Privacy Policy

1. About Us

This Privacy Policy is developed by Allied Metals (Thailand) Co., Ltd. and its affiliates (“the Company”).

The Company respects personal rights and gives importance to protection of personal data of its customers. Therefore, the Company has developed this Personal Policy to inform you of how the Company collects, uses and discloses your personal, data, and for what purposes. You will also be informed of the procedures used to manage your personal data as well as your legal rights as a data subject under the Personal Data Protection Act, B.E. 2562 (2019).

This Privacy Policy covers the provision of services of the Company, either through websites, applications, social media, and other channels, to customers and visitors of the Company, but does not apply to the Company’s employees, and job applicants. You consent that your use of the Company’s services through various channels, or your provision of information to the Company means that you accept the procedures adopted by the Company as specified in this Privacy Policy. It is the Company’s policy to develop and improve its services to be modern, effective, and in conformity with the principles of good governance and laws. As such, the Company may modify this Privacy Policy from time to time to ensure that it is suitable for organizational management and business operations. Thus, you are asked to keep checking this Privacy Policy to be aware of the current personal data protection policy of the Company.

For your convenience, you can click and read each topic of this Privacy Policy as follows: 

Privacy Policy

Section 1. Data collected by the Company

Section 2. Sources from which the Company collects your personal data

Section 3. Use of the data collected and lawful basis for processing of personal data 

Section 4. Disclosure of data to third parties

Section 5. Data security measures Section 

Section 6. Disclaimer notice Section 

Section 7. Data retention period Section 

Section 8. Data subject rights Section 

Section 9. Contact us

Section 10. Change to the Privacy Policy

Section 1. Data collected by the Company

Personal data means any information relating to a person, which enables the identification of such person, whether directly or indirectly, consisting of both general and sensitive information, but not including the information of the deceased persons and anonymous data. The Company will collect, use or disclose your personal information obtained from you or other reliable sources, such as the Company’s communication channels, government agencies, business partners and affiliates. The personal data shall include:

Identity data, which means any information that can identify you, either directly or indirectly, such as first name and last name, date of birth, gender, national identification number, driver’s license number, passport number, marital status, and nationality.

Contact data, such as address, email, telephone number, line ID, Facebook, IG, LinkedIn (corporate and individual).

Sensitive data, which means personal data about racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal record, health, disabilities, labor union membership, genetic or biometric data, or any other information having similar impacts on the data subject as determined by the Personal Data Protection Committee, as well as any other information of similar manner. The Company will not process all types of sensitive data.

Financial, corporate, individual and transaction data, such as account number, credit card number, debit card number, monthly salary, payment, company affidavit, and certificate of VAT registration.

Sales and service data, including information revealing interests, preferences, budget, reasons for buying goods, models and prices of the goods chosen, date of purchase, and progress of a project.

Marketing and communication data:

• Technical and usage data of the website: www.alliedmetals.com, such as log-in data for members and general users, information on sale and purchase of goods, benefits, period of usage, place of usage, pages visited, interests, search for goods, downloading, and IP address;
• Address: website traffic, cookies, type of devices, settings, platforms and other technologies used to access the Company’s website;
• Data on EDM (Electronic Direct Mail) of the Company;
• Social network data: Facebook, IG, Line, LinkedIn;
• Data from am_online@alliedmetals.com, and emails under hosting@alliedmetals.com;
• Data from telephone numbers of Bangkok Office, Phuket Office, and Marketing Division;
• Data from facsimile; and
• Data from survey

If there is any change to its communication channels, the Company will ask users to check and update the agreement to choose the channels that users can communicate with and receive information from the Company again.

After-sales services information, such as name of user/person requesting a repair and password, SMS text or email indicating a desire to receive after-sales service, maintenance, product data, project data, interests, preferences, budget, reasons for purchase of goods, information from telephone numbers making contact via Bangkok Office, Phuket Office, and After-Sales Service Department.

Human resource information, such as personal information, employment record, and necessary reference documents.

Supplier/Outsource/Service Provider/Sub-Contractor: the Company will collect data on execution of contract, purchase and requisition, inspection of product or service quality, or efficiency assessment of the service providers.

Section 2. Sources from which the Company collects your personal data

• Directly from you via:
  • EDM: Electronic Direct Mail
  • Social Media

• • • Facebook: @alliedmetalsthailand 
    • IG: alliedmetals_official
    • Line: @amtofficial
    • LinkedIn ID: Allied Metals (Thailand) Co., Ltd.
  • Email address: am_online@alliedmetals.com; Email under hosting@ com
  • Contact Centers:

        (Bangkok Office) +66 2318 0965-8

        (Phuket Office) +66 7622 4039

        (Marketing Department) +66 83 540 9387

        (After-Sales Service Department) +66 86 988 8550

• •  Fax: +66 2318 0969
  • Online and office survey forms
  • Website: www.alliedmetals.com

Tracking Technology

Data on use of the website on computer will be collected in the form of cookies or other similar systems when you use the website and social media of Company.

