Personal Data Protection Policy
Sabina Public Company Limited and Sabina Fareast Company Limited (collectively referred to as “Company”) recognize the importance of personal data and other related personal data (“Data”) for the confidence that the company is responsible for data collection, use, or disclosure of personal data under the Personal Data Protection Act B.E. 2562, including other related laws. This Personal Data Protection Policy (“Policy) is to clarified the data collection, use, or disclosure of personal data by the Company as the following:
Scope of Policy
This Policy is applied to personal data of internal person currently related to the company and may occur later, which processed by the Company, officers, contractual employees, business entities or other forms of entities operated by the company and including contracting parties. Or the third parties who process the personal data on behalf of the company (“Data Processor”) under products and services such as websites, systems, applications, documents, and other forms of services controlled by the company (collectively referred to as “Services”).
Persons who related to the company in accordance with the provisions of the first paragraph, articles 1-6 as detailed below collectively referred to as "Service User”
1. Individual Customers
2. Officer, workers, or employees
3. Partners and service providers
4. Directors, attorneys, representatives, shareholders, employees, or other persons having a similar relationship of legal entities that are related to the company
5. Users of the company's products or services
6. Visitors or users of www.sabina.co.th; including system, applications, devices, or other communication channels operated by the Company
7. Other persons that the Company collect personal data such as job applicants, family member of employees, guarantors, and beneficiaries, etc.
In additional, the company may announce the policy of privacy (“Announcement”) for products or services of the company in order to inform the Data Subject to acknowledge the personal data that been processing regarding to the objective of Laws. The period of personal data retention and the right of personal data which the Data Subject have over the products or services. In case of conflict of the importance between the term of this policy and the privacy, subject to the term of this policy of such services.
This Privacy policy is effective with services provided by the company only. Not effective with other applications or websites which the company has no authorize to control, and is responsibility of the service users to agree and study the Privacy Policy for the use of applications, services, or websites
In case of the users disagree with this Privacy Policy or other revised editions, the company reserves the right to prohibit or not allow such users to use the Company's services. Due to the processing of personal data under this policy, has a direct effect on the performance provided by the company. However, the users still use the company's services, such users will always be deemed to accept this policy.
The company may update this Policy at any period to comply with relevant practices and laws, also the services of the company. The company shall notify the users for any changes by announcing the revised edition. The revised edition is deemed to be effective since the company make announcement.
Data Collected by the Company
The company will collect and processing personal data from the service users as follows:
1. Personal information, such as name, surname, age, dated of birth, nationality
2. Contact information, such as accommodation, telephone number, e-mail
3. Financial information, such as credit card, saving account number
4. Transaction data, such as username, password, transaction history, including the interest of users
5. Information of equipment or tools, such as IP Address, data usage, configure and connection to the browser of the device the user uses to use the company's services
6. Other information, such as sound, image, animated image, CCTV
Data Processing Purposes
1. The company has a necessity to collect and use of personal data for the provision of services specified. For company's terms of service including verification and follow up on transactions of service users to check payment terms, service fees, and for communication with service users, etc.
2. The company has a necessity to collect and use of personal data for analysis the users interest in order to offer the right privilege and services, and to improve relationship with the service users.
The company has a necessity to collect and use of personal data for purpose of providing services and supports such as feedback or comment after services.
4. The company has a necessity to collect and use of personal data to comply the laws and regulations such as withholding tax document or other operations determined by law.
5. The company has a necessity to collect and use of animated image and photographs in order to maintain security for employees, service users, and other persons in building or surrounding; or to use as evidence for crime and accident occur in area of the company.
The Company will keep and collect personal data of the service users throughout the period and the company reserves the right to keep the information for a period not less than 3 years after the user cancels the service. For benefits of protecting and defending the rights of the company including the relevant laws that require the company to have a duty to keep personal data for other periods. The Company may be required to retain information for a period longer than 3 years.
Disclosure of personal data
According to the specified conditions of service, the company may need to disclose the personal data of services users in the following cases:
1. The Company may need to disclose to the other service providers appointed by the company to assist in supporting the Company's services such as consultants, service contractors, transport contractors, including those providing evaluation services such as Google Analytics. However, the Company shall disclose information as necessary only.
