Personal Data Protection Policy

Apex Circuit (Thailand) Co., Ltd. (hereinafter referred to as “Company”) recognizes the importance of the personal data protection. Therefore, we have prepared and publicized this Personal Data Protection Policy (“Policy”) to people in general being involved with the Company for their acknowledgment with the purpose of notifying all sectors of the details related to personal data collection, usage, or disclosure, including transfer to overseas as well as the measure for personal data management and security in compliance with Personal Data Protection Act B.E. 2019 (“Personal Data Protection Act”) and related laws.

The executives of all departments have the duty and responsiblity for giving support, pushing, and auditing the operations to be strictly in line with the policy and the law related to personal data protection.

1. Enforcement Scope

This Personal Data Protection is applied to the personal data that the Company may collect, use, disclose or transfer the personal data to overseas of the following group of people:

1.1) A group of personal, employees, and job candidates, covering their family members or reference who the employees or job candidates refer to
1.2) A group of customers, covering natural persons, employees, personnel, officers, representatives, agents, the authorized persons who act on behalf of juristic person, director, visitor, and natural persons acting on behalf of juristic persons who are both existing and former corporate customers, including the potential target customers of the Company in the future
1.3) A group of vendors and contracting parties, covering natural persons, employees, personnel, officers, representatives, agents, the authorized persons who act on behalf of juristic person, director, visitor, and other persons acting on behalf of juristic persons who are the existing and former vendors or contracting parties of the Company, including the potential vendors or contracting parties of the Company in the future
1.4) A group of shareholders or any person interested in the investment in the Company
1.5) A group of visitors and outsiders, coming in the responsible premises of the Company, which is necessary for personal data collection with security purpose within the responsible premises
1.6) A group of people involved in the Corporate Social Responsibility (CSR) Activity or any person who the Company may collect his or her personal data for carrying out the Corporate Social Responsibility (CSR) Activity or other matters

2. Definition

“Personal Data” means information relating to a person which enables to identify such Person, whether directly or indirectly that the Company collects as notified in this policy, such as name, surname, nickname, age, gender, address, telephone number, identification card number, passport number, social security card number, driving license number, taxpayer identification number, bank account number, credit card number, educational background, financial position, health history, employment history, criminal record, email address, car registration, title deed, IP Address, Cookie ID, Log File, etc.

“Sensitive Personal Data” means personal data specified by Personal Data Protection Act as the sensitive data for collection, usage, disclosure, or transfer to overseas, executed by the Company upon obtaining the legal consent of the Data Subject. The sensitive personal data includes data regarding racial group, ethnic group, religion, sexual behavior, criminal records, health data, disabilities, biometric data, i.e. face image data or fingerprint image data for the purpose of identify Authentication, including any data which may affect the Data Subject in the same manner.

“Data Processing” means any processing releated to personal data, for example, collection, record, systematization, update, recovery, usage, disclosure, forwarding, erasure, transfer, destruction.

“Data Processor” means natural person or juristic person who executes regarding personal data processing as per the command or on behalf of personal data controller.

“Data Subject” means individual who owns such personal data. This Data Subject shall mean only a natural person.

3. Collection, Usage or Disclosure of Personal Data

3.1) Personal Data Collection shall be executed as necessary, being in line with the purpose of usage only and in compliance with the policy, manual and/or regulation as defined by the Company.
3.2) The collected personal data quality shall be related to accuracy, appropriateness, suitable personal data security measure, risk management, and awareness establishment of responsibility regarding personal data safety.
3.3) Purpose of collection, usage are disclosure of personal data, including the sensitive personal data shall be executed under legal base and data processing in line with the purpose as defined only without the disclosure of the collected personal data to the outsiders except for the following cases:

          3.3.1) For benefits related to life, health or safety
          3.3.2) For execution under the mutually binding contract
          3.3.3) For execution of duties as defined by the law, the Court’s order, the legal authority’s order or any case in the same manner
          3.3.4) For performing duties for public interest or for study, research or statistics
          3.3.5) Be the case obtaining a consent of Data Subject

3.4) All personnel of the Company should have awareness and responsibiltiy being ready for protecting the personal data of people involved as their own pesonal data.

4. Cookies and Use of Cookies

For visit to the Company website, there may be the placement of cookies in the visitor’s equipment and the automatic data collection. Some parts of cookies are necessary for the proper function of website. Also, some parts are cookies giving facilitation to the visitors of website being able to study additional information under the Company cookies policy.

5. Improvement of Personal Data Protection Policy

The Company may occasionally review, improve, and change this personal data protection policy to be in line with the relevant practice, law, regulation, and requirement. If there are improvement and change of this personal data protection policy, the Company will further publicize the updated policy on the Company website and other channels.

6. Storage, Duration, and Security Measure

The Company shall keep personal data as needed and appropriate to achieve the objective as notified in this policy by considering the suitable duration for personal data storage according to the contract term, statute of limitations, including the necessity of further storage of personal data as per the necessary duration in compliance with the law and relevant standard.

The Company will maintain and keep the personal data safe and suitable whether its type is document, computer system, and several electronics system, including several devices used by the Company to maintain the pesonal data security. You are requested to feel confidence that the Company has the measure for the appropriate personal data security to prevent loss, access, usage, change, amendment or unlawful personal data disclosure or action without legal power.

7. Rights of Data Subject

Under the provisions of law and relevant legal exceptions, Data Subject may have the rights as per the following:

7.1) Access to Personal Data: The Data Subject is entitled to request for access to or obtaining a copy of personal data, collected by the Company, usage or disclosure relevant to the Data Subject.
7.2) Rectification: The Data Subject may have the rights to request for rectification of personal data, collected by the Company, usage or disclosure relevant to personal data to be accurate, updated, complete, and not caused the misunderstanding.
7.3) Personal Data Transfer: The Data Subject is entitled to request for personal data in the type organized by the Company, including the rights to transfer data to other persons or the Data Subject himself or herself for some reasons.
The Company may charge for the expenses if the request or exercising of such right is too complicated or the Company may use excess technical or management attempt.
7.4) Objection: The Data Subject has right to object to collection, usage or disclosure of personal data of the Data Subject according to the law stipulation.
7.5) Suspension of Use: The Data Subject is entitled to request for suspension of personal data usage of the Data Subject himself or herself, unless there will be the legal restrictions.
7.6) Right to Withdraw Consent: For the purpose of Data Subject’s consent given to the Company to collect, use or disclose personal data of himself or herself, the Data Subject may has the right to withdraw consent of himself or herself, unless there will be the legal restrictions.
7.7) Erasure or Destruction: The Data Subject may have the right to request the Company for erasure, destruction or making the personal data of Data Subject, collected, used or disclosed by the Company, become the non-identifying data of Data Subject, unless the said personal data storage of the Company is executed according to the law or the right protection of legal claim.

8. Disclaimer

The Company reserves the right to deny a request as per the following 7 cases:

(8.1) The action is allowed by the law.
(8.2) The requester has no evidence identifying Authentication as data owner or authorized person of the said request.
(8.3) The request has no reasonability, i.e. the requester has no legal right or there is no such personal data at the Company, etc.

9. Company Contact

If you have any questions about this personal policy or intention to exercise the right related to your personal data processing, you can make contact and inquiry at:

          Apex Circuit (Thailand) Co., Ltd., Sinsakhon Industrial Estate
          30/101,102 Moo 1, Tambon Khok Kham, Amphoe Mueang, Samut Sakhon Province 74000
          Phone: 034-119225 Ext. 116

This announcement becomes effective on June 29, 2022