2. Scope of Policy Enforcement
This policy applies to personal data processed by the Company of persons having a current and potential relationship with the Company, its officers, contractual employees, business units, or other forms of entities operated by the Company, including parties or third parties processing personal data on behalf of the Company (“Personal Data Processors”) under products and services, such as websites, systems, applications, documents, or other forms of service monitored by the Company (collectively referred to as the “Services”).
Persons having a relationship with the Company referred to in the first paragraph include
- individual customers;
- officers, workers, or employees;
- partners and service providers who are natural persons;
- directors, attorneys, representatives, agents, shareholders, employees, or other persons who have a similar relationship of a legal entity with the Company;
- users of the Company’s products or services;
- visitors or users of the website https://www.freshket.co, including other systems, applications, devices, or communication channels supervised by the Company; and
- other people that the Company collects Personal Data, for example, job applicants, family members of staff, guarantors, insurance policy beneficiaries, etc.
Clauses 1) to 7) are collectively referred to as “you”.
If there is a contradiction between the provisions of this Privacy Notice and the terms of this Policy, the subject matter of that service’s Privacy Notice will take precedence.
- Personal Data refers to information about a natural person, which allows the person to be identified, whether directly or indirectly, but does not include the deceased’s data.
- Sensitive Personal Data refers to personal data as defined in Section 26 of the Personal Data Protection Act, B.E. 2562 (2019), including race, ethnicity, political opinions, beliefs in a doctrine, religion, or philosophy, sexual behavior, criminal records, health information, disability, trade union information, genetic data, biological data, or any other information that affects the owner of the personal data similarly as specified by the Personal Data Protection Committee.
- Personal Data Processing means any action on personal data, such as collecting, recording, copying, organizing, maintaining, updating, changing, using, restoring, disclosing, forwarding, disseminating, transferring, merging, deleting, destroying, and so on.
- Personal Data Owner refers to a natural person who owns the personal data that the Company collects, uses or discloses.
- Personal Data Controller refers to a person or legal entity who has the authority to make decisions about the collection, use, or disclosure of personal data.
- Personal Data Processor means a person or legal entity who performs duties relating to collecting, using, or disclosing personal data according to an order or on behalf of a personal data controller. In this regard, a person or legal entity performing such actions is not the personal data controller.
4. Sources of Personal Data Collected by the Company
The Company collects or acquires various types of Personal Data from the following sources:
- The Company collects Personal Data directly from Personal Data Owner via service channels, such as job application processes, registration, job applications, signing contracts and documents, completing surveys, using products or services, or other service channels regulated by the Company, or when the data owner communicates with the Company at the office or through other contact channels regulated by the Company;
- The Company collects Personal Data from Personal Data Owner when accessing websites, products, or services under contracts or missions, for example, by tracking the behavior of the use of websites, products, or services of the Company by using Cookies or from software on the Personal Data Owner’s device, and so on; and
- Personal Data is collected by the Company from sources other than Personal Data Owner. Sources have the authority or legitimate grounds, or consent from the Personal Data Owner, to disclose the information to the Company, for example, linking the digital services of government agencies to provide comprehensive public benefits to the Personal Data Owner; receiving Personal Data from other government agencies as the Company is responsible for the mission of establishing a central data exchange center to support the operations of government agencies to provide the service for the public through digital systems, including the necessity to provide contractual services that may exchange Personal Data with contractual entities.
It also includes the case you provide Personal Data from third parties to the Company. If so, you must be responsible for notifying details under this Policy or announcements of products or services, as the case may be, to such third parties, as well as asking for consent from that person if it is a case where consent is required to disclose information to the Company.
If the Personal Data Owner refuses to give the Company the information it needs to offer its services, the Company may be unable to provide that service to the Personal Data Owner in whole or in part.
5. Collection of Personal Data
The Company will only collect Personal Data upon obtaining the prior consent of Personal Data Owner, except for the following cases:
- to comply with a contract in the case of collecting, using, or disclosing Personal Data for providing services or fulfilling the contract between Personal Data Owner and the Company;
- to prevent or suppress danger to life, body, or health;
- to comply with the law;
- to protect the Company’s legitimate interests if it is necessary for the legitimate interests in the Company’s operation. The Company will consider the data owner’s rights as a priority, such as fraud prevention, network system security, protection of the rights, freedoms, and the data owner’s interests;
- to carry out research or statistics in the case of preparing historical or notarial documentation for the public interest or in connection with research or statistics, which have provided appropriate safeguards to protect the rights and freedoms of Personal Data Owner; and
- to comply with the government mission in the public interest or to accomplish the obligations under the state’s power that have been allocated to the Company.
If the Company is required to collect your Personal Data for compliance with a contract, the performance of legal duties, or the necessity of entering into a contract, if you refuse to provide Personal Data or object to the execution of processing for the activity, the Company may be unable to perform or provide the services you have requested wholly or partially.
