Green Metals (Thailand) Co., Ltd. is the sorting, recycling, buying-selling and transporting of metals scrap and all kinds of non-hazardous wastes, dismantling ELV, GOSHI car, airbag, forklift, stocking all kinds of wastes, collecting PCB (Printed Circuit Board) or PWB (Printed Circuit Wiring Board) for exporting, dismantling of the automotive electrical parts such as ABS actuator, ECU (Engine Control Unit), airbag computer and others. Consistent with our Code of Conduct & Ethics, the Company will respect the privacy rights of data subject that the Company collects, uses, processes, stores, discloses and/or transfers on purpose of the business activities.
This privacy policy aims to give you information on the way of processing (including collection, use, storage, disclosure and transfer) (hereinafter referred to as “Processing” or “Process”) by Green Metals (Thailand) Co., Ltd. (the “Company”, "we", "us" or "our" in this privacy policy) of personal data relating to an identified or identifiable natural person in Thailand, and (such natural person shall be “Data Subject” and such personal data shall be “Personal Data”) as a data controller (or a data processor, if applicable).
Consistent with our Global Code of Conduct & Ethics, we will respect the rights to privacy of individuals and comply with the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”).
Personal Data means any information relating to Data Subject which is directly or indirectly identified to such individual person such as first name, last name, address, date of birth, telephone number, photo, biometric data, including customer or supplier data, employee data, data of directors, shareholders, contractors, etc. It does not include data where the data subject is not or no longer identifiable (anonymous data).
We may Process the following Personal Data :
Personal Data may be converted into statistical or aggregated data in such a way that Data Subject will not be identified or identifiable from it and may be used for analytical and research purposes.
We collect Personal Data including through the following ways:
We will Process Personal Data only when relevant laws and/or regulations (in particular, PDPA) allow us to do so.
Before processing Personal Data under this Legitimate Interests ground, we will assess potential impacts (both positive and negative) on Data Subject and his/her rights and further make comparison between such impacts on Data Subject and the Company’s Legitimate Interests. We will not Process Personal Data by relying on this Legitimate Interests ground if the adverse effect on Data Subjects and his/her rights exceeds the Company's Legitimate Interest.
We have set out below, in a table format, a description of typical (i) purposes for Processing of Personal Data, (ii) types of Personal Data and (iii) legal grounds for lawful Processing of Personal Data.
(We may Process Personal Data for more than one legal ground depending on the specific purpose for Processing of Personal Data. In addition to the purposes listed in the table below, please note that we may also Process Personal Data for complying with legal obligations of the Company, for Legitimate Interests, or for Vital Interests as permitted by law.)
Purposes for Processing of Personal Data | Types of Personal Data | Legal Grounds for Lawful Processing |
---|---|---|
1. To register a new customer, supplier, or service provider | (a) Personal details and Identification (b) Contact Information |
(a) Consent by Data Subject (b) Performance of Contract (c) Legitimate Interests (for administration purpose) |
2. To supply (or procure) goods or provide (or receive) services appropriately including: (a) placing (or receiving) order; (b) delivery (or take delivery); (c) paying (or receiving) fees; (d) administration of debts and credits; and (e) providing (or receiving) services subject to Foreign Business License; |
(a) Personal details and Identification (b) Contact Information (c) Payment Information |
(a) Consent by Data Subject (b) Performance of Contract (c) Legitimate Interest (for fulfilling obligation of our business properly) |
3. To contact and communicate, marketing communications, perform data analytics and improve the business of the Company | (a) Personal details and Identification (b) Contact Information (c) Data for Marketing and Communications |
(a) Consent by Data Subject (b) Performance of Contract (c) Legitimate Interest (for developing business of the Company with effective communication) |
4. To manage contact details including: (a) advising changes to relevant information on the Company (b) asking for participation in a market survey |
(a) Personal details and Identification (b) Contact Information |
(a) Consent by Data Subject (b) Performance of Contract (c) Compliance (d) Legitimate Interest (for updating customer’s contact details and for investigation on products and/or services) |
5. To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Personal details and Identification (b) Contact Information (c) Technical information |
(a) Consent by Data Subject (b) Legitimate Interest (for management and provision of IT services, network security and for prevention of fraud) (c) Compliance |
6. To manage human resource for the Company to make appropriate decision about recruitment and human resource management (including management of payment of salaries, compliance with employment contract and labor law, and carrying out training session) | (a) Personal details and Identification (b) Contact Information (c) Payment Information (d) Personal History |
(a) Consent by Data Subject (b) Performance of Contract (c) Legitimate Interest (for recruiting individuals and to make sure there is no miss- matching of the job requirement and the applicant, for procuring proper human resource management) (d) Compliance (e) Vital Interest |
7. To implement security measure by controlling access to the building, to ensure our security of our employee and visitors, and to record and maintain records of photos images and/or audio via closed circuit television (CCTV), photographs, footages, video and voice recording from conversations | (a) Personal details and Identification (b) Contact Information (c) Security Data |
(a) Performance of Contract (b) Compliance (c) Legitimate Interest (for securing safety of employee and our visitors ) |
8. To investigate or address claims or disputes relating to business of the Company or satisfy requirements under applicable laws, regulations, or operating licenses. | (a) Personal details and Identification (b) Contact Information (c) Payment Information (d) Personal History (e) Security data |
(d) Performance of Contract (e) Compliance (f) Legitimate Interest (for investigating and responding to claims and disputes relating to the business of the Company) |
9. To conduct assessment on our internal control over, and monitoring (e.g. by way of external and internal audit) of: (a) effectiveness and efficiency of business operations; (b) reliability of financial reporting; (c) compliance with applicable laws and regulations relevant to business activities; and (d) safeguarding of assets. |
(a) Personal details and Identification (b) Contact Information (c) Payment Information (d) Personal History |
(a) Consent by Data Subject (b) Compliance (c) Legitimate Interest (for prevention of fraud and protection of organisation’s resources, both physical and intangible) |
We will only Process Personal Data for the informed purposes for which we collected it, unless we reasonably consider that we need to Process it for another purpose and such purpose is compatible with the original informed purpose.
