Privacy Notice for Customers

Konica Minolta Business Solutions (Thailand) Co., Ltd. (“The Company”) values your personal data and strives to protect your personal data or personal data relating to the individuals connected to your business (“Personal Data”) based on the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). The Company therefore arrange to have and provide this Notification to you in order to notify you of our collection, use, and/or disclosure (collectively referred to as “Processing” or “Process”) of Personal Data.

The details of this Notification are as follows:

  • Personal Data.
  • Type of collected Personal Data, including the Data that you provided us about yourself or individuals connected to your business (“you”, “your”, or “yourself”) and data that the Company learn by having you as the customer.
  • Method of Personal Data Processing.
  • Disclosure of your Personal Data.
  • Transfer of your Personal Data to Foreign Countries.
  • Privacy Notice Notification.
  • Retention of Personal Data.
  • Accuracy of your Personal Data.
  • Rights to your Personal Data and the protection in accordance with the PDPA.
  • Security of your Personal Data.
  • Company Contact.

Please read this Notification thoroughly to understand how the Company handles your Personal Data and what rights you are entitled to in relation to your Personal Data. Furthermore, this Notification may be amended during your relationship with the Company so the Company recommend that you should re-read this Notification from time to time. However, if there are any changes made to this Notification that may essentially affect your rights on the Personal Data, the Company will inform you immediately by notifying such change on the Company’s website.

There may be hyperlinks on the Company’s website that direct you to the websites owned and operated by third parties. These third-party websites have separate privacy policies and are likely to use Cookies. We recommend that you read these privacy policies. This will control the use of Personal Data that you may provide when visiting the website. Your personal information may also be collected by Cookies. The Company shall not be responsible for any liabilities arising from such third-party’s websites.

If you have any questions or do not understand any part of this Notification or wishing to exercise your right to Personal Data collected by the Company, please contact the Company using the details provided in the section “Company Contacts”

  1. Personal Data

Under the Personal Data Protection Act (PDPA) Personal Data means any information of an individual that enables the Company to identify the individual either directly or indirectly from that information solely or in combination with other information that the Company has or has reasonable access to, but does not include the information of the deceased.

Personal Data can be categorized as follows.

  • General Personal Data means any personal data that is not sensitive personal data such as name and surname, gender, date of birth, age, nationality, contact number, photograph, address, e-mail address.
  • Sensitive Personal Data means a specific category of personal data under the Personal Data Protection Act, which consists of racial or ethnic, political opinion, cult, religion or philosophy, sexual behavior, criminal record, health or disability information, labour union information, genetic information, and biological information
  1. Type of Collected Personal Data

The Company will use your Personal Data only in the necessary purposes and with the proper reasons to Process the Personal Data. The Company shall collect various type of your Personal Data, depending on circumstances and nature of requested products and/or services.

The Company shall collect your Personal Data from a variety of sources, including but not limited to: –

  • Upon your purchase and/or applying for the Company’s products and/or services.
  • Upon your communication with the Company, including recorded phone calls, postal, e-mail, memo, and other methods.
  • Upon your visiting the website or any other online channels of the Company.
  • Upon your providing the Company with the Personal Data on the website or any other online channels of the Company.
  • Upon your filling out customer survey and/or complaints on the products and/or services of the Company.
  • Upon your participation in competitions, events, or marketing promotions/campaigns of the Company.
  • Upon your manifestly publishing of your Personal Data, including via social media whereby the Company may collect your Personal Data from your social media profile(s) to the extent that you choose to make your profile publicly visible.
  • Upon we receiving your Personal Data from third parties, e.g., your employer, our business partners, banks, websites or other online channels, etc.
  • Upon your purchase our products and/or applying for our services through any third parties.

The Company sometimes collaborate with the third parties who are not our affiliates to collect your Personal Data regarding online activities when you visit the Company’s websites/online channels. Furthermore, The Company may use your Personal Data collected by other websites/online channels, which are not ours or our group/affiliates’ for the purpose of advertisement, which has been concluded that it matches your browsing behavior. However, the Company will inform you and provide you with an opportunity to decline such Processing.

