1 Purpose

     The Company establishes this Policy for the common understandings of Customers and Business Partners (collectively referred to as “you”) regarding the collection, storage, usage, and disclosure of your Personal Data under the Act. This Policy specifies the types of Personal Data being collected and stored, the usage’ purposes of Personal Data, the disclosure of Personal Data to third parties or Affiliates, and your rights as the data subject.

2 Definitions

“Personal Data”	means information that reveals or reasonably could be expected to reveal the identity of any individual excluding the deceased person's information.
“Sensitive Data”	means any Personal Data which the collection, storage, usage or disclosure may have a material effect against the data subject, including but not limited to information regarding race, political opinions, religious belief, sexual behavior or biological data.
“Business Partners”	means business partners which are: (1) individual business partners including our past and present business partners who are individuals, and (2) corporate business partners including directors, shareholders, employees, agents, and other individuals authorized to act on their behalf, our past and present corporate business partners and other individuals authorized to act on their behalf.
“Policy”	means this Personal Data Protection Policy
“Company”	means Bridgestone A.C.T (Thailand) Co.,Ltd.
“Affiliates”	means juristic persons who are under the same control or have the following companies as a majority shareholder, i.e. Bridgestone Asia Pacific Pte. Ltd., or Bridgestone Corporation.
“Act”	means the Personal Data Protection Act B.E. 2562, including any subordinate legislation issued under the Act those are in effect at present or as amended in the future.
“Customers”	means customers which are: (1) individual customers include our past and present customers who are individuals, and (2) corporate individuals include directors, shareholders, employees, agents and other individuals authorized to act on their behalf.

3 Scope of application

     This Policy will be applied to the collection, storage, usage and disclosure of Personal Data of Customer and Business Partners with effective date from June 1, 2022, onward.

4 Amendments

     The Company may amend this Policy (entirely or partially) from time to time.

5 Sources of Personal Data

     The Company usually collects Personal Data directly from you. In some cases, the Company may acquire such information from other sources. In this case, the Company will seek consent or notify you of such acquisition within the time limit specified in the Act, unless the Company is entitled to any exemptions.

6 Legal grounds for the collection, usage, and disclosure of Personal Data

     6.1 Contractual obligation

          The Company may collect, store, use and disclose information to enter into an agreement, or performing a contractual obligation between you and the Company. The Company may use your Personal Data for the following examples: your name for issuance of a tax invoice, products or services warranty, bank account details for payment purpose, or any other activities to provide products and services to you, or to serve your requests.

     6.2 Legal obligation

          The Company may have obligations to comply with the relevant domestic and international laws or regulations concerning its business operations. For example, the Company must issue a withholding tax certificate or comply with the competent authorities.

     6.3 Consent

          In some cases, the Company may seek prior written consent to collect, store, use, or disclose Sensitive Data.

     6.4 Legitimate interest

          The Company may collect, storage, usage or disclosure your Personal Data for its legitimate interest as long as such action is reasonably foreseeable — for example, the collection of video and audio via surveillance camera for security purposes.

     6.5 Any other legal grounds as specified within the Act such as by court’s order, protection of the vital interest against the life, body or health of the data subject.

7 Consequences from refusal and revocation

     You may withdraw your consent anytime where the Company collected, stored, used, or disclosed your Personal Data by consent ground. However, your revocation will not affect the previously authorized collection, storage, usage, or disclosure of Personal Data.
     In case you refuse to provide, object, restrict, delete or remove, or revoke your consent, the Company may be unable to perform its obligations as set out in Article 6. For example, the Company may be unable to provide a product warranty or perform its obligations under the agreement.

8 Types of Personal Data being collected, stored, used, or disclosed

     The collection, storage, usage, or disclosure of your Personal Data by the Company might be different on occasions. Examples of these are including but not limited to the information as described in Retention Period

9 Objectives and the change of objectives

     The Company will collect, store, use, or disclose your Personal Data and Sensitive Data for the purpose of execution of an agreement, compliance with the law, and any other actions to achieve the above objectives only.
     In the event that the Company wishes to collect, store, use or disclose the Personal Data under any other objectives other than those mentioned above, the Company will seek prior consent from you.

