Privacy Notice    

Updated on June 1^st, 2022 

1. Definition

The Company is aware of the importance of the collection and keeping the confidentiality of User Personal Data. However, in order to operate the business and provide products to clients, it is necessary for the Company to use, collect, store, and disclose User Personal Data. Therefore, the Company, has duty to comply with the PDPA as Data Controller and Data Processor (in some cases). The Company hereby confirms that:

• the Company shall duly and lawfully use, collect, store, and disclose User Personal Data within the scope of law;
• the Company supports the protection of User Personal Data;
• the Company has security and storage system to protect and safeguard the confidentiality of Personal Data in accordance with applicable legal standard; and
• the Company shall create a system that take User’s privacy into consideration when using, collecting, storing, and disclosing any information.

Consequently, the Company has prepared this privacy policy to explain how the Company will treat User Personal Data, such as, use, collection, storage, disclosure, and protection of Personal Data, including User’s rights. For your own benefits, the Company suggests that User thoroughly read and comprehend the following privacy policy as follows:

Unless specified otherwise herein, the following words shall have the meaning as provided here below:

1. 1. “PDPA” means the Personal Data Protection Act of 2019 (B.E. 2562) or any amendment thereafter, including any royal decrees, ministerial regulations, notifications, orders, and other laws related to Personal Data protection;
   2. “Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the data of the deceased persons or anonymized data such as name, identification number, location data, online identifier. 
   3. “Cookies” means small text file consisting of parts of data from a download activity that may be stored in a web browser you use to access. Cookies data may be saved on your computer device or any communication tools that you use to access the web browser while you visit the Company’s website.  

0. 4. “Company” means ST Property & Logistics Co., Ltd.
   5. “Company’s business group” means the business entity that held by 

ST Property & Logistics Co., Ltd. 

0. 6. “Company’s business partner” means the business entity that are incorporated with agreement for personnel data disclosure.
   7. “Data Controller” means a person or juristic person who has power and duties to make decisions regarding the collection, use or disclosure of Personal Data;
   8. “Data Processor” means a person or juristic person who acts in respect of the collection, use, or disclosure of Personnel Data as per an order or on behalf of Data Controller. In this regards, the said person or juristic person shall not be deemed as Data Controller; and
   9. “User” means a person or juristic person who receives Service in any form from the Company, including its agents, customers, tenants, staffs, employees, executives, or representative.

2. Personnel Data the Company Collects from You

The company will collect your personnel data as necessary for lawful purposes. The company may receive personnel data through both direct and indirect means such as electronic channels, physical documents, inquiries, government agencies, business partners, and/or other service providers such as Facebook, Instagram, Line, and etc.

The company may collect your personnel data such as;

• Personal data and your interest such as name, surname, gender, age, nationality, date of birth, marital status, address, occupation, work place, postal code, email address, telephone number, national ID number, passport number, credit card number, bank account number, monthly income, payment data, vehicle information, purchase history; 
• Identifiable image data such as pictures and videos of you and/or your belongings that the Company may collect from CCTV cameras and cameras when there is access to office building, retail space, areas under the Company’s responsibility, during events, meetings, or any seminars;
• Sensitive data such as race, religion, health information, and etc. In the event that the Company has accidentally received it and has no intention to collect such data, the Company will not use your sensitive data;
• Technical data such as website usage and searching behaviors. The Company may use cookie as a tool to collect IP address, the type of web 

browser used to access website, visit duration, websites that refer to the Company’s website, and your location data during website access;.

• Marketing and communication data such as your preferences in receiving marketing material, including contact information, and voice recording when you communicate with Call Center or through other social media channels.

The company collect, use, and disclose aggregated data, such as statistical and project information. The aggregate data may derive from your personal data; however, such data is not considered as a personnel data since it cannot be used identify a specific individual. For example, the Company may use some of your data after the process of anonymization to create statistical information of people who access the website.  

The company is fully aware that the data used must not be able to revert to identifiable data. If the data is then able to be used to identify a specific individual, it will be considered as personal data and will be treated in accordance with this privacy Notice.

The Company’s website may lead you to a third-party website via a link; such action may allow other websites to collect, use, or disclose your personnel data without the Company’s involvement. These service and websites may operate independently from the Company and may have their own privacy notices and policies. The Company cannot be held accountable for any collection, use, or disclosure of personnel data occurred on other websites. Hence, it is encouraged that you read the privacy notices of every website you have visited.