2. The company may disclose by keeping personal data in the computer system, including: setting up your own server, Amazon AWS, Microsoft Azure, etc.
3. The company may disclose information with the necessity of the benefit to protect and defend the rights of the company or to prevent and investigate the nature of wrongdoing related to the use of the Company's services by the service users.
4. In case that the company is legally obligated or subject to judgment or the order of Government, the company may need to disclose information to such agencies in order to perform their duties under the law.
Cookie Policy
Cookies are text files storing on user’s computer device for storing data or entering websites or behavior of users. In order to guarantee efficiency in providing the Company's services to users, it is necessary to use different types of cookies for different purposes, as listed below.
1. Functionality Cookies: Used to remember what users choose or set on the platform such as username, language, fonts, and platform formats to present information that meets the needs of individuals according to the selected settings.
2. Advertising Cookies: To memorize what you have visited and the uses of service to present products or services that relevant to the interests of the users and for assessment the effectiveness of using the various functions of the system.
3. Strictly Necessary Cookies are the type of cookies that are necessary for the functioning of company’s service. Also, necessary to make use of the users thoroughly and safely.
Although the use of cookies is useful in enhancing the performance of the service, and services of the company. In case the users request to delete cookies settings on their own browser, they have the right to do. However, the users should acknowledge that the action may affect the Company's services according to the stated purpose of the cookies function.
Direction of Personal Data Protection
The Company ensures that appropriate security is appied to prevent the unauthorized access, use, alteration, or disclosure of personal data without permission. The Company has established internal guidelines to determine the right to access or use of personal data subject to keep such data confidentially and secure. The company manage to review such measures periodically for appropriateness according to the relevant laws.
Rights of Data Subject
The company acknowledges and respect the legal rights of users that ralated to personal data as followings.
1. Right to access and request access to and obtain a copy of the Personal Data related, including to request the changes of the Personal Data.
2. Right to apply for personal data in case the Company has made the personal data in a form that is readable and usable by automatic tools or devices and usable or revealable personal data by automated method, including the right to request the Company to submit or transfer personal data in such format to other personal data controllers.
3. Right to restriction of data processing
4. Right to request for erasure or destroy, or make the personal anonymous. If such data is unnecessary or when the Data Subject exercise the right to withdraw consent or exercise the right to objection.
5. Right to request for suspension of the use of personal data in case that the personal data needed to be erased or unnecessary.
6. Right to withdraw consent in the processing of information provided by the service users.
The service users can contact the Company in order to make the request to exercise any defined rights through the defined channel without any charge and the Company will consider and notify the service users determination within 30 days after the receipt of the User’s valid request.
Contact Information
Sabina Fareast Company Limited is authorized to be the coordinator regarding the protection of personal information of the Company. In case you have any questions or would like to exercise your rights as defined on this announcement, please contact us:
Data Protection Officer
Announced On 13 May 2022
Employee’s Privacy Policy
Sabina Public Company Limited and Sabina Fareast Company Limited as the employer (the "Company") issued this Announcement on Employee’s Privacy Policy in order to inform the director, management and employee (collectively referred to as the "Employee") regarding their rights and the conditions for the collection, storage, use, process and disclosure of the their personal identifiable information as follows
Clause 1 This Announcement is called “Announcement Re. Employee’s Privacy Policy” and shall become effective from the announcement date onwards.
Clause 2 All the announcement, regulation, instruction, operational manual and/or other guidelines that the Company has issued before this Announcement shall remain binding, except in the circumstance that there is any discrepancy between the provisions under this Announcement and those existing documentation where the provisions under this Announcement shall prevail; provided that this Announcement shall not affect the prior transaction or actions already executed.
