For the purpose of complying with the Personal Data Protection Act B.E. 2562 (2019) and subordinate laws issued thereunder, including any amendments which may be made thereto, (“Laws on Personal Data Protection”), Charoen Pokphand Foods Group1 (“Company”) has prepared this personal data privacy notice (“Privacy Notice”) to inform you regarding how the Company handles information which can or may identify you, whether directly or indirectly, according to the Laws on Personal Data Protection (“Personal Data”), for instance, the methods by which Personal Data is collected, used, disclosed or dealt with, whether by manual or automated means, such as recording, organization, storage, adaptation or alteration, retrieval, sending, transfer, disclosure or making available by any means, alignment, combination, prohibition of access or restriction, erasure or destruction (“Processing”, “Process”, “Processes” or “Processed”), as well as to notify you of the purposes for such Processing, the retention period of Personal Data, and your rights as the data subject. In this regard, the Company recommends that you read and understand the following terms under the Privacy Notice:
2.1 Under this Privacy Notice, the categories of persons from whom the Company collects and Processes Personal Data and the source of such Personal Data are as follows:
| Category | Details | Sources of Personal Data |
|---|---|---|
| (a) Customers | Persons who purchase products and/or use the services of the Company and/or those who are expected to purchase products and/or use the services of the Company (prospective customers), or any other persons having similar characteristics such as persons who participate in activities, seminars, or bids, website users, application users, persons who make contact to request to receive information or services from the Company, and persons who provide responses to surveys concerning products and/or services of the Company, etc. They shall also include persons who are related to or are representatives of customers who are juristic persons and persons whose Personal Data appear in the relevant documents and processes. Please see further details in the Privacy Notice for processes relating to customers of CPF Group. |
|
| (b) Vendors | Persons who provide quotations for products and/or services to be sold to the Company or have any other relationships of a similar nature with the Company, such as farmers, middlemen, service providers, consultants, experts, academics, lecturers, franchise business operators, participants in business projects, contracting parties or any other persons having similar characteristics, etc. They shall also include natural persons who are related to or act as representatives of the vendors who are juristic persons and persons whose Personal Data appear in the relevant documents and processes. Please see further details in the Privacy Notice for processes relating to the vendors of CPF Group. |
|
| (c) Personnel | Persons who work or perform any duties for the Company and receive salary, wages, welfare benefits or any other compensation from the Company, irrespective of what such compensation is called, such as directors, executives, managers, employees, personnel, trainees or any other persons having similar characteristics. They shall include persons related to the personnel of the Company and persons whose Personal Data appear in the relevant documents and processes, such as family members, reference person, and persons who may be contacted in case of emergency, etc. Please see further details in the Privacy Notice for processes relating to the personnel of CPF Group. |
|
| (d) Job applicants | Persons who may be selected to be personnel of the Company. They shall include persons relating to the job applicants and persons whose Personal Data are contained in the documents relating to the job applications, such as family members, reference person, and persons who may be contacted in case of emergency, etc. The Company may directly collect Personal Data of the job applicants by itself or obtain the Personal Data from a third party. Please see further details in the Privacy Notice for processes relating to the personnel of CPF Group. |
|
| (e) Shareholders or securities holders | Persons who are shareholders or securities holders of the Company, such as bond holders or holders of other types of securities, etc. |
|
| (f) General public | Any person who does not fall into the above categories of persons whose Personal Data is Processed by the Company, irrespective of whether such Personal Data is directly received by the Company, automatically collected through the use of Cookies or other technologies, or provided by a third party. An example of such person includes a person whose image is recorded by CCTV or who accesses the Company’s website, etc. |
|
2.2 In some cases, the Company may collect your Personal Data by automated means such as the use of Cookies or other similar technologies. For more details, please see the Company’s Cookie Policy
2.3 In collecting your Personal Data, you will be informed of the details as set out in this Privacy Notice, including but not limited to, the lawful basis for the collection, use, disclosure and/or Processing of Personal Data in accordance with the lawful purposes, or in the event that the Laws on Personal Data Protection require your consent for any Processing of Personal Data, the Company will request your explicit consent.
