TM

Personal Data Protection Act (PDPA) Zenbio Co., Ltd.

Introduction

Zenbio Co., Ltd. (collectively, “The Company”) recognizes the importance of personal data protection and respects the privacy rights of the data subject. For the purpose of statutory compliance and the business objective of The Company in relation to the collection, usage and disclosure of personal data to be protected to comply with the law and regulations, The Company establishes the Personal Data Protection Policy (“Privacy Policy”) under the Personal Data Protection Act B.E. 2562 (2019) (as amended) and other applicable laws and regulations (“PDPA”).

1. Scope

In order to inform the data subject of the Privacy Policy, The Company establishes the procedures and guidelines on personal data protection under the PDPA (“Procedures & Guidelines”). The Procedures & Guidelines are to ensure the protection and security of personal data collection of each category.

2. Definitions

In this Privacy Policy, The following words mean
“Personal data” refers to information about an individual that can identify that individual, such as name, surname, address, date of birth, gender, personal telephone number, identity card number, work permit number. e-mail address, name and bank account number, credit/debit card number, etc. This shall include information about an individual that can be directly or indirectly identified but does not include information about a deceased person. specifically

Owner of personal data” refers to an individual who owns personal data “Data owner” for example

  • Customers are the purchasers of products and/or service users. Candidates Participants in activities and/or projects, participants in seminars with the Company (if any) as well as any other person who contacts the Company in order to inquire and/or obtain information about products and/or services. Advertising Promotion of company products, etc.
  • Contract parties and/or those involved in the business operations of the Company, including business partners, buyers, product sellers. Distributors, suppliers, service providers, service recipients, employers, contractors, consultants, including any other person who contacts and coordinates operations related to such matters, etc.
  • Sensitive Personal Data refers to, under Section 26 of the PDPA, Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
  • Data Processing refers to the collection, use, or disclosure of Personal Data.

3. Personal Data Collection

Under the PDPA, The Company statutorily collects the Personal Data as necessary, within the relevant company’s objectives and scope only. In regard, The Company makes the data subject aware of and consent such in writing or electronically, in accordance with the requirements of the PDPA, subject to PDPA with regard to the collection of the Personal Data.

3.1 Types of Personal Data to be Collected

The types of personal data that may be collected by The Company are under the characteristics of the activities, locations and method of collection, which may include the followings:

  1. The identifiable Personal Data such as name, surname, photograph, identification card number, passport number, driver’s license number, date of birth, occupation, position, name of the workplace, nationality, gender, marital status, vehicle license plate, CCTV footage of the area under The Company control, username and password in the system;
  2. The Sensitive Personal Data defined in clause 2 Definitions: sensitive personal data
  3. Personal contact information i.e. home address or workplace, phone number, E-mail, or social applications such as LINE, Whatsapp, or Facebook;
  4. Personal financial information such as bank accounts details or personal income tax information;
  5. Employment information such as job interviews, performance appraisals, positions, salaries, employment benefits, social security, and provident fund;
  6. Other information i.e. technical information from the usage of The Company’s websites or applications, activity usage and access to Log files, IP address, and Cookies.

If the Company links to third-party websites Please note that such individuals may have their own cookie policies. The Company recommends that you read the cookies policies of such parties before using those websites.

3.2 Source of Personal Data Collection

  1. Personal data is obtained directly from you, for example, when you submit data directly to the company. through answering questionnaires or Google Forms (Google Form) and/or through various channels Whether by telephone, email, application, website https://www.zenbiohealth.com/ and/or other social media such as Facebook, Instagram, Line application (Line ) LinkedIn includes information received from you during the recruitment and selection process of job applicants. As well as personal data obtained from you while you are an employee of the Company and/or acquired during your business with the Company, as the case may be.
  2. Personal Data Automatically Obtained From You For example, we may automatically obtain personal data including technical data about your device. The Company may collect this personal information by using cookies and/or other similar technologies, etc.
  3. Personal data obtained from third parties The Company may receive your personal information from a marketing agency. Stock Shutter Photo Fixer (Shutterstock) Recruitment Agency Talent Acquisition Unit, which is an internal unit of the company. Personal information obtained from public sources
  4. Share registrar personal information Securities Registrar business partners and related
  5. persons (such as shareholders, directors or coordinators in case the business partner is a juristic person)
  6. Personal data, bloggers, influencers and participants in the company’s marketing activities.
  7. Personal data of any communication, either face-to-face or via communication tools;
  8. Related persons of the data subject.