*Collection and transfer of data depend on settings of the users’ accounts used to access the social media. Data collection will occur when users start logging into the social media or using www.alliedmetals.com.

*Additional information on the Company’s cookies can be found in the Cookies Policy.

Affiliates

• Third Parties, such as:
  • Government agencies
  • Financial institutions and online payment channels, including 2C2P
  • Representatives, agents, and other intermediaries
  • Business partners
  • Data service providers

This is to benefit the updating of users’ personal data and to improve the quality and efficiency of the Company’s products and services.

Section 3. Use of the data collected and lawful basis for processing of personal data

Collection, use or disclosure of personal data by the Company will be performed in accordance with lawful basis. The Company has different lawful bases to process your personal data, depending on purpose of the processing. The lawful bases are set out as follows:

3.1  Consent

The Company will process your personal data based on a specific purpose notified to you and explicit consent granted by you.

3.2  Contract

The Company processes personal data under the contract basis when the processing of such personal data is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract, such as provision of services to you, compliance with internal procedures of the Company, or achievement of objectives of the contract.

3.3  Legal Obligation

The Company processes the personal data in order to comply with the controller’s legal obligations, such as prevention and detection of irregular transactions that may lead to illegal activities and reporting of personal data to government agencies as required by laws.

3.4   Public Interest

In some cases, the Company may be required to process personal data in the public interest or in the exercise of duties assigned by government agencies.

3.5  Legitimate Interest

The Company processes personal data for the legitimate interests, such as internal management of the Company and disclosure of data among entities in the same business group to upgrade the Company’s work standards, provided that such disclosure is in compliance with the Company’s Privacy Policy and Privacy Notice. Processing of personal data may also be carried out in prevention of, response to and reduction of risk of illegal actions, including taking of pictures in the project area or any other areas of the Company, security of persons residing in such areas, relationship maintenance with customers, such as management of complaints and offer of benefits without commercial purpose.

Objectives of Collection and Use

The Company collects, uses and discloses your personal data for:

• Management of purchase and sale: personal data as well as information on budget, goods selected, models and prices of the goods purchased, date of purchase and project progress will be used for delivery of goods after sale and implementation of a project or contract made with a party that the Company employs or uses services from.

*In case of usage of external services (supplier/outsource/service provider/sub-contractor), the Company will use or disclose the data for the purposes of execution of sale and purchase agreements or service agreements, inspection of quality of products or services after installation, or assessment of performance of service providers.

• To facilitate payment via different channels, personal data and financial data will be used for the transfer of funds used to sell and purchase goods between the Company and its trade partners.
• Marketing communication: members or users can receive promotional offers, information on the goods or the Company (corporate communications), or communication between employees to request data, answer questions, express opinions, lodge complaints, and participate in activities, events, seminars and workshops.

Personal and marketing data is used to get back to the data subject or fulfil the data subject’s requests.

• After-sales services: name of user/person requesting a repair and password, personal data, product data, project data, opinions expressed, or detail of the request for repair given by you will be used to get back to the user, commence the repair, provide services, and improve the Company’s services.
• To provide the services of alliedmetals.com: details of systems required to activate or use the website, display of results on the website, downloading, and Internet Protocol (IP) address collected by cookies or similar systems will be used to improve the operating system and display of results on the website in order to improve the efficiency and performance.
• Job application
• Receipt and delivery of documents and goods through messengers

*Information on communication channels and uses will be collected by website service providers and Google Analytics, Line, Facebook, IG and LinkedIn to analyze and determine the channels that are effective and suitable for communication.

Section 4. Disclosure of data to third parties

To effectively manage the works between business partners and the Company through external services (supplier/outsource/service provider/sub-contractor), the Company may have to disclose personal data to the third parties, both in and outside the country. The personal data will be used to:

• Implement a project, summarize the sale, purchase or services, monitor the project, take steps to enter into a contract to procure goods or services, and examine the quality of goods or services of third parties, or evaluate the efficiency of service providers in implementing the project;
• To improve steps to be taken or services to be provided, or to facilitate the sale and/or purchase;
• To make payment for goods and services via financial institutions;
• To improve communication channels to offer information on products or services, to give notice on updates and benefits as well as to serve as channels to send invitations to activities and provide marketing data and/or promotional programs through a company employed to carry out marketing activities or serve as a comprehensive marketing consultant;
• To effectively communicate with user, the personal data may be sent to “system/network service provider and/or SMS/MMS service provider” with relevant information, including first name and last name, contact data, telephone number, privileges of the user, promotions, answers to questions, complaints or requests for additional services via telephone;
• To ensure provision of complete services on www.alliedmetals.com, a third party means a person who is employed to perform works related to technology and information in order to support/manage online systems, such as an IT company, programmer, electronic mail (email) service provider, social network administrator, or agency with expertise in media and technology. Such third party is required to sign a non-disclosure agreement, refrain from disclosing or transferring information to another person, and put in place measures to collect and store personal data during and after use.
• To maintain security and comply with laws, rules, regulations and requirements of authorities and court orders, the Company may need to transfer data of a person or member with suspicious background or criminal records and there may be requests made by competent officials to inspect any act that causes any disorder and danger both during and after use of The Company reserves the right to cancel or prohibit the use of services if any user or member has or is suspicious to have criminal records other than those stated in the first paragraph. The Company has no policy to sell your personal data to any third party. You data will be kept confidential. We will not disclose your data to any person or organization, unless it is necessary to do so to achieve an objective that the Company has notified you per details above or your prior consent has been granted.

