Privacy Policy of Fortune Parts Industry Public Company Limited
Fortune Parts Industry Public Company Limited (“the Company”) respects the right to privacy and emphasizes the protection of personal data that related to transactionwith the company. Therefore, it is important to have a data protection policy, and to have rules, mechanisms, regulatory measures and the management of personal information as follows:
1. Scope of application
This Privacy Policy is applicable to the performance of all employees, which means full-time employees, employees of employment contract specifying the expiration date of the contract, temporary worker and contractor including those who process personal data on behalf of the company.
2. Definition
2.1 “Personal Data” means information about an individual by which an individual can be identified whether directly or indirectly but does not include information of the deceased in particular.
2.2 “Sensitive Personal Data” means information that is truly personal to an individual, which are sensitive and may run the risk of unfair discrimination such as race, ethnicity, political opinion, religious beliefs or philosophy sexual behavior, criminal records, health information, disability, trade union information, genetic information, biological information or any other information which affects the owner of personal data in the same way as announced by the Personal Data Protection Committee.
2.3 “Processing” means the process of collecting, use, disclosure, deletion or destruction of personal data.
2.4 “Personal Data Subject” means an individual who is the owner of the Personal Data from which the Personal Data is personally identified in both directly or indirectly way.
2.5 “Personal Data Controller” means a person or juristic person who has the authority to make decisions about the collection, use or disclosure of personal data.
2.6 “Personal Data Processor” means a person or a legal entity who performs the collection, use or disclosure of personal data on the order or on behalf of the company, but this person is not a controller of personal data.
2.7 “Company” means Fortune Parts Industry Public Company Limited and its subsidiaries according to the consolidated financial statements of Fortune Parts Industry Public Company Limited.
3. Collection of personal information
3.1 The Company will collect personal data for the purpose, scope and use with rightful and fair methods. The collection will be done only to the extent necessary for the operation of the company’s objectives.
3.2 The company will proceed to inform the owner of the information and give consent by electronic or according to the company’s method. In case of sensitive personal data of the data subject is stored, the company will expressly obtain consent from the data subject prior to collection. Unless the collection of personal data and sensitive personal data is subject to exceptions as specified in the Personal Data Protection Act B.E. 2562 or other laws.
4. Purposes for collecting or using personal data
4.1 The company will collect or use the personal information of the data subject for the benefit of the company’s operations to improve the quality of operations to be more efficient and, or to comply with any laws or regulations relevant to the company’s operations. The company will store and use such information only for the necessary time and the purposes for which the data subject has been notified or as required by law.
4.2 The company will not take any action that different from those stated in the purpose of collection, unless
(1) notifying the new purpose to the data subject and obtaining the consent of the data subject
(2) It is in compliance with the Personal Data Protection Act or other relevant laws.
5. Disclosure of personal information
5.1 The company will not disclose the personal information of the data subject to any person without consent and will disclose it for the stated purpose.
5.2 The company may have a necessity in disclosing personal data of the data subject to its affiliates or other parties in both demoestic and international for the benefit of the company’s operations and providing services to the data subject. Fot disclosing personal information to such persons, the company will ensure that those individuals keep their personal information confidential and do not use it for any purpose other than the scope specified by the company.
5.3 The Company may disclose personal information of the information subject under the rules prescribed by law, such as disclosing personal information to government agencies, government agency regulators including in the event of a request to disclose information by virtue of law.
6. Security of personal information
6.1 The company will provide measures to maintain the security of personal data that are appropriate and consistent with the law, policies, regulations, requirements and practices on personal data protection for the company’s employees and other related parties.
6.2 The company supports and encourages employees to be knowledgeable and aware of their duties and responsibilities in collecting, keeping, using and disclosuring the data subject’s personal data in order for the company to properly comply with personal data protection policies and laws effectively.
7. Rights of the personal data subject
7.1 The right to request access and obtain a copy of personal data relating to oneself or requesting to disclose the acquisition of such personal data that he/she did not give consent
7.2 The right to object to the collection, use or disclosure of personal information about oneself
7.3 The right to request removal, destruction, or make personal information non-identifiable information to the person who owns the personal information
7.4 The right to request to suspend the use of personal data
7.5 The right to withdraw consent to the processing of personal data for which consent has been given. However, revocation of consent does not affect the collection, use or disclosure of personal data for which consent has been given.
7.6 The right to correct personal data
7.7 The right to transfer personal data
8. Supervision of personal data protection compliance
8.1 The company will provide a follow-up process in the event that the law changes, and constantly update personal data protection measures to be in line with the law.
