Data Protection Policy

SCOPE OF THIS NOTICE

Please read this privacy notice (“Notice”) carefully to understand our policies and practices regarding your Personal Data and how we will treat it. This Notice applies to individuals who interact with BE Petrothai Group services as consumers or clients (“you”). This Notice explains how your Personal Data are collected, used, and disclosed by BE Petrothai Group including affiliated companies, Petrothai Corporation Ltd., inCyam Co., Ltd., PTC Petrothai Corporation Ltd., BE Concept Co., Ltd., BE Consulting Group Co., Ltd. (collectively, the “BE PETROTHAI” or “we” or “us”, and “our”). It also tells you how you can access and update your Personal Data and make certain choices about how your Personal Data are used.

This Notice covers both our online and offline data collection activities, including Personal Data that we collect through our various channels such as websites, apps, third party social networks, points of sale and events. Please note that we might aggregate personal data from different sources (website, offline events). As part of this, we combine Personal Data that were originally collected by different BE PETROTHAI entities or BE PETROTHAI partners. Please see Section 5 for further information on how to object to this.

If you do not provide necessary Personal Data to us (We will indicate to you when this is the case, for example, by making this information clear in our registration forms), we may not be able to provide you with our goods and/or services. This Notice can change from time to time (see Section 6).

This Notice provides important information in the following areas:

(Please click on one of the links below to jump to the listed section)

1.1 Personal data means any information pertaining to a Data Subject, which enables the identification of Data Subject, whether direct or indirect. We may obtain personal data with many reasons depend on purposes and applications. The types of personal data we may obtain include:

(i)     Name and surname

(ii)     Postal address

(iii)     email

(iv)     Third-party social network information

(v)     Phone number

(vi)     Any information that is required to give you access to your specific account profile. For example, include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.

(vii)     Any information that describes your demographic or behavioural characteristics, for example, include your date of birth, age or age range, gender, geographic location (e.g. postcode/zip code), favourite products, hobbies and interests, and household or lifestyle information that open on third-party social network.

(viii)     Any information about the computer system or other technological device that you use to access one of our websites or apps, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a BE PETROTHAI website or app via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.

(ix)     As you navigate through and interact with our Websites or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages.

1.2 Personal Data of children We do not knowingly solicit or collect personal data from children below the age of 13. If we discover that we have unintentionally collected personal data from a child below 13, we will remove that child’s personal data from our records promptly. However, BE PETROTHAI may collect personal data about children below the age of 13 years of age from the parent or guardian directly, and with that person’s explicit consent.

1.3 Sensitive Personal Data We do not seek to collect or otherwise process sensitive personal data in the ordinary course of our business such as race, religion, criminal record, medical history, financial status, etc. Where it becomes necessary to process your sensitive personal data for any reason, we rely on your prior express consent for any processing which is voluntary (e.g. for marketing purposes). If we process your sensitive personal data for other purposes, we rely on the legal bases.

The following paragraphs describe the various purposes for which we collect and use your personal data and the different types of personal data that are collected for each purpose.

A. We received personal data directly from you. We will collect your personal data from the service process as follows

(i)     BE PETROTHAI Website: Websites operated by or for BE PETROTHAI, including sites that we operate under our own domains/URLs and mini-sites that we run on third party social networks such as Facebook (“Websites”) including automation technology such as cookies and/or similar technologies. For more detail on section 4.

(ii)     BE PETROTHAI Mobile sites: Mobile sites or applications operated by or for BE PETROTHAI, such as smartphone apps.

(iii)     Email, text and other electronic messages: Interactions with electronic communications between you and BE PETROTHAI.

(iv)     Offline registration forms: Printed or digital registration and similar forms that we collect via, for example, postal mail, telephone, demonstration events, training, seminar, and other promotional events. We might process the obtained data and create your personal data.

(v)     Advertising interactions: Interactions with our advertisements (e.g., if you interact with one of our ads on a third party website, we may receive information in connection with such interaction).

B. Data from other sources.

(i)     Third-party social networks such as Facebook, Google, YouTube, including collection through the use of third-party tracking for analytical and advertising purposes. Which you have the right to refuse to use those technologies. For more details, please see item 5.

(ii)     Market research (if feedback not provided on an anonymous basis)

(iii)     BE PETROTHAI third party data aggregators for promotions or products and services research and development or customer engagement.

(iv)     Public sources and data received when we acquire other companies.

The following statements describe various objectives of personal data processing which are collect, store, use, disclose and/or transfer of personal data (collectively ‘process’). Only a responsible person will have access to subscriber’s or personal record. BE PETROTHAI shall retain Personal Data as long as necessary only for the purposes mentioned herein, where the Data Receiver or Data processor is also obligated by law to retain Personal Data as well.

The processing of your personal data is base on your willingness, which means you can refuse, modify or withdraw your consent to any of the processing at any time (see Section 5).

3.1.1 Data Collection : BE PETROTHAI will collect your personal data as a database to provide efficient services and other processing such as communication with users.

3.1.2 Data Storage : BE PETROTHAI will collect data as paper and digital. These documents will be collected at the data center located at the place of business of BE PETROTHAI. In this case, we manage risk by back up the data on cloud system with external agencies both in Thailand and abroad under the data security contract. The person who will have access to the data must be the person who has been granted the right to access the data as specified by the company and kept for the period necessary to fulfil the purposes set out in this policy.