Clause 3 The process of the Employee’s personal identifiable information (PII) under this Announcement is undertaken based on the Company’s necessity to perform their obligations as the employer in the following manners: (a) the contractual performance under the employment agreement entered into with the Employee; (b) the employee’s legal obligation to provide the labor protection and social welfare services to the Employee; and (c) other legal obligations that the Company would be subject to under the applicable laws, including without limitation the tax obligations. Based on these defined necessities, as long as the Employee remains the Company’s employee, the Company reserves the rights to collect, store, use, process and disclose the Employee’s PII in accordance with the terms and conditions defined hereunder.
Clause 4 The Company may adjust or amend this Announcement from time to time in order to assure the compliance with the applicable laws and the application of the Announcement with the change in employment types or benefits as agreed between the Company and the Employee; provided that the Company shall post the amended Announcement at the Company’s office and the amended Announcement shall become effective once post.
Clause 5 The Company may obtain the Employee’s PII from these following sources: (a) directly from the Employee; (b) indirectly from the reliable source, including the previous employer of the Employee, headhunters or other relevant service providers; and (c) through the collection and analysis undertaken at the Company’s discretion during the employment pursuant to the terms and conditions defined. For the avoidance of doubt, the Employee’s PII being processed by the Company would include the following:
1 Directly identifiable information, such as name, identification card number and copy, age, date of birth, nationality;
2 Contact PII, such as post address, telephone number and email;
3 Qualification PII, such as education background, work background, capacity, criminal records and health records;
4 Payment PII, such as bank account number, the financial transaction information of the relevant Employee, social security number as well as other PII relating to employment insurance and provident fund (if any);
5 Work Record PII, such as the log-in time recorded through the system and the performance assessment undertaken by the Company’s supervisor and leave records.
6 Other information, such as sound, image, animated image, CCTV
Clause 6 The Company is processing the Employee’s PII as defined under Clause 5 under the key framework defined under
1 The Company would need to collect, store, use and process the Direct PII and Qualification PII in order to (a) assess the qualification and suitability of the Employee’s qualification before being employed; and (b) to re-assess the performance during the employment terms; provided that for this specific purpose, the Company shall also be entitled to adjust and update those relevant PII as appropriate throughout the employment terms;
2 The Company would need to collect, store, use and process the Contact PII in order to contact and coordinate with the relevant Employee;
3 The Company would need to collect, store, use and process the Payment PII in order to perform the Company’s contractual performance in providing the payroll and other fringe benefit to the Employee as defined under the employment agreement; and to perform the Company’s legal obligations relating to tax and other social security or welfare as prescribed under the applicable laws.
4 The Company would need to collect, store, use and process the Work Record PII in order to assess the performance and capacity of the relevant Employee; or to consider imposing the applicable sanction on the non-compliant Employee as defined under the employment agreement and as the Company’s legitimate interests.
5 The Company would need to collect, store, use and process moving image data, photographs, in order to maintain security for employees, service users and other persons entering and surrounding the Company. or used as evidence in the event of a crime or accidents that occur within or around the building and place
Clause 7 The Company intends to store the Employee’s PII throughout the employment terms and at least 3 years after the termination; provided that the PII being processed after the employment termination shall be limited only to protect the Company’s legitimate interests.
Clause 8 In order to assure the Employee’s benefits and rights as defined under the employment agreement, the Company may need to disclose the Employee’s PII to the following persons under the defined conditions as follows:
1 To disclose the Employee’s PII to the Company’s third party service provider that has been engaged in providing supports to the Company in their performance as the employer, including without limitation the insurance agency, human resource management service provider, human resource development service providers and other supporting contractor; provided that the PII shall be shared only on the need-to-know basis;
2 The Company may disclose the Employee’s PII in the usage of the storage service on Computer On-premise
3 The Company may be obliged under the applicable laws to disclose the Employee’s PII to the relevant government authorities (i.e. Revenue Department or Social Security Office); or may be obliged under the applicable laws, court judgment or administrative order to disclose any PII of any particular Employee and the Company would need to do so; provided that the Employee shall do so only on the necessary basis.
Clause 9 The Company undertakes that the Company shall use the most appropriate security measures to prevent the unauthorized access, amendment or disclosure of the PII in any form or in any circumstance by either internal or external persons and the Company commits to review those measures on the regular basis with the strong commitment to be in strict compliance with the applicable laws.