3. Data management policy

In order to operate the business, it is necessary for the Company to use, collect, store, and disclose User Personal Data. The Company, therefore, has duty to comply with the PDPA as Data Controller and Data Processor (in some cases). In this regard, the Company represents and warrants that:

1. • the Company shall use, collect, store, and disclose User Personal Data within the scope of law;
   • the Company has security and storage system to protect and safeguard User Personal Data in accordance with applicable legal standard; and
   • the Company shall take User’s privacy into consideration when using, collecting, storing, and disclosing any Personal Data.

4. Scope of privacy policy

To protect User Personal Data and privacy, this privacy policy shall apply to all use, collection, storage, or disclosure of User Personal Data from all transaction and operation activities between User and the Company.

5. Personal Data collection and processing principles

The Company shall collect and process Personal Data under six principles as follows:

6. Purposes of the use, collection, storage, or disclosure of Personnel Data

The Company collects, stores, and uses User Personal Data to provide the operation system to User, or to create database, or to perform data analysis in order to improve the operation system of the Company, and/or any other purposes not prohibited by law, and/or to comply with any laws or company regulations applicable to the Company, whether currently in effect or may be enforced in the future, and/or for any purposes beneficial to the Company’s business operation.

In order to conduct business operations, activities and/or transactions according to your request and/or to achieve the Company’s objective, the Company may collect, use and disclose your personnel data, including but not limited to; the following objectives;

• To proceed with the purchase of the Company’s operation or services systems, equipment, machine or programs  as requested;
• To carry out the contract you have with the company, or to process your request prior to entering into the contract; whether it is for procurement inspection of product or service quality, service provider performance evaluation, or any other relevant procedures. If you do not provide your personal data, the Company may not be able to proceed with your request as notified or there may be other legal effects;
• To carry out the contract with the contracting party that the Company procures or uses;
• To comply with the law;
• To serve public interest or carry out tasks assigned to the Company by government agencies;
• To carry out the Company’s legitimate interests such as maintain relationship with you, enhance the Company’s business operation standard, and prevent illegal activities;
• To develop marketing plans, conduct data analysis, assess system, improve and develop product or service of the Company, and enhance the efficiency of the website;

• To provide security and prevent illegal actions in the factory, office or areas under the Company’s responsibility, using data from CCTV cameras when there is access of such locations;
• To achieve the Company’s internal objectives or to conduct public relations for external audience through both print and the Company’s social media channels. This activity include the Company’s collection of picture or video from events, meetings, or any seminars held by the Company. Nonetheless, the said data will not be used for commercial purposes;
• In the event that the Company receives your explicit consent, the Company will only use your personal data for purposes you have given consent to;
• In the event that the Company collects minor personal data, the Company will only process in accordance with the purposes data subject has provided it for and such data will not be used for any other or marketing purpose;
• If the Company wishes to process sensitive data, the Company has to acquire your explicit consent before or during the collection of such data.

7. Legal basis for the use, collection, storage, and disclosure of Personal Data

The Company shall not use, collect, store, and disclose User Personal Data without User’s consent, unless it is for compliance with applicable law, or the performance of a contract, or the Company is permitted by law or legitimate right to proceed with the said use, collection, storage, and disclosure of Personal Data. The Company applies the following legal basis for the aforesaid use, collection, storage, and disclosure of Personal Data:

8. Legal basis for the use, collection, storage, and disclosure of sensitive Personal Data

The Company shall not use, collect, store, and disclose User’s sensitive Personal Data, such as, data in respect of racial or ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal record, health information, disabilities, labor union information, heredity information, biological information, without User’s consent, unless the Company has a legal basis to support its operations as specified in the PDPA, for example:

9. Limitation of Personal Data collection

The Company shall use, collect, store, or disclose Personal Data under lawful and fair purposes, scopes, and means. The Company shall limit its collection of Personal Data to the extent necessary for the provision of the Service. The Company may collect Personal Data from any physical or electronic means, in whatever form, according to the purposes of the Company or for the benefit of the Company’s business operation only.

User acknowledges and renders consent to the Company’s use, collection, storage, or disclosure of User Personal Data in accordance with the purposes specified by the Company via physical, electronic, or any other means designated by the Company. In addition, in the event that the processing of sensitive Personal Data (such as, data in respect of racial or ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal record, health information, disabilities, labor union information, heredity information, biological information or any other information which affects the data subject in the same manner) is necessary for the provision of the Service to User, User has also consented to the Company’s use, collection, storage, or disclosure of such sensitive Personal Data.

