TH EN

Privacy Policy

for Personal Data Protection Act. (PDPA)

        SumiRiko Eastern Rubber (Thailand) Ltd. was incorporated in Thailand since July 27th, 1995. Aim to operate business in automotive industry in the implementation of the mission objectives. The Company needs to collect, use and disclose personal data in many areas and in large numbers. The Company recognizes the privacy and rights of personal data owners those the Company collected for processing. Therefore, the Company has established the personal data protection policy for the framework and guideline for related parties as follows:

    DEFINITION :

        1 “Company” or SRK-ER means SumiRiko Eastern Rubber (Thailand) Ltd.

        2 “Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly.

        3 “Data Controller” means SumiRiko Eastern Rubber (Thailand) Ltd., as the juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.

        4 “Data Processor” means any outsource or subcontractor who operates in relation to the collection, use or disclosure of The Personal Data pursuant to the orders given by or on behalf of the Company.

        5 “Data Owner” or “Data Subject” means the person whose personal data was collected, used or disclosed by the Company.

Privacy Policy

1. Principles of Processing Personal Data

        The Company will process personal data on the basis of the explicit consent of the data subject unless there is a legal requirement to do so without consent. The Company shall process personal data in accordance with the following principles.

    The Company shall :

        (1) Process personal data on lawful basis and in a transparent manner in relation to a data subject.

        (2) Process personal data only to the extent necessary for achieving the purposes specified in advance.

        (3) Store personal data for the period necessary for achieving the purposes.

        (4) Maintain personal data accurately and kept up to date to the extent necessary for the purposes.

        (5) Process personal data by implementing appropriate technical and organizational measures.

2. Purposes of personal data processing

        The Company will process personal data for the purposes those have been notified to the personal data subject. In case there is a new purpose and the personal data is required for that new purpose the company will notify and obtain consent from the data subject in advance.

        The Company will collect personal data as necessary for lawful purposes. Righteousness and in accordance with of the organization and the mission company has clearly defined the purpose of personal data on the Record of Personal Data.

3. Legal basis of processing personal data

    The Company shall process personal data based on one of the following legal bases:

        (1) The processing is necessary to perform the obligations under the contract with the data subject.

        (2) The processing is necessary to perform the obligation under the Law.

        (3) The processing is necessary to secure legitimate interests pursued by the Company.

        (4) The processing on which has been obtained the consent of the data subject or

        (5) The processing is necessary on other lawful basis (if any).

4. Providing personal data to a third party

        The Company will use or disclose personal data on the purposes with the explicit consent of the data subject. In the event that personal data is provided or disclosed to a third party, the Company will supervise the recipient of the personal data to use on the specified purpose only. The trans border of personal data collected by the Company may only be done in the event that the recipient of the personal data at the destination has adequate personal data protection standards. If not, but there are grounds, For submitting the personal data, the Company will notify the owner of the personal data and obtain consent before submitting.

        Transferring personal data to foreign affiliates, the Company has provided the policy for transferring personal data to foreign affiliates (Binding Corporate Rules-BCR) as a practice requirement.

5. Safeguards for the protection of personal data

        The Company shall implement appropriate, necessary measures including measures against, including but not limited to, illegal access, computer viruses to prevent incidents such as loss, destruction, manipulation or leakage of personal data. The Company shall also provide appropriate, necessary supervision over all kinds of personal data to ensure the protection of personal data.

6. Quality of Personal Data

        The Company shall not collect Personal Data from any other sources, apart from the data subject directly. In case of necessary to collect the data from any other sources, the Company shall inform the data subject of such the collection without delay, but shall not exceed thirty days upon the date of such collection, and has obtained the consent from the data subject. The Company shall not collect sensitive data except necessary case with specified purpose and with explicit consent from the data subject. The Company shall ensure that the Personal Data remains accurate, up-to-date, complete, and not misleading.

7. Taking actions on the rights of data subjects

        The Company shall take appropriate actions on the data subject’s requests on the processing of personal data concerning him or her in accordance with applicable laws and regulations. The Company shall respond to requests of the data subject specified below:

        7.1 Access to and obtain the personal data related to him or her.

        7.2 Rectification or erasure of the personal data.

        7.3 Restriction on the processing of the personal data.

        7.4 Lodging a complaint against the processing of the personal data.

        7.5 Request the Data Controller to erase or destroy the Personal Data.

        7.6 Data portability of the personal data.

        7.7 Withdrawal of consent on the processing of the personal data.

        7.8 Contest against the processing of the personal data.

8. Principle of System Openness

        This policy, Guideline of personal data management and necessary internal rules the Company established or provided, personal Data subject or any person concern can have the right to ensure all those the company manage to his personal data.

9. Data Controller Contact

    The contact information of the Company is as follows;

        HEAD OFICE / FACTORY 1 (IPP Plant) International Polymer Park 111/3 Moo 2, Soi Nikom 13 Rd, T.Makhamkoo,A.Nikompattana,Rayong 21180 Thailand

        Phone number: +66 0-3891-8088

        FACTORY 2 (ESIE Plant) Eastern Seaboard Industrial Estate 300/9 Moo 1 T.Tasit,A.Pluakdaeng, Rayong 21140 Thailand.

        Phone number: +66 0-3892-7500

        Email : srker@er.sumiriko.com

    Data Protection Officer : dpo@er.sumiriko.com


Disclaimer

This Privacy Policy is the property of SumiRiko Eastern Rubber (Thailand) Ltd., all rights reserved by law under copyright law You may not duplicate any information. From this Privacy Policy (in whole or in part) improve, modify, modify or transmit or use for commercial purposes. without notifying the company and with written permission