Privacy policy

Privacy policy and Privacy Notice

Privacy notice for Director, Shareholder
Privacy Notice of Hitachi Transport System Group Thailand

For the purpose of complying with the Personal Data Protection Act B.E. 2562 (2019) and subordinate laws issued thereunder, including any amendments which may be made thereto, (hereinafter referred to be “Laws on Personal Data Protection”), Hitachi Transport System Group Thailand i.e Hitachi Transport System Vantec (Thailand) Limited, TST Sunrise Service Limited, Eternity Grand Logistics Public Company Limited, Pands Group Logistics Company Limited, Eternity Consulting and Service Company Limited (hereinafter referred to be "Company”) has prepared this Personal Data Privacy Notice (hereinafter referred to be “Privacy Notice”) for Director and Shareholder (hereinafter referred to be “you”) to inform data subject for the purpose of collecting Personal Data, lawful basis, the retention period, disclosure of Personal Data (hereinafter referred to be “Processing”) Information about the Personal Data controller and the rights as the data subject. The details are as follows:


1. Definition

Under this Privacy Notice, the definitions used are as follows:

  • 1.1. Director means a person holding the position of a director of the Company, a person appointed as a director from the company
    • (Which the director may be one of the shareholders or not being a shareholder) and includes the person who is the representative
    • of the director's attorney.
  • 1.2. Shareholder means a person who is a shareholder of the Company, a person who represents the shareholder's attorney or a person
    • who is appointed as a shareholder on behalf of the shareholder in the name of the company
  • 1.3. Personal Data means any data relating to a Person, which enables the identification of such Person, whether directly or indirectly,
    • (but not including the information of the deceased Persons in particular).
  • 1.4. Sensitive Personal Data means data about race, ethnicity, political opinion, creed, religious or philosophical belief,
    • sexual behavior, Criminal records, health data, disability data, trade union data, genetic data, biometric data or any data
    • that may affect the owner of the data in the same way.

2. Types of Personal Data collected and Personal Data Protection

The Company will collect various types of personal information that you provide directly to the Company from the operation or sales channels / services / receiving various services of the Company under the terms/based processing as required by law as stated as follows

  • 2.1. General Personal Data include:
  • 2.1.1. Personal information such as name, surname, address, telephone number, e-mail address, contact method, date of birth,
    • taxpayer identification number, national identification number, bank account, number of shares, shareholder registration number. , etc.
  • 2.1.2. Contact information such as the address on the ID card, the address according to the house registration, telephone number,
    • fax, e-mail, and contact information, etc.
  • 2.1.3. Shareholder registration number information.
  • 2.1.4. Information of payment such as account number, etc.
  • 2.1.5. Information that is used as evidence in the conduct of activities related to directors, shareholders, or other transactions
    • relevant information such as personal data that appears in the copy of ID card, copy of passport, copy of house registration,
    • copy of name change certificate, power of attorney, etc.
  • 2.1.6. Other data, such as voice recording of conversations, and video recording by means of CCTV, etc.
  • 2.2. Sensitive Personal Data
  • 2.2.1. We may need to collect and process Sensitive Personal Data, as defined by personal data protection law, such as health
    • information, food allergies, and drug allergy information in order to proceed with any activity you attend. We will process your Sensitive Personal Data only when you give us explicit consent or for other purposes as required by law. We will also ensure that we will try our best to provide adequate security measures to protect your Sensitive Personal Data.
  • 2.2.2. In general, the Company does not intend to collect and use Sensitive Personal Data such as religion and blood group that appears
    • on the copy of your identification card for any specific purpose. If you have provided a copy of your ID card to the Company, ask you to conceal such information. If you do not conceal the above information, you authorize the Company to conceal and the document is deemed to be concealed valid with enforceable in all respects by law. However, if the Company is unable to conceal information due to some technical limitations. The Company will collect and use such information only as part of your identity document.
  • 2.3. Retention of Personal Data, the Company collects Personal Data according to the nature of the data received.
  • 2.3.1. Personal Data in electronic (Soft Copy) from the Company's computer system will be stored in the Company's central database
    • that maintains and maintains the security of data, assigns access control rights, including control rights. Enter the computer room. In the case of cloud-stored data, the Company utilizes a cloud service provider that has received ISO/IEC 20000-1:2011 International Cloud Service Management and CSA STAR Certification. Information security system in accordance with international standards ISO/IEC 27001:2013.
  • 2.3.2. Personal Data in paper Document (Hard Copy), for paper documents in the process of Company’s operations are stored in the
    • Company's secure area where access rights are set. The finished paper documents are stored in a secure document storage facility.

