Siam Industrial Corporation Co., Ltd.
Privacy Policy for Website and Application Use
Personal Data Protection and Privacy Notice
1. Introduction
Siam Industrial Corporation Co., Ltd. (“Company”, “we”, “us” or “our”) recognises the importance of protecting the personal data and privacy of users, website visitors, customers, prospective customers, job applicants, business partners, representatives of legal entities, and persons who communicate with us through our digital channels (“you” or “Data Subject”).
This Privacy Policy explains how we collect, use, disclose, transfer, retain and protect your personal data, as well as your rights under Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), subordinate regulations, notifications, rules and other applicable laws.
This Policy applies to your use of our website at www.siamind.co.th, applications, online systems, electronic forms, online communication channels, newsletter services, registrations, online recruitment channels, social media channels managed by us, and any other digital services operated or provided by us which link to this Policy (collectively, the “Company Platforms”).
Where any particular service, product, promotional activity, recruitment activity or transaction is subject to an additional privacy notice, that specific notice shall apply together with this Policy. In the event of any difference, the specific notice shall apply to the relevant activity.
2. Information about the Personal Data Controller
Siam Industrial Corporation Co., Ltd.
Company Registration Number: 0105516009803
Registered Address:
5/15 Moo 6, Bangna-Trad Road, Km. 15,
Bang Chalong Subdistrict, Bang Phli District,
Samut Prakan 10540, Thailand
Telephone: 02-3125300
Personal Data Protection Email: Privacy@siamind.co.th
Website: www.siamind.co.th
You may contact us using the channels above for questions regarding this Policy, our processing of personal data, or the exercise of your rights.
3. Key Definitions
| Term | Meaning |
|---|---|
| Personal Data | Any information relating to an individual that enables the identification of that individual, whether directly or indirectly, excluding information of a deceased person in particular. |
| Sensitive Personal Data | Personal data afforded special protection under applicable law, such as race, ethnicity, political opinions, religious beliefs, sexual behaviour, criminal records, health data, disability, trade union information, genetic data, biometric data, or other information of a similar nature as prescribed by law. |
| Processing | Any operation carried out on personal data, such as collection, recording, organisation, use, analysis, disclosure, transfer, storage, alteration, deletion or destruction. |
| Personal Data Controller | A person or legal entity having the authority to make decisions regarding the collection, use or disclosure of personal data. |
| Personal Data Processor | A person or legal entity that processes personal data pursuant to the instructions of, or on behalf of, a Personal Data Controller. |
| Cookies | Small data files or similar technologies stored on, or accessed from, your device when you visit a website or use an application. |
4. Scope of this Policy
This Policy covers personal data obtained by us through the following channels:
- Your visit to, or use of, our website, applications, portals or online systems;
- Your submission of contact forms, quotation requests, product enquiries, service requests, service appointments, repair requests or support requests;
- Your subscription to newsletters, product information, promotions, event updates or marketing communications;
- Your communications with us via email, telephone, online forms, chat, LINE Official Account or our social media accounts;
- Your application for employment or internship, or submission of a résumé through our platforms;
- Your registration for seminars, exhibitions, business events or online campaigns; and
- Personal data we obtain from business partners, service providers, distributors, business alliances, affiliated companies or lawful public sources.
This Policy does not apply to third-party websites, applications or services linked from our platforms. Such third parties may have their own privacy policies, which you should review before using their services or providing personal data to them.
5. Personal Data We Collect
We collect personal data only to the extent necessary, appropriate and relevant to the purposes described in this Policy. The personal data we may collect includes the following:
5.1 Identity and Contact Data
Such as title, first name, surname, job title, company or organisation, address, email address, telephone number, mobile phone number, communication channels, or business card information provided by you.
5.2 Organisation, Business and Product/Service Requirement Data
Such as company name, business type, project location, requirements relating to forklifts, cranes, warehouse systems, machinery, maintenance services, spare parts, rental services, quotation requests, estimated budgets, technical specifications, enquiry history or project information provided by you.
5.3 Transaction and Service Data
Such as quotation request details, purchase orders, contracts, commercial documents, warranty documents, service history, maintenance history, product delivery records, complaints, feedback and related correspondence.