Section 5. Data security measures

The Company has strict measures to keep your personal data safe. We respect your privacy and will comply with provisions of applicable laws as follows:

• Your personal data is classified as confidential information;
• There are organizational and technical measures to manage the data and prevent unauthorized access, use or modification, such as information security system and policy to keep customers’ information confidential;
• Personnel, employees and external parties (suppliers/ outsource/ service providers) are obliged to keep customers’ personal data confidential in accordance with the non-disclosure agreement executed with the Company;
• A process is developed to manage data breach and notify you if your personal data is violated by alarming DC (GDPR representative in case of users covered by EU laws) within relevant organizations to lead to steps determined by applicable laws.
• If data is sent to a wrong recipient or email address, there will be Confidentiality Notice enclosed at the end of every email sent from the Company; and
• Distribution, reproduction, copying, collection or downloading of an attachment containing personal data by a person who is not an intended recipient named in the email and notified in the process of service usage in relation to relation between last name and email shall be subject to punishment in accordance with related clauses of the Computer Act, B.E. 2560 (2017) or any (applicable) foreign laws governing digital media, computer, technology and information.

Section 6. Disclaimer Notice

You can choose not to receive marketing data via communication channels or by checking details in Opting Out/ Unsubscribe/ Unfollow section.

Moreover, you may refuse to receive any information from the Company by sending an email to the following email address: am_online@alliedmetals.com. In the event that you choose to refuse to receive any information, such cancellation/refusal shall not affect the products or services to be delivered to you or other transactions that you have with the Company.

Communication channels to provide, receive or modify the information on goods, sale and purchase, and marketing privileges to be offered by the Company are as follows:

Telephone:

(Bangkok Office) +66 2318 0965-8

(Phuket Office) +66 7622 4039

(Marketing Department) +66 83 540 9387

(After-Sales Service Department) +66 86 988 8550

Fax: +66 2318 0969

Facebook ID: @alliedmetalsthailand Instagram ID: alliedmetals_official Line ID: @amtofficial

LinkedIn ID: Allied Metals (Thailand) Co., Ltd. Email: am_online@alliedmetals.com

To manage the receipt and transmission of the abovementioned information, the Company reserves the right to modify and improve any contents, requirements and conditions contained in the communication channels identified above without having to give a prior notice or being liable for any damages caused by the above acts, either direct or indirect damages, special damages or incidental damages, or failure to provide services, omission of any acts, or delay in carrying out any acts, unless it is the Company’s fault.

There are some limitations in the security of data received and transmitted via the internet although the Company has strict data security measures. Thus, the Company cannot guarantee the safety of data disclosed by you via online channels. The Company’s website, www.alliedmetals.com, may contain links to websites of third parties that are not managed by the Company, but are business and service partners of the Company.

When you click a link from the Company’s website and are on a third party website, it shall be deemed that your visit to the Company’s website is terminated and this Privacy Notice comes to an end. The third party website that you visit may have unauthorized access to your personal data. In the case where such third party website collects, uses or discloses your personal data, the Company will not be responsible for accuracy and completeness of the data and services provided by the third party website. For the purpose of your privacy, we suggest that you read the Privacy Notice on every website you visit.

We cannot guarantee that our website, is free from computer viruses and other tools that may cause any damage. The Company will not be responsible for any loss or damage, either direct or indirect, or the damage caused by inability to use the services.

Section 7. Data retention period

The Company will retain your personal data for no longer than necessary in light of the purposes for which the data was collected as well as for examination of the organization. In the case where you have already terminated your business relationship with the Company, your personal data will be stored in accordance with the Company’s Privacy Policy, which is for a minimum period of 10 years for inspection of the provision of goods or services to you and for legal purposes, security, and compliance with rules and regulations of the government agencies. Upon expiration of the retention period, the Company will destroy such personal data. If the data subject has a history of committing any act causing disorder and danger, such history will be covered in the content of personal data and will be disclosed or sent to relevant authorities in the case where there are investigation, resolution or punishment under the laws.

Section 8. Data subject rights

You have legal rights in accordance with the personal data protection act that you should know. You may submit a request to exercise such rights through the channels provided under Section 9, “Contact Us”. The Company will fulfill your request as soon as possible, but not later than 30 days or more, depending on quantity and complexity of your request. As a data subject, you may have the following rights:

Right to Withdraw Consent

You may communicate the withdrawal of your consent to collection, use or disclosure of your personal data at any time and the Company will immediately terminate the processing of your personal data. In this regard, the Company may not collect, use or disclose such personal data any further under any other lawful basis. Moreover, the Company will delete your personal data.

