About Us

Personal   Data   Protection   Act

The Thai Cold Rolled Steel Sheet Public Company Limited has realized the importance of personal data protection which is the individual rights according to Personal Data Protection Act 2019 (BE 2562). The company, as a Data Controller, will not collect, disclose or use any Personal Data without consent from the data subject. Therefore, the Company has developed this Personal Data Protection Policy to secure Personal Data and comply with the law that can be described as in the following details:

1. Definition

“Personal Data” means the individual data which can directly or Indirectly specify personal identity such as name, surname, age, educational background, address, telephone number, e-mail, financial information, date of birth, ID card, passport, work information (position, salary, ect.), photo, fingerprint, iris scan, vocal identity information, Information on performance appraisal or employer evaluation, visual or audio record that are used for tracking the individual activities s, location data, and IP Address or Cookie ID, etc., excluding data of deceased.

“Sensitive Data” means Personal Data which is a commonly privacy data. If Sensitive l Data is disclosed to public, it may cause the conflict or effects to data subject’s feeling or serious injury to the data subject such as race, tribe, political opinion, religion, belief, sexual behavior, criminal record, marital status, health information, mental health information, information that affects to people's feelings, etc.

“the Company” means Thai Cold Rolled Steel Sheet Public Company Limited.

“Data Controller” means the Company who has the power for decision to collect, use, or disclose the Personal Data.

2. Scope of Using
2.1. This announcement is enforced with board of directors, executive and all employees including partners, contracting parties, and stakeholders.
2.2. This announcement is enforced with all activities of the Company that deals with Personal Data for example data collection by Human Resource Department, using Personal Data for the company’s objective.

3. The Source of Personal Data
The Company may receive Personal Data from 2 ways as follows:
3.1. The company is directly received Personal Data from the data subject as following details;
(1) Procession of job application or process of submitting petition to the company.
(2) Voluntarily survey or email response or the other communication channel between the Company and the data subject.
(3) Website usage data via browser’s cookies of the data subject.
(4) Execution of a contract that made legal relation between the Company and the data subject.
3.2. The company is received Personal Data from third party as following detail:
(1) Third parties who disclose Personal Data with consent from the data subject.

4. Objectives
4.1. The Company will collect Personal Data of board of directors, executives and all employees for business operation and statistical processing under the Company’s objective for example; collecting employee’s Personal Data for employee identification, collecting partner’s Personal Data for contacting, fingerprint scan for time attendance, collecting Personal Data of the Company’s website user, or collecting the Personal Data from using the Company's computer system, etc.
4.2. If the objective of the Personal Data collecting is changed, the company shall notify and ask for the consent from the data subject including provide an amendment record as evidence.
4.3. The company will not do anything other than this Objectives except for the following reason:
(1) The new objective to notify to the data subject and receiving the consent from the data subject.
(2) Legal compliance.

5. Personal Data Collection
5.1. Collecting, using, disclosure, and anonymization of Personal Data will be processed according to objective, scope, and legitimate methods. Collecting, Using or disclosing of Personal Data shall be limited as necessary for business operation. The company shall manage the data subject to acknowledge, give consent in writing or by any methods according to the Company's specification. However, the Company does not need to ask for consent from the data subject as following cases;
(1) For compliance with legal obligation such as the Personal Data Protection Act, Electronic Transactions Act, Telecommunications Business Act, Money Laundering Control Act, Civil and Criminal Code, Civil Procedure and Criminal Procedure Code, etc.
(2) For the performance of a task carried out in public interest of the investigating officers or the trial and adjudication of the court.
(3) For the legitimate interests pursued by the Company or person or another juristic person.
(4) For protection the vital interests of data subject or another natural person.
(5) For the performance of a contract that data subject is a contracting party or processing of requests by the data subject before entering into that contract.
5.2. The company cannot collect the Sensitive Data without writing consent from the data subject except it's a legal obligation, the Company doesn’t need to received writing consent from the data subject.

6. Security
6.1. The Personal Data that the data subject provide to the Company shall be accurate and up to date. The Personal Data shall be used for the Company’s objectives only and the Company shall take appropriate measures to protect the rights of data subject, including the protection of Personal Data in the computer system of the Company.
6.2. The company will provide Data Protection Impact Assessment in order to use duty of care for processing the high risk in Personal Data which shall affect to the rights and the liberties of the individual person.
6.3. The company shall be audited and verified to comply with this Data Protection Policy by Internal Audit Department of the Company

7. Responsibility
Any employees or Departments dealing with the Personal Data shall significantly realize when the collecting, using and disclosing of the Personal Data in accordance with the laws, policy and procedure on Personal Data Protection. The Company as a Data Controller shall appoint the Data Protection Officer who is responsible to give suggestion and coordinate with relevant parties in case of problems regarding collecting, using, and disclosing the Personal Data under the Personal Data Protection Act 2019 (BE 2562) and related regulation.

8. The Rights of the Data Subject
The data subject has the right to requests to access their Personal Data, delete or destroy Personal Data, suspend to use Personal Data , change Personal Data to be correct and complete, transfer Personal Data, and protest to the Personal Data processing in accordance with Personal Data Protection Act 2019 (BE. 2562).