5.4 Communication and Marketing Data
Such as your interests in our products or services, newsletter registration, history of opening or clicking marketing communications, attendance at events, survey responses, chat messages, comments or communications through our online channels.
5.5 Recruitment Data
Such as résumés, contact details, educational background, employment history, skills, job application documents, portfolio, expected remuneration, references and any other information submitted by an applicant. The processing of recruitment data may also be governed by a separate Privacy Notice for Job Applicants.
5.6 Technical and Platform Usage Data
Such as Internet Protocol (IP) address, device type, device identifiers, operating system, browser type and version, language, time zone, pages or URLs visited, dates and times of access, duration of access, clicks, referral links, system log data, and information collected through cookies or similar technologies.
5.7 Data from Social Media and Third-Party Platforms
When you communicate or interact with us via Facebook, LINE, YouTube, LinkedIn or other platforms, we may receive information that you disclose or permit those platforms to share, such as your account name, profile photo, messages, comments, contact data or interaction data. Processing by the platform provider is also governed by that provider’s own policy.
5.8 Sensitive Personal Data
As a general rule, we do not intend for you to submit sensitive personal data through our website or online channels unless necessary and lawful, such as health or disability information that a job applicant voluntarily provides for appropriate accommodation, or information required for compliance with law.
Where it is necessary for us to process sensitive personal data, we will do so in accordance with the applicable lawful basis, implement appropriate safeguards, and obtain explicit consent where required by law.
6. Sources of Personal Data
We may obtain your personal data from the following sources:
- Directly from you, for example when you complete a form, contact us, send an email, make a phone call, use our chat channels, apply for employment, request a quotation or attend an event;
- Automatically through your use of our platforms, for example through cookies, pixels, tags, SDKs, system logs or analytics technologies;
- From your organisation, our business partners or business alliances, for example where your organisation identifies you as a contact person, coordinator or authorised representative in a transaction with us;
- From service providers or third-party platforms, such as social media providers, registration system providers, website analytics providers or advertising systems, subject to your settings and permissions; and
- From lawful public sources, such as corporate websites, company registration information, trade exhibitions or business cards made available in a business context.
If you provide personal data relating to another individual, such as a contact person, recipient, reference or colleague, you represent that you have the authority or an appropriate lawful basis to disclose such data and, where appropriate, have informed that individual of this Policy.
7. Purposes and Lawful Bases for Processing Personal Data
We may process your personal data for the purposes and on the lawful bases set out below. The applicable lawful basis will depend on the circumstances of each processing activity.
| Purpose | Example Activities | Possible Lawful Basis |
|---|---|---|
| Responding to enquiries and providing product/service information | Returning enquiries, providing consultation, sending catalogues, responding to online forms | Steps taken at your request prior to entering into a contract and/or legitimate interests |
| Preparing quotations, negotiating and entering into transactions | Assessing requirements, preparing prices, preparing contracts | Steps taken prior to entering into a contract or performance of a contract |
| Delivering products, rentals, maintenance, spare parts, warranty and after-sales services | Scheduling service, coordinating technicians, delivering vehicles or machinery, following up work | Performance of a contract, legitimate interests and/or compliance with law |
| Managing accounting, finance, taxation and business documentation | Issuing invoices or tax invoices, reviewing transactions, retaining accounting records | Performance of a contract and compliance with law |
| Managing relationships with customers, business partners and prospective customers | Maintaining contact history, satisfaction follow-up, complaint handling | Legitimate interests and/or performance of a contract |
| Marketing and public relations communications | Sending news, promotions, event invitations or relevant product information | Consent where required by law and/or legitimate interests subject to your right to object or unsubscribe |
| Analysing, developing and improving our website or services | Analysing visitor numbers, page performance and user experience | Consent for non-essential cookies and/or legitimate interests for necessary and appropriate operation |
| Maintaining security and preventing fraud | Detecting unusual access, reviewing logs, preventing spam or threats | Legitimate interests and compliance with law |
| Recruiting and selecting personnel | Considering applications, arranging interviews, checking qualifications | Steps taken prior to entering into a contract, legitimate interests, consent in certain cases, and an applicable lawful basis for sensitive data where relevant |
| Organising activities, exhibitions or seminars | Registration, attendance confirmation, delivery of materials, post-event contact | Steps taken at your request, legitimate interests and/or consent |
| Complying with laws, orders or legal proceedings | Responding to government orders, retaining evidence, protecting legal claims | Compliance with law and legitimate interests in establishing, exercising or defending legal claims |
| Business mergers, transfers or restructuring | Due diligence and transfer of rights or obligations | Legitimate interests and/or compliance with law or contract |
7.1 Where We Rely on Consent
Where processing is based on your consent, you are entitled to grant or refuse consent and to withdraw your consent subsequently. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.
