CUSTOMER PRIVACY POLICY
B.K. LATEX PRODUCT COMPANY LIMITED

Updated as of 8 December 2022

B.K. Latex Product Company Limited. (the “Company”, “we”, “us”, or “our”) recognizes the importance of the protection
of personal data. We follow security measures when collecting, using, and/ or disclosing your Personal Data (as defined below) in order to provide you with the best experience and customer service.

In operating our business, we may have to collect, use, and/or disclose the Personal Data of our past, current, and potential customers, including any other individuals who we receive Personal Data from (“you” or “your”) for certain purposes in relation to the business operation of the Company. 

This privacy policy (“Privacy Policy”) applies to our business operation via websites, telephone, email, call center, activity, post, online social media, online communication channels and other channels or places where we receive your Personal Data.

From time to time, we may revise and/or update this Privacy Policy. We will notify any substantial revisions and/or updates by posting the date our Privacy Policy was last revised and/or updated at the top of the Privacy Policy. We encourage you to carefully read this Privacy Policy and regularly check the Privacy Policy to learn the changes and/or updates we might take in accordance with the terms of this Privacy Policy.

1. WHAT PERSONAL DATA WE COLLECT

For the purposes of this Privacy Policy, “Personal Data” means any directly or indirectly identified or identifiable information as listed below.

We may collect your Personal Data directly or indirectly from other sources, such as other third parties (e.g. reference persons, brokers, employers), public domain (e.g. online social media), and third-party website or the relevant government agencies. The specific type of Personal Data which we collect will depend on the context of your relationship with us and the services or products you wish to receive from us. The followings are example of Personal Data which we may collect:

1. Personal information , such as title, name, surname, gender, age, occupation, date of birth, identifiabl information issued by the government sector (e.g. national identification card, passport, house registration, work permit), signature, and/or photograph;
2. Contact information, such as postal address, house registration address, national identification card address, workplace address, phone number, facsimile number, email address, LINE user account, Facebook account, and other information related to online social media;
3. Financial information, such as bank account information;
4. Transaction information, such as information in the documents related to such transaction (e.g. contract, receipt);
5. Technical information, such as Internet Protocol (IP) address, web beacon, log, device model and type, hardware-based identifiers such as universal device identifier (UDID), media access control information, software-based identifier such as identifier for advertisers for iOS operation system (IDFA), or identifier for advertisers for Andriod operation system (AAID), connection information, access information, single sign-on (SSO) information, login log, access time, time spent on our webpage, cookies, login data, search history, browsing detail, browser type and version, time zone setting and location, plug-in browser types and versions, operating system and platform, and other technology on devices used to access the platform;
6. Information related to relationship management, such as opening of customer account, management, operation, payment, dispute resolution, processing and reporting on behalf of the customer, such Personal Data may also include communication records with us;

If you provide Personal Data of any third party (such as emergency contact or other party) to us, e.g. their name, family name, address, relationship and contact information, you represent and warrant that you have the authority to do so
by (i) informing such other person about this Privacy Policy; and (ii) obtaining consents (where required by laws or necessary) to permit the Company to use the Personal Data in accordance with this Privacy Policy.

We do not intentionally collect your sensitive data (“Sensitive Data”) such as the Sensitive Data as appeared in the government issued documents (e.g. religion information on the national identification card). However, in case that we do, we will only collect, use, and/or disclose Sensitive Data on the basis of your explicit consent or where permitted by law.

We only collect the Personal Data of children, quasi-incompetent person and incompetent person where their parent or guardian has given their consent. We do not knowingly collect Personal Data from persons under the age of 20 without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian’s consent. In the event that we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required or from quasi-incompetent person and incompetent person without their legal guardians, we will delete it immediately or collect, use and/or disclose if we can rely on other legal basis apart from consent or where permitted by law.

2. WHY WE COLLECT, USE AND/OR DISCLOSE PERSONAL DATA

We may collect, use and/or disclose Personal Data for the following purposes:

2.1 THE PURPOSE OF WHICH WE RELY ON CONSENT:

We rely on consent for the collection, use, and/or disclosure of your Personal Data to provide you with certain marketing communications in which we cannot rely on other legal bases:  such as to provide you with marketing communications, information, special offers, promotional materials, tele-marketing, privilege, advertisement, newsletter, and any marketing and communications via online and offline channels about products and services provided by the Company.

