Green Yellow (Thailand) Co., Ltd. Green Yellow Solar 1 (Thailand) Co., Ltd Green Yellow Solar 2 (Thailand) Co., Ltd Green Yellow Solar 3 (Thailand) Co., Ltd and Green Yellow Solar 4 (Thailand) Co., Ltd (hereinafter referred to “GreenYellow”) recognize the importance of personal data protection and respects the privacy rights of the data subject. For the purpose of statutory compliance and business objective of GreenYellow in relation to the collection, usage and disclosure of personal data to be protected as comply by the law and regulations, GreenYellow establishes the Personal Data Protection Policy (“Privacy Policy”) under the Personal Data Protection Act B.E. 2562 (2019) (as amended) and other applicable laws and regulations (“PDPA”).
2. Scope
In order to inform the data subject of the Privacy Policy, GreenYellow establishes the procedures and guidelines on the personal data protection under the PDPA (“Procedures”). The Procedures is to ensure the protection and security of personal data collection of each category.
3. Description
Personal Data refers to personal information that, directly or indirectly, is able to identify the data subject, but the information of the deceased is excluded.
Sensitive Personal Data refers to, under Section 26 of the PDPA, Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
Data Processing refers to the collection, use, or disclosure of personal data.
4. Personal Data Collection
Under the PDPA, GreenYellow statutorily collects the Personal Data as necessary, within the relevant company’s objectives and scope only. In regard, GreenYellow makes the data subject aware of and consent such in writing or electronically, in accordance with the requirements of the PDPA, subject to PDPA with regard to the collection of the Personal Data.
4.1 Types of Personal Data
The types of personal data that may be collected by GreenYellow are under the characteristics of the activities, locations and method of collection, which may include the followings:
(1) the identifiable Personal Data such as name, surname, photograph, identification card number, passport number, driver’s license number, date of birth, occupation, position, name of workplace, nationality, gender, marital status, vehicle license plate, CCTV footage of the area under GreenYellow’s control, username and password in the system;
(2) the Sensitive personal data as define in Article 3;
(3) personal contact information i.e. home address or work place, phone number, E-mail, or social applications such as LINE, Whatsapp, or Facebook;
(4) personal financial information such as bank accounts details or personal income tax information;
(5) employment information such as job interviews, performance appraisals, positions, salaries, employment benefits, social security, provident fund;
(6) other information i.e. technical information from the usage of GreenYellow’s websites or applications, activity usage and access to Log files, IP address, Cookies.
4.2 Source of Personal Data Collection
Basically, GreenYellow collects the Personal Data directly from the data subject. Nevertheless, GreenYellow may collect the Personal Data from other sources, rather than directly from the data, i.e.:
(1) public sources;
(2) share or securities registrar;
(3) any communication method, either face-to-face or via any communication tools;
(4) related persons of the data subject.
If, however, GreenYellow has to collect the Personal Data from other sources, it will do so in compliance with the PDPA.
5. Objectives of Personal Data Protection
GreenYellow collects, uses, or discloses the Personal Data for the following purposes:
GreenYellow will not act in contrary to the above purposes; provided that:
(1) it notifies the new purposes to the data subject and consent is obtained accordingly;
(2) it is for the purpose of PDPA or relevant laws compliance.
6. Consent
GreenYellow collects, uses, discloses, and processes the Personal Data upon the prior or simultaneously express consent of the data subject in writing, or via electronic means, save it is not possible to obtain the consent accordingly.
In the case GreenYellow collects, uses, or discloses the Sensitive Personal Data, it will obtain an explicit consent from the data subject, unless otherwise specified by laws.
The consent of the data subject refers to the data subject’s consent to GreenYellow to collect, use, disclose, or keep the Personal Data of the data subject by any person residing or juristic persons locating, either domestically and internationally as herein stated, unless otherwise specified by laws.
7. Objection of Consent
The consent of the Personal Data is a voluntary action of the data subject. The data subject may object to a consent requested by GreenYellow. As a result, such objection may cause GreenYellow unable to enter into an agreement, obligation, or to give welfare, to grant to or accept any products or services from, the data subject, to proceed with the data subject’s requests, or to perform any contractual obligations, terms and conditions.
8. The Usage and Disclosure of Personal Data
GreenYellow will neither use nor disclose the Personal Data to a third party without the data subject’s consent. The Personal Data is disclosed for the purpose(s) the data subject has been informed prior to or at the time of collecting such Personal Data, unless exempted by the PDPA, or statutorily required to disclosure. However, for the purpose of GreenYellow’s operations and rendering of services to the data subject, GreenYellow may disclose the Personal Data of the data subject, in and outside the country, to the following person:
(1) GreenYellow’s parent companies and subsidiaries;
(2) shareholders or stakeholders;
(3) parties to the contracts, subcontractors, or service providers related to the operation of GreenYellow;
(4) any person consented by the data subject to use or be disclosed the data subject’s Personal Data;
(5) person or government agency according to the law, or by the court order, or any other competent authority.
In addition, GreenYellow procures that the abovementioned person treats the Personal Data as confidential and will not use it for any other purposes than stipulated herein.
9. Security Measures
GreenYellow establishes the Personal Data collection, use or disclosure measures, as well as the security measures, which are in accordance with the PDPA, related regulations and guidelines, with which GreenYellow’s employees and other related person have to comply so that the protection of Personal Data is efficient and of security standard required by laws. The standard of security measures is the compliance to the Personal Data Protection Act, regulations, rules, laws, and practices on the protection of data for GreenYellow employees and related persons. In order to provide an effective and safe protection of personal data in accordance with the legal standards.
10. Retention Period of Personal Data
GreenYellow will retain the Personal Data only for the necessary duration, and will collect, use and disclose the Personal Data, as defined in this Policy, in accordance with the duration criteria, namely the period during which the data subject is still related to GreenYellow, and may still retain the Personal Data within 10 years from the date on which the data subject terminates the relationship with GreenYellow accordance with policies and the internal regulations of GreenYellow.
GreenYellow will delete, destroy, or destruct the personal data after the expiration of the period of time.
11. Data Subject Rights
The data subject has the following rights under the laws:
(1) The right to access, request a copy, or request of disclosure on unconsented data;
(2) The right to correct the Personal Data;
(3) The right to request for deletion, destroying, or anonymization of the Personal Data;
(4) The right to withdraw the consent;
(5) The right to obtain or transfer the Personal Data;
(6) The right to request the suspension of the use of Personal Data;
(7) The right to object to the collection, use, or disclosure of the Personal Data;
(8) The right to complain to official or the regulatory authority for the protection of the Personal Data.
The request of any rights shall neither affect the processing of Personal Data for which the data subject has lawfully consented, nor violate any statutory requirements to be complied by GreenYellow.
12. Contact Information
In case the data subject has any questions about the Personal Data Protection Policy, or wish to exercise the rights as specified in Article 11, please contact us:
13. Review and Update of Personal Data Protection Policy
GreenYellow may review and update the Personal Data Protection Policy for the purpose of compliance with the applicable laws and regulations, and any comments or suggestions from any agencies, including personal data protection practices, and for the development of GreenYellow’s Personal Data protection procedures, which should be in accordance with the change of operations and technology so as to provide effective security measures. In this respect, GreenYellow will announce any changes in advance.