6. Types of Personal Data Collected by the Company
To collect and retain Personal Data, the Company will use lawful means and is limited to the extent necessary for the Company’s operations, which consist of
|Types of Personal Data||Details and Examples|
|Specific Personal Data||The data identifying your name or data identifying your specific data, such as your name and surname, age, date of birth, gender, citizen identification number, passport number, driver’s license number, signature, marital status, position, occupation, education, shareholder registration number, social account name, taxpayer identification number, job position, affiliation, nationality, insurance number or insurance card.|
|Contact Information||Information for contacting you, such as an address, telephone number, email address, business card, workplace, and social media account name.|
|Image Data||Image data, for example, data of your still images, motion images, or your assets, which are collected from closed-circuit television cameras, cameras when entering the company’s area.|
|Service User Account Information on the Platform||Service user account information on the platform, such as user account name, password.|
|Official document information||Your official document information, for example, copies of your ID card, house registration, passport, work permit, birth certificate, driving license, professional license.|
|Financial information||Your financial information, such as a copy of your bank account page, bank account number, credit card number, income, salary, credit limit information, transaction information, including information about the products you have purchased, prices, payment methods, and details of payments, income, taxes, provident funds, employee benefits (such as pension or insurance policy entitlements), and other relevant information (for example, withdrawing details or allowances).|
|Educational information||Educational information, for example, educational qualifications, educational background, transcripts, academic evidence.|
|Information about third parties involved||Information about relevant third parties, such as spouses, children, father/mother, emergency contacts, references, beneficiaries.|
|Information about the purchase of goods and services||Information about the purchase of goods and services, such as order history, interest in the purchase products and services, order number, request number.|
|Information collected by the Company or the automatic system from various devices of the Company||Information collected by the Company or the automatic system from various devices of the Company, for example, IP Address, cookies, service history and behavior, order history, voice, photos, motion pictures, chat, Geolocation.|
|Information received from the Company’s system or from being an employee||Information received from the Company’s system or from being an employee, for example, employee code, work permit number, attendance record and overtime working, absence and leave from work, username, password, history and usage behavior, images and/or video from CCTV.|
|Work information||Work-related information, such as career details, qualifications, skills, membership of professional organizations, experience, employer opinions, appraisal results, training, certification history, work history (CV or resume), professional license number.|
|Sensitive Personal Data||Your sensitive personal data, such as race, religion, disability information, medical information, criminal history, biological data (fingerprints) (face portraits), health information.|
8. Objectives of Personal Data Collection
The Company collects your Personal Data for several purposes, depending on the type of product or service, or activity you use, as well as the nature of your relationship with the Company or considerations in each context. The objectives stated below are just the general framework for the use of Personal Data. However, only the objectives related to the product or service you use or have a relationship with will apply to Personal Data.
- to enter into a contract or perform duties under the contract between the Company and the Personal Data Owner or perform duties under the contract between the Company and a third party for the benefit of the data owner;
- to answer questions and provide assistance to the Personal Data Owner;
- to develop and improve the Company’s products and services to be more responsive to the needs of Personal Data Owners;
- to provide information and recommend products, services, or marketing public relations, promotions, or benefits through the contact channels provided by the Personal Data Owner as the Personal Data Owner has given consent to the Company;
- to survey viewpoints, analyze, research, and prepare statistical data for marketing or development and improvement in the operations of the Company as you have agreed with the Company;
- for the benefit of necessary work management or internal operations of the Company under the legitimate interests;
- to inspect, supervise, and secure the Company’s buildings or premises;
- to comply with the laws related to the Company’s operations, such as withholding taxes;
- to provide information to government agencies with legal authority as requested, for example, the Royal Thai Police, the Anti-Money Laundering Office, the Revenue Department, and courts;
- to carry out any accounting and financial activities, such as auditing, notice and debt collection, the exercise of welfare rights, taxes, and evidence of transactions as required by law;
- for the legitimate interests of the Company, such as voice recording of complaints through the Call Center, and video recording through CCTV cameras;
- to be used in investigation and compliance with laws, regulations, or statutory duties of the Company;
- to use the information to verify the customer’s identity; and
- for other purposes with your express consent.
9. Forwarding and Disclosure of Personal Data
The Company will not disclose and forward your Personal Data to external agencies, except with your express consent or according to the following cases:
- laws or legal proceedings require disclosing information or disclosure to officials, government officers, or competent authorities to comply with lawful orders or requests.
10. Transferring or Forwarding Data to Foreign Countries
The Company may transmit or transfer Personal Data abroad by ensuring that the destination country or destination agency has adequate privacy protection standards and policies.
11. Duration of Collection of Your Personal Data
The Company will retain Personal Data only for as long as it is necessary for the purposes detailed in the Policy, announcements, or the relevant laws. However, after the period expires and Personal Data is no longer necessary for the said purposes, the Company will delete and destroy the data or make your data unidentifiable by the forms and standards of Personal Data deletion and destruction. However, if there are any disputes, rights exercises, or lawsuits involving your Data, the Company has the right to keep that Data until the dispute is resolved by a court order or verdict.
12. Protection of Personal Data
The Company will take appropriate technical and administrative measures to protect and secure your Personal Data by providing encryption for Personal Data transmission over the internet and controlling access to your Personal Data only for those involved, both in terms of data stored in the forms of documents and electronic files.