The categories of your Personal Data that the Company may collect are subject to the applicable laws, including but not limited to: –

  • General Personal Data may include but not limited to
  • Personal Details: Name and last name, gender, date of birth, marital status, personal identification (excluding blood type and religion), passport number, other identification issued by the government, including Personal Data that is presented on the documents issued by the government, tax identification number, nationality, driving license, signatures, information the Company received from the questions where you can identify your identity (e.g., username, password, answer in resetting the password, PINs, etc.), photograph and CCTV image or footage;
  • Financial Details: The details of bank accounts, billing addresses, credit card numbers and cardholders’ names and details;
  • Contact Details: Addresses, telephone numbers, email addresses and social media profile details;
  • Electronic Data: IP addresses, cookies, activity logs, online identifiers, unique device identifiers and geolocation data; and/or
  • Sensitive Personal Data may include but not limited to
    • Personal Details: identification card that appear the religion and blood type
    • Health Data: ATK test results and Covid-19 vaccination records, health information and health check up result, or body temperature.

During Processing of your Personal Data, the Company shall also collect some sensitive Personal Data of yours to deliver the products and/or services to you. However, the Company will not Process this type of Personal Data without your consent, unless the PDPA allows the Company to do so.

In case that you are required to provide the Personal Data of third parties to the Company, you agree to notify such third parties that the Company shall Process their personal data and inform the content of this Notification to such third parties. You agree and warrant that you will conform to all requirements under the PDPA. This includes the obligation to obtain consent prior to or during the collection of third parties’ Personal Data in accordance with the form and content designated by the Company.

  1. Method of Personal Data Processing

The Company will use your Personal Data only if it is necessary and we have proper reasons to Process the Personal Data. When The Company Process your Personal Data, The Company will rely on one or more of the legal bases as follows:

  • Contractual Basis: When it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;
  • Legal Obligation: When it is necessary for us to Process your Personal Data in order to comply with the laws or legal obligations;
  • Legitimate Interest: When it is in our legitimate interest to Process your Personal Data for our benefit in compliance with the PDPA, as long as your fundamental rights are not overridden by our benefits; and/or
  • Consent: When you give your consent to us to Process your Personal Data for a stated purpose.

The Personal Data Protection Act and other regulations provide protection on the sensitive Personal Data more stringently. We will not Process this type of Personal Data without your consent, unless the Personal Data Protection Act allows us to do so.

The purposes for which the Company shall process your Personal Data, which is subject to the applicable laws and the legal basis of Processing, are: –

 

 

Except as described in this Notification, the Company will not Process your Personal Data for any purposes other than the purposes as described to you in this Notification. If the Company intend to Process additional Personal Data for other purposes, which are not described in this Notification, The Company will notify you and obtain your consent prior to Processing, except in case where the Personal Data Protection Act allows us to do so without your consent. You will also have an opportunity to consent or decline Processing of your Personal Data.

In case you refuse to give us your Personal Data

Under the circumstance that it is necessary for us to collect your Personal Data in accordance with the Personal Data Protection Act or under the contract terms with you, and you decline to such collection, the Company may not be able to meet the obligations that have been agreed with you, or to enter into a contract with you. In this given circumstance, the Company may refuse to deliver the products and/or services to you.

4.Disclosure of your Personal Data

The Company may disclose your Personal Data only if it is necessary and we have proper reasons to Process the Personal Data, including where: –

  • It is necessary comply with provisions of contracts.
  • The Company having the legal duty to do so (e.g., assisting in a withholding tax deduction, etc.).
  • The Company having the legal obligation to regulatory report, litigation, assertion or defense of legal rights and interests.
  • The Company having the legitimate business interests to do so (e.g., managing risk, conducting internal report, assessing data analysis, verifying identity, enabling third parties to provide you with the services you have requested, assessing your suitability for the products and/or services, etc.); and/or
  • The Company requesting for your permission to share it and you agree to so.