Clause 10 The Company respects the following rights relating to the PII of the Employee as defined under the applicable laws:
1 Right to access; to request for the copy; and to rectify or update their own PII
2 Right to request for data portability of the PII that the Company has processed in the readable forms by the tools or automatic mechanics to other data controller;
3 Right to object to the PII process being undertaken;
4 Right to request for the erasure or de-identification of any PII that does not have any necessary basis to process, i.e. after the consent withdrawal;
5 Right to request for the suspension of PII process in case that request for erasure is being exercised or when it is unnecessary to process such PII;
6 Right to withdraw consent that has been given.
The Employee can contact the Company in order to make the request to exercise any defined rights through the defined channel without any charge and the Company will consider and notify the Employee of the Company’s determination within 30 days after the receipt of the User’s valid request.
Contact Information
Sabina Fareast Company Limited is authorized to be the coordinator regarding the protection of personal information of the Company. In case you have any questions or would like to exercise your rights as defined on this announcement, please contact us:
Data Protection Officer
Announced On 13 May 2022
Privacy Policy for Customer
Sabina Public Company Limited and Sabina Fareast Company Limited recognize the importance of the protection of your personal data. This Privacy Policy explains our practices regarding the collection, use or disclosure of personal data including other rights of the Data Subjects in accordance with the Personal Data Protection Laws.
Collection of Personal Data
We will collect your personal data that receive directly from you as following:
- your account registration
- Facebook Login
Types of Data Collected
Personal data such as name, surname, age, date of birth, nationality, identification card, passport, etc.
Contact information such as address, telephone number, e-mail address, etc.
Account details such as username, password, transactions history, etc.
Proof of identity such as copy of identification card, copy of passport, etc.
Transaction and Financial information such as purchase history, credit card details, bank account, etc.
Technical data such as IP address, Cookie ID, Activity Log, etc.
Othersuch as photo, video, and any other information that is considered as personal data under the Personal Data Protection Laws.
Children
If you are under the age of 20 or having legal restrictions, we may collect use or disclose your personal data. We require your parents or guardian to be aware and provide consent to us or allowed by applicable laws. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
Storage of Data
We store your personal data as hard copy and soft copy.We store your personal data by using the following systems:
- Third-party server service providers outside of Thailand
Use of Data
We use the collected data for various purposes:
- To create and manage accounts
- To provide products or services
- To improve products, services, or user experiences
- To share and manage information within organization
- To conduct marketing activities and promotions
- To provide after-sales services
- To gather user’s feedback
- To process payments of products or services
- To comply with our Terms and Conditions
Disclosure of Personal Data
We may disclose your personal data to the following parties in certain circumstances:
Service Providers
We may use service providers to help us provide our services such as payments, marketing and development of products or services. Please note that service providers have their own privacy policy.
Cross-Border Data Transfer
We may disclose or transfer your personal data to third parties, organizations or servers located in foreign countries. We will take steps and measures to ensure that your personal data is securely transferred, and the receiving parties have an appropriate level of personal data protection standard or as allowed by laws.
Data Retention
We will retain your personal data for as long as necessary during the period you are a customer or under relationship with us, or for as long as necessary in connection with the purposes set out in this Privacy Policy, unless law requires or permits a longer retention period. We will erase, destroy or anonymize your personal data when it is no longer necessary or when the period lapses.
Data Subject Rights
Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:
Withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
Data access: You have the right to access your personal data that is under our responsibility; to request us to make a copy of such data for you; and to request us to reveal as to how we obtain your personal data.
Data portability: You have the right to obtain your personal data if we organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
Objection: You have the right to object to collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
Data erasure or destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or retention of the data by us is no longer necessary in connection with related purposes under this Privacy Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
Suspension: You have the right to request us to suspend processing your personal data during the period where we examine your rectification or objection request; or when it is no longer necessary and we must erase or destroy your personal data pursuant to relevant laws but you instead request us to suspend the processing.
Rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
Complaint lodging: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.
You can exercise these rights as the Data Subject by contacting our Data Protection Officer as mentioned below. We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reason via SMS, email address, telephone, registered mail (if applicable).
