HOME > PRIVACY POLICY
Privacy Policy
Akara Resources Public Company Limited (“the Company”) is well-aware of the importance of the protection of personal data, this Personal Data Protection Policy was prepared in compliance with the Personal Data Protection Act, B.E. 2562 (2019) (as amended) and relevant laws and regulations (“PDPA”).
The Company advises data subjects to read and understand this Policy, which describes the manner by which the Company treats personal data of the data subjects, including their rights, as follows:
This Policy shall apply to any persons to whom such personal data refers and/or any persons disclosing, possessing and/or having access to, personal data, including the Board of Directors, the Company’s management, staff at all levels of the Company and its partners, and also to such persons whose activities involve their personal data with the Company.
“Policy” means this Privacy Policy including its amendment which may be subsequently announced.
“Company” means Akara Resources Public Company (Limited).
“Personal Data” means any information relating to a person which can identify that person directly or indirectly by, e.g., name, surname, email, address, telephone number, image, use of cookies, etc.
“Data Subject” means a person to whom such personal data refers.
“Data Controller” means a person or a juristic person with the power and duties to make decisions regarding the collection, use or disclosure of personal data.
“Data Processor” means a person designated by the Company who proceeds with the collection, use or disclosure of personal data under the orders given by or on behalf of a Data Controller, and the person who proceeds as such is not a Data Controller.
“PDPA” means the Personal Data Protection Act B.E. 2562 (A.D. 2019)
The Company shall collect personal data using lawful and fair procedure to the extent as necessary within the scope of the PDPA and relevant to the Company’s purposes only. The Company shall notify the data subject and request for consent to be made explicitly in writing or by electronic means, in accordance with the requirements of the PDPA, subject to exemptions explicitly specified in the PDPA with regard to the collection of personal data.
4.1 Types of Personal Data to be Collected
The types of personal data that may be collected by the Company are subject to the nature of the activity, location and method of collection, which may include, but not limited to, the following information:
(1) identifiable personal data such as name, surname, photograph, identification card number, passport number, driver’s license number, date of birth, occupation, position, name of workplace, nationality, gender, marital status, vehicle license plate, CCTV footage of the area under the Company’s control, username and password in the system;
(2) sensitive personal data as defined in clause 3;
(3) personal contact information, e.g., home address or workplace, phone number, e-mail, or social applications such as LINE, Whatsapp, or Facebook;
(4) personal financial information such as bank accounts or personal income tax information;
(5) employment information such as job interviews, performance appraisals, positions, salaries, employment benefits, social security number and provident fund;
(6) other information, e.g., technical information from accessing the Company’s website or applications (if any) and activity usage retrieved Log files, IP address, or Cookies.
4.2 Source of Personal Data Collection
The Company shall collect personal data directly from the data subject. Nevertheless, the Company may collect personal data from other sources such as
(1) public sources;
(2) any communication method, either face-to-face or via any communication tools;
(3) related persons of the data subject.
If, however, the Company has to collect personal data from other sources, such collection shall be carried out adhering to the PDPA.
Personal data shall not be collected, used or disclosed without consent of the data subject given in advance or at that time, unless permitted by law.
The request for such consent (1) shall be made explicitly in writing or by electronic means, except where such consent may not be obtained by such means; (2) shall inform the purpose of collection, use or disclosure of personal data; and (3) shall be clearly separated from other contents.
The data subject reserves the right whether to give his/her consent or to withdraw his/her given consent; the right of access to personal data; the right to data portability; the right to object to the collection, use or disclosure of personal data; the right to erasure or destruction of personal data or rendering it unidentifiable, as per the details in Clause 7.
4.3 Purposes of Collection, Use, Processing and Disclosure of Personal Data
The Company shall collect or use data subject’s personal data for the Company’s business such as the procurement, contract execution, company’s activities, coordination, or for improving the quality of work to be more efficient, e.g. making database, analysis and development of the Company’s operation, and for any other purpose that is not prohibited by law, permitted by laws, and/or for compliance with laws or regulations relating to the Company’s operation. The Company shall store and use such personal data only as necessary to fulfil the purposes as informed to the data subject or as specified by law.
The Company shall not do anything other than that specified in the purposes of the collection of personal data unless:
(1) it has notified the new purposes to the data subject and consent has been obtained accordingly and/or (2) it follows the PDPA or relevant laws.
The proper protection and security of personal data represent one of the basic rights and liberty available to the data subject. therefore, the company provides this privacy policy, operating manuals and/or appropriate security measures for personal data, in order to ensure that the collection, use and processing of personal data shall be limited, including the prevention of access, erasure, destruction and security of Personal Data, in compliance with the provisions of the Company’s policy on security of information technology, and the Company shall review and develop such policy, operating manuals and/or measures as necessary or when the technology has changed, so as to ensure the efficiency of such security and safety.
In case there is a breach of security standard of the Company which results in breach of rights to personal data, the Company shall immediately inform the respective Data Subject of a remedy plan for damages arising from such breach.
In the event that the Company transmits or transfers personal data abroad, the Company shall take necessary steps to ensure that the receiving country, international organization or the data recipient abroad has adequate standards in regard to personal data protection.
The Company respects the Data Subject’s rights as follows:
7.1 Right to withdraw consent: The data subject shall have the right to withdraw his/her consent given to the Company at any time during the period his/her personal data remains in the Company’s possession.
7.2 Right of access: The data subject shall have the right to access his/her personal data and request the Company to make a copy of such personal data, and request the Company to disclose how the data subject’s personal data was collected without his/her consent to the Company.
7.3 Right to data portability: The data subject shall have the right to request a transmission or transfer of his/her personal data provided to the Company to another data controller or the data subject.
7.4 Right to object: The data subject shall have the right to object to the collection, use, processing or disclosure of personal data, if he/she finds it invalid, inapplicable or unfair.
7.5 Right to rectification: The Data Subject shall have the right to request the Company to rectify any information to be up-to-date, correct or complete.
7.6 Right to erasure: The data subject shall have the right to request the Company to erase or destroy his/her personal data or render it unidentifiable to the data subject, due to the absence of its power to collect the same or when it is not necessary.
7.7 Right to restriction of processing: The data subject shall have the right to restrict the use of his/her personal data pending data verification or when it is no longer necessary.
The Company shall have no right to deny the data subject’s request to exercise any of the rights above, except where the laws explicitly entitles the Company to not proceed with such request.
To exercise the rights indicated above, the data subject can submit a written or electronic request form as prescribed by the “Contact Information” below. The Company will consider the request and notify the data subject of the result within 30 days from the date the request is received. The Company may reject a request from the data subject if permitted by laws.
The Company may update or amend this policy from time to time to ensure conformity with the PDPA, ministerial regulations, notifications, procedures and other relevant rules and regulations. the Company shall keep you informed of such change by way of announcement on the Company’s website. Should there be any discrepancy between the new and the existing policy, the new policy shall prevail.
Should this policy not cover anything addressed by any ministerial regulation or announcement which will be subsequently issued under the PDPA, such ministerial regulation or announcement shall apply as if it were an integral part of this policy.
Akara Resources Public Company Limited
99 Moo 9, Khao Chet Luk, Thap Khlo, Phichit 66230 (Thailand)
Telephone: +66 5661 4500
Facsimile: +66 5661 4190
E-mail: admincgm@akararesources.com
Website: www.akararesources.com
This policy is governed by and construed in accordance with Thai laws, and Thai courts shall have the competent jurisdiction over any dispute arising from this policy.
