Search

PRIVACY POLICY

HOME > PRIVACY POLICY

Personal Data Protection Policy

Akara Resources Public Company Limited (the “Company”) and its affiliates (the “Group”) are committed to and recognize the importance of protecting personal data. The Company has established oversight and management practices for personal data to ensure compliance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and other applicable laws. This Policy is therefore issued to inform you of the Company’s practices in accordance with the PDPA.

This Policy applies to the Company’s executives, employees, contractors, external parties, and any individuals working for or on behalf of the Company. All business units of the Company are responsible for adhering to, supporting, promoting, and monitoring compliance with this Policy, as well as with the PDPA and other applicable laws, in a strict manner.

1. Definitions

“Company” means Akara Resources Public Company Limited.

“Affiliates” means any entity that is under common control with the Company, directly or indirectly, whether by shareholding, the authority to appoint directors, or other forms of control or joint management relationship. This includes parent companies, subsidiaries, and joint ventures as defined by law.

“Personal Data” means any information relating to an identified or identifiable natural person, whether directly or indirectly, but does not include information of deceased persons.

“Sensitive Personal Data” means personal data relating to race, ethnicity, religious or philosophical beliefs, political opinions, sexual behavior, criminal history, health data, disability, trade union membership, genetic data, biometric data (such as fingerprint scans, facial recognition), or any other data that may affect the data subject in a similar manner as prescribed by the Personal Data Protection Committee.

“Data Subject” means the individual owner of the personal data. Only natural persons qualify as data subjects under this definition; “juristic persons” are excluded.

2. Personal Data Collected

The Company may collect the following personal data:

2.1 General Personal Data
(a)  Personal details: name, surname, date of birth, place of birth, marital status, photographs, video recordings, signature, information shown on identification cards or passports, copies of identification documents, and identification numbers.
(b)  Contact information: address, telephone number, LINE ID, social media contact details, workplace.
(c)  Security information: CCTV footage, information on personal property such as vehicles and license plates when accessing the Company’s premises.
(d)  Employment-related information: job title, employer or organization, educational background, work history, training courses attended.
(e)  Financial information: bank account numbers, financial transactions, tax documents relating to transactions with the Company.
(f)  Electronic system access and usage: email addresses, IP addresses, geolocation, browser type, computer traffic data (log files), cookies, application chat history, as well as online references or mentions of the Company or its business.
(g) Information provided during contact or participation: photographs, video/audio recordings, feedback, opinions, satisfaction surveys, and suggestions relating to participation in Company activities.

2.2 Sensitive Personal Data
(h) Sensitive personal data such as health information, disability status, biometric data, and behavioral assessments.

The Company will obtain your explicit consent before collecting and processing sensitive personal data unless the PDPA allows such collection without consent.

Identity documents: If the Company requests a copy of your identification card, passport, or other documents containing sensitive data (e.g., religion or blood type), the Company does not intend to collect such sensitive data. You are therefore requested to redact or obscure such data. If you do not, the Company shall deem that you have consented to its redaction on your behalf, and the document will remain valid. In cases where redaction is not possible due to practical limitations, the Company affirms that any such data will be used solely for identity verification and not for any other purpose.

3. Respect for Privacy Rights

The Company respects the rights of data subjects and recognizes their expectations of privacy and security. The Company will collect, use, and process personal data strictly in accordance with the relevant purposes, with robust security measures in place to prevent unlawful or unauthorized use.

4. Collection of Personal Data

When collecting personal data directly from the data subject, the Company will request consent before or at the time of collection where required by law and will use such data only as necessary for the purposes disclosed.

The Company may also collect personal data from other sources where permitted by law, such as from service providers or publicly available sources.

5. Purposes of Collection, Use, and Disclosure

The Company collects, uses, and discloses personal data for the following purposes:

5.1 Performance of contractual obligations or pre-contractual steps

  • Applications, registrations, or record-keeping with the Company.
  • Procurement or sale of products.
  • Provision or receipt of services.
  • Execution of financial transactions with the Company.
  • Contractual relationship management and contract administration.

5.2 Compliance with law

  • Compliance with laws and regulations applicable to the Company, including but not limited to the Public Limited Companies Act, Civil and Commercial Code, tax laws, labor laws, and electronic transactions laws.
  • Compliance with lawful orders of governmental or regulatory authorities.

5.3 Legitimate interests

  • Verification and authentication of identity.
  • Research, development, and improvement of products, operations, and services.
  • Security and access control for premises, facilities, production units, and IT systems.
  • Risk management, internal and external audits.
  • Exercising legal rights, litigation, or legal proceedings.
  • Participation in or organization of Company activities.
  • Handling complaints, feedback, or requests.
  • Corporate communications and coordination.

5.4 Vital interests and public interest

  • Preventing or mitigating harm to life, body, or health of the data subject or others.
  • Disease surveillance, monitoring, and prevention.

5.5 Consent-based purposes

  • Communication of activities, news, and public relations.
  • Collection, use, or disclosure of sensitive personal data where no other legal basis applies.
  • Disclosure of data between the Company and third-party organizations.
  • Cross-border data transfers to jurisdictions with insufficient data protection standards.
  • In cases of minors, persons with limited or no legal capacity, consent must be obtained from parents, guardians, or legal representatives.

5.6 Legal claims

  • Establishment, exercise, or defense of legal claims.

The Company will collect, use, and disclose personal data based on consent, unless otherwise permitted by law. If personal data is required for contractual or legal purposes and you fail to provide it, this may result in legal non-compliance or the Company’s inability to fulfill contractual obligations or provide services.

Should purposes change in the future, the Company will notify you and comply with applicable legal requirements, including maintaining proper records. Where you provide personal data of third parties (e.g., as an assistant or liaison), you are responsible for informing those individuals of this Policy and obtaining their lawful consent as required.

6. Retention Period

The Company will retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, including legal compliance, statutory limitation periods (generally up to 10 years), establishment or defense of legal claims, or internal policy requirements.

7. Security Measures

The Company has implemented appropriate and stringent security measures in accordance with its information security policies and practices to prevent unauthorized access, loss, destruction, use, modification, or unlawful disclosure of personal data.

8. Rights of Data Subjects

Under the PDPA, data subjects are entitled to the following rights:

8.1 Right to withdraw consent.
8.2 Right of access to personal data.
8.3 Right to data portability.
8.4 Right to object to collection, use, or disclosure.
8.5 Right to erasure.
8.6 Right to restriction of processing.
8.7 Right to rectification of inaccurate data.
8.8 Right to be informed of updates or changes to personal data.
8.9 Right to lodge a complaint with the competent authority.

The Company will process requests in accordance with legal timeframes. However, the Company reserves the right to deny requests where permitted by law or where partial disclosure of data prevents full compliance.

9. Disclosure of Personal Data

The Company may disclose personal data to third parties or strategic partners, both domestic and international, in connection with product and service provision, enforcement of Company terms and conditions, corporate restructuring, mergers, acquisitions, or sales of business. Personal data may also be disclosed to external auditors, governmental authorities, or courts, as required by law.

All disclosures will be treated confidentially in both physical and electronic form, and protected throughout transmission.

In cases of cross-border transfers, the Company will comply strictly with PDPA requirements.

10. Contact Information

For inquiries or further information regarding this Policy, please contact:

Akara Resources Public Company Limited

Address: 99 Moo 9, Khao Jed Luk Subdistrict, Thap Khlo District, Phichit 66230, Thailand
Email: privacy@akararesources.com Tel: (+66) 5661 4500 ext. 2000

11. Changes to this Policy

Should there be any amendments to this Policy, the Company will notify you through appropriate channels.