บริษัท จีพี โมบิลิตี้ จำกัด (มหาชน)

Vendor Privacy Policy

Announcement

Subject: Business Partner Personal Data Protection Policy

      The GP mobility public company limited (“the Company”) values the privacy of its business partners (“you”) and places importance on safeguarding your personal data. The Company strictly adheres to the practice of respecting privacy rights as crucial.

 

      This Privacy Declaration (“the Declaration”) is crafted to inform you, as a business partner of the Company, about the format, objectives, methods of collection, use, or disclosure (collectively referred to as “processing”) of personal data. This includes your various rights under the Personal Data Protection Act of 2019.

 

      In this context, the processing of your personal data for the purposes outlined in this Declaration is conducted by the Company in the capacity of the Data Controller, meaning that the Company has the authority and responsibility to make decisions regarding the collection, use, or disclosure of personal data.

 

     1. Definition

     “Personal data” means information about an individual that directly or indirectly identifies that person, excluding data about a deceased person in particular.”

 

      “Sensitive personal information” refers to information that is genuinely personal but is sensitive and may pose a risk of unfair treatment if processed, such as race, ethnicity, political opinions, beliefs in religion or philosophy, sexual behavior, criminal records, health information, disabilities, labor union information, genetic information, biometric information, images, videos, sound, or any other information that impacts the individual in a similar manner as defined by the Personal Data Protection Committee.

 

      “Company” refers to GP mobility public company limited.

      “Employees” means the officers and employees of the Company.

      “Business Partners” means individuals who sell or provide goods and/or services to the Company, whether registered as business partners with the Company or not. This includes contract parties, service providers, consultants, and also encompasses ordinary individuals related to or representing legal entities that are business partners, such as executives, directors, employees, agents, representatives, or other individuals. It also includes individuals whose personal information appears in documents related to transactions between PTT and that legal entity, such as coordinators, delivery persons, and check payers. This extends to individuals to whom the legal entity has provided information to the Company.

     

      2. Respect for Personal Rights

      The Company respects the rights of the data owner and understands that data owners desire stability and security regarding their data. Personal data received by the Company will only be used for relevant purposes, and the Company has stringent measures to ensure security and legal compliance, preventing unauthorized use of personal data.

 

      3. Collection and Maintenance of Personal Data

      The Company will collect, use, or disclose your personal data only when necessary or legally required. This includes cases where the collection, use, or disclosure of personal data is necessary for legal obligations, the execution of contracts between you and the Company, for the legitimate interests of the Company, for operations with your consent, and/or under other legal bases. The purposes of collecting, using, or disclosing information by the Company will be expressly communicated and consented to before such actions, except for exceptions as provided by the Personal Data Protection Act of 2019 or other applicable laws.

 

      The types of personal data that the Company collects, uses, and discloses may vary depending on the scope of the products and/or services you have used or are interested in. This includes both general personal data and sensitive personal information, including but not limited to the following information.

 

Types of Data

Examples of Personal Data

Personal Details

     First name, middle name, last name, alias (if any)

     Date of birth

     Age

     Nationality

 

Contact Details

     Mailing Address

     Email Address

     Phone Number

     Fax Number

 

Details used for identification and authentication

     Photograph of National ID Card

     National ID Number / Tax ID Number

     Passport Information

     Signature

 

Verification Information

     Due diligence for factual verification (e.g., information related to Know Your Customer (KYC) processes)

     Credit Bureau Payment History Check

 

Other Information

     Records of your interactions and communications with the Company, including but not limited to phone calls, emails, text messages, and online social media communications.

     Information provided by you to the Company through any channel.

 

 

 

      4. Purposes of Collecting, Using, and Disclosing Your Personal Data

      The Company collects, uses, and discloses your personal data for the following purposes:

              4.1 Contacting, verifying, confirming, and identifying you in any transaction.

              4.2 Monitoring, recording, or notifying you of your transactions.

The personal data collected by the Company for the above purposes is necessary for compliance with contractual or legal obligations. If you do not provide the necessary personal data, it may constitute a violation of the law, and the Company may be unable to manage contracts or facilitate various operations for you.

              Furthermore, if there are changes to the purposes of collecting personal data in the future, the Company will inform you and take any necessary actions as required by law, including maintaining records of any additional modifications as evidence.