3. Purposes and Lawful Basis for the Collection, Use, Disclosure and Processing of your Personal Data

The Company will collect, use and/or disclose your Personal Data in accordance with the relationship between the Company and you only if necessary with Based on Legitimate Interest Base, Contract Performance Base, Legal Compliance Base, Consent Base or other legal bases as determined by the Personal Data Protection Act as the case may be, for the purposes of collecting, using or disclosing the Company's information as follows:

  • 3.1. For the purpose of compliance with a legal obligation such as company management (such as, setting up, capital increase,
    • capital reduction, business restructuring, change of registration items), shareholders meeting, nomination of a director of a
    • company, board meetings, management of rights and duties of shareholders or debenture holders, dividend payment, interest
    • payment of debentures, accounting and legal inspection reports, deliveries of documents or books, including duties under the
    • laws governing a limited company, public company limited, or companies listed on the Stock Exchange of Thailand
    • (whichever applies).
  • 3.2. For the purposes of the legitimate interests pursued by us or by a third party, such as to manage companies, to record video
    • or audio in meetings, to protect security, to organize events, to send news or offers for your benefit, to establish legal claims etc.
  • 3.3. Management of responding to communications you contact with the Company, such as for answering questions, or handling
    • complaints, exercising shareholder rights, or giving opinions.
  • 3.4. For the purpose of preventing or suppressing danger to a person’s life, body, or health basis such as emergency contact,
    • infectious disease control, etc.
  • 3.5. For the purpose of complying with the laws such as compliance with the provisions of the law, rules and orders of those with
    • legal authority.
  • 3.6. For the purpose of the performance with a task carried out in the public interest or in the exercise of official authority vested in us.
  • 3.7 In the event of use other than the purpose to Clause 3.1-3.6. Collecting your Personal Data that you will be informed of the details
    • and the Company will request your express consent.
  • 3.8. Where the Company has previously collected your Personal Data before the Laws on Personal Data Protection have become effective,
    • the Company will continue to collect and use your Personal Data in accordance with the original purposes of collection. In this
    • regard, you have the right to withdraw your consent by contacting the Company using the contact details set out in article 9
    • contacting the Company. However, the Company reserves the right to consider your request for the withdrawal of consent and
    • proceed in accordance with the Laws on Personal Data Protection.

4. Disclosure of Personal Data

  • 4.1. The Company may need to disclose your Personal Data in accordance with the purposes and rules prescribed under the law on
    • Personal Data protection by providing appropriate measures to protect your Personal Data disclosed to the following
    • persons and entities:
  • 4.1.1. Hitachi Transport System group of companies are shall include executives, directors, employees and/or internal personnel to
    • the extent and as necessary for the processing of your Personal Data.
  • 4.1.2. Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection
    • with the management/Processing of Personal Data for the Company in the provision of various services or any other services
    • which may be beneficial to you or relevant to the Company’s business operation.
  • 4.1.3. Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company.
  • 4.1.4. Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to
    • their lawful powers or relevant to the legal process or which were granted permission pursuant to applicable laws, such as Revenue
    • Department, Ministry of Commerce, Office of the Personal Data Protection Commission, etc.
  • 4.2. The disclosure of your Personal Data to third parties other than article 4.1 shall be in accordance with the Purposes or other
    • purposes permitted by law, provided that if the law requires your consent to be provided, the Company will request for your prior
    • consent. And the Company will put in place appropriate safeguards to protect the Personal Data that has been disclosed and to
    • comply with the standards and duties relating to the protection of Personal Data as prescribed by the Laws on Personal
    • Data Protection.
  • 4.3. Where the Company sends or transfers your Personal Data as specified in article 4.1 and 4.2.which are outside Thailand,
    • the Company will ensure that the recipient country, the international organization or such overseas recipient has a sufficient
    • standard for the protection of Personal Data. In some cases, the Company may request your consent for the transfer of your
    • Personal Data outside Thailand, subject to the requirements under Laws on Personal Data Protection.