13. Connecting to External Websites or Services
The Company’s services may have links to third-party platform or services, which may have a privacy protection policy with material content different from this Policy. Therefore, the Company recommends that you study the privacy protection policy of such websites or services to know in detail before accessing them. The Company is not associated with and has no control over the privacy protection measures of such websites or services and cannot be responsible for the content, policies, damages, or actions caused by third-party websites or services.
14. Personal Data Protection Working Committee
The Company has appointed Personal Data Protection Working Committee to monitor, supervise, and advise on the collection, use, or disclosure of Personal Data, including coordinating and cooperating with the Office of the Personal Data Protection Commissioner to be consistent with the Personal Data Protection Act, B.E. 2562 (2019).
15. Your Rights under the Personal Data Protection Act, B.E. 2562 (2019)
You may exercise the rights provided by law and as outlined in this announcement as follows:
the right to withdraw consent: You have the right to withdraw your consent all the time, unless there is a restriction on your legal or contractual rights to your benefit. The withdrawal of consent will not affect the Processing of Personal Data you have given us previous consent;
the right to request access and obtain a copy of Personal Data, except the Company has the right to refuse your request by law or court order, or where your request will have an effect that may damage the rights and freedoms of others;
the right to request the correction of Personal Data to be up to date, accurate, complete, and not misleading. The Company can make corrections even if you do not request it;
the right to request deletion or destruction of or make Personal Data non-personally identifiable must be under the following circumstances:
4.1. when Personal Data is unnecessary to keep for such purposes;
4.2. when you withdraw your consent to collect, use, or disclose Personal Data, the Company has no legal authority to continue collecting, using or disclosing Personal Data anymore; and
4.3. when you object to collect, use, or disclose Personal Data, the Company has no legal authority to refuse it.
Except in cases where the Company has a legitimate reason to reject your request.
the right to obtain or request the transmission or transfer of your Data: If the Company has made the Personal Data in a form that can be read or used in general with tools or devices that are automatically operated and can be used or disclosed by automated means, unless the technical condition is not possible, or it is for the performance of duties for the public interest, compliance with the law or the exercise of rights that violate the rights or freedoms of others;
the right to object: You have the right to object to the collection, use, or disclosure of Personal Data at any time under the following circumstances:
6.1 in the case of Personal Data that the Company operates under legitimate interest, unless the Company has demonstrated a more important legal ground or established a legal claim, compliance, or exercise of legal claims, or raising the defense of legal claims against a legal claim;
6.2 for direct marketing purposes; and
6.3 for scientific research, history, or statistics, unless the Company requires to carry out for the public interests.
the right to request suspension of the use of personal data in the following cases:
7.1 when the Company is in the reviewing process for the request you have made to correct the Personal Data to be correct, accurate, current, complete, and not cause misunderstanding;
7.2 when it is Personal Data that must be deleted or destroyed;
7.3 when such Personal Data is no longer necessary because you need to request the retention of your Personal Data to establish a legal claim and compliance, exercise a legal claim or raise the defense of a legal claim; and
7.4 when the Company is in the process of proving its right to refuse an object request for the collection, use, or disclosure of Personal Data.
16. Penalties for Non-Compliance with the Privacy Protection Policy
Failure to comply with this Policy may result in an offense and disciplinary action under the Company’s rules (for officers or operators of the Company) or the Personal Data Processing Agreement (for the Personal Data Processors). However, it depends on the case and relationship you have with the Company and may be penalized as required by the Personal Data Protection Act, B.E. 2562 (2019), including secondary laws, rules, regulations, and relevant orders.
17. Complaints to the Regulatory Authority
In the event that you find that the Company fails to comply with the Personal Data Protection Law, you have the right to complain to the Personal Data Protection Committee or the competent regulatory authority appointed by the Personal Data Protection Committee or the law. However, before making such complaints, the Company asks you to contact the Company so that it has the opportunity to be informed of the facts and clarify the issues, including addressing your concerns first.
18. Amendments of the Privacy Protection Policy
The Company may consider modifying, amending, or changing this Policy as it deems appropriate and will notify you through the website at https://freshket.co/en/privacy-policy by indicating the effective date of each revised version. However, the Company recommends that you regularly check for the latest version of this Policy through the channels for activities carried out by the Company, especially before you disclose Personal Data to the Company.
Access to the Company’s products or services after the enforcement of the new Policy is considered an acknowledgment of the terms of the new Policy. Please stop using it if you disagree with the details in this policy and contact the Company for further clarification of the facts.
19. Contact, Inquiry, or Exercise
If you have any questions, suggestions, or concerns about the Company’s collection, use, and disclosure of Personal Data or about this Policy, or you wish to exercise your rights under the Personal Data Protection Law, you can inquire at:
Personal Data Protection Working Committee
Contact: No. 1624/2 Sutthi Building, 3rd Floor, New Phetchaburi Road, Makkasan Subdistrict, Ratchathewi District, Bangkok 10400
by informing the following information for the exercise of the rights of the Personal Data Owner:
- Name, Surname, ID Card Number/Passport Number
- Doubts about Personal Data or rights to use by law
- Telephone number and address for contact