The Company shall require to share your Personal Data for the purposes mentioned above with others, including but not limited to:

  • The group companies and any sub-contractors, agents or service providers who work for the Company or provide the services to the Company or the group companies, including their employees, sub-contractors, service providers, directors and officers.
  • Anyone who provides instructions or operates any of your accounts, products or services on your behalf, e.g., Power of Attorney, lawyers, etc..
  • Your intermediaries, correspondent and agent.
  • Any appointed persons to take care your benefits.
  • People you make the payment to and receive the payment from;
  • Financial institutions, and payment service providers.
  • Any people or companies where required in connection with a potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of the Company rights or duties under our agreement with you.
  • Law enforcement, government, courts, dispute resolution bodies, regulators, auditors and any parties appointed or requested to carry out investigations or audits of our activities.
  • Other parties involved in any disputes.
  • Fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity.
  • Anybody with whom the Company has been instructed by you to share your Personal Data.
  1. Cross-Border transfer

Your Personal Data may be transferred and processed in the foreign country, which may include Japan and Singapore.

When the Company transfers your Personal Data to foreign countries, the Company will ensure that those countries have an appropriate level of protection for Personal Data and that the transfers are lawful. The Company may transfers the Personal Data by such means in order to carry out our contract with you, fulfill the legal obligations and/or protect the public interests. In some countries, the law might compel us to share certain Personal Data, e.g., with tax authorities. Even in this case, the Company shall only disclose the Personal Data with people who have the right to see it.

  1. Privacy Notice Notification

The Company will always inform you before or while collecting your personal data about the purpose of the processing of your personal data. Except where the Company is not obligated to inform you about the purposes of the Company’s data processing. As in the followings case:

  • You are aware of the new purposes or details of the processing of your personal data.
  • The Company believes that notification of such new purposes or details of the Company’s data processing cannot be done or impede the use or disclosure of your personal data. In this case the Company has provided appropriate measures to protect rights, freedom, and interest of yours.
  • It is urgent and necessary to use or disclose your personal information that has been collected by law and the Company have provided appropriate measures to protect your interests.
  • The Company acknowledged or acquired your personal information by performing its duties, occupation, or profession and the company has kept the new purposes or some details confidential as required by law.

For the collection and processing of personal data obtained from other or public sources. The company will notify you of the privacy policy within 30 days from the date of data collection or first contact, whichever event will occur first

  1. Retention of Personal Data

The Company will retain your Personal Data for as long as it is necessary to carry out the purposes that are specified in this Notification. In any case the Company will keep your Personal Data during the Company contractual relationship and another 10 years after you cease being our customer. Unless otherwise required in the event of regulatory or technical reasons, the Company will keep your Personal Data for longer than 10 years. If we do not need to retain the Personal Data for longer than it is legally required or necessary, we will destroy, delete or anonymize it. However and in case where we are unable to destroy, delete or anonymize the Personal Data (e.g. the Personal Data is stored permanently in our backup database, etc.), we will store such Personal Data with an appropriate measure to ensure your Personal Data protection, separate such Personal Data from further Processing activities and will destroy, delete or anonymize it as soon as we are able to do so.