5. Security of Personal Data

The Company has provide appropriate security measures to prevent of Personal Data as required by the law on Personal Data protection. It's covers management preventive measures, technical and physical safeguards in regard to access or control of access to Personal Data, to maintain confidentiality, integrity and completeness and the availability of Personal Data, to prevent the loss, unauthorized access, use, alteration, correction or disclosure of Personal Data.


6. Retention Period of Personal Data

The Company will retain your Personal Data for the period necessary to the purposes for which the Personal Data was processed, whereby the retention period will vary depending on the purposes for which such Personal Data. The Company will retain Personal Data for the period prescribed under the applicable laws (if any) and the Company will keep your Personal Data until the end of the lawsuit (if any).


After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company. In this regard, for additional details regarding the retention period of your Personal Data, you can contact the Company by using the contact details set out in article 9 contacting the Company.


7. Rights related to data subjects

  • 7.1. Under the Laws on Personal Data Protection and under the Company's rights management process, you have the rights follows:
  • 7.1.1. Withdraw the consent you have given to the Company for the processing of your Personal Data.
  • 7.1.2. Request to view and copy you're Personal Data or disclose the source where we obtain your Personal Data.
  • 7.1.3. Send or transfer Personal Data that is in an electronic form as required by Personal Data protection laws to other data controllers.
  • 7.1.4. Oppose the collection, use, or disclosure of Personal Data about you.
  • 7.1.5. Delete or destroy of your Personal Data.
  • 7.1.6. Suspend the use of your Personal Data.
  • 7.1.7. Correct your Personal Data to be current, complete, and not cause misunderstanding.
  • 7.1.8. Complain to the Personal Data Protection Committee in the event that the Company violate to comply with Personal Data
    • protection laws.
  • 7.2. If you wish to exercise any of the rights as specified in article 7.1. Please contact using the contact details set out in article 9
    • contacting the Company. However, may be cases where applicable law restricts the exercise of any rights or there may be cases
    • where the Company can refuse your request such as in the case of refusing to exercise your right to comply with the law or
    • court order. In the case of refusing to exercise your right to comply with the law or court order if the Company refuses your
    • request for such reasons. If you find that there is a violation of your Personal Data in accordance with the data protection law,
    • please contact the Company to clarify the reasons and take corrective action according to your complaint.
  • 7.3. In this regard, the process of receiving a request to exercise rights from you, the Company will consider and notify you within 30 days
    • from the date of receipt of the request form as required by the Personal Data Protection Law.

8. Changes to This Privacy Notice

The Company may change or update this Privacy Notice from time to time and if there is a change in the Company's Personal Data protection practices due to reasons such as technological change or legal changes. The amendment to this Privacy Notice will become effective when the Company publishes the revised version on the website as follows

However, if revision has an effect on you as the Data Subject, the Company will notify you in advance of the revision as appropriate before it becomes effective.


9. Contacting the Company.

If you have any questions about any aspect of the Company’s practices in relation to your Personal Data, the Company appreciate to advise, provide data, suggestions and resolve your complaints by contacting Personal Data Protection Officer (DPO), Corporate Group Compliance Department. By using the contact data provided below:

  • 9.1. By phone: 02 337-2086-99 Ext. 3111
  • 9.2. By E-mail: TST-Corporate-Compliance@hitachi-tstv.com
  • 9.3. By registered mail or express mail, sending a letter to:
    • Personal Data Protection Officer (DPO).
    • Corporate Group Compliance Department.
    • No. 11/8-11/9, Moo 9, Bangchalong, Bangplee, Samut Prakan10540.


..........................................................................



ISD-BLC1-LC-08_Privacy notice for Director and Shareholder_01-Jul-2021_Rev00