Skip to main content

Hitachi

ANNOUNCED ON June 1, 2022.

Dear Our Valued Customers,

Hitachi Channel Solutions (Thailand) Co., Ltd. (“we”, ”us” or “our”) values your privacy and strives to protect your personal data or personal data relating to the individuals connected to your business (“Personal Data”) based on the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). We, therefore, arrange to have and provide this Privacy Notice to you in order to notify our collection, use, and/or disclosure (collectively referred to as “Processing” or “Process”) of Personal Data.

This Privacy Notice explains:

  • What kind of Personal Data do we collect? This includes what you tell us about yourself, or individuals connected to your business (“you”, “your” or “yourself”) and what we learn by having you as the customers.
  • How do we use your Personal Data?
  • Who do we disclose your Personal Data to?
  • How do we keep your Personal Data?
  • What are the choices we offer?
  • What are your privacy rights and how does the PDPA protect you?

1. What kind of Personal Data do we collect?

We will collect your Personal Data only if it is necessary and we have proper reasons to Process your Personal Data. We may collect many kinds of your Personal Data, depending on the circumstances and nature of requested products and/or services.

We may collect your Personal Data from a variety of sources, including but not limited to:

  • When you purchase and/or apply for our products and/or services;
  • When you provide us with identification documents (e.g., ID card, passport, etc.);
  • Data that we have or may have received when you have entered into our systems, tools, websites or other online channels;
  • When you communicate to us (e.g., telephone or video calls, e-mails, etc.);
  • When you fill in our surveys and/or complain on our products and/or services; and/or
  • When you manifestly publish your Personal Data, including via social media, we may collect your Personal Data from your social media profile(s) to the extent that you choose to make your profile publicly visible.

In some cases, we may collect your Personal Data from third parties, such as our business partners, banks, websites or other online channels, etc.

The categories of your Personal Data that we may collect are subject to the applicable laws, including but not limited to:

  • Personal details: Name and last name, gender, date of birth, personal identification number, passport number, other identification numbers issued by the government including Personal Data that is presented on the documents issued by the government, corporate documents issued by authorities (in case of a juristic person), tax identification number, nationality, photographs appeared on identification card, passport or driving license, signatures, photographs, CCTV images or footages, weight, and height;
  • Contact details: Addresses, location, telephone numbers, email addresses and social media profile details;
  • Financial details: The details of bank accounts, billing addresses, credit card numbers and cardholders' names and details;
  • Electronic data: IP addresses, cookies, activity logs, online identifiers, unique device identifiers and geolocation data; and/or
  • Sensitive personal data: Religion and race.

In case you are required to provide the Personal Data of third parties to us, you agree to notify such third parties that we may Process their personal data and inform the content of this Privacy Notice to such third parties. You agree and confirm that you will conform to all requirements under the PDPA. This includes the obligation to obtain consent prior to or during the collection of third parties’ personal data in accordance with the form and content designated by us.

2. How do we use your Personal Data?

We will use your Personal Data only if it is necessary and we have proper reasons to Process the Personal Data. When we Process your Personal Data, we will rely on one or more of the legal bases as follows: -

  • Contractual basis: When it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;
  • Legal obligation: When it is necessary for us to Process your Personal Data in order to comply with the laws or legal obligations;
  • Legitimate interest: When it is in our legitimate interest to Process your Personal Data for our benefit in compliance with the PDPA, as long as your fundamental rights are not overridden by our benefits; and/or
  • Consent: When you give your consent to us to Process your Personal Data for a stated purpose.

The PDPA and other regulations provide protection for sensitive Personal Data more stringently. We will not Process this type of Personal Data without your consent unless the PDPA allows us to do so.

The purposes for which we may Process your Personal Data, which is subject to the applicable laws and legal bases of Processing, are: -