7.2 Where We Rely on Legitimate Interests
Before relying on legitimate interests, we will consider necessity, appropriateness and potential impact on your rights and freedoms. You may object to such processing subject to the conditions prescribed by applicable law.
8. Personal Data You Are Required to Provide and Consequences of Failure to Provide It
Certain personal data is necessary for us to respond to your requests, provide services, prepare quotations, enter into contracts, deliver products, provide after-sales services, process job applications, or comply with applicable laws. If you do not provide required personal data, we may be unable to:
- Contact you or act on your request;
- Prepare a quotation, enter into a contract, or provide the requested service;
- Process or consider your employment application;
- Issue commercial, financial or tax documentation accurately; or
- Comply with applicable legal or regulatory requirements.
Where any personal data is optional, we will inform you as appropriate. Failure to provide optional data will not affect your use of basic services unless that data is necessary for a feature or service you elect to use.
9. Cookies and Similar Technologies
We may use cookies, pixels, tags, scripts or similar technologies on our website or applications to enable proper and secure operation, remember settings, analyse usage, improve user experience, and support communications or advertising activities where appropriate.
9.1 Types of Cookies We May Use
| Cookie Category | Purpose | Consent Approach |
|---|---|---|
| Strictly Necessary Cookies | Enable the secure operation of the website, such as privacy settings, security and form submission. | May be used without consent to the extent necessary to provide the service. |
| Functional Cookies | Remember settings, language or user preferences. | Consent will be obtained where required by law or applicable usage. |
| Analytics / Performance Cookies | Analyse visits and improve website performance. | Will be enabled upon consent unless otherwise permitted by law. |
| Marketing / Advertising Cookies | Measure campaign performance, display relevant advertisements or enable remarketing. | Will be enabled upon consent. |
9.2 Cookie Management
When you access our website, we may display a cookie banner or preference centre enabling you to accept, reject or manage non-essential cookies. You may subsequently change or withdraw your cookie consent through the “Cookie Settings” menu on our website, where such menu is available.
You may also configure your browser to remove or block cookies. However, disabling strictly necessary cookies may cause certain parts of the website not to function properly.
Further details regarding cookie names, providers, purposes and retention periods may be set out in our Cookie Policy or the website’s Cookie Settings page.
10. Marketing Communications
We may contact you regarding news, products, services, promotions, seminars, exhibitions or information that may be relevant to your interests or business via channels such as email, telephone, messages or online channels, relying on an appropriate lawful basis.
You may opt out of marketing communications at any time by:
- Clicking the unsubscribe link in a marketing email, where available;
- Using the contact method specified in the communication; or
- Contacting us at Privacy@siamind.co.th or by telephone at 02-3125300.
Opting out of marketing communications will not affect communications necessary for transactions, contracts, services, warranties, security notices or compliance with law.
11. Disclosure of Personal Data to Third Parties
We do not sell your personal data. We may disclose or transfer your personal data only as necessary and on an appropriate lawful basis to the following persons or organisations:
- Affiliated companies or internal business group entities, where necessary for service provision, business administration or joint operations, with appropriate safeguards in place;
- Service providers and Personal Data Processors, such as hosting, cloud, website system, email, CRM, analytics, recruitment system, event management, delivery, maintenance or information technology service providers;
- Business partners, agents, contractors, installation service providers or business alliances, where necessary to respond to your request, deliver products, provide services or perform your project;
- Professional advisers, such as auditors, legal advisers, technical advisers, insurance companies or other necessary professionals;
- Government authorities, regulators, courts, competent officials or other persons authorised by law, where we are required to disclose personal data under law, an order or legal process; and
- Business transferees or persons involved in corporate transactions, in connection with mergers, acquisitions, asset transfers, restructuring or due diligence, subject to appropriate confidentiality and security measures.
