Privacy Policy

Komatsu Industries (Thailand) Co., Ltd. (hereinafter, referred to as the “Company”) makes efforts below based on the belief that the proper protection of personal data is a corporate social responsibility, based on the Personal Data Protection Act B.E. 2562 (2019) (hereinafter, referred to as the “Personal Data Protection Act”).

(Scope of this Privacy Policy)

  1. This Privacy Policy applies to all customers, suppliers, employees of the “Company” which includes permanent and temporary employees, and contractors (hereinafter, referred to as the “Party concerned”) including Data Processor who processes personal data on behalf of us.

(Definition)

  1. (1) “Personal Data” means data about a person that can directly or indirectly identify such person but does not include data of a deceased person in particular

(2) “Sensitive Personal Data” means data that is a truly personal matter but is sensitive and may risk unfair discrimination such as race, ethnicity, political views, creed, religion or philosophy behavior, sexual behavior, criminal history, health data, disability, labor union data, genetic data, biological data or any other data that affects the Data Subject in the same way as prescribed by the “Thailand Personal Data Protection Committee”

(3) “Data Subject” means natural person who is the owner of personal data and such personal data is directly or indirectly identifiable to such person

(4) “Processing” means actions relating to the collection, use, disclosure, deletion or destruction of personal data

(5) “Data Controller” means person or juristic person having the authority to make decision about the collection, use, or disclosure of personal data

(6) “Data Processor” means person or juristic person undertaking the collection, use or disclosure of personal data in accordance with an order or on behalf of Data Controller. Thus, this person or juristic person is not a Data Controller

(Purpose of Collection and Use of Personal Data)

  1. (1) The “Company” will collect or use personal data for the benefit of our operations or to improve the quality and efficiency of work and/or to comply with the laws and regulations applicable to our operations. We will collect and use such personal data only for the period necessary for carrying out the purpose as informed to the Data Subject or in accordance with what the laws specified.

(2) The “Company” shall not act any differently than specified in the purposes of collection unless it has informed the data subject of the new purpose and obtained the consent of the data subject, or in compliance with “Personal Data Protection Act” and other relevant laws and regulations.

(Collection, Using or Disclosure of Personal Data)

  1. (1) In collecting, using or disclosing personal data of the “Party concerned”, the “Company” will request their consent expressly separately from other documents, in writing or electronically, with easy-to-read and understandable text and language, as well as informing the purpose of collecting, using or disclosing it to them whenever consent is requested.

(2) The “Company’s” Data Controller will only collect, use or disclose personal data of the “Party concerned” for the purposes stated before or at the time of collection. This is necessary under the legitimate purposes of the Data Controller.

(3) In the event that the “Company” must collect, use or disclose personal data of the “Party concerned” differently from the stated purpose, we will notify the new purpose to them who owns it and will obtain their consent every time before collecting, using or disclosing it.

(4) The “Company” shall notify the case to the “Party concerned” who owns personal data that it must be provided in order to comply with the laws or contract, or to provide it to enter into the contract, as well as the potential consequences in the event that such personal data is not provided.

(5) In the event that the “Company” must disclose personal data collected to any person, juristic person or entity, we shall notify the type of them to the “Party concerned”.

(6) In the event that the “Company” is required to collect sensitive personal data of the “Party concerned”, we shall obtain the express consent of them owns it, except as consent is not required in the laws.

(7) In the event that the “Party concerned” requests to access and to obtains a copy of their personal data, the Data Controller will process their request within 30 days from the date of receipt of their request, except in the event that the “Company” has to refuse their request with comply with the laws or court order, and that accessing and obtaining copies of it will have consequences that may damage the rights and freedoms of other persons.

(8) In the event that the “Party concerned” who owns personal data asks the Data Controller to delete, destroy or anonymize it, the “Company” will do so as requested only if the “Company” completely need not retain it for the purposes such as collecting, using or disclosing it.