If we need to Process Personal Data for a purpose apparently irrelevant to the original informed purpose, we will inform Data Subject on the new purpose and obtain Data Subject’s prior consent where Data Subject’s consent is required under the applicable law.
We may Process Personal Data, without Data Subject’s knowledge or consent, if to do so is required or permitted by relevant laws and/or regulations.
We may disclose Personal Data to the following third parties, subject to availability of safety measure for protection of Personal Data and compliance with the relevant laws and regulations by such third parties :
When we ask External Third Parties to Process Personal Data on our behalf, we will not allow them to use Personal Data for their own purposes. We will permit them to Process Personal Data only within the scope of our instructions and applicable relevant laws and regulations.New owner of our business will be able to Process relevant Personal Data to the same extent permitted by this policy and in accordance with the PDPA.
“Internal Third Parties” shall include our parent company, the Company’s subsidiaries and affiliates in which the Company holds majority of the shares or interests in Thailand and/or other countries.
“External Third Parties” shall include the following third parties:
Disclosure of Personal Data mentioned in Clause 6. (Disclosure of Personal Data) above may include transfer of Personal Data to a foreign country.
We transfer Personal Data from Thailand to a foreign country only if at least one of the following applies:
We have put in place appropriate security measures to prevent the unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of Personal Data and will ensure that the security measures are in accordance with the minimum standard specified and announced by the Personal Data Protection Committee under the PDPA.
We limit access to Personal Data only to employees, agents, contractors and other persons and third parties mentioned in Clause 6. (Disclosure of Personal Data) above only as necessary. They will be allowed to Process Personal Data only within the scope of our instructions and be subject to a duty of confidentiality.
If we discover that there is a breach of the Personal Data that poses a risk to the rights and freedom of a Data Subject, the Company will report it to the Office of Personal Data Protection Commission without undue delay, and where feasible no later than 72 hours of discovery.
If the breach is likely to result in a high risk to the rights and freedom of a person, we will notify relevant Data Subjects that there has been a breach and provide information about the breach and the guideline of remedy without undue delay.
We will retain Personal Data only to the reasonable extent necessary to achieve the purposes for collection of the same.
We may retain Personal Data for a longer period in the event of complaint by Data Subject, or, if we reasonably believe, there is a prospect of litigation with Data Subject. We may also retain Personal Data even after the purposes for its collection are fulfilled in case it is necessary as the Company has an ongoing legitimate interest to do so, or it is for compliance with the applicable law, including the Computer Crimes Act B.E. 2550 (2017).
To determine the appropriate retention period of Personal Data, we will consider the amount, nature and sensitivity of the Personal Data; the potential risk of harm from unauthorised use or disclosure of Personal Data; purposes for Processing Personal Data; prospect of achieving such purposes through other means, as well as the applicable legal, tax, accounting or other requirements.
10.1 Legal rights
In relation to his/her Personal Data, Data Subject may make a request to the Company at the contact details under Clause 12 of this Privacy Policy to exercise the following rights of Data Subject:
When we receive a request to exercise Data Subject’s rights above, we will fulfill the request without undue delay provided that the request is carried out in accordance with the PDPA and other relevant regulations and we have no legitimate reason to reject such request as permitted by law.
Data Subject has the right to make a complaint to relevant supervisory authority in charge of data protection issues having competent jurisdiction. However, we would appreciate if Data Subject could give us chance to deal with Data Subject’s concerns in the first instance before Data Subject approaching such supervisory authority.
10.2 Cost, etc.
Basically, Data Subject does not have to pay any cost for exercising any of said rights. However, we may ask Data Subject to bear reasonable cost if his/her request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to respond to Data Subject’s request in these circumstances according to the PDPA and other applicable laws and regulations.
10.3 Provision of additional information
When we receive a request to exercise Data Subject’s rights, we may need to request specific information from Data Subject to help us confirm his/her identity and secure Data Subject’s rights. This is a security measure to ensure that Personal Data will not be disclosed to any person who has no right to receive it.
We may also contact Data Subject to ask for further information in relation to his/her specific request to speed up our response.
10.4 Updates to this policy
This policy may be updated from time to time. You can find the latest version on our website.
This website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy statements. Accordingly, when you leave our website, we encourage you to read the privacy policy of every website you visit.
If you have any questions regarding this privacy policy, please contact us or our Data Protection Officer (DPO) at the following contact information:
© Green Metals (Thailand) Co., Ltd. All Rights Reserved.