8.2 The company will regularly review and update policies, standards, guidelines, procedures and other documents related to the protection of personal data in order to be up-to-date in accordance with the laws and circumstances of each period.
9. Roles, duties and responsibilities
9.1 The Board of Directors has roles, duties and responsibilities as follows:
(1) Regulate the creation of a personal data governance structure and related internal controls in order to comply with the law and privacy protection policy
(2) Supervise and support the company to carry out the protection of personal data to be effective and in accordance with the law.
9.2 Privacy Committee
Let the Company’s Risk Management Committee act as the Personal Data Protection Committee with the following roles, duties and responsibilities:
(1) Establish a personal data governance structure and relevant internal controls, including the Privacy Incident Management Policy and the Incident Response Program, to be able to identify and deal with unusual incidents related to personal data promtly.
(2) Evaluate the effectiveness of the company’s personal data protection policy, and report the results of such assessments to the Board of Directors on a regular basis at least once a year, and supervise to ensure that risks related to personal data are handled and appropriate risk management guidelines are in place.
(3) Determine and review operational standards and guidelines to ensure that the company’s operations are in accordance with the law and privacy protection policy.
(4) Appoint the Company’s Personal Data Protection Officer (FPI DPO)
The Company has appointed a Personal Data Protection Officer to perform an auditing duties, supervise and advise on the collection, use or disclosure of personal information, including coordinating and cooperating with the Office of the Personal Data Protection Commission to comply with the Personal Data Protection Act B.E. 2562 (2019). The company has appointed the Company Secretary and Information Technology Manager as Personal Data Protection Officer.
9.3 Executives have roles, duties and responsibilities in monitoring and controlling agencies that are in compliance with the personal data protection policy and promote awareness raising among employees.
9.4 The Company’s Personal Data Protection Officer (FPI DPO) has roles, duties and responsibilities as required by law. This includes the following duties:
(1) Regularly report the status of personal data protection to the Personal Data Protection Committee, and always make recommendations to improve the protection of personal data to be up-to-date and consistent with the law.
(2) To advise employees on the collection, use or disclosure of personal information relating to compliance with the law and the company’s personal data protection policy.
(3) Examine the operations of the agency to comply with the law and privacy policy.
(4) Coordinate the handling of complaints or requests to exercise the rights of the personal data subjects who have been contacted or requested from the personal data subjects.
(5) Coordinate and cooperate with the Office of the Personal Data Protection Commission in the event of a problem relating to the collection, use or disclosure of personal information of the company, subsidiaries and business partners.
(6) Notify the Office of the Personal Data Protection Commission of the incident of personal data breach within 72 hours from the knowledge of the incident.
9.5 Employees have the following roles, duties and responsibilities.
(1) Comply with the personal data protection policy, standards, guidelines, procedures and other documents related to the protection of personal data.
(2) Report unusual incidents related to personal data protection and non-compliance with the law and the company’s personal data protection policy and inform the supervisor.
10. Review and change of personal data protection policy
The company may improve or update this policy from time to time to comply with legal requirements and changes in the company’s operations including suggestions and opinions from various agencies. The company will clearly announce the changes.
11. Penalty for non-compliance with the Privacy Policy
Failure to comply with the personal data protection policy of Fortune Parts Industry Public Company Limited may result in an offense and subject to disciplinary action, including penalties as required by law.
Data Controller Contacting the Company
Fortune Parts Industry Public Company Limited
11/22 Moo 20, Nimitmai Road, Lam Luk Ka Subdistrict, Lam Luk Ka District, Pathum Thani Province 12150
Website : www.fpiautoparts.com
e-mail: info@fpiautoparts.com
Phone : 02-993-4970-7
Data Protection Officer (DPO)
Contact address: 11/22 Moo 20, Nimitmai Road, Lam Luk Ka Subdistrict, Lam Luk Ka District, Pathum Thani
Contact method: e-mail pdpa@fpiautoparts.com
Phone : 02-993-4970-7 ext. 108,297
This Privacy Policy is effective from May 1, 2022 according to the Board of Directors of Fortune Parts Industry Public Company Limited dated May 13, 2022.
sign
(Mr. Sompol Thanadumrongsak)
Managing Director
Privacy Notice Form for Users of The Company’s Website
Fortune Parts Industry Public Company Limited (“the Company”) (hereinafter referred to as “FPI.” or “We”) greatly emphasize on the importance of protection of personal data. To ensure users with the assurance that we will protect and treat their personal data in accordance with the data protection laws, we have established this personal information notification form to inform them about the processing of personal data, whether it is collected, used and disclosed (collectively, “processing”), which may occur during users visit to our website as well as informing users of their rights in their personal data and ways to contact us.