Right to Access

You are entitled to request access to and obtain copy of your personal data under responsibility of the Company and to request the disclosure of the acquisition of personal data obtained without your consent. Your request will be fulfilled within 30 days from the date of receipt by the Company.

Right to Rectification

You may ask the Company to rectify your personal data to be accurate, updated, complete, and not misleading.

Right to Data Portability

You have the right to request data concerning your own and to ask the Company to send or transfer the data to another data controller or to receive the data that the Company sent or transferred directly to the other data controller.

Right to Data Erasure

You may ask the Company to erase or destroy your personal data or make it unidentifiable in the following cases:

Your personal data are no longer necessary in relation to the purposes for which it was collected or processed.

As the data subject, you have withdrawn your consent to processing of personal data and the Company does not have the authority by other legal ground to process such personal data.

You have objected to the processing of personal data. 

It is an illegal processing of personal data.

The data subject objected to processing of personal data (other than that related to the objection to processing for the purpose of direct marketing) and the Company has no overriding legitimate grounds to refuse such objection.

Right to Restriction of Processing

You have the right to forbid the processing of personal data in the following cases:

It is no longer necessary to process the personal data, but it is still necessary to collect personal data for the purpose of exercising the right to lodge complaints under the law.

The processing is illegal, but the data subject would like to prohibit the processing rather than erasure or destruction of personal data.

When it is during the process to verify accuracy of personal data as requested by you. 

When it is during the process to investigate the legitimate cause that is more significant.

Right to Object

You have the right to object the collection, use or disclosure of personal data in the following cases:

The collection, use or disclosure of personal data is performed for the purpose of direct marketing. The Company processes your personal data for the purposes of scientific, historic or statistic research, unless it is necessary for the performance of task carried out for reasons of public interest by the Company.

The Company collects your personal data to carry out a mission for the public task of the Company or necessary reason for legitimate benefits, unless the Company demonstrates a legitimate cause that is more significant or it is necessary for the establishment, compliance, exercise or defense of legal claims.

Right to Lodge a Complaint

You have the right to lodge your complaint to relevant government agencies if the Company or its employee or contractor violates or fails to comply with provisions of the personal data protection act.

Section 9. Contact Us

If you need to contact us in order to exercise the data subject rights, access or modify personal data, revise the acceptance of communication channels, or if you have any questions or complaints, you can reach us at dc-pdpa@alliedmetals.com.

Section 10. Change to the Privacy Policy

We may amend this Privacy Policy and will notify you via the Company’s communication channels so that you are aware of our current Privacy Policy and revise your acceptance of this Privacy Policy again.

This Privacy Policy is published on 25 May 2022. 

Last update: 30 June 2022

Cookies Policy

The Company’s website uses cookies to distinguish you from other users, which will enable the Company to provide you with a better user experience and improve the quality of our website. The objective of this Cookies Policy is to ensure that you, as a user of www.alliedmetals.com, will receive clear and accessible information about cookies used by www.alliedmetals.com as well as roles that cookies have to help the Company provide you with the best experience and alternatives that you have in relation to setting of your cookies.

1.  What are Cookies?

Cookies are small text files installed on browsers of the user or hard drive on computer or mobile devices of the user, used to collect data and settings, such as language settings of browsers on the user’s device and to record the user’s current log-in status to enable the user to continuously use the website. They also collect data on the user’s website visit behavior. Cookies are not harmful to your devices and contents in cookies can be viewed and read by the website that creates such cookies only. You may accept or deny cookies by adjusting your browser settings. If you wish to do so, please go to the Help menu of your browsers.

The Data that the company receives from cookies or similar technologies may include your IP address, Advertising ID, browser attributes, device attributes, specific device ID, operating systems, language settings, reference URL, record of your website behavior, such as contents that the user visits or is interested while visiting that website, date and time of access or use of the website, connection of applications on mobile phones and tablets. The Company may use similar automatic methods.

The Company’s Privacy Policy will determine all details concerning other information that the Company collects and methods of how the Company uses your personal data.

2.  Use of Cookies

Cookies will let the Company know what parts of the website or application of the Company that the user visits so that the Company is able to provide better user experience and meet the user’s needs. For example, cookies can recognize you and significant information that will make it more convenient for you to use the Company’s website, such as recognition from your settings and recording of initial settings of the website by cookies, will enable you to access the website with the settings you have, except in the case where cookies are deleted, which will make the device resume its initial settings.

When you visit the website or click to accept Cookies from the Notice appearing on www.alliedmetals.com on your computer or mobile phone, it means that you have given consent to Cookies and analysis of your data by the Company or relevant third parties.

3.  Types of Cookies and their Functions

The Company uses four types of Cookies on our website. You cannot be identified by the use of such Cookies.