If, however, The Company has to collect the Personal Data from other sources, it will do so in compliance with the PDPA.

4. Purpose of processing personal data

The Company collects personal information in accordance with the Company’s legitimate objectives and collects only the personal information necessary to use or disclose personal information for the purpose of carrying out The Company’s objectives as the following

  1. To provide information about the products and/or services of The Company and/or its subsidiaries so that the data owner can make decisions and choose the products and/or services of the company according to the data owner’s wishes.
  2. To be used to process the request and/or take any other related actions at the request of the data subject before purchasing the product and/or receiving the service. Apply for membership or participate in activities and/or projects various seminars with The Company (if any), including entering into contracts and/or persons related to The Company’s business operations.
  3. For registration of the purchase of products and/or services; subscription Participation in activities and/or projects various seminars with The Company.
  4. In order for the owner of the information to be aware of offers, privileges and/or privileges such as discounts, free gifts, various promotions, as well as advice and information, advertising, promoting products and/or services of the Company (if any).
  5. To be used as information to analyze, offer, provide, use and/or improve products and services. Sales promotion of various products and/or services, including development and promotion of products and/or services with standard quality. Keep up with the modern era and get better to meet the needs of customers exactly.
  6. To maintain customer relations Including providing information about after-sales service to data owners such as following up, answering inquiries and/or evaluating the results of sales of products and/or services. Doing a satisfaction survey Doing a questionnaire Handling complaints, solving problems related to products and/or services. In the event that there is a conversation via telephone (Call Center), The Company may record the conversation, etc.
  7. For storing as a customer/benefactor database
  8. For contact, coordination, answering inquiries, and questions about products and/or services.
  9. For the preparation of contract documents and/or memorandum of agreement Any other documents related to contracts with the company
  10. To carry out management of The Company products and/or services
  11. For receiving and sending parcels related to products and/or services Receive and send documents and other evidence
  12. To prepare documents related to payment and/or receipt of payment such as invoices, receipts, tax invoices and/or other documents related to such operations.
  13. To provide personal information to departments related to Human Resources. sales and marketing, purchasing and accounting and finance departments of The Company, as well as distributors of The Company‘s products and/or services. and/or the company or private entities involved in the transportation of The Company‘s products.
  14. In order to consider examining the qualifications, knowledge, abilities, expertise, experience and suitability of partners, buyers, product sellers Distributors, suppliers, service providers, service recipients, employers, contractors, consultants in the selection Bidding and/or bidding (if any) to enter into contracts with The Company, including those who will participate in activities and/or projects; Company seminars (if any).
  15. In order to be able to perform duties and obligations according to the agreements and/or contracts made.
  16. To comply with regulations, rules or other legal requirements.
  17. For use in any other business related to the aforementioned under the objectives of The Company.
  18. For the benefit of the business operations of The Company under the rules of performing legal duties, contracts and legitimate interests.
  19. To improve and increase work efficiency, such as creating databases, analyzing and developing operational processes.
  20. To be used to verify or identify identity when accessing the digital technology system.
  21. For verifying the data of the data subject according to the law.
  22. To carry out the purposes that have been notified to the data subject and obtain the consent of the data subject.
  23. For any purpose that is not prohibited by law and/or to comply with laws, rules, announcements or regulations related to The Company‘s operations.
  24. For the purpose of storing, saving, backing up or destroying personal data.