However, if users visit our website for a specific purpose, such as doing business with us, applying for a job, applying for an internship, application, applying for an event or study tour, etc., please consult the relevant personal information notification form here for more information.
1. Purpose for collecting, using or disclosing personal information
When users access the FPI website, we may collect, use or disclose users’ personal information for the following purposes
Objective
For the use of the website or access to various systems of FPI, and its subsidiaries or link to other websites, either FPI, FPI’s subsidiaries, or external entities.
legal base
Legitimate Interests
Contractual Basis
To measure performance and market survey analysis and marketing strategies, including carrying out business planning, reporting and forecasting.
To analyze, research and develop FPI’s products, services to be better and suited with user’s requirement. This includes collecting FPI’s website usage data to analyze the use of FPI website from website user for development and communication strategies.
For risk management and oversight, including internal audit of the Internal Audit Office and management within the organization.
In case website users would like to visit FPI company, we may evaluate personal data of those users for consideration, selection and confirmation of the visit as well as preparing for the facilities suitable for the group of people who will come to visit our company.
In case you provide information via contact channel or make requests such as obtaining information from the Information Center, we may process your personal data for further contact regarding the request, complaints or information that you have provided to us, including considering the processing of requests, contact information, issuing a receipt (In the case of a fee or expense for copying information or submitting documents), fact check, keeping a record to track performance, and this information will be used for risk management, oversight, internal audit of the Internal Audit Office and management within the organization.
When you download certain documents from our website, such as annual reports, sustainability report, annual reports in the form 56-1, One Report, etc, we may request additional personal information from you to contact and send surveys to ask for opinions. This imformation will be analyzed to develop of FPI report and to meet the interests of the reader.
Legal Obligation
Legitimate Interests
When you access our website, we are obliged to collect, use or disclose certain personal information of the users of the website for legal compliance, investigation, legal and other regulatory processes, and reporting or disclosing information to government agencies, independent organizations or any other agency by virtue of law or court order, including the establishment of legal claims, compliance or exercise of legal claims, or raising the defense of legal claims.
Legal Obligation
Legitimate Interests
Personal data that FPI collects due to the need to perform a contract or compliance with various laws. If you do not provide such necessary personal data, FPI may not be able to provide you services or facilities.
2. Collection of personal data and personal data that may be collected
By accessing the FPI website, personal data may be collected. Some of them may be automatic collection of information from your use of the website, such as collecting your IP address, browser type, etc., and some may be personal information that we obtain from asking you to fill out a form, or the information you provide to us in order to carry out each type of related activity such as inquiries, contact for more information, requesting a business visit, etc. In addition, FPI may collect personal data from you through our personal data processors, or your information may be collected from other sources, such as publicly accessible sources of personal information and information that can be copied from government agencies, etc.
FPI may collect your personal information as follows:
2.1 General personal data
(1) Identity data such as name, surname, identification number, age, date of birth, etc.
(2) Information about work such as occupation, name of your company/organization, and position/department, etc.
(3) Contact information such as address, telephone number, e-mail address, etc.
(4) User account information and password, only in the case of accessing various systems of FPI and FPI’s subsidiaries.
(5) Information we obtain through the use of the website services, such as electronic device information, IP address, login data, browser type. and settings location information, an online data identifier to enable ‘cookies’ and similar technologies.
(6) Other information you provide to us, such as the country of service users. Information based on applications, forms, questionnaires, opinions, preferences or detailed information about inquiries or requests that you have provided to us, etc.
2.2 Sensitive Personal Data
In your use of the FPI website, FPI. is generally not intended to collect or use sensitive personal information such as religion, ethnicity, etc., of you or any other person for any specific purpose. You do not need to specify or mention such information However, if there are cases where FPI needs to use the information for any purpose, FPI will inform you and obtain your consent on a case-by-case basis.
In case that you have provided a copy of your ID card containing sensitive personal information such as religion and blood group, FPI generally does not intend to collect and use the religious and blood group information that appears on your copy of your ID card for any specific purpose. If you have provided FPI with a copy of your identification card, you are requested to conceal that information. If you do not conceal the above information You are deemed to have authorized FPI to conceal that information, and will be assumed that the documents are completely concealed. If FPI is unable to conceal information due to certain technical limitations, FPI will collect and use such information only as part of your identity document.