(Compliance)

  1. The “Company” will continually improve its personal data management system, including this policy, through employee education, appointment of information management supervisors as well as the execution of audits, while complying with the “Personal Data Protection Act” and other relevant laws and regulations. Komatsu Ltd. has developed and disclosed “Komatsu’s Worldwide Code of Business Conduct” to ensure all employees of the Komatsu Group adhere to this Code. Therein, the “Company” has clarified proper handling of information and rules all employees must follow in an effort to enhance compliance

(Security of Personal Data)

  1. The “Company” will implement appropriate safety measures, as it strives to build a management system and implement reasonable technological and other initiatives to protect the personal data of the “Party concerned” from illegal access, revision, destruction, leaks, loss or any other misconduct. And in handling their personal data in foreign countries, we will take appropriate measures for safety management based on the laws and regulations concerning the protection of personal data in each country and region.

(Rights of Personal Data Subjects)

  1. The rights enable the “Party concerned” who owns personal data to access, object, erasure, restrict processing, withdraw consent, correct, portability and lodge a complaint.

(1) Right to Access; To access their personal data held by the “Company”, and receive a copy of it.

(2) Right to Object; To object to the processing (Collection, Use, Disclosure etc.) of their personal data held by the “Company”.

(3) Right to Erasure; To request the “Company” to delete, destroy or anonymize their personal data held by the “Company”.

(4) Right to Restrict Processing; To request the “Company” to suspend the processing of their personal data held by the “Company”.

(5) Right to Withdraw Consent; To withdraw their consent at any time, in the event that the “Company” processes their personal data with their consent. (In any cases such withdrawal shall not affect the processing of personal data.) However, the “Company” shall continue to process their personal data if we have another legal basis to do so.

(6) Right to Correct; To have any incomplete or inaccurate personal data about them held by the “Company” To become correct, current and complete.

(7) Right to Portability; To request for a copy of their personal data (including electronic or magnetic means) held by the “Company” to be sent to the third parties. And this right will be used only for the personal data they provided to the “Company”, and the processing of such personal data is done with their consent in order to fulfill our obligations under a contract.

(8) Right to Lodge a Complaint; To file a complaint with a related government agency including the “Thailand Personal Data Protection Committee”, when he or she sees that the “Company” violates the “Personal Data Protection Act” or other relevant laws and regulations or don’t comply with these laws.

(Review and Change of Privacy Policy)

  1. The “Company” may update or amend this Privacy Policy from time to time to comply with the legal requirements. In changing, we will announce the changes clearly.

(Contact for Inquires about Personal Data Protection)
Komatsu Industries (Thailand) Co., Ltd.
28/9 Moo 3 Bangna-Trad Road Km.23 T.Bangsaothong,
Bansaothong Samutprakarn 10570
Tel: +66 (0) 2 663 2727 | Fax: +66 (0) 2 663 2728
E-mail: KITHTHMB_HP@global.komatsu
Komatsu Industries (Thailand) Co., Ltd.

Created: 31st May 2022

Privacy Notice for Customers

Komatsu Industries (Thailand) Co., Ltd. (hereinafter, referred to as the “Company”) makes efforts below based on the belief that the proper protection of personal data is a corporate social responsibility.

  1. The “Company” shall only process personal data provided by its customers within a scope to achieve the following purposes and legal basis:

(1) When we have obtained customers’ prior unambiguous consent

(2) To execute contracts with customers

(3) To comply with its legal or regulatory obligations

(4) To protect its legitimate interests

Its legitimate interests referred to above include

To develop and provide better products and services

To provide information to customers about the products and services handled by the “Company”

  1. The “Company” does not disclose or provide personal data about customers to third parties except in any of the following cases:

(1) When the customer gives prior consent,

(2) When designated to do so by laws or ordinances,

(3) When the provision of personal data is necessary to protect life, physical injury, or the assets of a person, and when consent from the customer is difficult to acquire, and

(4) When prescribed to do so such as in a notification or directive from a government agency

  1. The “Company” will continually improve its personal data management system, including this policy, through employee education, appointment of information management supervisors as well as the execution of audits, while complying with the Personal Data Protection Act B.E. 2562 (2019) (hereinafter, referred to as the “Personal Data Protection Act”) and other relevant laws and regulations. Komatsu Ltd. has developed and disclosed “Komatsu’s Worldwide Code of Business Conduct” to ensure all employees of the Komatsu Group adhere to this Code. Therein, the “Company” has clarified proper handling of information and rules all employees must follow in an effort to enhance compliance.

