclose your Personal Data to the service providers for the purposes as follows:

●      Document storage and destruction service

●      Security service

●      Criminal record and background checks service

●      Information technology service

●      Logistic service

●      Marketing service

●      Print media service

●      Professional services such as business consultant, technicians, auditor, legal firm, tax firm or any other advisors.

• Business Transfer
  In connection with any reorganizations, restructuring, merger or acquisition, or other transfer of assets, the Company shall transfer information, including certain your Personal Data, provided that the receiving party agrees to respect your Personal Data in a manner that is consistent with this Privacy Policy and Personal Data Protection Laws.

• Cross-Border Data Transfer
  The Company may disclose or transfer your Personal Data to third parties, organizations or servers located in foreign countries. The Company shall take steps and measures to ensure that your Personal Data is securely transferred, and the receiving parties have an appropriate level of Personal Data protection standard or as allowed by the laws.

Data Retention

The Company shall retain your Personal Data for as long as you are our or still in relationship as our business partners, necessary for the purposes set out in this Privacy Policy unless the laws require or permit longer retention period. The Company shall erase, destroy, or anonymize your Personal Data when it is no longer necessary or when the period lapses.

Data Subject Rights

Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:
 

1. Withdrawal of consent: If you have given consent to the Company to collect, use or disclose your Personal Data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your Personal Data available to the Company, unless it is restricted by the laws or you are still under beneficial contract.
    
2. Data access: You have the right to access your Personal Data that is under the company’s responsibility; to request the Company to make a copy of such data for you; and to request the Company to reveal as to how the Company obtain your Personal Data.
    
3. Data portability: You have the right to obtain your Personal Data if the Company organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the Company to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by us directly to other data controller unless not technically feasible.
    
4. Objection: You have the right to object to collection, use or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the Company, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
    
5. Data erasure or destruction: You have the right to request the Company to erase, destroy or anonymize your Personal Data if you believe that the collection, use or disclosure of your Personal Data is against relevant laws; or retention of the data by the Company is no longer necessary in connection with related purposes under this Privacy Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
    
6. Suspension: You have the right to request the Company to suspend processing your Personal Data during the period where the Company examines your rectification or objection request; or when it is no longer necessary, and the Company must erase or destroy your Personal Data pursuant to relevant laws but you instead request us to suspend the processing.

7. Rectification: You have the right to rectify your Personal Data to be updated, complete and not misleading.
    
8. Complaint lodging: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your Personal Data is violating or not in compliance with relevant laws.

Data Security

The Company endeavor to protect your Personal Data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard, and access controls.

Data Breach Notification

The Company shall notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, the Company shall also notify the personal data breach and the remedial measures to you without delay by email or telephone call (if applicable).

Changes to this Vendor Privacy Policy

The Company may change this Privacy Policy from time to time in accordance with our processing activities. Any changes of this Privacy Policy, the Company shall encourage you to frequently check on our website or internal communication.

Links to Other Sites

The purpose of this Privacy Policy is for our business partners only. Any websites from other domains found on our site are subject to their privacy policy which is not related to us.

Contact Information

If you have any questions about this Privacy Policy, please contact us every Monday - Friday on 09:00 - 17:00 through the following channels:

Address:             Nissan Trading (Thailand) Co., Ltd.
                            891/1 Siam Motors Building 10th,14th Floor, Rama I Road, Wang Mai,
                            Pathumwan, Bangkok, 10330, Thailand

Telephone:         02-216-2051-6 ext. 604 or 605

E-mail:                DPO@ntsiam.co.th

Website:             http://www.nissantrading-th.com/