Strictly Necessary Cookies: these cookies are essential for the Company’s website since they allow the Company to provide website services and basic functions of the website as well as to demonstrate the structure of website on computer or mobile phone. This type of cookies enable stable and effective use of the website and will be stored and deleted after your browsing of the website.

Analytical/Performance Cookies: these cookies allow the Company to evaluate its website’s performance from the number of pages you visit, length of visit, place of usage, and number and specific characteristics of a group of visitors. Such information will be used to analyze the visitors’ behavior and the results will be used to improve our website (both for computers and mobile devices) to ensure that it can meet users’ needs and improve user experience. However, data obtained and used for the evaluation is anonymous and not identifiable. Moreover, no specific data, such as name or email address, is collected. Data is collected for statistical purpose only.

Functionality Cookies: these cookies are used to recognize attributes that you choose while using the website, either on computer or mobile device. The data recorded will be used again when you return to the Company’s website. What you have chosen to use will be displayed without you having to choose again. This is for your convenience in using the website. However, data obtained and used for the evaluation is anonymous and not identifiable. Moreover, no specific data, such as name or email address, is collected. Data is collected for statistical purpose only.

Marketing Cookies: this type of cookies will be placed on the Company’s website, www.alliedmetals.com, to recognize users’ usage and interests, which will be used to adjust web pages to present goods, promotions and events that are interesting to and meet the needs of users, as well as specific offers and privileges. They can be used to evaluate advertising campaign effectiveness, which will facilitate the provision of services to the Company’s customers. Information obtained from marketing cookies can also be used to select media for communication and display of advertisements on the website and other communication channels of the Company to website users and customers of the Company.

4.  Retention Period

Two types of cookies will be stored on your devices:

• Session cookies will be automatically deleted when you turn your browsers off.
• Persistent cookies will remain on the user’s computer until they expire or are The persistent cookies can collect information on the user’s interests, which make it easy for the user’s next visits to the website and more interesting contents can be shown to the user.

5.  Cookie Settings

If you do not wish to have your data collected by cookies and measurement software and tools, you may choose to delete or disable some of the cookies or measurement software via your browsers or the settings on your mobile device or tablet. Please be informed that if you turn off or remove cookies, some attributes of the website may not work properly as designed. For example, you may not be able to visit certain areas of the website or you may not receive specific information provided when you visit the website.

If you use different devices to open and access the website (such as computer, smart phone, or tablet), you have to adjust the browser used in each device to be in line with your cookie preferences. You can manage cookies in your browser by using the following settings:

• Cookies settings in Chrome
• Cookies settings in Firefox
• Cookies settings in Safari and iOS
• Cookies settings in Internet Explorer
• Cookies settings in Microsoft Edge
• Chrome for android
• Chrome for iOS

6.  Contact Us

If you have any questions regarding this Cookies Policy, please contact us at dc-pdpa@alliedmetals.com.

7.  Amendment of the Cookies Policy

The Company may amend this Cookies Policy and we recommend that you review it from time to time to be aware of how the Company uses its cookies.

This Cookies Policy is published on 25 May 2022. Last update: 30 June 2022

Allied Metals (Thailand) Company Limited (“the Company”) recognizes the importance of our obligation under the Personal Data Protection Act, B.E. 2562 (2019), in respecting the privacy of our current and future vendors, business partners including suppliers (hereinafter referred to as the “Vendor”) and is determined to protect your personal data in order to ensure that vendor’s personal data will be protected in accordance with the Personal Data Protection Act and other related laws. Therefore, the Company has developed this Vendor Privacy Policy to inform you of details related to collection, use, disclosure (collectively referred to as “Processing”) of your personal data as well as your legitimate rights as a data subject as follows:

Section 1. To Whom This Policy Applies

This Vendor Privacy Policy involves personal data of our current and future vendors, business partners and suppliers, both as an individual, and individuals operating under the name of juristic person who are data subjects, such as directors, consultants, executives, employees, representatives and any person related to the Company’s personnel.

“Vendor” means an individual, or juristic person engaging in transactions or dealing with the Company, and is approved to execute a sale/ purchase/ employment/ rental/ lease agreement with the Company. The vendors may be current, or future vendors, or business partners, which shall include suppliers who provide the Company with goods and services.

Section 2. Definition of Personal Data

2.1 “Personal data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, such as first name, last name, nickname, address, telephone number, national ID number, passport number, social security number, driver’s license number, taxpayer identification number, bank account number, credit card number, email address, vehicle registration, land title deed, IP address, cookie ID, and log file, but not including the information of the deceased persons in particular and anonymous data.

2.2 “Sensitive data” means the personal data regarding racial, or ethnic origin, political opinion, religious, or philosophical belief, sexual behavior, criminal record, health record, disabilities, labor union membership, genetic or biometric data, or any other information having similar impacts on the data subject as determined by the Personal Data Protection Committee, which the Company has to treat with extra care. The Company will collect, use and/or disclose your sensitive data only after explicit consent is granted from you, or when it is necessary for the Company to comply with our legal obligations.

