At Scandinavian Publishing Co., Ltd. (“The Company”), we highly value the protection of personal data and are committed to ensuring compliance with the Personal Data Protection Act 2019. This Data Protection Policy outlines our practices concerning the collection, storage, and usage of personal data, as well as the rights of individuals whose data we process. We hereby announce this policy to inform data subjects of our approach to personal data protection as follows:
Personal data: This term refers to information that can directly or indirectly identify an individual.
Sensitive personal data: This category encompasses information of a personal nature that is also sensitive and carries the potential for harm, including nationality, race, political views, religious beliefs, philosophy, sexual orientation, criminal history, health information, disability status, labor union association, genetic data, biometrics, and other information that could affect individuals similarly, as defined by the Personal Data Protection Committee.
Personal Data Protection Committee: This refers to the committee authorized to oversee, establish criteria, and define measures and guidelines pertaining to personal data protection in accordance with the Personal Data Protection Act 2019.
Personal data collection
The Company will collect personal data only when necessary, adhering to legal and ethical standards for collection methods. Data subjects will be informed of the purpose and requested to provide their consent, either electronically or through our established processes. In cases where sensitive data is collected, explicit consent will be obtained from the data subject, unless the Personal Data Protection Act 2019 or other applicable laws exempt such data from explicit consent requirements.
Purposes of Personal Data Collection and Usage
Personal data collected by the Company will be utilized for various operational purposes, including procurement, contract execution, financial transactions, business activities, coordination, collaboration, and quality improvement, such as database analysis and operational enhancement. Data will be stored and used in accordance with the communicated purpose and within legal limits.
The Company will not use personal data for purposes beyond the original collection objective, except under the following circumstances:
1. The new objective had been communicated to the data subject and consent was given by the data subject.
2. Required by the Personal Data Protection Act or other related laws.
Sharing of personal data
Personal data will not be shared without the explicit consent of the data subject, and it will only be shared for specified purposes. However, to facilitate business operations and services, the Company may need to share personal data with subsidiaries and other domestic or international entities, such as related service providers. When sharing personal data with third parties, the Company will enforce strict confidentiality and usage guidelines, aligning with the defined purpose.
In addition, the Company may disclose personal data under legal circumstances, such as sharing data with government agencies, public entities, and regulators as required by law (e.g., for legal proceedings, lawsuits, or requests from private entities or other third parties related to legal processes).
Guidelines for protecting personal data
The Company will establish measures in compliance with applicable laws, regulations, principles, and operational guidelines to ensure the security of personal data of employees and related parties. Furthermore, the Company will promote employee education and awareness concerning their roles and responsibilities regarding personal data collection, storage, usage, and sharing. Employees are expected to adhere to the Company’s policies and guidelines for personal data protection to ensure accurate and efficient compliance with data protection laws.
Personal data subject rights
Personal data subjects have the following rights:
- The right to withdraw previously given consent regarding personal data process. Such withdrawal shall not retrospectively affect the collection, usage, or disclosure of personal data which had already been consented to.
- The right to access and copy personal data including disclosure of personal data collected without consent.
- The right to make corrections to personal data.
- The right to delete personal data.
- The right to terminate personal data usage.
- The right to transfer personal data.
- The right to oppose personal data processing.
The data subject can invoke any of the above rights by submitting a written letter or email to the Company via the channels described below. The Company will process the request and send the results within 30 days from the date of receipt. The Company may reject the request depending on its legal obligations.
Personal Data Protection Policy Review and Amendments
The Company may periodically revise this policy to align with changes in the law, operational adjustments, or recommendations from other business entities. Any planned modifications to this policy will be communicated in advance to stakeholders.
For any inquiries or requests related to personal data protection, please contact us through the following channels:
Scandinavian Publishing Co., Ltd.
211 Soi Prasert-Manukitch 29
Bangkok 10230 – Thailand