3. Period for collecting personal information
FPI will retain your personal data as long as it is necessary for the purposes of collecting, using or disclosing the personal data set in this notice, and may continue to be retained for compliance with the law or the legal term, the establishment of legal claims, compliance or exercise of legal claims, raising the defense of legal claims, or for other reasons according to FPI’s internal policies and requirements.
4. Disclosure
In carrying out the purposes stated in this notice, FPI may disclose your information to third parties as follows:
4.1 Subsidiaries of FPI for the purpose of achieving the stated objectives
4.2 Government agencies, independent organizations, regulators or other agencies as required by law including officials who exercise legal powers such as courts, prosecutors, police, etc.
4.3 Agents, contractors/subcontractors and/or service providers for any operations to FPI such as auditors, lawyers, legal advisors, website developer, the contractor who is taking care of public relations in various channels, etc.
5. Sending or disclosing information abroad
FPI may be stored on servers or cloud computers of international service providers, and data may be processed using programs or ready-made applications of foreign service providers. However, in any case of transmission or transfer of such information, FPI will comply with the Personal Data Protection Act B.E. 2562
6. Accessing other websites through the company’s website
This privacy notice is only for the provision of services and the use of the FPI website. Therefore, if you visit other websites through FPI website channels, the protection of personal information will go through that website’s privacy notice, which is not related to FPI.
7. Cookies and similar technologies
FPI uses cookies that are essential to the functioning of the FPI website to collect and store information when you visit the website, and FPI utilizes optional cookies to help us improve the FPI website. FPI will not use optional cookies until you allow us to enable them. In addition, our website may use Google Analytics to analyze website usage data and use it to improve our website. You can find out more about the use of cookies in the FPI Cookies Policy.
8. Your rights as a data subject
As the owner of your personal data You have the rights set forth by the Personal Data Protection Act B.E. 2019. You may exercise your rights through the channels set forth by FPI in Section 10. or through the FPI website. right When the personal data protection law applies to FPI. Your rights are detailed as follows:
8.1 Right to withdraw consent
In case FPI asks for your consent, you have the right to withdraw your consent to the processing of personal data that you have given consent to FPI unless the revocation of consent is restricted by law or contract to your benefit.
The revocation of consent will not affect the lawful processing of personal data for which you have given consent.
8.2 Right to access to personal data
You have the right to request access and to obtain a copy of your information which is under the responsibility of FPI. You may also request FPI to disclose any acquisition of such information that you did not consent to FPI.
8.3 Right to request the transmission or transfer of personal data (Data Portability Right)
You have the right to request FPI to transfer your personal data that you provide to FPI as required by law.
8.4 Right to object to the collection, use or disclosure of personal data (Right to Object)
You have the right to object to the processing of information about you for the collection, use or disclosure of personal data about you as required by law.
8.5 Right to request the deletion of personal data
You have the right to request FPI to delete your personal data as required by law. However, FPI may store your personal data by electronic system. Some systems may not be able to delete it. In this case, FPI will arrange for the destruction or rendering of such information non-identifiable to you.
8.6 Right to restrict processing
You have the right to request FPI to suspend the use of your information as required by law.
8.7 Right to request correction of personal data (Rectification Right)
In case you believe that your information from FPI is not correct, you have the right to request FPI to correct your personal data. So, your data will be accurate, current, and not misleading.
8.8 Right to complain
You have the right to complain with the competent authority under the Personal Data Protection Act B.E. 2562 if FPI violates or fails to comply with the Act.
9. Amendments to this notification form
We may update this privacy notice from time to time. when such changes are made, We will make an announcement to you on the FPI website. In case that your consent is required, we will also seek your consent.
10. How to contact
In case of doubt or requirment more information about the protection of your personal information, inlcudig collection, use or disclosure of your information exercise of your rights, and any complaints, you can contact FPI via the following channels:
Fortune Parts Industry Public Company Limited
11/22 Moo 20, Nimitmai Road, Lam Luk Ka Subdistrict, Lam Luk Ka District, Pathum Thani Province 12150
Website : www.fpiautoparts.com e-mail: info@fpiautoparts.com
Phone : 02-993-4970-7
Data Protection Officer (DPO)
Contact address: 11/22 Moo 20, Nimitmai Road, Lam Luk Ka Subdistrict, Lam Luk Ka District, Pathum Thani
Contact method: e-mail pdpa@fpiautoparts.com
Phone : 02-993-4970-7 ext. 108,297