In this Policy, unless specifically identified, the “Personal Data” and the “Sensitive Data” about customers shall be collectively referred to as the “Personal Data”.

In the case where the Company receives a copy of your national ID card or takes the information from your national ID card electronically for the purpose of authentication before starting any legal relationship and/or conducting any transaction with the Company, the data obtained will include that of religion, which is considered sensitive data. The Company has no policy to keep your sensitive data except in the case where the company has obtained your consent. Hence, The Company will determine the procedures to manage such data as permitted by laws.

Section 3. Personal Data Collected by the Company

The Company collects your personal data only as required to achieve the objectives of use of the data that the Company will subsequently inform you. The personal data to be collected by the Company can be classified as follows:-

Types of personal data: basic personal data

Description: such as title, first name, last name, gender, photo, date of birth, age, nationality, national ID number, current address, and permanent address.

Section 4. Sources of the Personal Data

The Company collects your personal data and sensitive data via the following processes:

4.1 Data given directly by you to the Company

For example, data that appears in the steps of procuring services from a third party, signatures on service/lease agreements, sale and purchase agreements, or any business contracts, filling out on various forms, questionnaires or registrations, or filing any requests, or applications to exercise any rights, as well as data used to apply for creating a user account, or profile with the Company, or to contact the Company, both via offline and online platforms.

4.2 Data automatically collected by the Company

Whenever you uses services via the Company’s system, or visit the Company’s website via electronic devices, such as mobile phones, computers, or laptops, your data will be collected by cookies, or other similar technologies.

4.3 Data from reliable external sources, or public information

Such as The Department of Provincial Administration, the Department of Business Development, commercial data sources, websites, applications, social media data sources, data providers, agencies, companies, associations, or federations relating to the execution of legal transactions and contracts, and/or business operations of the vendors.

4.4 Information that you contact the Company

Information that you contact the Company, staff, employees, representatives, vendors or business partners of the Company, attorneys, or persons acting on behalf of the Company, or other persons, or organizations assigned by the Company, via websites, applications, social media, telephone, email, meetings, interviews, Short Message Service (SMS), facsimile, post, VDO call service, or any other methods that may be collected by the Company in the text, visual and audio forms.

Section 5. Objectives of Collection, Use, and Disclosure of the Personal Data

The Company collects, uses, or discloses your personal data for the following objectives:-

5.1 Contractual Basis: In complying to a contract to which you are a part of, such as an employment, or any other contract, or to fulfill your requests/applications before executing a contract, as the case may be.

Objectives of collection, use, and disclosure of the Personal Data

The Company collects, uses, or discloses your personal data for the following objectives:-

1. Objective in operation: To consider and sign commercial contracts

Description: To consider and execute commercial contracts, to perform obligations under the contracts, to carry out transactions related to the Company’s business, to implement the employment contracts, service contracts, confidentiality agreements, memorandum of understanding (MOU), other commercial contracts and related arrangements, or cooperation between the Company and the other party to the contracts, to prepare data before the purchase and procurement processes, such as preparation of requisitions, details, conditions and requirements for the Terms of Reference (TOR).

Information Processing basis: Compliance of contracts

2. Objective in operation: To consider the qualifications of registered vendors Description: In considering the qualifications of registrants, and registration of the vendors shall be as determined by each section as well as registration of vendors in the Company’s online system.

Information Processing basis: Compliance of contracts

Section 6. Disclosure of Your Personal Data

To achieve the objectives indicated herein, your personal data may be disclosed, or transferred to different units within the Company, and external persons or organizations as follows:-

6.1 Within the Company

Your personal data may be disclosed, or transferred to various units within the Company only those that are related to and having certain roles to achieve the objectives. Such individuals, or teams of the Company will be authorized to access your Personal Data only as necessary and appropriate.

• Procurement officers, or the officers of other related departments whose right to access to personal data shall be determined by their roles and responsibilities
• Executives, or immediate supervisors responsible for managing or making a decisions, or when required to get involved in purchase and procurement processes
• Supporting departments, or teams

6.2 Outside the Company

Your Personal Data may be disclosed, or transferred to external organizations as follows:-

6.2.1 Governmental agencies, regulatory organizations, or other agencies determined by laws, such as the Royal Thai Police, the Government, Courts, the Department of Legal Execution, or any other agencies with powers vested by the laws.

6.2.2 External organizations or individuals: The Company may disclose your personal data to external organizations, or individuals making inquiries for the purpose of inspection of your transactions, and provision of services, or products that meet your needs.

Section 7. Request for Consent and Potential Impacts of Consent Withdrawal

7.1 In the case where the Company collects, uses, or discloses your personal data based on your consent, you shall have the right to withdraw your consent previously granted to the Company at any Such consent withdrawal will not affect the collection, use or disclosure of personal data for which your consent was granted.

7.2 If you are a minor under the Civil and Commercial Code, before giving consent, please provide the Company with details of your guardian so that the Company is able to obtain consent from your guardian.