The Company may use, collect, store, or disclose User Personal Data without requesting consent from User during the collection of Personal Data in the following events:

1. to achieve purposes in the making of company operation process for public interest, or relating to the study, research or statistics for which the appropriate protection standard is established;
2. to protect vital interests, life, and health of persons;
3. necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract;
4. necessary for the performance of a task carried out in public interest;
5. necessary for the purposes of the legitimate interests pursued by the Company or by a person or juristic person that is not the Company;

6. to comply with legal obligation to which the data controller is subject, such as, the PDPA, the Civil Procedure Code, the Penal Procedure Code, and etc.;
7. necessary to protect vital interests, life, and health of User;
8. for the benefit of the investigation by investigators or court trials; or
9. for the interest of User where User is incapable of giving consent at the relevant time.

10. Transfer of Personal Data to third country

The Company may transfer User Personal Data to third country for the purpose of the Company’s business operations as necessary. User agrees and renders consent for the Company’s transfer of User Personal Data to person or entity in third country or under the jurisdiction of other countries, regardless of whether Personal Data protection law of such country may or may not reach the protection standard of Thailand’s Personal Data protection law. In any event, the Company shall comply with appropriate measure to protect the security of User Personal Data at the same level of protection as Thailand’s Personal Data protection law.

11. Data retention

The Company shall only retain User Personal Data for as long as necessary or as regulated by law for the purposes specified by the Company. For more information regarding the Company’s Personal Data retention period, please contact the Data Protection Officer.

12. User’s right under the PDPA

As a data subject under the PDPA, User is entitled to the following legal rights:

In the event that User refuses to give consent for the Company’s processing of User Personal Data or requests the Company to erase User Personal Data, the Company may be unable to provide service to User, effectively. Therefore, User may not be able to obtain the Services from the Company.

The Company reserves the right to reject User’s request in the event that it is permitted by law, or there is an order of competent government authorities or the court, or User’s request is contrary to the law or may impact or cause damage to the Company.

If there is a request to erase User Personal Data from the system, the Company shall use its best efforts to erase User Personal Data from the system. However, User agrees and acknowledges that the Company may retain records or make copies of such data in the Company’s server or back-up system to back up data in case of errors, defects, or malfunctions to the Company’s system, including retaining them as evidences or for the performance of legal obligation.

User’s exercise of rights shall be subject to the rules, notifications, and regulations prescribed by the Company, which shall be in line with the criteria of the PDPA, including the Company’s privacy policy and other criteria specified by the Company. User can exercise the above data subject’s right by sending written request to the Data Protection Officer as detailed in clause 14 of this privacy policy.

13. Notification of breach of Personal Data

In the event of any violation of Personal Data, please notify the Company as detailed in clause 14 of this privacy policy within 72 hours from the occurrence of such event in order to protect Personal Data and to prevent and remedy the said violation for User.

14. Data Protection Officer

For the exercise of rights specified in clause 12, or report of Personal Data breach, or any inquiries regarding the collection, use, or disclosure of Personal Data of the Company, please contact the Data Protection Officer as per the details below:

Data Protection Officer
Mr. Phassutha Moonphukdi

Address:   32/24 Sino – Thai Tower, 3^rd Floor, Sukhumvit 21 Road (Asoke), Klongtoey Nua Sub-district, Wattana District, Bangkok 10110 Thailand 

Tel: 02-2601181    Email: DPO@stpl.co.th

15. Data security

The Company has policies and programs on information technology security protection that meet international standards to protect the confidentiality and security of User Personal Data and to prevent loss or unauthorized destruction, access, or disclosure of User Personal Data, that must be strictly complied by the Company’s employees. The Company also educates and raises awareness of the importance of Personal Data and the responsibility for the security of such information. However, the Company makes no representations or warranties that the implementation of the said policy will be free of any defects or errors. The Company, therefore, reserves the right to discharge all liabilities for any damage or loss occurred to User.

16. Privacy policy update

For the benefit and efficiency in providing the Service to User, the Company reserves the right to update or revise this privacy policy without notifying User in advance. Consequently, the Company requests User to review this privacy policy, regularly.

17. Additional information

For more information regarding this privacy policy or any operation related to User Personal Data, please contact the Data Protection Officer as detailed in clause 14 of this privacy policy.

                                         ……………………………..