Advertising and Marketing
To enable you to receive benefits from using our products or services, we use your personal data to analyze, personalize and enhance our products or services, and marketing efforts through Google, Facebook, pixel tracking code and others. We use such information to provide you with customized and personalized recommendations for products or services we think will be of interest to you.
Our website may display advertisements from third parties to facilitate our services such as Google AdSense, BuySellAds. These third parties may access your personal data only to perform these tasks and are obligated not to disclose or use it for any other purpose.
Cookies
To enrich and perfect your experience, we use cookies or similar technologies to display personalized content, appropriate advertising and store your preferences on your computer. We use cookies to identify and track visitors, their usage of our website and their website access preferences. If you do not wish to have cookies placed on your computer you should set their browsers to refuse cookies before using our website.
Data Security
We endeavor to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls.
Data Breach Notification
We will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, we will also notify the personal data breach and the remedial measures to you without delay through our website, SMS, email address, telephone or registered mail (if applicable).
Changes to this Privacy Policy
We may change this Privacy Policy from time to time. Any changes of this Privacy Policy, we encourage you to frequently check on our website.
This Privacy Policy was last updated and effective on 25th February 2022
Links to Other Sites
The purpose of this Privacy Policy is to offer products or services and use of our website. Any websites from other domains found on our site is subject to their privacy policy which is not related to us.
Contact Information
Sabina Fareast Company Limited is authorized to be the coordinator regarding the protection of personal information of the Company. In case you have any questions or would like to exercise your rights as defined on this announcement, please contact us:
Data Protection Officer
Announced On 13 May 2022
Privacy Notice for the Shareholder’s Meeting
Sabina Public Company Limited
Sabina Public Company Limited realizes the importance of personal data of shareholders and/or proxy holders. This privacy notice, pursuant to the Personal Data Protection Act B.E. 2562 (2019), shall be applied for the collection, use, disclosure, and processing of personal data to verify the identity of shareholders and/or proxy holders directly and/or indirectly. Shareholders are kindly requested to study the practices and rights for a clearer understanding. Thus, in case that any shareholders appoint a proxy to attend the meeting on his/her behalf, the proxy holder shall also be informed of these practices.
1. Personal Data to be Collected
The company will receive and collect personal data directly from shareholders and/or proxy holders and from Thailand Securities Depository Company Limited, The company’s share registrar. Personal data consists of the following:
1.1 General personal information such as title, name, surname, date of birth, age, address, ID card number. The code on the back of the ID card Passport number Proof of name-surname change, postal code, phone number Fax Number E-mail Shareholder Identification Number Bank account numbers, photographs, sounds, animations or both sound and motion pictures from video recordings and/or from information technology systems. and/or from broadcasting via electronic media or by any other method that the Company has provided
1.2 Sensitive personal data including facial image data for identity verification through face recognition and recognition systems
2. Purpose of Collection, Use and Disclosure of Personal Data
The company collects, uses, and discloses personal data for the following purposes:
2.1 To call, arrange and conduct the Annual General Meeting of Shareholders of the company pursuant to the company Articles of Association as well as applicable laws, notifications and criteria for meeting arrangement and preparation of minutes
2.2 To probably disclose personal data to persons or agencies related to items 2.1 including but not limited to the meeting consultants
3. Rights of Data Owners
The data owners have the rights, pursuant to the Personal Data Protection Act B.E. 2562 (2019), to withdraw consent, to request access to and obtain a copy of their personal data, to request for correction and deletion or destruction of their personal data, to limit the use of personal data, to request for personal data transfer according to the methods prescribed by the law as well as to lodge a complaint and to object the collection, use or disclosure of their personal data.
4. Personal Data Retention Period
The company will retain personal data under item 1 within the period specified by relevant laws and/ or as deemed necessary to achieve the purpose under item 2.
5. Contact Information Data Protection Officer
Data Protection Officer
12 Arun-Amarin Rd., Arun-Amarin, Bangkok Noi, Bangkok, 10700
02-422-9430
Announced On 13 May 2022