You may withdraw your consent for collection, use, or disclosure of your personal data, either in whole or in part, as specified herein by giving the Company a notice of such withdrawal.

Withdrawal of your consent for collection, use, or disclosure of your personal data may result in your loss of benefit to use the Company’s services at the same level that you would have enjoyed if consent for collection, use, or disclosure of your personal data is given to the Company.

Section 8. International Transfer of Personal Data

8.1 The Company may send, or transfer your personal data to another person, either in or outside the country, if it is necessary for the purpose of compliance of a contract to which you are a part of, or in complying to a contract between the Company and another individual, or juristic person for your interest, or fulfilment of your request before entering the contract, or prevention or suppression of harm to life, body, or health of yourself or any other person, or compliance with legal obligations, or significant public interest.

8.2 The Company may keep your personal data on computers, servers, or Cloud of a third-party service provider, or use third-party programs, applications, software packages, and computer platforms to process your personal data. In this regard, the Company will not permit any unauthorized person to have access to the personal data. Moreover, the Company will determine proper data security measures for those unauthorized persons.

8.3 If it is necessary to send or transfer your personal data overseas, the Company will comply with The Personal Data Protection Law and use appropriate measures to ensure that your personal data will be properly protected and that you can exercise your rights in relation to your personal data as prescribed by the law. Moreover, the Company will require the recipient of your personal data to have proper measures to protect your personal data, process such personal data only as necessary, and prevent any other person from using or disclosing your personal data without the legitimate power.

Section 9. Retention Period of Your Personal Data

9.1 The Company will retain your personal data for no longer than necessary in light of the purposes for which the data was collected, used, and disclosed, including compliance with provisions of applicable laws. Criteria used to determine the retention period include the period of time that the Company has a relationship with you as our vendor, business partner, director, representative, attorney, or a person acting on behalf of an individual, or juristic person who is registered as a vendor, or business partner of the Company. Your personal data may be retained for as long as it is necessary to be in conformity with legal obligations, or prescription period, for the purpose of establishment, compliance, exercise, or defense of legal claims, or for other reasons in accordance with the Company’s internal policies, and requirements.

9.2 The Company will continue to collect, use, and disclose your personal data even though you have ended your relationship with the Company for as long as it is required by the law, or for legitimate interests, or the personal data may be retained in the form that is unidentifiable, such as by means of data anonymization, or pseudonymization.

9.3 The Company may retain your personal data for as long as reasonably necessary to fulfill our duties to achieve the purposes of processing your personal data as prescribed in this Privacy Policy. The Company will keep your personal data for no longer than 10 years after your termination of the relationship, or your last contact with the Company. However, your personal data may be kept longer if the law permits.

9.4 To be in line with relevant period and prescription, the Company will retain your personal data in the form appropriate for the specific types of personal data. However, the Company may continue to retain your personal data after the expiry of prescription period for legitimate interests of the data controller, unless such interests are less important than the fundamental rights in your personal data.

9.5 The Company will carry out an inspection to delete, or destroy the personal data, make it permanently unidentifiable, or otherwise eliminate all personal data upon expiry of the retention period, irrelevant personal data, or those personal data not necessary to achieve the objective of personal data collection, or when the Company is required to comply with your request to delete your personal data.

Section 10. Disclosure of Your Personal Data

The safety of your personal data is the Company’s first priority, hence processes such as encryption, and restriction of right to access the personal data are utilized to assure you that the Company’s personnel, and third parties working on behalf of the Company complies with proper data protection standards as well as obligations to prevent data leakage, and that the Company uses security measures appropriate for the personal data processing.

The Company will use appropriate Technical, and Organizational measures to keep your personal data safe, and prevent violation of the personal data. The Company has determined policies, regulations, and procedures for protection of personal data, as well as measures to prevent those receiving personal data from the Company from using, or disclosing the same in a manner irrelevant to the objectives, or without power, or permission to do so, and the Company will amend such policies, regulations and procedures from time to time as it is deemed necessary and appropriate. Furthermore, executives, employees, contractors, representatives, recipients of data from the Company shall have a duty to keep the personal data confidential in accordance with measures determined by the Company.

The Company will review and update its data security procedures and measures from time to time to obtain the level of security that is proportional to the risk, and to maintain confidentiality of personal data, integrity, availability, and agility in processing the personal data. The Company will protect the personal data against loss and unauthorized collection, access, use, modification, alteration, or disclosure. Different measures will be taken by the Company to process all types of personal data, whether in the electronic, or printed form.

Section 11. Your Rights as a Data Subject

11.1 As a data subject, you shall have the following rights:-

• Right to Withdraw Consent

If you have given a consent for the Company to collect, use, and/or disclose your personal data (whether the consent was given before or after the effective date of the personal data protection law), you

shall have the right to withdraw such consent at any time during the period of time the Company holds your personal data, unless such right is restricted by the law, or there is a contract that benefits you.