The Company will not take any action. other than those specified in the above purposes, unless

  1. Has notified the new purpose to the owner of the information and obtain consent from the owner of the data
  2. As follow Personal Data Protection Act or other relevant laws

5. Consent

The Company collects, uses, discloses and processes the Personal Data upon the prior or simultaneously express consent of the data subject in writing, or via electronic means, save it is not possible to obtain the consent accordingly.
In the case that The Company collects, uses, or discloses the Sensitive Personal Data, it will obtain an explicit consent from the data subject, unless otherwise specified by laws. The data subject’s consent refers to the data subject’s consent to The Company to collect, use, disclose, or keep the Personal Data of the data subject by any person residing or juristic persons located, either domestically or internationally as stated, unless otherwise specified by laws.

6. Objection of Consent

The consent of the Personal Data is a voluntary action of the data subject. The data subject may object to a consent request by The Company. As a result, such objection may cause The Company unable to enter into an agreement, obligation, or to give welfare, to grant to or accept any products or services from, the data subject, to proceed with the data subject’s requests, or to perform any contractual obligations, terms and conditions.

7. The Usage and Disclosure of Personal Data

The Company will neither use nor disclose the Personal Data to a third party without the data subject’s consent. The Personal Data is disclosed for the purpose(s) the data subject has been informed prior to or at the time of collecting such Personal Data, unless exempted by the PDPA, or statutorily required to disclosure. However, for the purpose of The Company operations and rendering of services to the data subject, The Company may disclose the Personal Data of the data subject, in and outside the country, to the following person:

  1. Affiliated companies or companies in the group, including executives, directors, employees, employees and/or internal personnel of such companies as far as is relevant and necessary for the processing of your personal data.
  2. Shareholders or Stakeholders
  3. Parties Subcontractors service providers related to the operation of The Company
  4. Business partners of the company such as laboratories, life insurance companies
  5. Any person whose data subject consents to use or disclose personal data of the data subject, person or government agency according to the court order or any other agency with legal powers such as the Anti-Money Laundering Office Office of the National Anti-Corruption Commission Office of the Narcotics Control Board Social Security Office, Revenue Department, Legal Execution Department, Court.
  6. Service providers and personal data processors that the Company entrusts or hires to manage/process personal data for the Company, such as cloud service providers.
  7. Bank credit card company. Provident fund manager.
  8. Consultants in various fields of the company such as lawyers and auditors For the benefit of providing services to you and pursuing the purposes stated above.
  9. Any person whose data subject consents to use or disclose personal data of the data subject.

In addition, The Company will proceed to the person receiving the information. keep personal information confidential and shall not be used for purposes other than those for which The Company has set.

8. Sending or transferring personal data abroad

Since The Company uses cloud services of foreign service providers, such as Google Cloud Platform (GCP), for the benefit of providing services to you, therefore, The Company is required to send or transfer your personal data to the country of that service provider for storage and processing as part of The Company’s normal business operations including processors of personal data abroad that the company entrusts or hires to perform personal data analysis for the company (such as Google Analytics, Google Ads, Meta Business suite, Facebook Ads, LINE, etc.). The company will use its best efforts to send or transfer your personal data. to the destination country with credibility and have security measures that are comparable to those required by domestic law.

9. Security Measures

The Company establishes the Personal Data collection, use or disclosure measures, as well as the security measures, which are in accordance with the PDPA, related regulations and guidelines, with which The Company’s employees and other related person have to comply so that the protection of Personal Data is efficient and of security standard required by laws. The standard of security measures is the compliance to the Personal Data Protection Act, regulations, rules, laws, and practices on the protection of data for The Company employees and related persons. In order to provide an effective and safe protection of personal data in accordance with the legal standards.