Where the Company relies on consent as our legal basis for the collection, use and/or disclsoure of Personal Data,
you have the right to withdraw consent by contacting the Company (at the address set out in Section 9 below).
The withdrawal of consent will not affect the collection, use and/or disclosure of Personal Data and/or Sensitive Data that was previously consented before the withdrawal. If you do not give consent to the Company or subsequently withdraw your consent, the Company may not be able to provide our services to you.

2.2 THE PURPOSE THAT WE MAY RELY ON OTHER LEGAL BASES FOR COLLECTION, USE, AND/OR DISCLOSURE OF PERSONAL DATA

We may collect, use and/ or disclose Personal Data for the following purposes:

1. To operate our business: such as to offer products and services, to support and arrange other activities relating to such products or services, to provide souvenirs and privileges, to request necessary details, to use as evidence, to manage the accounting, and to proceed financial transaction;
2. To register and verify: such as to register, record, and examine the information, authenticate, and verify;
3. To contact and communicate: such as, to use for any contact and news/information delivery, to inform and invite to activities, to arrange activities;
4. To provide marketing communications: such as, to provide marketing communications, information, special offers, promotional materials, tele-marketing, privilege, advertisement, newsletter, and any marketing and communications via online and offline channels about products and services provided by the Company;
5. To manage relationship: such as, to consider the complaints in relation to the products and services obtained from us, to resolve the issues in the complaints and improve the services,
   and to coordinate with the relavant agencies in solving problems and improving the services;
6. To select and provide products or services which might be of an individual’s interest and tailored to individual’s needs: such as, to allow the Company to use the result from data cleansing and matching, data profiling and data analytics to recommend products and services that might be of an individual’s interest; to identify individual’s preferences, and customize the experience; and to develop website content and platforms to meet individual’s interests in the future;
7. To improve business operation, products and services: such as, to analyse, evaluate, and prepare a report for the Company, to oversee operation, coordinate, monitor, examine, and control the operation within the group companies in order to comply with the policies, rules, and standards, to evaluate
   the reliability and completeness of internal operation, to lay out the plans and strategies in relation to the public relations operation and organizational policies, and to improve the business operation or advance other lines of businesses;
8. To ensure the function of our websites, mobile applications, and platforms: such as, to administer, operate, track, monitor and manage our websites and platforms to facilitate and ensure that they function properly, efficiently and securely; to facilitate and enhance users experience on our websites, and platforms; and to improve layout and content of our websites and platforms;
9. To manage IT-related matter: such as, for IT management, management of communication system, IT security system and to control access to data and system and to conduct IT security audit; internal business management for internal compliance requirements, policies and procedures; and to revise and update our database;
10. To comply with legal obligations and orders from the government agencies: such as, where the Company has a reasonable ground to believe that they shall comply with the laws and/or orders or provide cooperation to such cases, to follow the legal proceedings or government authorities’ orders which include government authorities outside Thailand and/or cooperate with court, regulators, government authority and law enforcement bodies. We may have to disclose Personal Data to comply with the said legal provisions, proceedings or government orders. This includes internal investigation proceedings or crime/fraud prevention and/or establishment of legal claims;
11. To protect our interests: such as, to protect the security and integrity of our business or other revevant entities; to exercise our rights and protect the interests of the Company or other relevant entities where it is necessary and lawful to do so, for example to detect, prevent and proceed with matters in relation to any corruptions, intellectual property infringement claims or violations of law; to manage and prevent loss of our assets; to detect and prevent misconduct within the premises of the Company, to secure the compliance of the terms and conditions of the Company, or other relevant entities, to detect and prevent internal misconduct, to monitor incidents, to prevent and report criminal offences and to protect the security and confidence in the businesses of the Company;
12. Business transfer or merger: in case of sale, transfer, merger, organizational restructuring, or other event of the same nature, the Company may transfer your Personal Data to one or many other third party(ies) as part of such transaction;
13. To manage risks: such as, to perform risk management, performance monitoring and risk assessments; and/or
14. To provide security: such as, to prevent or suppress a danger to a person’s life, body, health, or asset, or for disease/epidemic control.

In case the Personal Data we collect from you is needed to meet our legal or contractual obligations or enter into an agreement with you, if we do not receive the Personal Data when requested, we may not be able to achieve the abovementioned purposes.