However, withdrawal of your consent may impact your use of products, and/or services. For example, you will not receive new benefits, promotions, or offers, and may not receive better products, or services that meet your needs. Moreover, you may not receive information that is beneficial to you. Thus, for your interest, please study and ask us about the impacts before withdrawing your consent.

• Right to Access

You are entitled to request access to, and obtain copy of your personal data under responsibility of the Company, and to request the disclosure of the acquisition of personal data in the Company’s possession. In this regard, the Company may refuse your request if such access and obtainment of the copy of personal data will impact the rights, and liberties of any other person, or the Company has to follow the law, or court’s order that forbid the Company to disclose such personal data.

• Right to Data Portability

You have the right to obtain your personal data in the case where the Company has turned such personal data into a format that can be read, or used by an automatic tool, or equipment and can be used or disclosed by an automatic method. You also have the right to ask the Company to send, or transfer your personal data in such format to another data controller when the transfer can be made by an automatic method, and to obtain such personal data that the Company directly sent or transferred to another data controller, unless it cannot be done due to a technical reason.

The abovementioned personal data shall be the one for which you have given the Company the consent to collect, use and/or disclose, or the personal data that the Company needs to collect, use and/or disclose, so that you can use the Company’s products and/or services as you desire as the counter party to a contract with the Company, or to fulfill your request before using the Company’s products and/or services, or other personal data as determined by the authorities.

• Right to Object to Data Processing

You have the right to object to certain collection, use, and disclosure of your personal data at any time if such collection, use, and disclosure is performed for necessary tasks under legitimate interests of the Company, or another individual, or juristic person, not exceeding the scope that you are able to reasonably anticipate, or in order to carry out a mission for public interest. If you make an objection, the Company will continue to collect, use, and/or disclose your personal data only in the case where we can demonstrate a legitimate cause that is more significant that your fundamental rights, or as necessary for the establishment, compliance, exercise, or defense of legal claims, as the case may be.

Moreover, you have the right to object to the collection, use, or disclosure of your personal data if it is performed for the purpose of direct marketing, or scientific, historic, or statistic research.

• Right to Data Deletion

You may ask the Company to delete or destroy your personal data, or make it unidentifiable if you believe that your personal data are unlawfully collected, used, and/or disclosed against the relevant laws; or that your personal data are no longer required for the purposes indicated in this Privacy Policy; or when you exercise the right to withdraw your consent or make an objection as mentioned above, except in the case where the Company has to comply with the law, or exercises the legal rights to retain such data.

• Right to Request Suspension of the Use of Personal Data

You have the right to ask the Company to temporarily suspend the use of personal data in the case where the Company is in the process of examining your request to exercise the right to rectification or objection. Moreover, if the Company no longer needs your personal data and has to delete or destroy them according to related laws, you may instead ask the Company to suspend the use of such personal data.

• Right to Rectification:

You have the right to ask the Company to rectify your personal data to be accurate, updated, complete, and not misleading.

• Right to Lodge a Complaint

You may lodge your complaint to competent authorities if you believe that the collection, use, and/or disclosure of your personal data is made against the relevant laws.

If you have any concern or doubt regarding the way the Company treats your personal data, please contact the Company using the contact details provided under Section 13 of this Privacy Policy. If there is a reason to believe that the Company has violated The Personal Data Protection Law, you may lodge a complaint to the Expert Committee appointed by the Personal Data Protection Committee in accordance with rules and procedures prescribed as by The Personal Data Protection Law.

In the case where you, as the data subject, submitted a request to exercise your rights under The Personal Data Protection Law, upon receipt of such request, the Company will proceed to complete your request within the period designated by the law. However, the Company reserves the right to reject, or refuse to fulfil such request if required by the law.

11.2 It is at the sole discretion of the Company to accept, or reject your request. Your exercise of rights under 11.1 may be limited by applicable laws. In some cases, it may be necessary for the Company to reject your request or it may be impossible to proceed in accordance with your request for example, the Company is required to comply with the law or a court order, or your request is against the public interest, or in violation of another person’s rights or liberties. If the Company rejects your request, we will notify you of the reason for such rejection.

Section 12. Change to the Vendor Privacy Policy

The Company will review and amend this Vendor Privacy Policy on a regular basis to ensure that it is in line with relevant guidelines, laws and regulations. We will notify you of any significant changes made to this Vendor Privacy Policy and publish the amended Vendor Privacy Policy through appropriate channels. In this regard, you are recommended to check for amendment of the Vendor Privacy Policy from time to time.

Section 13. Communication Channels

If you view that the processing of your personal data is not in compliance with the Personal Data Protection Act, B.E. 2562 (2019), you may submit a complaint to the Data Controller at the e-mail address: dc-pdpa@alliedmetals.com.

Section 14. Governing Law

You acknowledge and agree that this Vendor Privacy Policy shall be governed by and construed in accordance with the laws of Thailand. Any and all disputes which may arise shall be settled by Thai Court.

This Privacy Policy is published on 1^st June 2022.