10 Disclosure of Personal Data

     The Company may disclose your Personal Data to the following entities:
     a. Public organizations: To comply with the law or public order, such as submission of withholding tax and VAT information to the Revenue Department.
     b. Affiliates including its employees, contractors, and agents: For the Company’s operational purposes and to perform contractual obligations, such as making a report and communication. You may find the list of our Affiliates in Affiliates
     c. Third-party service providers who provide services concerning your transactions: For example, financial institutions, auditors, advisors, IT service providers (e.g. cloud provider, SMS provider, and call center provider)

11 Transfer of Personal Data abroad

     Given the nature of the business, the Company constantly exchanges information with its Affiliates. As a result, the Company may disclose your Personal Data abroad under the rules and regulations as specified within the Act.

12 Retention period of Personal Data

     The Company will keep your Personal Data in the record as long as you have a business relationship with the Company. The Company will also store your Personal Data after our business relationship has ended for a certain period depending on the relevant laws' prescription period. For more information on this topic, please refer to the retention period as prescribed in Retention Period

13 Cookies

     The Company may collect and use cookies and similar technologies when you visit our websites and applications or connect to our internet (collectively referred to as “Platform”) for several purposes, for example, to improve Platform’s experience by observing your Platform visits behaviors, and to enable you to access your account seamlessly and securely.
     In case that you prefer not to collect your information through cookies, software and monitoring tool, you may set your default preference to refuse the collection of cookies or information through monitoring tool. However, when you remove or refuse the collection of cookies, the system may also remove your customized setting. While you can still be able to use the Platform, you may not be able to completely utilize some functions of it as a result of your refusal to collect cookies.

14 CCTV Surveillance

     The Company may need to collect photos, videos, and biological data through CCTV or surveillance system to control access and ensure the safety and security of the premises, employees, visitors, properties, and data located or stored on the premises such as buildings, stores, and parking lots.

15 Security measures

     The Company provides strict security measures to protect the confidentiality of Personal Data. These security measures include the separation between generic data and Personal Data, password encryption, limitation of the person who has access to Personal Data, and specifies that all service providers to the Company must have appropriate security measures.

16 Your rights as a data subject and how to execute the rights

     16.1 Under the Act, you have the following rights:

          a. The right to access and request a copy of the Personal Data being collected, stored, or used by the Company;
          b. The right to rectify to make the Personal Data becomes up to date or complete;
          c. The right to remove or make the Personal Data becomes anonymous (right to be forgotten);
          d. The right to request the Company to stop using the Personal Data. For example, you may request the Company to stop using your Personal Data while waiting for the execution of any other rights in this topic or request the Company to stop using the Personal Data instead of deleting;
          e. The right to object to the collection, storage, usage, or disclosure of Personal Data;
          f. The right to receive, transfer, or port the Personal Data by requesting the Company to prepare your Personal Data in the format that can be read or use by general electronics equipment, or to transfer the information through electronic means;
          g. The right to revoke the consent; and
          h. The right to submit a complaint to the Personal Data Protection Committee or the Office of the Personal Data Protection Committee.

     16.2 How to exercise the rights as a data subject

          You may exercise your rights as a data subject by applying through Personal Data Contact Form
          Alternatively, you may contact the Legal and Compliance Department to exercise the rights or get a further recommendation.
          Legal and Compliance Department
          Bridgestone A.C.T (Thailand) Co.,Ltd.
          No. 990 Abdulrahim Place, 16th Floor, Rama IV Road, Silom Sub-District, Bangrak District, Bangkok 10500
          Tel: 02-779-6000 ext. 31510
          Email: pdap@bsact.co.th

     16.3 Consideration of the application

          Upon application submission, the Company will ask you to submit relevant document(s) for identity’s verification and authentication before proceeding to the request
          The time limitation, if any, will start after the Company has received all your relevant documents. The Company may refuse to proceed to the request in the following events: (i) the Company does not receive the documents within seven business days, (ii) you fail to verify the identity as a data subject, (iii) the Company does not have Personal Data in possession, (iv) such request has an excessive or repetitive nature, or (v) when a request might violate the right of other data subjects directly or indirectly.
          Moreover, the Company may refuse, partially or wholly, to proceed per your request if the collection, storage, usage, or disclosure of Personal Data is allowed under the Act. In such case, the Company will notify you of its decision with an explanation therein. The Company usually provides its service to you free of charge. However, the Company might collect a reasonable fee for application those it considers as excessive, unreasonable, or repetitive.

17 The collection, storage, usage, or disclosure of information prior to the date of this Policy

     The Company will continue to have the right to collect, store, use, and disclose your Personal Data collected, stored, used, or disclosed prior to the date of this Policy. If you do not wish the Company to continue using such Personal Data, you may notify your intention to the Company according to Article 16.2.