We take preventive measures to keep your personal data confidential and secure, such as Secured Socket Layer (SSL), URL security, SQL injection, preventing SQL injection attacks into the inputs within the website. For PHP Codeigniter, Global XSS Filtering prevents XSS attacks which is to embed code scripts sent to the controller, CSRF Protection against CSRF attacks (Cross-Site Request Forgery) that relies on the functionality of the user's cookie to attack is the key. The Codeigniter assigns a token and validates this type of data every time data is submitted.

However, this protection does not apply to the data you open to the public, such as third-party social networks or other persons who can access to your personal data, measures taken in the work environment. We store your personal data in a work environment that uses appropriate security measures to prevent unauthorized access. We follow discreetly standards to protect personal data.

BE PETROTHAI might use your personal data for the following purposes :

- For communicate about BE PETROTHAI's products and services, marketing communications, promotional campaign, advertisement, public relation via different channels.

- For consumer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. order status, technical issue, product question/complaint, general questions, etc.).

- For products and services development.

- For analyse and market planning or marketing activities.

The Company will use or disclose data subject personal data with the following types of third party organisations for the BE PETROTHAI’s different purposes as follow:

Service providers : These are external companies that we use to help us run our business (e.g. order fulfilment, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development, data analysis, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data (See Section7).

Credit reporting agencies/debt collectors : To the extent permitted by applicable law, credit reporting agencies and debt collectors are external companies that We use to help Us to verify your creditworthiness (in particular for orders with invoice) or to collect outstanding invoices.

Third party companies using Personal Data for their own marketing purposes : Except in situations where you have given your consent, we do not license or sell your Personal Data to third party companies for their own marketing purposes. Their identity will be disclosed at the time your consent is sought.

Third-party recipients using Personal Data for legal reasons or due to merger/acquisition : We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger.

Government agency : organization or person as required by law to disclose.

3.4.1 Measures taken in operating environments

We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although We will do our best to protect your Personal Data, We cannot guarantee the security of the data during transmission through our Websites/apps.

3.4.2 Transfer of your Personal Data

Because of the international nature of our business, we may need to transfer your personal data within our partners, and to third parties, as noted in Section 3.3 above, in connection with the purposes set out in this Privacy Notice. For this reason, we may transfer your personal data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.

However, BE PETROTHAI backup and storage data in the Cloud system, which is sent to an overseas data center. We outsource office 365 data center, which has an office in Singapore with a high standard of personal data security.

BE PETROTHAI may use cookies and / or similar technologies for recording your usage of this website. We collect information in the form of log files that record website activity and gather statistics about your browsing habits. These entries are generated automatically, and help Us to troubleshoot errors, improve performance and maintain the security of our Websites. Please see our Cookie Notice to learn how you can manage your cookie settings and for detailed information on the cookies we use and the purposes for which we use them.

5.1 The right to access, review and request a physical or electronic copy of information held about you. You also have the right to request information on the source of your Personal Data. These rights mentioned can be exercised by our website www.bepetrothai.com or sending us an email inquiry@bepetrothai.com or mail to us with a copy of your certified true and correct ID or equivalent details (where requested by Us and permitted by law) and send to Petrothai Corporation Ltd. 32/51, 21st Fl. Sino-Thai Tower, Sukhumvit 21 Road, Klongtoey Nua, Wattana, Bangkok 10110.

If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.

5.2 The right to request deletion, the portability, correction, or revision of your Personal Data which you can adjust via our website or request to data controller in section 7.

5.3 The right to revoke consent to any of our data processing activities; The right to object, on grounds relating to your particular situation, to the use of your Relevant Personal Data by us, or on our behalf; and The right to object to the Processing of your Relevant Personal Data by us, or on our behalf, for direct marketing purposes by cancellation via our communication channels such as website/application or third-party social networks, and adjust selections of your account by removing the checkmark from the fields or request to a data controller in section 7.

If We change the way we handle your Personal Data, we will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice.

To ask questions or make comments on this Notice and our privacy practices or to make a complaint about our compliance with applicable privacy laws as well as to exercise your rights (where provided by law), please contact us as the Data Controller at :

Data Controller Responsible for
Petrothai Corporation Ltd.
32/51, 21st Fl. Sino-Thai Tower,
Sukhumvit 21 Road (Asok) Klongtoey Nua,
Wattana Bangkok 10110
All activities

You can contact our Data Controller via this
email at inquiry@bepetrothai.com

Or mail us at

Data Controller
Petrothai Corporation Ltd. 32/51, 21st Fl. Sino-Thai Tower, Sukhumvit 21 Road (Asok) Klongtoey Nua, Wattana Bangkok 10110
Or call 02 260 1295 Monday to Friday 8:30 -17:00

We will acknowledge and investigate any complaint about the way we manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws).

We hope that this policy will answer all questions about how we process your personal data. However, if you feel unsettled with our process, you have the right to contact with data protection agency.

Office of the Personal Data Protection Commission (PDPC)
Ministry of Digital Economy and Society
email: pdpc@mdes.go.th
Tel: 02-142-1033

BE Petrothai Group
Last updated: 27 May 2020