  1. Accuracy of your Personal Data

We need your help to ensure that your Personal Data under our care is up to date, complete and accurate. Please inform us of any change to your Personal Data through our contact channels specified in Article 12 below or update your Personal Data by yourself at/via https://forms.office.com/r/e74iYsbpun

We will occasionally request an update from you to ensure that the Personal Data we use to fulfill the purpose of Processing is up-to-date, accurate and complete

  1. Rights to your Personal Data and the Protection in accordance with the PDPA

Rights regarding your Personal Data are as follows: –

  • Right to Withdraw: This enables you to withdraw your consent given to our Processing of your Personal Data in which you can do at any time by following our instructions at https://forms.office.com/r/e74iYsbpun. The Company shall continue to Process your Personal Data if The Company have another legal basis to do so.
  • Right to Access: This enables you to receive a copy of or request for a disclosure of source in which the Company collect your Personal Data.
  • Right to Correct: This enables you to have any incomplete or inaccurate Personal Data which the Company hold about you corrected. Please refer to Article 5 for more details on the accuracy of your Personal Data.
  • Right to Erasure: This enables you to ask us to delete, destroy or anonymize your Personal Data where there is no good reason for us to continue Processing it. Nonetheless, the Company will consider a request to delete carefully according to the laws.
  • Right to Object: This enables you to object to Processing of your Personal Data, unless the Company has legal reasons to deny your request.
  • Right to Restrict Processing: This enables you to ask the Company to suspend the Processing of your Personal Data temporarily or permanently, for example, if you want the Company to establish its accuracy or a reason/lawful basis for Processing it;
  • Right to Portability: In some cases, you have the right to request for the copy of your Personal Data in an electronics form or request for a transfer of your Personal Data to the third parties.
  • Right to Lodge a Complaint: This enables you to file the complaint with a related government authority, including but not limited to, the Thailand Personal Data Protection Committee, when you find that the Company, its employees or service providers violate or do not comply with the Personal Data Protection Act or other notifications issued under the Personal Data Protection Act.

You may exercise your rights at any time by notifying us via the contact channels specified in Article 12 below, without having to pay any fees to access your Personal Data or exercising any other rights. However, the Company will charge reasonable fee if your request does not have a rigid ground, is duplicated or is more than necessary. The Company may also refuse to proceed with your request under those situations.

Upon your notification, the Company will contact you for filling in our request form and the Company will start proceeding with its internal process. The Company may request certain information from you in order to verify your identity and guarantee your right to access the Personal Data (or to exercise any other rights) which is considered a security measure to ensure that your Personal Data will not be disclosed to those who is not authorized to access the Personal Data. The Company will also contact you for more information about the request for a quicker response.

The Company will make effort to respond to your legitimate request within 30 days. Under some circumstances, the Company may take more than 30 days depending on a complexity or duplication of your request. In such case, the Company will inform you of the status of your request.

Handling of Complaints

In the event that you wish to make a complaint about how the Company Process your Personal Data, please contact the Company at the contact channels provided in Article 12 below and the Company will try to consider your request as soon as possible. Your right will not be prejudiced for filing a complaint with the authority or Personal Data Protection Committee.

  1. Security of your Personal Data

Information is our asset therefore the Company places a great importance on ensuring the security of your Personal Data. The Company regularly reviews and implements the up-to-date physical, technical and organizational security measures when Processing your Personal Data. The Company has internal policies and controls in place to ensure that your Personal Data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by the Company‘s employees in the performance of their duties. The employees are trained to handle the Personal Data securely and with utmost respect according to the Company’s policies, failing which, they may be subject to a disciplinary action.

  1. Amendment

The Company keeps this Notification under regular review and update, and thus this Notification may be subject to changes. The date of last revision of Notification is shown on the top of this Notification and via [https://www.konicaminolta.co.th/solutions_services].

  1. Company Contact

Should you have any question regarding the protection of your Personal Data or wish to exercise your rights, please contact our Data Protection Office through the following channels:

Konica Minolta Business Solutions (Thailand) Co., Ltd.
Address: 33 Soi Ramkhamhaeng 22 (Chittranukhro), Ramkhamhaeng Rd., Huamark, Bangkapi, Bangkok 10240
Contact number: (66) 2 029 7000 Ext. 3230 or (66) 61 408 9162
Electronic mail: bth-dpo@gcp.konicaminolta.com
Website: www.konicaminolta.co.th/solutions_services

The information is updated on 25th August 2022