  Purposes of Processing Personal Data Lawful Basis
Products and services
  • To prepare and enter into sales contract with you (including any transactional agreements and documents such as collateral agreement)
  • To verify your identity
  • To receive order of our products and/or services from you
  • To deliver our products and/or services to you
  • To provide you with after-sale services, including installation, activation and maintenance services
  • To solve problems related to existing products and/or services
  • To receive and manage your payment, charges and/or interests due
  • We may need to collect your identification card or passport which may contain the sensitive Personal Data (i.e., religion and race) for these purposes
  • Contractual basis
  • Consent
Customer support
  • To register you as or customer as well as preparing and updating customer databases and contact information
  • To communicate with you about our products and/or services
  • To respond to your complaints on our products and/or services and find a way to remediate
  • To proceed with your request to exercise your rights with regards to Personal Data in our possession
  • To manage a relationship between you or your business and us
  • We may need to collect your identification card or passport which may contain the sensitive Personal Data (i.e., religion and race) for these purposes
  • Contractual basis
  • Legal obligation
  • Consent
  • Legitimate interest
Business operation and improvement
  • To identify issues with existing products and/or services
  • To plan improvements to the existing products and services
  • To test, analyze, and develop new products and services
  • To develop new approaches in response to your needs and develop our business
  • Legitimate interest
Security and risk management
  • To prevent crimes and manage a security of our ATM machines, for example, we may install CCTV in our ATM machines and this may collect your images and/or footages
  • To manage risk for you and us
  • To do internal audits and reports
  • To detect, investigate, report and seek for a financial crime prevention
  • To comply with relevant laws and regulations
  • To regulatory report, litigate, assert or defense any of your/our legal rights and interests (including but not limited to debt collection and/or litigation due to the violation of contract)
  • We may need to collect your identification card or passport which may contain the sensitive Personal Data (i.e., religion and race) for these purposes
  • Legitimate interest
  • Legal obligation
  • Consent

Except as described in this Privacy Notice, we will not Process your Personal Data for any purposes other than the purposes described to you in this Privacy Notice. If other purposes are needed, we will notify you prior to the Processing.

In case you refuse to give us your Personal Data

Under the circumstance that it is necessary for us to collect your Personal Data in accordance with the PDPA or under the contract terms with you, and you decline such collection, we may not be able to meet the obligations that have been agreed upon with you or to enter into a contract with you. In this given circumstance, we may refuse to deliver the products and/or services to you.

3. Who do we disclose your Personal Data to?

We will share your Personal Data only if it is necessary and we have proper reasons to Process the Personal Data, including where: -

  • It is necessary to comply with provisions of contracts;
  • We have a legal duty to do so (e.g., assisting in a withholding tax deduction, etc.);
  • We have a legal obligation to perform regulatory reports, litigations, assertions, or defense of legal rights and interests;
  • We have legitimate business interests to do so (e.g., managing risks, conducting internal reports, assessing data analysis, verifying identity, enabling the third parties to provide you with the services you have requested, assessing your suitability for the products and/or services, etc.); and/or
  • We request for your consent to share it, and you agree.

We may need to share your Personal Data for the purposes mentioned above with others, including but not limited to: -

  • Our group companies and any sub-contractors, business partners, agents or service providers who work for us or provide the services to us or our group companies, including their employees, sub-contractors, service providers, directors, and officers;
  • Anyone who provides instructions or operates any of your accounts, products or services on your behalf, e.g., Power of Attorney, lawyers, etc.;
  • Your intermediaries, correspondent, and agent;
  • Financial institutions, and payment service providers;
  • Any people or companies where required in connection with a potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
  • Law enforcement, government, courts, dispute resolution bodies, regulators, auditors, and any parties appointed or requested to carry out investigations or audits of our activities;
  • Other parties involved in any disputes;
  • Fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity; and/or
  • Anybody else that we have been instructed to share your Personal Data with by you.

Cross-border Transfer of Personal Data

Your Personal Data may be transferred to and Processed in other countries.

When we transfer your Personal Data overseas, we will ensure that those countries have an appropriate level of Personal Data protection and that the transfers are lawful. We may need to transfer the Personal Data in this way to carry out our contract with you, fulfill the legal obligations, protect the public interests and/or maintain our legitimate interests. In some countries, the law might compel us to share certain Personal Data, e.g., with tax authorities, etc. Even in this case, we will only share Personal Data with people who have the right to see it.

4. Retention of Personal Data

We will retain your Personal Data for as long as it is necessary to carry out the purposes that are specified in this Privacy Notice so that we can continually perform our obligations to you. If we do not need to retain the Personal Data for longer than it is legally required or necessary, we will destroy, delete or anonymize it, the anonymization of which aims to remove personal identifiers, and the remaining data does not identify any particular individuals. However and in the case where we are unable to destroy, delete or anonymize the Personal Data (e.g., the Personal Data is stored permanently in our backup database, etc.), we will ensure that your Personal Data will be protected with an appropriate security measure, separated from further Processing activities, and destroyed, deleted or anonymized as soon as we are able to do so.