Where a third party processes personal data as our Personal Data Processor, we will require that party to process personal data in accordance with our instructions, maintain confidentiality, and implement appropriate security measures as required by law.
12. Transfer of Personal Data to Foreign Countries
In connection with our use of technology services, cloud services, hosting, email systems, website analytics, customer relationship management systems, social media systems or other service providers, your personal data may be stored in, accessed from, or processed in countries outside Thailand.
If we transfer personal data to a foreign country, we will do so in accordance with the PDPA and other applicable laws, including, as permitted by law, by:
- Transferring data to a country or international organisation that has adequate personal data protection standards;
- Putting in place appropriate safeguards that enable the enforcement of Data Subject rights and provide effective remedial measures; or
- Relying on a statutory exception, for example where the transfer is necessary for the performance of a contract, steps requested prior to entering into a contract, compliance with law, or where your consent has been obtained following the provision of necessary information.
13. Retention of Personal Data
We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, perform contractual obligations, comply with legal requirements, conduct audits, or establish, exercise or defend legal claims.
Our general retention guidelines are set out below. Actual retention periods may vary depending on the nature of the transaction, statutory requirements, warranty periods, limitation periods and our internal retention policy:
| Data / Activity Category | General Retention Guideline |
|---|---|
| Contact enquiries or information requests that do not proceed to a transaction | For as long as necessary to respond and follow up, and no longer than 2 years from the last contact, unless otherwise necessary on a lawful basis. |
| Prospective customer information and business proposal history | During the business relationship and no longer than 3 years from the last contact, unless you object or unsubscribe earlier, or another lawful reason applies. |
| Customer data, contracts, orders, rentals, services, maintenance, warranties and transaction records | Throughout the contract or service period and for no longer than 10 years thereafter, or as necessary under law, limitation periods or for proof of rights. |
| Accounting, taxation and legally required records | For the period required by applicable law or as necessary for audit and proof of rights. |
| Marketing and newsletter data | Until you withdraw consent, unsubscribe or object, and for an appropriate period thereafter to maintain a suppression record. |
| Data of unsuccessful job applicants | No longer than 2 years after completion of the selection process, unless consent is obtained for longer retention or otherwise required by law. |
| Technical data, cookies and usage logs | As necessary for security and system analytics, or for the cookie duration disclosed; computer traffic data will be retained for no less than the legally required period where we are subject to such obligations. |
| Complaint, dispute or litigation data | Until the complaint or dispute is concluded and thereafter for the applicable limitation period or as necessary to establish or defend rights. |
Once personal data is no longer required or the applicable retention period has expired, we will delete, destroy or anonymise it in an appropriate manner, unless continued retention is necessary under law or to establish, exercise or defend legal claims.
14. Security Measures for Personal Data
We implement appropriate organisational, technical and physical security measures to prevent the loss of, or unauthorised or unlawful access to, use, alteration, correction or disclosure of personal data, taking into account the nature, scope, context, purposes and risks of processing.
Such measures may include:
- Granting access to personal data based on operational necessity and user authentication;
- Access control, password management and appropriate reviews of access permissions;
- Security measures for networks, servers, cloud environments and relevant equipment;
- Encryption of data or data transmission channels where appropriate;
- Data backup, system recovery and security incident management;
- Confidentiality obligations for relevant employees, contractors and service providers;
- Training or awareness-building relating to personal data protection and information security; and
- Monitoring, reviewing and improving security measures in light of evolving risks and technologies.
Although we use appropriate efforts to safeguard personal data, transmission over the internet cannot be guaranteed to be completely secure. You should therefore exercise caution when disclosing information and keep your accounts, devices and passwords secure.
15. Personal Data Breach Management
In the event of a personal data breach, we will assess the incident, implement containment and remediation measures, mitigate impacts, and maintain appropriate records of the incident.
If a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the Personal Data Protection Committee Office without undue delay and within the period required by law. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you of the breach and appropriate remedial or protective measures as required by law.