 

      5. Disclosure of Your Personal Information

      The company will not disclose your personal information to any individual without consent, and will disclose it only for the stated purposes, for the benefit of the business operations of the company group, and to provide services to the data owner. The company may find it necessary to disclose the personal information of the data owner to government agencies and/or regulatory authorities (such as the Securities and Exchange Commission) in response to requests from private organizations or other external entities related to legal processes, business partners, representatives, or other organizations (such as independent auditors).

 

      6. Your Rights as the Data Subject

      As the data subject, you have rights as stipulated by the Personal Data Protection Act B.E. 2562, including the following.

              6.1 Right to Access Personal Data

You have the right to request access to and obtain a copy of your personal data that is under the responsibility of the Company, including requesting the Company to disclose the sources of such data that you did not provide consent for.

              6.2 Right to Correct Personal Data

If you believe that the data held by the Company is inaccurate or if there are changes to your personal data, you have the right to request the Company to correct your personal data to ensure it is accurate, up-to-date, complete, and not misleading.

              6.3 Right to Erase Personal Data

You have the right to request the Company to erase or destroy your personal data in accordance with the law.

              6.4 Right to Suspend the Use of Personal Data

You have the right to request the Company to suspend the use of your data as provided by law.

              6.5 Right to Request the Transmission of Personal Data

You have the right to request the Company to transmit your personal data that you have provided to the Company in accordance with the law.

              6.6 Right to Object to the Collection, Use, or Disclosure of Personal Data

You have the right to object to the processing of data related to you for the purpose of data collection, use, or disclosure as provided by law.

              In the event that the data subject submits a request to exercise rights under the Personal Data Protection Act of 2019, once the Company receives such a request, it will process it within the timeframe prescribed by law. Additionally, the Company reserves the right to deny or not act on such requests as provided by law. If the data subject chooses to provide only specific personal data, it may result in the inability to receive full services from the Company. Moreover, the Company may not be able to work with the data subject or provide any services if the data subject does not consent to providing the required information. The data subject can exercise these rights by submitting a written request to the Company through registered mail or electronic mail (E-Mail) using the form provided by the Company, which can be downloaded from the website: www.gpmobility.co.th. The form can be submitted through the “Contacting the Company” section in point 11. The Company will review and respond to the data subject’s request within 30 days from the date of receiving the request.

 

      7. Duration of Personal Data Retention

      The Company will retain your personal data for as long as necessary and reasonable to achieve the purposes for which the Company has collected such personal data and to use it for reference or verification when necessary. However, unless the law permits a longer retention period, in cases where the specific retention period for personal data cannot be clearly defined, the data will be retained for a duration that can be reasonably expected according to the standard data retention practices (e.g., a maximum of 10 years in accordance with general legal statutes).

 

      8. Personal Data Security Measures

      The Company has implemented appropriate technical and managerial measures to ensure the security of your personal data. These measures aim to prevent unauthorized access, loss, destruction, alteration, modification, or disclosure of personal data without permission. They align with the Company’s Information Security Policy and best practices in information security management.

 

      9. Personal Data Protection Officer

      The Company has complied with the Personal Data Protection Act B.E. 2562 by appointing a Data Protection Officer (DPO). The DPO is responsible for overseeing the company’s operations related to the collection, usage, and disclosure of personal data to ensure compliance with the Personal Data Protection Act B.E. 2562 and relevant laws pertaining to the protection of personal data.

 

      10. Personal Data Controller

      The Company has complied with the Personal Data Protection Act B.E. 2562 by appointing a Data Controller. The Data Controller is responsible for making decisions regarding the collection, usage, and disclosure of personal data to ensure compliance with the Personal Data Protection Act B.E. 2562 and relevant laws pertaining to the protection of personal data.

 

      11. Privacy Policy Review and Modification

      The Company has undertaken measures in compliance with the Personal Data Protection Act B.E. 2562 by appointing a Data Protection Officer (DPO) to oversee the Company’s operations related to the collection, use, and disclosure of personal data to ensure alignment with the Personal Data Protection Act B.E. 2562 and relevant laws regarding the protection of personal data. The Company reserves the right to review and modify its privacy policy as needed.

 

      12. Contact Information

      For inquiries regarding this statement, you can contact the Data Protection Officer (DPO) at:

      Company: GP mobility public company limited.

      Contact Address: 2 Soi Wipawadee Rangsit 50, Wipawadee Rangsit Road, Lad Yao, Chatuchak, Bangkok 10900

      Contact Channels: Email: DPO@gpmobility.co.th or Phone: 02-108-1222