10. Retention Period of Personal Data

The Company will retain the Personal Data only for the necessary duration, and will collect, use and disclose the Personal Data, as defined in this Policy, in accordance with the duration criteria, namely the period during which the data subject is still related to The Company, and may still retain the Personal Data as required for the purpose of statutory compliance or as per legal prescription, for the establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and the internal regulations of The Company.

If it is not possible to specify the Personal Data retention period, The Company will retain the Personal Data as may be expected per data retention standards (such as the longest legal prescription of 10 years).

11. Data Subject Rights

The data subject has the following rights under the laws:

  1. The right to access, request a copy, or request of disclosure on unconsented data;
  2. The right to correct the Personal Data;
  3. The right to request for deletion, destroying, or anonymization of the Personal Data;
  4. The right to withdraw the consent;
  5. The right to obtain or transfer the Personal Data;
  6. The right to request the suspension of the use of Personal Data;
  7. The right to object to the collection, use, or disclosure of the Personal Data;
  8. The right to complain to an official or the regulatory authority for the protection of Personal Data.

The request of any rights shall neither affect the processing of Personal Data for which the data subject has lawfully consented nor violate any statutory requirements to be complied by The Company.

12. Cookie Policy

The Company collects information using cookies and other similar technologies when you use our Platforms. for the following purposes

  1. to analyze and process your use of the Platform
  2. to enhance your experience and satisfaction
  3. for the purpose of advertising and publicizing The Company’s products and services
  4. To tailor marketing campaigns to suit your interests. You can set or delete cookies by yourself from the application settings on your mobile phone or web browser (Web Browser), which will allow you to reject all cookies. However, you may not be able to access parts of The Company’s Platform.

The Company would like to inform you that such cookies may also be used by third parties (such as advertising networks and personal data processors providing services for analyzing website visits, etc.). The Company has no control over such operations. The use of cookies often makes our Platform and the advertisements displayed on our Platform more relevant to your interests. and enables improvements in the functionality of the company’s platform.

13. Marketing Communications

Where The Company has obtained your explicit consent either through the Platform or verbally. The Company may offer information for marketing purposes. and offers relating to promotional and marketing activities of the Company and/or its business partners that may be of interest and benefit to you. (“Marketing Materials”) via platform notifications, telephone calls and/or emails. You may opt-out of receiving such marketing materials at any time via the Platform. through The Company’s contact channels and/or when contacted by The Company. The Company would like to inform you that if you choose not to receive such information. The Company will continue to send non-promotional messages or information about your use of the Platform for your benefit.

14. Review and Update of the Personal Data Protection Policy

The Company may review and update the Personal Data Protection Policy for the purpose of compliance with the applicable laws and regulations, and any comments or suggestions from any agencies, including personal data protection practices, and for the development of The Company’s Personal Data protection procedures, which should be in accordance with the change of operations and technology to provide effective security measures. In this respect, The Company will announce any changes in advance.
If the change materially affects the rights of the data subject The Company may obtain consent before making any changes. As required by law, The Company recommends that you periodically check for updates or changes to the Personal Data Protection Policy.

15. Contact Information

If you have any questions about this policy or wish to exercise your rights as well as any complaints relating to the Company’s processing of your personal information You can contact the company through the following channels.

Address: Zenbio Co., Ltd.

5 Krungthep Kreetha Road, Huamark Subdistrict, Bangkapi District, Bangkok 10240

Tel: +66 2710 3190
Email: [email protected]

silver curve shape

Zenbio offers a natural effective alternative. Verified by credible scientific research to deliver good health to all people.

Address: 5 Krungthepkreetha Road, Huamark, Bangkapi, Bangkok 10240, Thailand

Tel: 0 2727 7521

Email: [email protected]

Subscribe to our newslettter

Follow us on Facebook.com/zenbiohealth

Simply find out on: FAQ

© 2023 Zenbio Company Limited. All rights reserved.   •   Advertising Policy    •   Terms and Conditions   •   Privacy Policy    •   Cookies Policy