  1. The “Company” stores personal data for the period necessary to achieve the purpose of obtaining the personal data. However, if the laws require differently, such a period will be set in accordance with the laws.

  2. The “Company” will implement appropriate safety measures, as it strives to build a management system and implement reasonable technological and other initiatives to protect the personal data of customers from illegal access, revision, destruction, leaks, loss or any other misconduct. And in handling customers’ personal data in foreign countries, we will take appropriate measures for safety management based on the laws and regulations concerning the protection of personal data in each country and region.

  3. The “Company” responds, in compliance with the laws and regulations, when customers request to exercise the following rights they have regarding their personal data provided by them. Please make any requests to the contact below.
    1. Right to Access; To access their personal data held by the “Company”, and receive a copy of it.

    2. Right to Object; To object to the processing (Collection, Use, Disclosure etc.) of their personal data held by the “Company”.
    3. Right to Erasure; To request the “Company” to delete, destroy or anonymize their personal data held by the “Company”.
    4. Right to Restrict Processing; To request the “Company” to suspend the processing of their personal data held by the “Company”.
    5. Right to Withdraw Consent; To withdraw their consent at any time, in the event that the “Company” processes their personal data with their consent (In any cases such withdrawal shall not affect the processing of personal data.) However, the “Company” shall continue to process their personal data if we have another legal basis to do so.
    6. Right to Correct; To have any incomplete or inaccurate personal data about them held by the “Company” to become correct, current and complete.
    7. Right to Portability; To request for a copy of their personal data (including electronic or magnetic means) held by the “Company” to be sent to the third parties. And this right will be used only for the personal data they provided to the “Company”, and the processing of such personal data is done with their consent in order to fulfill our obligations under a contract.
    8. Right to Lodge a Complaint; To file a complaint with a related government agency including the “Thailand Personal Data Protection Committee”, when he or she sees that the “Company” violates the the “Personal Data Protection Act” or other relevant laws and regulations or don’t comply with these laws.

  1. The “Company” may update or amend this Privacy Notice from time to time to comply with the legal requirements. In changing, we will announce the changes clearly.

  1. Contact for Inquires about Personal Data Protection

Komatsu Industries (Thailand) Co., Ltd.
28/9 Moo 3 Bangna-Trad Road Km.23 T.Bangsaothong,
Bansaothong Samutprakarn 10570
Tel: +66 (0) 2 663 2727 | Fax: +66 (0) 2 663 2728
E-mail: KITHTHMB_HP@global.komatsuKomatsu Industries (Thailand) Co., Ltd. 

To Our Customers (Joint Used of Personal Data)

The “Company” obtains personal data necessary to engage in development, sales and service of industrial machines, and said personal data is jointly used by the “Company”, and Komatsu Group and other companies, as indicated below to promote smooth operations.
The “Company” is going to put in place reasonable safety management measures among companies to properly protect personal data that is jointly used.

1. Personal data to be used jointly

(1) Personal data to be used jointly includes the customer name, address, telephone number, product purchase history, service history such as inspections and repairs, and operation history of machine

2. Companies that jointly use personal data

(1) Komatsu Group companies, and outsourcing and tie-up companies that engage in operations such as sales, service

3. Purposes for joint use of personal data

(1) To execute contracts with customers
(2) To develop and provide
(3) To smoothly execute sales, service operations of products handled by the “Company” and Komatsu Group companies
(4) To provide information to customers about the products and services handled by the “Company”