2.4 Where the Company has previously collected your Personal Data before the Laws on Personal Data Protection have become effective, the Company will continue to collect and use your Personal Data in accordance with the original purposes of collection. In this regard, you have the right to withdraw your consent by contacting the Company using the contact details set out in Clause 9 of this Privacy Notice. However, the Company reserves the right to consider your request for the withdrawal of consent and proceed in accordance with the Laws on Personal Data Protection.
Your Personal Data that is collected and Processed under this Privacy Notice, regardless of whether such Personal Data was directly provided by you to the Company or automatically collected from you by the Company, or was provided to the Company by third parties, includes the following:
3.1 Personal information
such as first name, last name, date/month/year of birth, age, sex, weight, height, national identification number, photograph, signature, nationality, race, religion, marital status, military status, information concerning family members (such as father, mother, spouse and child), health conditions, biometric data (such as finger print, palm print and facial simulation), etc.
3.2 Contact information
such as address as stated on the national identification card, address as stated in the house registration book, delivery address, billing address, telephone number, fax number, e-mail, social media accounts (e.g. Facebook, Instagram, Twitter, Line ID or third-party service providers, etc.), person who may be contacted in case of emergency, and details of reference person, etc.
3.3 Business information
such as details concerning the customer’s factory (such as name, registration number, location, contact details), car number plate, type of car, Personal Data which is contained in the registry of farmers, copy of document of title, map, latitude and longitude of the farm, terms of trade, etc.
3.4 Information concerning sale and purchase transaction
such as customer code, vendor code, order details (such as the wishlisted product, the quantity and quality), details of the wishlisted product (for example, the net weight, dampness and quality of the raw materials), details of complaints concerning the product (for example, the date of order, type of product, the relevant branch, and the problem that is found), the number of the temporary product receipt, details of delivery and raw materials, number for tracking (traceability system), etc.
3.5 Information concerning payment
such as the monetary amount, the credit limit, the payment terms, the account number, Personal Data which appears in the tax invoice, cheque and cheque stub, payment voucher, receipt, receipt voucher and debit application form, etc.
3.6 Information concerning attention and behavior
such as behavior or trends to purchase products and/or services, user preference on social media, website, or the Company’s public relation channels, etc.
3.7 Information that is used as supporting evidence of the execution of transactions and juristic acts
such as Personal Data which appears in a copy of the national identification card, copy of passport, copy of house registration book, copy of change of name certificate, copy of factory license, registration form, copy of documents of title over land, customer’s account opening form, document certifying non-related party, power of attorney, company affidavit, PhorPor. 09/20, map, security documents (such as title deed, bank guarantee, personal guarantee), sale and purchase agreement or any other agreement relating to the transaction, delivery order, copy of lawyer’s license, professional license or business license, copy of military service certificate, copy of bank account book, copy of marriage certificate, copy of birth certificate, form for approval of salary of new staff and monthly staff, medical certificate, result of pre-employment medical check, form for specifying beneficiary, social security application form, letter of consent for personal background check, result of personal background check, employment contract, letter of guarantee for performance of employment contract and related documents (such as certificate of employment specifying job position, copy of civil servant card, certificate of employment specifying salary, copy of business registration, or document on the incorporation of the company containing the name of the guarantor for performance of employment contract as the owner or partner, etc.), directorship agreement and power of attorney, etc.
3.8 Information on education and training
such as academic and training background (such as name of educational institution, program, and year of graduation), academic certificate, transcript, language skills, computer skills, details on training and tests, activities participated in during the time of study, etc.
3.9 Information on job application
such as personal background, history of employment, details which appear in resume/CV, criminal record, position that is being applied for, expected salary, information on job interview, evidence or letter being referred to, and information which appears in the interview assessment (such as assessment result, knowledge and experience, personal characteristics, team work, and ability), etc.
3.10 Information on work and assessment
such as personnel code, position, department, affiliation, chain of command, performance assessment, working behavior, achievement and/or award received, training information, disciplinary action information, details which appear in personnel transfer document of the Company, personnel on loan contract, letter of resignation, and reason for the resignation, etc.
3.11 Information on benefits and remuneration
such as salary, wages, reward, bonus, pension details, welfare, bank account number, guarantor’s details, beneficiary’s details, social security details, provident fund details, tax details, tax deduction details, health benefit details (including for family member) and/or other benefits, Personal Data which appears in medical certificates, annual health reports, maternity leave forms, welfare money lending forms, salary reduction consent letters, receipts, invoices, compensation request forms (for accident and life insurance) and retirement benefit request forms, etc.
3.12 Information on registration statistics
such as starting date, probation end date, working date and time, hours of work, hours of overtime work, annual leave, leave date, leave form, leave details including reasons for such leave, the Company entry and exit record, and usage record of systems of the Company, Driving Behavior Score (only specific position), etc.
3.13 Technical information
such as a log file, IP Address and information regarding using behavior on website that the Company collects through the use of Cookies, and location data (e.g. Global Positioning System (GPS)) or other similar technologies, etc.
3.14 Other information
such as voice recording of conversations, and photo and video recording by means of CCTV, etc.
4.1 The Company Processes your Personal Data for the following purposes and lawful basis (collectively, the “Purposes”):
| No | Purposes | Lawful basis of the Processing |
|---|---|---|
| A. For a purpose relating to selling products and services to customers and other relevant transactions | ||
| (1) | For membership registration or customer account opening |
Contractual basis: The Processing of Personal Data of customers is necessary to act in accordance with the customer’s request in respect of the registration of new customer or customer account opening. Legitimate interest basis: Where the customers are juristic persons, the Processing of Personal Data of persons related to the customers is necessary for the legitimate interests of the Company in its business operations. Consent Basis: The Processing of sensitive Personal Data as presented on customers or any other persons having similar characteristics’ ID, such as religious and blood group, will be undertaken by relying on the consent received from the customers or any other persons having similar characteristics. In case that customers or any other persons having similar characteristics not desire to provide a consent, the Company reserves the right to take any necessary actions to erase or prevent sensitive Personal Data from being displayed before processing other Personal Data on customers or any other persons having similar characteristics’ ID. |
| (2) | For the purpose of membership system management |
Contractual basis: The Processing of Personal Data of customers or any other persons in similar manners is necessary for the performance to act in accordance with the customer’s request or any other persons having similar manners, which are the member. |
| (3) | For the purpose of loyalty reward system management |
Contractual basis: The Processing of your Personal Data from the use of loyalty reward system on website, applications or other channels is necessary for the performance of obligations in contracts between customers and the Company in order to record and/or exchange reward point under the terms and conditions of the Company, including member ranking management. |
| (4) | For entering into agreements for sale and purchase of products and services |
Contractual basis: The Processing of Personal Data of customers is necessary for the entry into agreements and other relevant processes. Legitimate interest basis: Where the customer is a juristic person, the Processing of Personal Data of persons related to the customers is necessary for the legitimate interests of the Company in its business operations, such as the management of contracts, verification of the identity of customers, and consideration of the qualifications of customers. |
| (5) | For management of customer orders, preparation of products and/or services, and other relevant transactions |
Contractual basis: The Processing of Personal Data of customers is necessary for the performance of obligations in a sales and service agreement to which the customer is a party, such as arranging shipments of products, billing, confirmation of outstanding debt, and the delivery of receipts to the customers, etc. Legitimate interest basis: Where the customer is a juristic person, the Processing of Personal Data of persons related to the customer is necessary for the legitimate interests of the Company in its business operations. |
| (6) | For providing system services regarding preparing electronic tax invoices and receipts |
Legal basis: The Processing of Personal Data of customers and/or vendors is necessary for the Company’s compliance with the law regarding preparing electronic tax invoices and receipts including providing customers or vendors identification services. |
| (7) | For changing information relating to customers and receiving complaints |
Legitimate interest basis: The Processing of Personal Data of customers is necessary for the legitimate interests of the Company in facilitating customers to edit their information in order to make it accurate, up-to-date, complete, so as not to cause any misunderstanding, and for the improvement of the Company’s services in the case of any complaints or suggestions from the customer. |
| B. For a purpose relating to procurement with vendors, using services of service providers and other relevant transactions | ||
| (1) | For procurement and the selection of vendors or any other persons having similar characteristics |
Contractual basis: The Processing of Personal Data is necessary for carrying out requests for quotation by vendors, or any other persons having similar characteristics, before entering into a sales agreement, service agreement, or any other agreement relating to procurement by the Company. Legitimate interest basis: The Processing of Personal Data is necessary for the legitimate interests of the Company in its business operations and for compliance with the Company’s procurement policy. |
| (2) | For registering new vendors or any other persons having similar characteristics |
Contractual basis: The Processing of Personal Data is necessary for carrying out the request of prospective vendors or any other persons having similar characteristics for the new vendor registration, including any other relevant transactions. Legitimate interest basis: Where the vendor is a juristic person, the Processing of Personal Data of any person related to the vendor is necessary for the legitimate interests of the Company in its operations. Consent Basis: The Processing of sensitive Personal Data as presented on vendors or any other persons having similar characteristics’ ID, such as religious and blood group, will be undertaken by relying on the consent received from the vendors or any other persons having similar characteristics. In case that vendors or any other persons having similar characteristics not desire to provide a consent, the Company reserves the right to take any necessary actions to erase or prevent sensitive Personal Data from being displayed before processing other Personal Data on vendors or any other persons having similar characteristics’ ID. |
| (3) | For execution and management of agreements between the Company and any other contractual parties |
Contractual basis: The Processing of Personal Data of the contractual party is necessary for carrying out the request of such party who has expressed the intention to enter into an agreement with the Company. Legitimate interest basis: The Processing of Personal Data of the contractual party (or any person related to the contractual party, in the event where the contractual party is a juristic person) is necessary for the legitimate interest of the Company in the execution and management of the Company’s agreements. |
| (4) | For performing obligations under agreements made with vendors or any other persons having similar characteristics |
Contractual basis: The Processing of Personal Data is necessary for performing obligations under agreements made with vendors or any other persons having similar characteristics, such as ordering products or services, settling debt, paying for products or services, and receiving products or services, etc. |
| C. For a purpose relating to communications and marketing | ||
| (1) | For communicating with you. |
Legitimate interest basis: The Processing of Personal Data is necessary for the legitimate interest of the Company in communicating with you regarding the products and services offered by the Company for which you have registered to receive information or being a member. Consent basis: Where the Company collects and processes the Personal Data in communicating with you regarding the products and services offered by the Company apart from which you have registered to receive information or being a member. |
| (2) | For public relations and marketing activities of the Company. |
Consent basis: Where the Company proceeds with marketing activities, such as sending marketing messages to you, taking photographs or recording video of you in order to process and publicize marketing activities through various channels, the Company will undertake the activities by relying on the consent received from you. |
| (3) | For the purpose of Profiling within Charoen Pokphand Group (CP Group) |
Consent basis: Where the Company collects and processes your Personal Data for Profiling within Charoen Pokphand Group (CP Group) to provide the service and/or promote products and services of CP Group. |
| D. For a purpose relating to the analysis of information and the improvement of the quality of the products and services of the Company | ||
| (1) | For analyzing and surveying the behavior of customers or any other persons having similar characteristics |
Consent basis: Where the Company requests to interview and survey the behavior of customers in order to collect Personal Data which is provided by customers through various channels to the Company, including or where the Company purchases the Personal Data of the customer from third parties in order to use such Personal Data for analyzing and surveying the behavior of customers, the Company will undertake such actions by relying on the consent received from the customer or any other person having similar characteristics. |
| (2) | For analyzing your use of websites, applications, or other media. |
Legitimate interest basis: The Processing of your Personal Data from the use of websites, applications, or other media is necessary for the legitimate interests of the Company in its business operations and improvement of quality of services. Consent basis: Where the Company collects and Processes your Personal Data in order to analyze your behavior and specifically advertise according to your behavior, the Company will undertake such actions by relying on the consent received from you. |
| E. For a purpose relating to human resource management | ||
| (1) | For recruitment, job applicant selection, interview, and any transactions in relation to the recruitment process. |
Contractual basis: The Processing of the Personal Data of job applicants is necessary for consideration of their request to apply for a job and enter into the Company’s recruitment process. Legitimate interest basis: The Processing of Personal Data of the job applicants or persons related to the job applicants is necessary for the legitimate interests of the Company in its recruitment process and selection of employees. Consent basis: The Processing of your Personal Data as a reference person of the job applicants will be relying on the consent received from you. Consent basis: The Company collects Personal Data of prospective personnel by the Company’s own initiative, from third parties, such as recruiters via website(s), whereby the prospective personnel have not expressed their intention to apply for a job with the Company. |
| (2) | For any other processes in relation to employment such as conducting medical check-ups before commencement of the job, criminal record check, and entering into an employment contract, etc. |
Contractual basis: The Processing of Personal Data of personnel is necessary for the entry into an employment contract and other relevant contracts, including undertaking any processes necessary before entering into such contracts. Legitimate interest basis: The Processing of the Personal Data of personnel is necessary for the Company in its human resources management, such as verifying and considering the personnel’s qualifications in order to identify the appropriate position for the personnel, etc. Consent basis: The Processing of sensitive Personal Data, such as criminal records, health information and biometric information will be based on the consent received from the personnel. |
| (3) | For management of welfare and benefit of directors and personnel, including but not limited to welfare money loan, medical expense reimbursement, discounts for directors and personnel, annual physical examination, insurance, and claims related to insurance |
Contractual basis: The Processing of Personal Data of directors and personnel is necessary for the Company to perform its obligations according to the employment contracts and any other contracts to which the directors or personnel is a contracting party (as the case may be). Legitimate interest basis: The Processing of Personal Data of directors and personnel and persons related to the directors and personnel is necessary for the Company in its human resources management, such as allocation of welfare and benefit for the directors and personnel and persons related to the directors and personnel. Consent basis: The Processing of sensitive Personal Data of directors and personnel and persons related to the directors and personnel, such as health information, for the management of group insurance and other benefits, will be undertaken by relying on the consent received from the directors and personnel and persons related to the directors and personnel. |
| (4) | For the purpose of the performance of duty of directors and personnel according to the employment contract, employment agreement, appointment contract, or any other contracts entered into with the Company (as the case may be) |
Contractual basis: The Processing of Personal Data of relevant directors and personnel is necessary for the performance of duty or work according to the scope work specified in the employment contract, employment agreement, appointment contract, or any other contacts to which the directors or personnel and the Company are contracting parties (as the case may be). Legitimate interest basis: The Processing of Personal Data of directors and personnel is necessary for the legitimate interests of the Company in its business operation and compliance with the applicable laws of the Company. |
| (5) | For the purpose of salary payment, bonus, remuneration or any other benefits |
Contractual basis: The Processing of Personal Data of directors and personnel is necessary for the payment of wages, salary, bonus, remuneration and/or any other benefits according to the employment contracts and any other contracts to which the directors and personnel is a contracting party (as the case may be). Legal basis: In some cases, the Processing of Personal Data of the directors and personnel and persons related to the directors and personnel is the performance in compliance with the applicable laws of the Company, such as withholding tax pursuant to the taxation laws, etc. |
| (6) | For the purpose of conducting the survey of the employee engagement |
Legitimate interest basis: The Processing of Personal Data of personnel is necessary for the legitimate interests of the Company in its conduct of a survey about personnel’s opinions on the Company to encourage the engagement between personnel and the Company including improving internal policies and work processes. |
| (7) | For the purpose of the management of training personnel |
Legitimate interest basis: The Processing of Personal Data of personnel is necessary for the legitimate interests of the Company in its training management, such as training registration, preparation of action plan, and allocation of appropriate facilities for the training, etc. |
| F. For a purpose in respect of the management of shares, debentures, and other securities of the Company | ||
| (1) | For the collection of the list of shareholders and/or securities holders and checking and managing various matters in respect of the rights and benefits of the shareholders and/or the securities holders |
Legal basis: The Processing of Personal Data of shareholders and securities holders is necessary for the Company’s compliance with the law; and for checking and paying dividends to shareholders as well as convening shareholders’ meetings, and any other activities relating to shareholders and/or securities holders, etc. Legitimate interest basis: The Processing of Personal Data of shareholders and securities holders is necessary for the legitimate interest of the Company in checking and carrying out activities relating to the rights and benefits of shareholders and/or securities holders. Contractual basis: The Processing of Personal Data of debenture holders or persons who intend to buy debentures is necessary for carrying out contractual obligations or for executing a debenture holders’ representative appointment agreement. Consent Basis: The Processing of sensitive Personal Data as presented on shareholders and securities holders’ ID, such as religious and blood group, will be undertaken by relying on the consent received from the shareholders and securities holders. In case that shareholders and securities holders not desire to provide a consent, the Company reserves the right to take any necessary actions to erase or prevent sensitive Personal Data from being displayed before processing other Personal Data on shareholders and securities holders’ ID. |
| G. For the purpose of the Company’s internal audit | ||
| (1) | For the purpose of the Company’s internal audit |
Legitimate interest basis: The Processing of Personal Data is necessary for monitoring operations in accordance with internal guidelines or the Company’s Policy Legal basis: To act in compliance with the securities and exchange law such as investigation of the conflict of interest between Vendors or employees and the Company, etc. |
| H. For the purpose of compliance with relevant laws which are applicable to the Company and for the establishment of legal claims | ||
| (1) | For compliance with relevant laws which are applicable to the Company. |
Legal basis: The Processing of Personal Data is necessary for compliance with laws which are applicable to the Company such as, Laws on Personal Data Protection, taxation laws, labour laws, social security laws, civil and commercial laws, public company laws, securities and exchange laws, etc. |
| (2) | For the establishment of legal claims and any other relevant proceedings. |
Legitimate interest basis: The Processing of Personal Data is necessary for the establishment, compliance, exercise or defense of legal claims in various stages according to the law, such as, investigation and inquiry by government officials, case preparation, prosecution, and pursuit of the case in court, etc. |
| I. For the purpose relating to security | ||
| (1) | For monitoring, protecting and ensuring the security of persons and properties of the Company and the general public. |
Legitimate interest basis: The Processing of Personal Data is necessary for the legitimate interests of the Company in monitoring, protecting and ensuring the security of properties of the Company and the general public. For example, the CCTV footages can be used to prevent loss or damage to the Company’s properties and the general public. Preventing or suppressing danger to a person’s life, body, or health basis: The Processing of Personal Data is necessary for the benefit in monitoring, preventing, or suppressing any circumstances which may be dangerous to a person’s life, body, or health. |
| J. Any activities that are necessary and beneficial to you and any other purposes | ||
| (1) | For the verification to exercise your rights regarding the Personal Data. |
Legitimate interest basis: The Processing of Personal Data is necessary for the legitimate interests of the Company to examine and verify your identity upon the request to exercise your rights regarding the Personal Data. |
| (2) | For any transaction that is necessary and beneficial to you or those which are directly related to the purposes set forth above. |
Legitimate interest basis: The Processing of Personal Data is necessary for the legitimate interests of the Company in carrying out any transactions which are necessary for the Company and/or beneficial to you or directly related to the purposes set forth above. Where the Laws on Personal Data Protection require your consent for any Processing of Personal Data, the Company will explicitly request the consent from you. |
| (3) | For other purposes that the Company will notify you of. |
The Company will notify you of any other purposes that cause the Company to Process your Personal Data other than the purposes set forth above or when the Company changes the original purposes that were set forth. Where the Laws on Personal Data Protection require your consent for any Processing of Personal Data, the Company will explicitly request the consent from you. |
The Company may disclose your Personal Data in accordance with the Purposes and the rules prescribed under the laws to the following entities and persons:
Business partners, service providers, and data processors designated or hired by the Company to perform duties in connection with the management/Processing of Personal Data for the Company in the provision of various services, such as personnel’s physical examinations by business partners, information technological services, data recording services, payment services, mailing services, delivery services, printing services, health services, insurance services, training services, data analysis services, research services, marketing services, or any other services which may be beneficial to you or relevant to the Company’s business operations, such as commercial banks, hospitals, life insurance companies, and non-life insurance companies, etc.
Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company, etc.
Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or relevant to the legal process or which were granted permission pursuant to applicable laws, such as the Department of Labour Protection and Welfare, Department of Skill Development, Department of Empowerment of Persons with Disabilities, Social Security Office, Department of Provincial Administration, Department of Business Development, Department of Intellectual Property, Office of Securities and Exchange Commission, the Stock Exchange of Thailand and subsidiaries of the Stock Exchange of Thailand (such as Thailand Securities Depository Company Limited), Office of the Personal Data Protection Commission, Office of Trade Competition Commission, Royal Thai Police, Office of the Attorney General, court, and Legal Execution Department, etc.
Customers, vendors, contracting parties of the Company which you have contacted or are relevant to your duty or position, or any other person in similar manners.
Any persons or other entities that you have given consent to disclose your Personal Data to, such as the disclosure of processed images of activities through various media platforms of the Company to the general public.
The disclosure of your Personal Data to third parties shall be in accordance with the Purposes or other purposes permitted by law, provided that if the law requires your consent to be provided, the Company will request your prior consent.
In the event that the Company discloses your Personal Data to third parties, the Company will put in place appropriate safeguards to protect the Personal Data that has been disclosed and to comply with the standards and duties relating to the protection of Personal Data as prescribed by the Laws on Personal Data Protection. Where the Company sends or transfers your Personal Data outside Thailand, the Company will ensure that the recipient country, the international organization or such overseas recipient has a sufficient standard for the protection of Personal Data. In some cases, the Company may request your consent for the transfer of your Personal Data outside Thailand, subject to the requirements under Laws on Personal Data Protection.
If you refuse the Company to collect your Personal Data, the Company will not be able to proceed to align with the mentioned Purpose and you may not hold certain rights and benefits such as being a customer, vendor, or personnel of the Company, entering into or performing the contract between you and the Company, receiving the privilege benefits from the Company, receiving benefits of the job which is provided by the Company beside legal requirements.
The Company will retain your Personal Data for the period necessary to fulfil the Purposes for which the Personal Data was Processed, whereby the retention period will vary depending on the Purposes for which such Personal Data was collected and Processed. The Company will retain Personal Data for the period prescribed under the applicable laws (if any) by considering the statute of limitations under the laws for any legal proceedings that may occur from or in relation to the documents or Personal Data collected by the Company and having regard to the Company’s business practices and relevant business in relation to each category of Personal Data.
In this regard, if there is no relevant law specifying the retention period of the Personal Data, the Company will retain your Personal Data for a period not exceeding 10 years, starting from the date your legal relations/transactions with the Company come to an end. However, the Company may retain your Personal Data for a longer period of such time prescribed if the laws permit or such retention of Personal Data is necessary for the establishment of the right of claim of the Company.
After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company and other persons providing services to the Company (if any) or anonymize your Personal Data, unless in the event that the Company can continue to retain such Personal Data as prescribed by the Laws on Personal Data Protection or other applicable laws. In this regard, for additional details regarding the retention period of your Personal Data, you can contact the Company by using the contact details set out in Clause 9 of this Privacy Notice.
As the data subject, you have the following rights in relation to your Personal Data, subject to the rules, methods and conditions under the Laws on Personal Data Protection. In this regard, if you wish to make a request to exercise your rights, you can contact the Company by using the contact details set out in Clause 8.of this Privacy Notice.
You have the right to access your Personal Data and may request that the Company provide you with a copy of such Personal Data in accordance with the requirements under the Laws on Personal Data Protection.
You have the right to obtain your Personal Data, including to request that your Personal Data is transmitted to another data controller or to you, except where it is technically unfeasible, in accordance with the requirements under the Laws on Personal Data Protection.
You have the right to raise an objection to the Processing of your Personal Data in certain circumstances prescribed under the Laws on Personal Data Protection.
You may request that the Company delete, destroy or anonymize your Personal Data in certain circumstances prescribed under the Laws on Personal Data Protection.
You have the right to request that the Company restrict the Processing of your Personal Data in certain circumstances prescribed under the Laws on Personal Data Protection.
You have the right to request that your Personal Data be rectified if the Personal Data is inaccurate, not up-to-date or incomplete, or may cause a misunderstanding.
If the Company relies on your consent as the legal basis for Processing your Personal Data, you have the right to withdraw such consent which has been provided to the Company at any time.
If you have any concerns or questions about any aspect of the Company’s practices in relation to your Personal Data, please contact the Company using the contact details set out in Clause 8 of this Privacy Notice. Where there is reason to believe that the Company is in breach of Laws on Personal Data Protection, you have the right to lodge a complaint to the expert committee appointed by the Personal Data Protection Committee in accordance with the rules and methods prescribed under the Laws on Personal Data Protection.
However, the Company reserves the right to consider your request to exercise your rights and act in accordance with the requirements under the Laws on Personal Data Protection.
The Company has designated Charoen Pokphand Foods Public Company Limited as the coordinator for matters relating to the Company’s Personal Data protection. If you have any questions or would like to exercise your rights as set out in this Privacy Notice, you may contact the Company using the contact information provided below:
E-mail: ccooffice@cpf.co.th
Address: 313 C.P. Tower, 12th Floor, Silom Road, Silom, Bangrak, Bangkok 10500
E-mail: dpooffice@cpf.co.th
Address: 313 C.P. Tower, 12th Floor, Silom Road, Silom, Bangrak, Bangkok 10500
The Company may make changes to this Privacy Notice from time to time to reflect any changes to our Processing of your Personal Data and to comply with any changes to the Laws on Personal Data Protection or any applicable laws. In this regard, the Company will notify you of any significant changes to the Privacy Notice and the amended Privacy Notice through appropriate means. The Company encourages you to review such communication in order to be aware of any changes made to this Privacy Notice from time to time.
This Privacy Notice shall be effective from 1 September 2020. Version 1.6 (Latest Updated December 1, 2024)
1 Charoen Pokphand Foods Group means any one or more of the following juristic entities: (1) Charoen Pokphand Foods Public Company Limited; (2) CPF (Thailand) Public Company Limited; (3) C.P. Merchandising Company Limited; (4) CPF Global Food Solution Public Company Limited; (5) Chester’s Food Company Limited; (6) CPF Food and Beverage Company Limited; (7) CPF Restaurant and Food Chain Company Limited; (8) CPF Food Research and Development Center Company Limited; (9) International Pet Food Company Limited; (10) CPF Training Center Company Limited; (11) Bangkok Produce Merchandising Public Company Limited; (12) CPF IT Center Company Limited; (13) CPF Food Network Company Limited; (14) CP-Meiji Company Limited; (15) Suansomboon Company Limited; (16) CP Hilai Harbour Company Limited; (17) Tacharm Agricultural Industry Company Limited; and/or (18) Any Subsidiary Companies of Charoen Pokphand Foods Public Company Limited as listed in the annual report of Charoen Pokphand Foods Public Company Limited.