5. Accuracy of your Personal Data

We need your cooperation to ensure that your Personal Data provided to us and under our care is up to date, complete and accurate. Please inform us of any change to your Personal Data through our contact channels specified in Article 9 Contact us below.

6. What are your privacy rights and how does the PDPA protect you?

Your Rights

  • Right to Withdraw Your Consent: You can withdraw your consent given to our Processing of your Personal Data which you can do at any time by contacting us via the contact channels specified in AArticle 9 Contact us below. We may continue Processing your Personal Data if we have another legal basis to do so;
  • Right to Access Your Personal Data: You can receive a copy of or request for a disclosure of the source we collect your Personal Data;
  • Right to Correct Your Personal Data: You can have any incomplete or inaccurate Personal Data we hold about you corrected. Please refer to Article 5 Accuracy of your Personal Data for more details on the accuracy of your Personal Data;
  • Right to Erasure of Your Personal Data: You can ask us to delete, destroy or anonymize your Personal Data where there is no good reason for us to continue Processing it. Nonetheless, we will consider a request to delete, destroy or anonymize carefully according to the laws;
  • Right to Object Processing of Your Personal Data: You can object to the Processing of your Personal Data unless we have lawful reasons to deny your request;
  • Right to Restrict Processing of Your Personal Data: You can ask us to suspend the Processing of your Personal Data temporarily or permanently, for example, if you want us to establish its accuracy or a reason/lawful basis for Processing it;
  • Right to Portability of Your Personal Data: In some cases, you have the right to request for a copy of your Personal Data in an electronics form or request for a transfer of your Personal Data to the third parties; and
  • Right to Lodge a Complaint regarding Your Personal Data: You can file the complaint with a related government authority, including but not limited to, the Thailand Personal Data Protection Committee, when you see that we, our employees, or service providers violate or do not comply with the PDPA or other notifications issued under the PDPA.

How to Exercise Your Rights

You may exercise your rights at any time by notifying us via the contact channels specified in Article 9 Contact us below, without having to pay any fees. However, we may charge a reasonable fee if your request does not have a rigid ground, is duplicated, or is more than necessary. We may also refuse to proceed with your request under those situations.

Our Process upon Your Request

Upon your notification, we may need to contact you for filling in our request form and we will start proceeding with our internal process. We may request certain information from you in order to verify your identity and guarantee your right under the PDPA which is considered a security measure to ensure that your Personal Data will not be disclosed to those who is not authorized to access the Personal Data. We may also contact you for more information about the request for a quicker response.

We will make effort to respond to your legitimate request within 30 days. Under some circumstances, we may take more than 30 days depending on the complexity or duplication of your request. In such case, we will inform you of the status of your request.

Handling of Complaints

In the event that you wish to make a complaint about how we Process your Personal Data, please contact us at the contact channels provided in Article 9 Contact us below and we will try to consider your request as soon as possible. This does not prejudice your right to file the complaint with a government authority or Personal Data Protection Committee.

7. Security of your Personal Data

Information is our asset and therefore we place great importance on ensuring the security of your Personal Data. We regularly review and implement up-to-date physical, technical, and organizational security measures when Processing your Personal Data. We have internal policies and controls in place to ensure that your Personal Data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties. Our employees are trained to handle the Personal Data securely and with utmost respect according to our policies, failing which they may be subject to disciplinary action.

8. Revision of our Privacy Notice

We keep our Privacy Notice under a regular review and update, hence subject to regular changes. The date of last revision of the Privacy Notice can be found on the top of this Privacy Notice and you can, at all times, find the latest Privacy Notice via https://www.hitachi-ch.com/th/en/utility/privacy/index.html.

9. Contact us

Should you have any questions regarding the protection of your Personal Data or wish to exercise your rights, please contact us through the following channels: -

  • Contact us at Hitachi Channel Solutions (Thailand) Co., Ltd.
  • 952 Ramaland Building, Zone C, 18th Floor, Rama IV Road, Suriyawongse, Bangrak, Bangkok 10500, Thailand;
  • Email us at dpo@hitachi-ch.co.th; or
  • Call us at +66 2018 2255.