16. Rights of Data Subjects
Subject to the rules, conditions and limitations prescribed by law, you may have the following rights:
| Right | Details |
|---|---|
| Right to Withdraw Consent | You may withdraw consent at any time where our processing is based on your consent. |
| Right of Access and to Obtain a Copy | You may request access to or a copy of your personal data, including disclosure of how personal data not obtained with your consent was acquired. |
| Right to Data Portability | You may request personal data in a format readable or commonly used by automatic tools, or request its transfer to another Personal Data Controller, where the legal conditions are satisfied and the transfer is technically feasible. |
| Right to Object | You may object to processing based on legitimate interests or processing for direct marketing purposes, as provided by law. |
| Right to Erasure, Destruction or Anonymisation | You may request that we erase, destroy or anonymise personal data where it is no longer necessary, consent has been withdrawn, or the processing is unlawful, unless continued retention is permitted by law. |
| Right to Restriction of Use | You may request restriction of the use of personal data in circumstances prescribed by law, such as while accuracy is being verified or an objection is being considered. |
| Right to Rectification | You may request that personal data be corrected so that it is accurate, current, complete and not misleading. |
| Right to Lodge a Complaint | You may lodge a complaint with the Personal Data Protection Committee Office if you consider that our processing does not comply with applicable law. |
Certain rights may be subject to limitations, for example where we are required by law to retain data, where retention is necessary to establish, exercise or defend legal claims, or where complying with a request may adversely affect the rights and freedoms of others. If we cannot comply with your request, we will inform you of the reasons in accordance with applicable law.
17. How to Exercise Your Rights and Contact Us about Personal Data
You may submit a request to exercise your rights, ask questions, or make a complaint relating to personal data protection by contacting:
Personal Data Protection Contact Channel
5/15 Moo 6, Bangna-Trad Road, Km. 15, Bang Chalong Subdistrict, Bang Phli District, Samut Prakan 10540, Thailand
Email: Privacy@siamind.co.th
Telephone: 02-3125300
To protect your privacy and security, we may request additional information or documents only as necessary to verify your identity, your authority to act on behalf of another person, or details of your request before acting upon it.
We will consider and respond to your request without undue delay and within the period prescribed by law. In general, for requests to access and obtain a copy of personal data, we will act within 30 days from receipt of a complete request, unless an extension is permitted by law.
We will not charge a fee for handling your request unless permitted by law, such as where a request is manifestly unfounded, repetitive or involves disproportionate cost. Where appropriate, we will notify you in advance.
18. Information Relating to Children and Persons Who Cannot Independently Give Consent
Our platforms are intended for general users and business contacts and are not primarily intended to collect personal data directly from children, minors, incompetent persons or quasi-incompetent persons.
If it is necessary for us to collect, use or disclose personal data relating to such persons based on consent, we will obtain consent from a person exercising parental power, a custodian or a curator, as applicable, in accordance with legal requirements.
If you believe that we have improperly obtained personal data relating to a child or a person who cannot independently give consent, please contact us at Privacy@siamind.co.th so that we may investigate and take appropriate action.
19. Links to Third-Party Websites or Services
Our website or applications may contain links to third-party websites, systems or services, such as social media platforms, maps, videos or communication systems. Clicking such links or using such services may enable third parties to collect your personal data in accordance with their own policies.
We do not control and are not responsible for the privacy policies or processing activities of third parties. You should read the privacy policy and cookie settings of the relevant third party before using its services or providing personal data.
20. Automated Decision-Making and Profiling
As a general rule, we do not use automated decision-making through our website or applications that produces legal effects concerning you or similarly significantly affects you.
However, we may use usage data or product interest data to categorise communications, analyse content effectiveness, or offer relevant product and service information, subject to an appropriate lawful basis and your rights to opt out or object under applicable law.
If we introduce automated decision-making processes that have significant effects in the future, we will provide necessary information and implement safeguards for your rights in accordance with applicable law.
21. Changes to this Privacy Policy
We may review and update this Policy from time to time to reflect changes in our operations, technology, services or applicable law.
Where material changes are made, we will notify you through our website, applications, appropriate communication channels or other methods required by law. The updated Policy will take effect from the date stated on this page.
We encourage you to review this Policy periodically to remain informed about the latest information regarding how we protect your personal data.