3. TO WHOM WE MAY DISCLOSE OR TRANSFER YOUR PERSONAL DATA

We may disclose or transfer your Personal Data to the following third parties who collect, use, and/or disclose Personal Data in accordance with the purposes under this Privacy Policy. You can visit their privacy policy to learn more details on how they collect, use and/or disclose Personal Data since you could also be subject to their privacy policies.

3.1 Our service providers

We may engage other companies, agents or contractors to perform services on our behalf or to accommodate the provision of services. We may disclose Personal Data to the third-party service providers, including, but not limited to,
(1) infrastructure, software, internet and website developers and IT service providers; (2) event organizers; (3) data storage and/or document destruction service providers; and/or.

In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to provide the services, and we will ask them not to use your Personal Data for any other purposes. We will take steps to ensure that all the service providers we work with will keep your Personal Data secure.

3.2 Third parties permitted by law

In certain circumstances, we may be required to disclose or share your Personal Data to third parties in order to comply with a legal or regulatory obligation. This includes any law enforcement agency, court, regulator, government authority, embassy, consulate, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety; or to detect, prevent, or otherwise address fraud, security or safety issues.

3.3 Professional advisors

We may have to disclose Personal Data to our expert advisors including, but not limited to,
(1) independent advisors, project advisors, financial advisors; (2) legal advisors who assist us in our business operations and provide litigation services such as defending or initiating legal actions; and/or (3) auditors who provide accounting services or conduct financial audit for the Company.

3.4 Other third parties

We may be required to disclose Personal Data based on the legal bases in accordance with the purposes as specified in this Privacy Policy to other third parties, such as the public, complainants or other third parties that we receive a request to access our CCTV records etc.

3.5 Third parties connected with business transfer

We may disclose or transfer your Personal Data to our business partners, investors, major shareholders, assignees or transferees in the event of any reorganization, restructuring, amalgamation, merger, acquisition, business transfer, in whole or in part, sale, purchase, joint venture, assignment, or any similar event involving transfer or other disposition of all or any portion of our business, assets or stock. If any of the above events occurs, the receiving party will comply with this Privacy Policy to respect your Personal Data.

4. CROSS-BORDERTRANSFERS OF PERSONAL DATA

We may disclose or transfer Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards as Thailand’s. We take steps and measures to ensure that Personal Data is securely transferred, the receiving parties have in place suitable data protection standard and the transfer is lawfully permitted under the applicable laws.

5. HOW LONG DO WE KEEP PERSONAL DATA

We retain Personal Data for as long as is reasonably necessary to fulfil purposes for which we obtained them and to comply with the relevant legal and regulatory obligations. However, we may have to retain Personal Data for a longer duration, as required by the applicable laws.

6. COOKIES AND HOW THEY ARE USED

If you visit our websites, cookies will gather or track certain information in relation to your use of our websites which
will be used to analyze trends, administer our websites, track users’ movements around the websites, or to remember users’ settings. Some of the cookies are necessary because without them, the site would not be able to function properly. Other cookies will help us to improve your experience on our websites and adjust the content to suit your needs which would make your browsing more convenient as the cookies remember the users (in a secure manner)
as well as your language preferences.

Usually, most internet browsers allow you to control whether or not to accept cookies. If you reject cookies, it might affect your use of the websites and your ability to use some or all of the features or areas of our websites may be limited. Please see our Cookies Policy for more details.

7. DATA SECURITY

As a way to protect personal privacy of Personal Data, we maintain appropriate security measures, which includes administrative, technical and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of Personal Data against any accidental or unlawful or unauthorized loss, alteration, correction, use, disclosure or access, in compliance with the applicable laws.

In particular, we have implemented access control measures which are secured and suitable for our collection, use, and/or disclosure of Personal Data. We restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user, access management to limit access to Personal Data to only authorized persons, and implement user responsibilities to prevent unauthorized access, disclosure, perception, unlawful duplication of Personal Data or theft of device used to store and process Personal Data. This also includes measures that enables the re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of collecting, using and/or disclosing of Personal Data.

8. OUR CONTACT DETAIL

If you wish to contact us to exercise the rights relating to your Personal Data or if there is any queries about your Personal Data under this Privacy Policy, please contact our Data Protection Officer (DPO) at: