Privacy Policy
Home Products Center Public Company Limited (the “Company”) together with the Company Group (its definition given below) concern on the importance of personal data protection of customer, trading partner and personnel related to the Company in which such data is important to business operation and representing the Company’s creditability. In this regard, the Company aims to sustainably operate its business based on responsibility on personal data management and privacy of related person and ready to comply with relevant laws and regulations in order to secure the safety and privacy of personal data of the Company’s customers in all selling channels, director and employee of partner company and trading partner who is a natural person as well as the Company’s personnel, contact person and any person who participates in sales promotion and social service activities of the Company. The Company, therefore, creates and announces this policy in order to abide by principle of good corporate governance for the Company’s business operation and to explain how the Company collects, uses and discloses your personal data in which this policy has been verified by internal and external audits (legal consultant). The Company gives priority to your privacy right and for you to acknowledge the Company’s personal data protection policy with the objectives as follows:
  1. In order for transaction made between the Company and the Company Group to be secured, safe, reliable and making confidence to the owner of personal data;
  2. In order to prevent damage occurring from taking any personal data for seeking fraudulent benefit or using for illegal way;
  3. To comply with personal data protection law.
Scope
This policy shall govern the Company provided that the Company’s subsidiaries are entitled to take and adapt this policy suitable for its business context and internal management process based on geosocial of each country to be consistent.
Definition
  • Personal Data Protection Lawmeans the Personal Data Protection Act B.E. 2562 (A.D. 2019) including Royal Decree, ministerial regulations, announcement, rules, regulations or any guideline issued under such Act.
  • Personal Data means any information relating to a person, which enables the identification of such person but not including the personal information which unable to identify such person (anonymous data) e.g. name-last name, identification number, address, telephone number, email address, credit card information, your photograph, race, nationality, religion, date of birth, purchasing goods and service information and payment information etc.
  • Sensitive Personal Data means any personal information relating to race, origin, political opinion, the belief in doctrine, religion or philosophy, sexual behavior, criminal background, health data, disability, labor union information, genetic information, biometric data or any information which similarly affects the information owner as indicated by Personal Data Protection Committee
  • Processor means collect, use or disclose
  • Company Group means the Company and its subsidiaries
  • Subsidiaries means the company which the Company
  • (1) Holds shares having voting right more than 50% of all voting right of that company either direct or indirect and/or
  • (2) Has controlling power on majority votes in the shareholders’ meeting of that company either direct or indirect and/or
  • (3) Has controlling power on the appointment or withdraw a director from half of all directors either direct or indirect
  • Personnel means director, executive and employee including consultant
  • Director means director of the Company and/or its subsidiaries
  • Personal Data Protection Committee means a group of persons appointed by the Company having responsibility to monitor, examine and suggest on the Company’s data processing in order to comply with personal data protection law
  • Chief Executive means chief executive officer, managing director, deputy managing director, chief executive of each business unit and support unit of the Company and/or it subsidiaries
  • Employee means executive and employee who receive their salary in monthly and daily basis, either permanent or temporally or special contract
  • You means customer, service user, trading partner, employee, contractor of the Company, either contact via principle office, branch office or online media channels of the Company.
Personal Data Limit Collection
The Company will collect information which you have directly given to the Company or arise from service provided or communication with the Company both in document form and computing traffic information. The collected information will be obtained legally, fairly and appropriately by the Company and will be limited only for the necessary of the Company’s business operation in which the Company will inform you the purpose of collection of your personal data as well as the effect of not providing data. The Company will request your consent prior to your data collection unless such collection can be conducted as imposed by law. If the Company is in need to collect sensitive personal data from you, the Company will explicitly request your consent prior to data collection except such collection can be conducted as imposed by law. The Company will keep your data for a time period to be in line with the purpose of that data collection provided that the Company will notify you before purchasing goods, receiving service or entering into each contract. If there is any change in personal data collection purpose later on, the Company will notify you in which the Company will publish such on the Company’s website.
Roles and Responsibilities of the Company’s Personnel
Whereas, all personnel of the Company have responsibility to comply with personal data protection law, privacy policy and security policy and guideline, each person shall have duty and responsibility as follows:
The Board of Directors of the Company
  • Supervise, promote and support the Company Group to provide protection on personal data to be consistent with personal data protection law
Executive Committee
  • Supervise, promote and support the Company to have operational process to be consistent with personal data protection law
  • Support the operation of business unit and the support unit or personnel related to personal data protection
The Board of Directors of Subsidiaries
  • Supervise, promote and support the company where you are a director to have operational process to be consistent with personal data protection law
  • Support the operation of business unit and the support unit or personnel related to personal data protection
Personal Data Protection Committee
  • Specify policy and action plan and personal data protection policy to be consistent with the laws
  • Give advice and suggestion to the board of directors, executives and employees of the Group of Company in order for them to take action in consistent with personal data protection law
  • Monitor, examine and supervise the Company Group’s operation together with the Company Group’s personnel with regard to personal data process in order to be consistent with personal data protection law
  • Act as a communication center with regard to personal data, right to the protection of personal data’s owner as well as coordinate and give a cooperation to government agency
  • Keep personal data which you have known or obtained due to legal performance under personal data protection law and/or this policy as a secret
  • Establish and promote an awareness on personal data protection
  • Appoint and specify responsibility of personnel as required by law
Executive
  • Provide regulations and measures on personal data process to be consistent with personal data protection law and accepted international standard if the data is processed by the agency under your responsibility or by the third party
  • Supervise and arrange structure and responsible person in order to carry on the work to be consistent with this policy
  • Supervise the compliance of policy, guideline and regulation as well as develop and improve the practice to be efficient and regularly provide the report
Business Unit and Support Unit Related to Personal Data
  • Comply with personal data protection law and carry on the policy and regulation related to the Company Group’s personal data protection
  • Specify regulations related to personal data protection in their own unit
Employee
  • Comply with personal data protection law and policy as well as regulation related to personal data protection
  • Inform your commander and/or personal data protection committee if there is any leakage or infringement in personal data
  • If there is any action considered as the violation of this policy, such must be informed in compliance with the Company and/or its subsidiaries’ tracking policy
Penalty
If the responsible person ignores or omits to give an order or to carry on any work or order or take any action which violates the policy and guideline with regard to personal data resulting in an occurrence of offence or damage, such person must receive disciplinary punishment according to the Company’s rules. In this regard, the Company will not compromise with any offence taken by the responsible person and such person shall be liable for such offence. However, if such offence causes any damage to the Company or any person, the Company may further consider to take any legal action.
Use of Personal Data
The Company will use your personal data for the purpose notified or under the contract or only related to communication or business transaction with you or after having received your consent or in case of the Company entitled to use your personal data without obtaining your prior consent if the personal data protection law permitting to do so. The Company will supervise its operator not to disclose, present or make your personal data appearing in any form other than the purpose notified or having received your consent or permitted by law.
Your personal data may be used for education, research or statistic in order to develop, improve service quality, marketing promotion, provide information and/or update products in accordance with the Company’s objectives and for your highest benefit and satisfaction.
Disclosure of Personal Data to Third Party
The Company will not disclose any of your personal data without your prior consent or other than permitted by personal data protection law. However, for the benefit of your service, the Company may send, transfer and/or disclose your personal data to the companies which are in the Company Group, auditor or business alliance or any person who is a party to a contract of the Company, either in domestic or overseas, and only to be in line with your consent or for execution of contract or relating to your service or any matter permitted by law. In case the personal data receiver is in the country where the personal data protection standard is not adequate as prescribed by the Personal Data Protection Committee, the Company will provide suitable personal data protection standard which is in accordance with personal data protection law as the case may be.
The Company respects right of privacy arising from your personal data. Your information received by the Company under the principle mentioned above will be used or disclosed in accordance with the purpose notified to you or as imposed by law. In this regard, the Company will use or disclose your sensitive personal data in accordance with the purpose in which you explicitly consent or as imposed by law.
Data Security
The Company concerns on the importance of your personal data security. The Company, therefore, stipulates security policy and security system with respect to personal data to have appropriate mechanism and technique in order to prevent the illegal or eligible access, change, amendment, deletion, destruction or use, disclose. In this regard, the Company will provide technical measures on IT system which is used to process personal data in order for the correct and accurate use of data processing equipment on personal data and maintain its security as well as will provide examination system to delete or destroy personal data when its storage period is expired or the deletion is required by law. The Company will manage its human resource by specifying training measures on how to learn and use the system relating to personal data and personal data processing together with principles with respect to personal data processing and personal data security in order to ensure that the Company’s personnel performs work with their understanding and awareness on the responsibility of using personal data of the data owner and promote and develop its personnel who supervises IT system to have skill and in time on new cyber attack. The Company will evaluate and examine, from time to time, the compliance of the Company’s privacy policy and other laws relating to personal data protection in order to assess the status and security of personal data whether it is appropriate or not in order to evaluate and reduce risk on the occurrence of any event which may affect the personal data security. The data transmission via internet is still limit in security. Even though the Company strictly provides security measures with regard to data, the Company is unable to guarantee the security of your disclosed data via online channel. Therefore, the Company reserves the right to deny the responsibility against damage or loss occurring, either directly or indirectly, from the unauthorized access of your given personal data.
However, for the safety of your personal data, you should comply with the provisions and conditions with respect to the service provided as specified by the Company in all servicing channels. For credit card payment data transmission via internet, the Company will connect its system with the bank through the highest security system with international standard. In this regard, your credit card information will be kept at the bank only.
Participation or Right of the Access and/or Change of Personal Data
You are entitled to access to your personal data by notifying your request via the Company’s contact center e.g. call center, branch or website. The Company will inform you the existence and details of your personal data. If you find that your personal data is incorrect or not up to date, you are able to change and amend your personal data as well as entitled to request the Company to remove your personal data, object in data processing, requesting for stop using or delete your personal data unless the Company may have the right to reject or limit data owner’s right as specified by the personal data protection law. The Company will try to respond your legal request within 30 days. However, in some cases, it may take longer than 30 days if such request is complicate or you submit too many requests. In such case, the Company will inform you and keep you updated your case.
In this regard, if you disagree for the Company to use your personal data or desire to delete your data from the system, the Company would like to inform you that you may not use some services of the Company or you may not receive some information or news or be inconvenient in receiving some service.
The Amendment of Personal Data Policy
The Company may improve and amend this personal data policy in order to be consistent with the change of service, the Company’s business operation and your suggestion/opinion in which the Company will announce such change on the Company’s website or send you the announcement directly for your acknowledgment
However, you can see further details on personal data which will be taken for processing, the purpose of processing, the case that you have to provide your personal data to the Company and the possible effect if you do not provide such personal data, personal data storage period, type of person or organization that may receive such personal data, data relating to the Company as the personal data controller, your right as the personal data owner, the transfer of such personal data to overseas as well as the reason and method on personal data processing at www.homepro.co.th/privacy-notice or contact at data_privacy@homepro.co.th